Aug 26 18:24:23.551866: FIPS Product: YES Aug 26 18:24:23.551983: FIPS Kernel: NO Aug 26 18:24:23.551987: FIPS Mode: NO Aug 26 18:24:23.551989: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:24:23.552138: Initializing NSS Aug 26 18:24:23.552145: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:24:23.599832: NSS initialized Aug 26 18:24:23.599849: NSS crypto library initialized Aug 26 18:24:23.599852: FIPS HMAC integrity support [enabled] Aug 26 18:24:23.599854: FIPS mode disabled for pluto daemon Aug 26 18:24:23.649557: FIPS HMAC integrity verification self-test FAILED Aug 26 18:24:23.650013: libcap-ng support [enabled] Aug 26 18:24:23.650025: Linux audit support [enabled] Aug 26 18:24:23.650354: Linux audit activated Aug 26 18:24:23.650366: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:15798 Aug 26 18:24:23.650369: core dump dir: /tmp Aug 26 18:24:23.650372: secrets file: /etc/ipsec.secrets Aug 26 18:24:23.650374: leak-detective enabled Aug 26 18:24:23.650377: NSS crypto [enabled] Aug 26 18:24:23.650379: XAUTH PAM support [enabled] Aug 26 18:24:23.650455: | libevent is using pluto's memory allocator Aug 26 18:24:23.650464: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:24:23.650478: | libevent_malloc: new ptr-libevent@0x55d866c4a958 size 40 Aug 26 18:24:23.650483: | libevent_malloc: new ptr-libevent@0x55d866c4a8d8 size 40 Aug 26 18:24:23.650486: | libevent_malloc: new ptr-libevent@0x55d866c4a858 size 40 Aug 26 18:24:23.650489: | creating event base Aug 26 18:24:23.650494: | libevent_malloc: new ptr-libevent@0x55d866c3c488 size 56 Aug 26 18:24:23.650499: | libevent_malloc: new ptr-libevent@0x55d866bbdc28 size 664 Aug 26 18:24:23.650510: | libevent_malloc: new ptr-libevent@0x55d866c84f48 size 24 Aug 26 18:24:23.650516: | libevent_malloc: new ptr-libevent@0x55d866c84f98 size 384 Aug 26 18:24:23.650526: | libevent_malloc: new ptr-libevent@0x55d866c84f08 size 16 Aug 26 18:24:23.650530: | libevent_malloc: new ptr-libevent@0x55d866c4a7d8 size 40 Aug 26 18:24:23.650534: | libevent_malloc: new ptr-libevent@0x55d866c4a758 size 48 Aug 26 18:24:23.650540: | libevent_realloc: new ptr-libevent@0x55d866bbd8b8 size 256 Aug 26 18:24:23.650543: | libevent_malloc: new ptr-libevent@0x55d866c85148 size 16 Aug 26 18:24:23.650549: | libevent_free: release ptr-libevent@0x55d866c3c488 Aug 26 18:24:23.650553: | libevent initialized Aug 26 18:24:23.650558: | libevent_realloc: new ptr-libevent@0x55d866c3c488 size 64 Aug 26 18:24:23.650562: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:24:23.650582: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:24:23.650586: NAT-Traversal support [enabled] Aug 26 18:24:23.650589: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:24:23.650596: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:24:23.650600: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:24:23.650636: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:24:23.650640: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:24:23.650644: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:24:23.650712: Encryption algorithms: Aug 26 18:24:23.650721: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:24:23.650727: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:24:23.650732: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:24:23.650736: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:24:23.650740: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:24:23.650752: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:24:23.650757: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:24:23.650762: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:24:23.650766: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:24:23.650771: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:24:23.650775: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:24:23.650780: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:24:23.650784: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:24:23.650789: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:24:23.650794: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:24:23.650797: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:24:23.650802: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:24:23.650811: Hash algorithms: Aug 26 18:24:23.650815: MD5 IKEv1: IKE IKEv2: Aug 26 18:24:23.650819: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:24:23.650823: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:24:23.650826: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:24:23.650830: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:24:23.650849: PRF algorithms: Aug 26 18:24:23.650853: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:24:23.650857: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:24:23.650861: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:24:23.650866: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:24:23.650870: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:24:23.650874: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:24:23.650915: Integrity algorithms: Aug 26 18:24:23.650920: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:24:23.650925: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:24:23.650930: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:24:23.650935: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:24:23.650940: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:24:23.650944: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:24:23.650948: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:24:23.650952: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:24:23.650956: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:24:23.650974: DH algorithms: Aug 26 18:24:23.650978: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:24:23.650981: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:24:23.650985: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:24:23.650991: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:24:23.650995: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:24:23.650999: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:24:23.651002: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:24:23.651007: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:24:23.651011: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:24:23.651015: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:24:23.651019: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:24:23.651021: testing CAMELLIA_CBC: Aug 26 18:24:23.651025: Camellia: 16 bytes with 128-bit key Aug 26 18:24:23.651152: Camellia: 16 bytes with 128-bit key Aug 26 18:24:23.651185: Camellia: 16 bytes with 256-bit key Aug 26 18:24:23.651220: Camellia: 16 bytes with 256-bit key Aug 26 18:24:23.651251: testing AES_GCM_16: Aug 26 18:24:23.651255: empty string Aug 26 18:24:23.651285: one block Aug 26 18:24:23.651317: two blocks Aug 26 18:24:23.651359: two blocks with associated data Aug 26 18:24:23.651393: testing AES_CTR: Aug 26 18:24:23.651396: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:24:23.651423: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:24:23.651454: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:24:23.651485: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:24:23.651514: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:24:23.651543: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:24:23.651572: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:24:23.651600: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:24:23.651629: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:24:23.651656: testing AES_CBC: Aug 26 18:24:23.651659: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:24:23.651682: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:24:23.651711: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:24:23.651736: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:24:23.651771: testing AES_XCBC: Aug 26 18:24:23.651775: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:24:23.651905: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:24:23.652040: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:24:23.652173: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:24:23.652309: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:24:23.652445: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:24:23.652582: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:24:23.652882: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:24:23.653016: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:24:23.653159: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:24:23.653430: testing HMAC_MD5: Aug 26 18:24:23.653438: RFC 2104: MD5_HMAC test 1 Aug 26 18:24:23.653620: RFC 2104: MD5_HMAC test 2 Aug 26 18:24:23.653780: RFC 2104: MD5_HMAC test 3 Aug 26 18:24:23.654016: 8 CPU cores online Aug 26 18:24:23.654022: starting up 7 crypto helpers Aug 26 18:24:23.654056: started thread for crypto helper 0 Aug 26 18:24:23.654063: | starting up helper thread 0 Aug 26 18:24:23.654079: started thread for crypto helper 1 Aug 26 18:24:23.654081: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:24:23.654085: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:23.654086: | starting up helper thread 1 Aug 26 18:24:23.654102: started thread for crypto helper 2 Aug 26 18:24:23.654107: | starting up helper thread 2 Aug 26 18:24:23.654116: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:24:23.654119: | crypto helper 2 waiting (nothing to do) Aug 26 18:24:23.654128: started thread for crypto helper 3 Aug 26 18:24:23.654133: | starting up helper thread 3 Aug 26 18:24:23.654145: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:24:23.654147: started thread for crypto helper 4 Aug 26 18:24:23.654148: | crypto helper 3 waiting (nothing to do) Aug 26 18:24:23.654172: started thread for crypto helper 5 Aug 26 18:24:23.654190: started thread for crypto helper 6 Aug 26 18:24:23.654195: | checking IKEv1 state table Aug 26 18:24:23.654203: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:23.654206: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:24:23.654209: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:23.654212: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:24:23.654215: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:24:23.654217: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:24:23.654220: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:23.654223: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:23.654225: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:24:23.654228: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:24:23.654230: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:23.654232: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:23.654235: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:24:23.654238: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:23.654240: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:23.654243: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:23.654246: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:24:23.654248: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:23.654251: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:23.654253: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:23.654257: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:24:23.654259: | -> UNDEFINED EVENT_NULL Aug 26 18:24:23.654262: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:24:23.654264: | -> UNDEFINED EVENT_NULL Aug 26 18:24:23.654268: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:23.654270: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:24:23.654273: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:23.654276: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:23.654278: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:23.654281: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:24:23.654284: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:23.654287: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:23.657479: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:24:23.657486: | -> UNDEFINED EVENT_NULL Aug 26 18:24:23.657490: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:24:23.657493: | -> UNDEFINED EVENT_NULL Aug 26 18:24:23.657496: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:24:23.657499: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:24:23.657503: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:24:23.657506: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:24:23.657509: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:24:23.657512: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:24:23.657516: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:24:23.657518: | -> UNDEFINED EVENT_NULL Aug 26 18:24:23.657522: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:24:23.657525: | -> UNDEFINED EVENT_NULL Aug 26 18:24:23.657528: | INFO: category: informational flags: 0: Aug 26 18:24:23.657531: | -> UNDEFINED EVENT_NULL Aug 26 18:24:23.657534: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:24:23.657537: | -> UNDEFINED EVENT_NULL Aug 26 18:24:23.657541: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:24:23.657547: | -> XAUTH_R1 EVENT_NULL Aug 26 18:24:23.657550: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:24:23.657553: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:23.657557: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:24:23.657559: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:24:23.657563: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:24:23.657566: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:24:23.657569: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:24:23.657572: | -> UNDEFINED EVENT_NULL Aug 26 18:24:23.657576: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:24:23.657579: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:23.657582: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:24:23.657585: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:24:23.657589: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:24:23.657595: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:24:23.657603: | checking IKEv2 state table Aug 26 18:24:23.657611: | PARENT_I0: category: ignore flags: 0: Aug 26 18:24:23.657614: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:24:23.657617: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:23.657621: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:24:23.657624: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:24:23.657627: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:24:23.657631: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:24:23.657634: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:24:23.657641: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:24:23.657646: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:24:23.657652: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:24:23.657656: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:24:23.657660: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:24:23.657663: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:24:23.657666: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:24:23.657670: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:24:23.657673: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:23.657676: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:24:23.657679: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:24:23.657682: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:24:23.657685: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:24:23.657688: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:24:23.657690: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:24:23.657693: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:24:23.657699: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:24:23.657704: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:24:23.657708: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:24:23.657712: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:24:23.657716: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:24:23.657721: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:24:23.657725: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:24:23.657728: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:23.657735: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:24:23.657739: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:24:23.657743: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:24:23.657746: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:24:23.657750: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:24:23.657754: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:24:23.657758: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:24:23.657761: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:24:23.657765: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:23.657769: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:24:23.657772: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:24:23.657776: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:24:23.657780: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:24:23.657783: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:24:23.657787: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:24:23.657856: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:24:23.658272: | Hard-wiring algorithms Aug 26 18:24:23.658278: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:24:23.658283: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:24:23.658286: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:24:23.658298: | adding 3DES_CBC to kernel algorithm db Aug 26 18:24:23.658301: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:24:23.658304: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:24:23.658308: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:24:23.658311: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:24:23.658314: | adding AES_CTR to kernel algorithm db Aug 26 18:24:23.658317: | adding AES_CBC to kernel algorithm db Aug 26 18:24:23.658320: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:24:23.658323: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:24:23.658326: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:24:23.658329: | adding NULL to kernel algorithm db Aug 26 18:24:23.658333: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:24:23.658336: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:24:23.658339: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:24:23.658342: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:24:23.658345: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:24:23.658348: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:24:23.658351: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:24:23.658354: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:24:23.658357: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:24:23.658360: | adding NONE to kernel algorithm db Aug 26 18:24:23.658380: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:24:23.658388: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:24:23.658391: | setup kernel fd callback Aug 26 18:24:23.658395: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55d866c44678 Aug 26 18:24:23.658400: | libevent_malloc: new ptr-libevent@0x55d866c83708 size 128 Aug 26 18:24:23.658405: | libevent_malloc: new ptr-libevent@0x55d866c8a748 size 16 Aug 26 18:24:23.658416: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55d866c8a6d8 Aug 26 18:24:23.658421: | libevent_malloc: new ptr-libevent@0x55d866c3d098 size 128 Aug 26 18:24:23.658425: | libevent_malloc: new ptr-libevent@0x55d866c8a3a8 size 16 Aug 26 18:24:23.654102: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:24:23.659585: | crypto helper 1 waiting (nothing to do) Aug 26 18:24:23.659598: | starting up helper thread 6 Aug 26 18:24:23.659607: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:24:23.659611: | crypto helper 6 waiting (nothing to do) Aug 26 18:24:23.659670: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:24:23.659678: selinux support is enabled. Aug 26 18:24:23.660470: | unbound context created - setting debug level to 5 Aug 26 18:24:23.660503: | /etc/hosts lookups activated Aug 26 18:24:23.660516: | /etc/resolv.conf usage activated Aug 26 18:24:23.656331: | starting up helper thread 4 Aug 26 18:24:23.660548: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:24:23.660554: | crypto helper 4 waiting (nothing to do) Aug 26 18:24:23.660584: | outgoing-port-avoid set 0-65535 Aug 26 18:24:23.660616: | outgoing-port-permit set 32768-60999 Aug 26 18:24:23.660620: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:24:23.660623: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:24:23.660627: | Setting up events, loop start Aug 26 18:24:23.660630: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55d866c8ab78 Aug 26 18:24:23.660634: | libevent_malloc: new ptr-libevent@0x55d866c965e8 size 128 Aug 26 18:24:23.660639: | libevent_malloc: new ptr-libevent@0x55d866ca18d8 size 16 Aug 26 18:24:23.660648: | libevent_realloc: new ptr-libevent@0x55d866ca1918 size 256 Aug 26 18:24:23.660651: | libevent_malloc: new ptr-libevent@0x55d866ca1a48 size 8 Aug 26 18:24:23.660654: | libevent_realloc: new ptr-libevent@0x55d866ca1a88 size 144 Aug 26 18:24:23.660657: | libevent_malloc: new ptr-libevent@0x55d866c48c48 size 152 Aug 26 18:24:23.660660: | libevent_malloc: new ptr-libevent@0x55d866ca1b48 size 16 Aug 26 18:24:23.660665: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:24:23.660668: | libevent_malloc: new ptr-libevent@0x55d866ca1b88 size 8 Aug 26 18:24:23.660671: | libevent_malloc: new ptr-libevent@0x55d866bbe018 size 152 Aug 26 18:24:23.660674: | signal event handler PLUTO_SIGTERM installed Aug 26 18:24:23.660677: | libevent_malloc: new ptr-libevent@0x55d866ca1bc8 size 8 Aug 26 18:24:23.660682: | libevent_malloc: new ptr-libevent@0x55d866bc6558 size 152 Aug 26 18:24:23.660686: | signal event handler PLUTO_SIGHUP installed Aug 26 18:24:23.660688: | libevent_malloc: new ptr-libevent@0x55d866ca1c08 size 8 Aug 26 18:24:23.660691: | libevent_realloc: release ptr-libevent@0x55d866ca1a88 Aug 26 18:24:23.660694: | libevent_realloc: new ptr-libevent@0x55d866ca1c48 size 256 Aug 26 18:24:23.660697: | libevent_malloc: new ptr-libevent@0x55d866ca1d78 size 152 Aug 26 18:24:23.660699: | signal event handler PLUTO_SIGSYS installed Aug 26 18:24:23.661063: | created addconn helper (pid:15981) using fork+execve Aug 26 18:24:23.661080: | forked child 15981 Aug 26 18:24:23.661129: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:23.661506: listening for IKE messages Aug 26 18:24:23.661907: | Inspecting interface lo Aug 26 18:24:23.661919: | found lo with address 127.0.0.1 Aug 26 18:24:23.661927: | Inspecting interface eth0 Aug 26 18:24:23.661932: | found eth0 with address 192.0.2.254 Aug 26 18:24:23.661937: | Inspecting interface eth1 Aug 26 18:24:23.661942: | found eth1 with address 192.1.2.23 Aug 26 18:24:23.662046: Kernel supports NIC esp-hw-offload Aug 26 18:24:23.662060: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Aug 26 18:24:23.662105: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:23.662110: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:23.662114: adding interface eth1/eth1 192.1.2.23:4500 Aug 26 18:24:23.662137: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Aug 26 18:24:23.662155: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:23.662160: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:23.662169: adding interface eth0/eth0 192.0.2.254:4500 Aug 26 18:24:23.662191: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:24:23.662209: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:23.662214: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:23.662218: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:24:23.662308: | no interfaces to sort Aug 26 18:24:23.662317: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:24:23.662327: | add_fd_read_event_handler: new ethX-pe@0x55d866ca2358 Aug 26 18:24:23.662331: | libevent_malloc: new ptr-libevent@0x55d866c96538 size 128 Aug 26 18:24:23.662336: | libevent_malloc: new ptr-libevent@0x55d866ca23c8 size 16 Aug 26 18:24:23.662345: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:23.662348: | add_fd_read_event_handler: new ethX-pe@0x55d866ca2408 Aug 26 18:24:23.662354: | libevent_malloc: new ptr-libevent@0x55d866c3d148 size 128 Aug 26 18:24:23.662358: | libevent_malloc: new ptr-libevent@0x55d866ca2478 size 16 Aug 26 18:24:23.662363: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:23.662367: | add_fd_read_event_handler: new ethX-pe@0x55d866ca24b8 Aug 26 18:24:23.662374: | libevent_malloc: new ptr-libevent@0x55d866c3ca68 size 128 Aug 26 18:24:23.662378: | libevent_malloc: new ptr-libevent@0x55d866ca2528 size 16 Aug 26 18:24:23.662383: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 18:24:23.662387: | add_fd_read_event_handler: new ethX-pe@0x55d866ca2568 Aug 26 18:24:23.662390: | libevent_malloc: new ptr-libevent@0x55d866c3c128 size 128 Aug 26 18:24:23.662394: | libevent_malloc: new ptr-libevent@0x55d866ca25d8 size 16 Aug 26 18:24:23.662399: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 18:24:23.662403: | add_fd_read_event_handler: new ethX-pe@0x55d866ca2618 Aug 26 18:24:23.662406: | libevent_malloc: new ptr-libevent@0x55d866c3c228 size 128 Aug 26 18:24:23.662410: | libevent_malloc: new ptr-libevent@0x55d866ca2688 size 16 Aug 26 18:24:23.662415: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 18:24:23.662419: | add_fd_read_event_handler: new ethX-pe@0x55d866ca26c8 Aug 26 18:24:23.662422: | libevent_malloc: new ptr-libevent@0x55d866c3c328 size 128 Aug 26 18:24:23.662426: | libevent_malloc: new ptr-libevent@0x55d866ca2738 size 16 Aug 26 18:24:23.662431: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 18:24:23.662437: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:23.662440: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:23.662460: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:23.662502: | saving Modulus Aug 26 18:24:23.662506: | saving PublicExponent Aug 26 18:24:23.662512: | ignoring PrivateExponent Aug 26 18:24:23.662516: | ignoring Prime1 Aug 26 18:24:23.662520: | ignoring Prime2 Aug 26 18:24:23.662524: | ignoring Exponent1 Aug 26 18:24:23.662528: | ignoring Exponent2 Aug 26 18:24:23.662533: | ignoring Coefficient Aug 26 18:24:23.662537: | ignoring CKAIDNSS Aug 26 18:24:23.662583: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 18:24:23.662587: | computed rsa CKAID 8a 82 25 f1 Aug 26 18:24:23.662591: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 18:24:23.662606: | certs and keys locked by 'process_secret' Aug 26 18:24:23.662612: | certs and keys unlocked by 'process_secret' Aug 26 18:24:23.662711: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:23.662721: | spent 1.49 milliseconds in whack Aug 26 18:24:23.662738: | starting up helper thread 5 Aug 26 18:24:23.662746: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:24:23.662749: | crypto helper 5 waiting (nothing to do) Aug 26 18:24:23.710460: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:23.710482: listening for IKE messages Aug 26 18:24:23.710518: | Inspecting interface lo Aug 26 18:24:23.710526: | found lo with address 127.0.0.1 Aug 26 18:24:23.710529: | Inspecting interface eth0 Aug 26 18:24:23.710534: | found eth0 with address 192.0.2.254 Aug 26 18:24:23.710536: | Inspecting interface eth1 Aug 26 18:24:23.710540: | found eth1 with address 192.1.2.23 Aug 26 18:24:23.710598: | no interfaces to sort Aug 26 18:24:23.710608: | libevent_free: release ptr-libevent@0x55d866c96538 Aug 26 18:24:23.710611: | free_event_entry: release EVENT_NULL-pe@0x55d866ca2358 Aug 26 18:24:23.710615: | add_fd_read_event_handler: new ethX-pe@0x55d866ca2358 Aug 26 18:24:23.710618: | libevent_malloc: new ptr-libevent@0x55d866c96538 size 128 Aug 26 18:24:23.710625: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:23.710630: | libevent_free: release ptr-libevent@0x55d866c3d148 Aug 26 18:24:23.710633: | free_event_entry: release EVENT_NULL-pe@0x55d866ca2408 Aug 26 18:24:23.710636: | add_fd_read_event_handler: new ethX-pe@0x55d866ca2408 Aug 26 18:24:23.710638: | libevent_malloc: new ptr-libevent@0x55d866c3d148 size 128 Aug 26 18:24:23.710644: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:23.710647: | libevent_free: release ptr-libevent@0x55d866c3ca68 Aug 26 18:24:23.710650: | free_event_entry: release EVENT_NULL-pe@0x55d866ca24b8 Aug 26 18:24:23.710653: | add_fd_read_event_handler: new ethX-pe@0x55d866ca24b8 Aug 26 18:24:23.710656: | libevent_malloc: new ptr-libevent@0x55d866c3ca68 size 128 Aug 26 18:24:23.710661: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 18:24:23.710664: | libevent_free: release ptr-libevent@0x55d866c3c128 Aug 26 18:24:23.710667: | free_event_entry: release EVENT_NULL-pe@0x55d866ca2568 Aug 26 18:24:23.710670: | add_fd_read_event_handler: new ethX-pe@0x55d866ca2568 Aug 26 18:24:23.710673: | libevent_malloc: new ptr-libevent@0x55d866c3c128 size 128 Aug 26 18:24:23.710678: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 18:24:23.710682: | libevent_free: release ptr-libevent@0x55d866c3c228 Aug 26 18:24:23.710684: | free_event_entry: release EVENT_NULL-pe@0x55d866ca2618 Aug 26 18:24:23.710687: | add_fd_read_event_handler: new ethX-pe@0x55d866ca2618 Aug 26 18:24:23.710690: | libevent_malloc: new ptr-libevent@0x55d866c3c228 size 128 Aug 26 18:24:23.710695: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 18:24:23.710699: | libevent_free: release ptr-libevent@0x55d866c3c328 Aug 26 18:24:23.710701: | free_event_entry: release EVENT_NULL-pe@0x55d866ca26c8 Aug 26 18:24:23.710704: | add_fd_read_event_handler: new ethX-pe@0x55d866ca26c8 Aug 26 18:24:23.710707: | libevent_malloc: new ptr-libevent@0x55d866c3c328 size 128 Aug 26 18:24:23.710712: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 18:24:23.710715: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:23.710718: forgetting secrets Aug 26 18:24:23.710725: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:23.710739: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:23.710753: | saving Modulus Aug 26 18:24:23.710757: | saving PublicExponent Aug 26 18:24:23.710761: | ignoring PrivateExponent Aug 26 18:24:23.710764: | ignoring Prime1 Aug 26 18:24:23.710767: | ignoring Prime2 Aug 26 18:24:23.710771: | ignoring Exponent1 Aug 26 18:24:23.710774: | ignoring Exponent2 Aug 26 18:24:23.710777: | ignoring Coefficient Aug 26 18:24:23.710781: | ignoring CKAIDNSS Aug 26 18:24:23.710804: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 18:24:23.710808: | computed rsa CKAID 8a 82 25 f1 Aug 26 18:24:23.710812: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 18:24:23.710817: | certs and keys locked by 'process_secret' Aug 26 18:24:23.710820: | certs and keys unlocked by 'process_secret' Aug 26 18:24:23.710828: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:23.710836: | spent 0.383 milliseconds in whack Aug 26 18:24:23.714704: | processing signal PLUTO_SIGCHLD Aug 26 18:24:23.714724: | waitpid returned pid 15981 (exited with status 0) Aug 26 18:24:23.714732: | reaped addconn helper child (status 0) Aug 26 18:24:23.714737: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:23.714744: | spent 0.0219 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:23.754706: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:23.754727: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:23.754730: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:23.754733: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:23.754736: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:23.754740: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:23.754747: | Added new connection northnet-eastnet-ipv4 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:23.754750: | No AUTH policy was set - defaulting to RSASIG Aug 26 18:24:23.754806: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:24:23.754810: | from whack: got --esp= Aug 26 18:24:23.754845: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 18:24:23.754850: | counting wild cards for @north is 0 Aug 26 18:24:23.754854: | counting wild cards for @east is 0 Aug 26 18:24:23.754864: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Aug 26 18:24:23.754867: | new hp@0x55d866ca4ed8 Aug 26 18:24:23.754873: added connection description "northnet-eastnet-ipv4" Aug 26 18:24:23.754882: | ike_life: 50s; ipsec_life: 180s; rekey_margin: 5s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:23.754894: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.3.33<192.1.3.33>[@north]===192.0.3.0/24 Aug 26 18:24:23.754903: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:23.754911: | spent 0.213 milliseconds in whack Aug 26 18:24:23.754943: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:23.754952: add keyid @north Aug 26 18:24:23.754955: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Aug 26 18:24:23.754958: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Aug 26 18:24:23.754960: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Aug 26 18:24:23.754963: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Aug 26 18:24:23.754965: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Aug 26 18:24:23.754967: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Aug 26 18:24:23.754970: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Aug 26 18:24:23.754972: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Aug 26 18:24:23.754975: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Aug 26 18:24:23.754977: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Aug 26 18:24:23.754980: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Aug 26 18:24:23.754982: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Aug 26 18:24:23.754984: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Aug 26 18:24:23.754987: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Aug 26 18:24:23.754989: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Aug 26 18:24:23.754991: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Aug 26 18:24:23.754997: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Aug 26 18:24:23.755000: | add pubkey c7 5e a5 99 Aug 26 18:24:23.755023: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 18:24:23.755026: | computed rsa CKAID 88 aa 7c 5d Aug 26 18:24:23.755035: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:23.755040: | spent 0.0997 milliseconds in whack Aug 26 18:24:23.755064: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:23.755072: add keyid @east Aug 26 18:24:23.755075: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 18:24:23.755078: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 18:24:23.755080: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 18:24:23.755083: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 18:24:23.755085: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 18:24:23.755088: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 18:24:23.755090: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 18:24:23.755092: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 18:24:23.755095: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 18:24:23.755097: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 18:24:23.755100: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 18:24:23.755102: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 18:24:23.755104: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 18:24:23.755107: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 18:24:23.755109: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 18:24:23.755112: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 18:24:23.755114: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 18:24:23.755117: | add pubkey 51 51 48 ef Aug 26 18:24:23.755124: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 18:24:23.755126: | computed rsa CKAID 8a 82 25 f1 Aug 26 18:24:23.755134: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:23.755138: | spent 0.077 milliseconds in whack Aug 26 18:24:23.819252: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:23.819629: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:23.819642: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:23.819703: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:24:23.819717: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:23.819726: | spent 0.449 milliseconds in whack Aug 26 18:24:26.396117: | spent 0.00253 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:26.396143: | *received 828 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:24:26.396147: | a2 24 da 50 b9 cc 37 1e 00 00 00 00 00 00 00 00 Aug 26 18:24:26.396150: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:24:26.396152: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:24:26.396154: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:24:26.396157: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:24:26.396159: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:24:26.396162: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:24:26.396164: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:24:26.396166: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:24:26.396169: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:24:26.396171: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:24:26.396174: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:24:26.396179: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:24:26.396181: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:24:26.396184: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:24:26.396186: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:24:26.396188: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:24:26.396191: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:24:26.396193: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:24:26.396196: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:24:26.396198: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:24:26.396201: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:24:26.396203: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:24:26.396205: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:24:26.396208: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:24:26.396210: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:24:26.396213: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:24:26.396215: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:24:26.396218: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:24:26.396220: | 28 00 01 08 00 0e 00 00 07 65 35 cd e6 cf c8 4f Aug 26 18:24:26.396222: | 18 30 b8 42 ae 05 e1 c2 cf 14 1d 6f f1 06 28 59 Aug 26 18:24:26.396225: | 5c 09 fc 31 18 f4 5d 57 52 b7 06 2d ee 72 12 13 Aug 26 18:24:26.396227: | 55 1b f8 12 df c5 15 f7 33 88 f1 ca 6a 5a b2 6a Aug 26 18:24:26.396230: | e9 2d 8b 7c 6d 76 42 3e 9c d0 0d 36 67 41 b2 76 Aug 26 18:24:26.396232: | 7c 1b c2 16 a5 3d 28 ff 5c 50 b9 c5 83 cb 4c 64 Aug 26 18:24:26.396234: | de 4a af 98 ed 38 14 ac 80 9b 85 87 67 d5 14 55 Aug 26 18:24:26.396237: | ca 3a f6 c0 b1 04 aa af a7 e1 ea 21 17 b8 f7 11 Aug 26 18:24:26.396239: | b3 c6 e5 c4 6e 80 10 be 74 1d 64 f7 2b 1a a9 18 Aug 26 18:24:26.396242: | f6 77 e4 7c f6 39 65 37 10 0e d7 e6 41 ec e6 5e Aug 26 18:24:26.396244: | fc b0 f3 2f fb 0f 0f f3 2c ed 8f d2 68 04 b7 6b Aug 26 18:24:26.396246: | 59 55 f1 e4 9a 00 60 6b 5d a0 85 20 71 fc 03 12 Aug 26 18:24:26.396249: | 65 e0 4f f0 04 dd 8c a9 30 7e 14 39 e4 cc ac c2 Aug 26 18:24:26.396251: | 47 b2 3d ae 64 4a 06 ea 37 d5 94 79 4e 7d bc ca Aug 26 18:24:26.396254: | 3f 36 47 83 39 0c 6b 42 b1 85 c7 d0 91 d1 be 07 Aug 26 18:24:26.396256: | c1 54 50 d0 32 1b b9 c6 31 34 08 11 32 bc 3c 43 Aug 26 18:24:26.396259: | 08 c5 dd 0e 00 c8 4f 5a 29 00 00 24 83 e1 ba 32 Aug 26 18:24:26.396261: | a6 2c 80 69 c6 c9 04 24 19 ca 07 3e d3 2b a5 fc Aug 26 18:24:26.396264: | 84 21 ce e6 e2 e7 3d 46 c1 b5 60 a7 29 00 00 08 Aug 26 18:24:26.396267: | 00 00 40 2e 29 00 00 1c 00 00 40 04 41 5f a3 9f Aug 26 18:24:26.396269: | 31 71 32 fa 16 9c 17 b8 1a 76 6e 49 d6 a0 32 22 Aug 26 18:24:26.396272: | 00 00 00 1c 00 00 40 05 5e 3b 5e f4 c2 89 d4 be Aug 26 18:24:26.396274: | 3e 69 2e eb 65 c4 c4 15 e6 91 d8 ba Aug 26 18:24:26.396280: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:24:26.396284: | **parse ISAKMP Message: Aug 26 18:24:26.396287: | initiator cookie: Aug 26 18:24:26.396295: | a2 24 da 50 b9 cc 37 1e Aug 26 18:24:26.396298: | responder cookie: Aug 26 18:24:26.396300: | 00 00 00 00 00 00 00 00 Aug 26 18:24:26.396303: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:26.396306: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:26.396308: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:26.396311: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:26.396314: | Message ID: 0 (0x0) Aug 26 18:24:26.396316: | length: 828 (0x33c) Aug 26 18:24:26.396319: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 18:24:26.396323: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Aug 26 18:24:26.396328: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Aug 26 18:24:26.396331: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:26.396335: | ***parse IKEv2 Security Association Payload: Aug 26 18:24:26.396337: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:24:26.396340: | flags: none (0x0) Aug 26 18:24:26.396342: | length: 436 (0x1b4) Aug 26 18:24:26.396345: | processing payload: ISAKMP_NEXT_v2SA (len=432) Aug 26 18:24:26.396348: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:24:26.396351: | ***parse IKEv2 Key Exchange Payload: Aug 26 18:24:26.396353: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:24:26.396356: | flags: none (0x0) Aug 26 18:24:26.396358: | length: 264 (0x108) Aug 26 18:24:26.396360: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:26.396363: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:24:26.396365: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:24:26.396368: | ***parse IKEv2 Nonce Payload: Aug 26 18:24:26.396370: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:26.396373: | flags: none (0x0) Aug 26 18:24:26.396375: | length: 36 (0x24) Aug 26 18:24:26.396378: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:24:26.396380: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:26.396383: | ***parse IKEv2 Notify Payload: Aug 26 18:24:26.396385: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:26.396388: | flags: none (0x0) Aug 26 18:24:26.396390: | length: 8 (0x8) Aug 26 18:24:26.396393: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:26.396395: | SPI size: 0 (0x0) Aug 26 18:24:26.396398: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:26.396401: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:24:26.396403: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:26.396406: | ***parse IKEv2 Notify Payload: Aug 26 18:24:26.396408: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:26.396411: | flags: none (0x0) Aug 26 18:24:26.396413: | length: 28 (0x1c) Aug 26 18:24:26.396416: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:26.396418: | SPI size: 0 (0x0) Aug 26 18:24:26.396421: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:26.396423: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:26.396426: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:26.396428: | ***parse IKEv2 Notify Payload: Aug 26 18:24:26.396431: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:26.396433: | flags: none (0x0) Aug 26 18:24:26.396435: | length: 28 (0x1c) Aug 26 18:24:26.396438: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:26.396440: | SPI size: 0 (0x0) Aug 26 18:24:26.396443: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:26.396445: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:26.396448: | DDOS disabled and no cookie sent, continuing Aug 26 18:24:26.396454: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 18:24:26.396459: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 18:24:26.396462: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 18:24:26.396465: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnet-ipv4) Aug 26 18:24:26.396468: | find_next_host_connection returns empty Aug 26 18:24:26.396472: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 18:24:26.396475: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 18:24:26.396477: | find_next_host_connection returns empty Aug 26 18:24:26.396481: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Aug 26 18:24:26.396486: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 18:24:26.396493: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 18:24:26.396496: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 18:24:26.396499: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnet-ipv4) Aug 26 18:24:26.396502: | find_next_host_connection returns northnet-eastnet-ipv4 Aug 26 18:24:26.396505: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 18:24:26.396507: | find_next_host_connection returns empty Aug 26 18:24:26.396510: | found connection: northnet-eastnet-ipv4 with policy RSASIG+IKEV2_ALLOW Aug 26 18:24:26.396531: | creating state object #1 at 0x55d866ca70c8 Aug 26 18:24:26.396534: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 18:24:26.396542: | pstats #1 ikev2.ike started Aug 26 18:24:26.396545: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:24:26.396548: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Aug 26 18:24:26.396554: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:26.396562: | start processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:26.396565: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:26.396569: | [RE]START processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:26.396573: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 18:24:26.396577: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Aug 26 18:24:26.396581: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 18:24:26.396584: | #1 in state PARENT_R0: processing SA_INIT request Aug 26 18:24:26.396587: | selected state microcode Respond to IKE_SA_INIT Aug 26 18:24:26.396589: | Now let's proceed with state specific processing Aug 26 18:24:26.396592: | calling processor Respond to IKE_SA_INIT Aug 26 18:24:26.396602: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:24:26.396605: | constructing local IKE proposals for northnet-eastnet-ipv4 (IKE SA responder matching remote proposals) Aug 26 18:24:26.396613: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:26.396620: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:26.396624: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:26.396629: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:26.396634: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:26.396639: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:26.396643: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:26.396648: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:26.396661: "northnet-eastnet-ipv4": constructed local IKE proposals for northnet-eastnet-ipv4 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:26.396665: | Comparing remote proposals against IKE responder 4 local proposals Aug 26 18:24:26.396670: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:26.396673: | local proposal 1 type PRF has 2 transforms Aug 26 18:24:26.396675: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:26.396678: | local proposal 1 type DH has 8 transforms Aug 26 18:24:26.396680: | local proposal 1 type ESN has 0 transforms Aug 26 18:24:26.396684: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:26.396687: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:26.396689: | local proposal 2 type PRF has 2 transforms Aug 26 18:24:26.396692: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:26.396694: | local proposal 2 type DH has 8 transforms Aug 26 18:24:26.396697: | local proposal 2 type ESN has 0 transforms Aug 26 18:24:26.396700: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:26.396702: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:26.396705: | local proposal 3 type PRF has 2 transforms Aug 26 18:24:26.396707: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:26.396710: | local proposal 3 type DH has 8 transforms Aug 26 18:24:26.396712: | local proposal 3 type ESN has 0 transforms Aug 26 18:24:26.396715: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:26.396718: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:26.396720: | local proposal 4 type PRF has 2 transforms Aug 26 18:24:26.396723: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:26.396725: | local proposal 4 type DH has 8 transforms Aug 26 18:24:26.396728: | local proposal 4 type ESN has 0 transforms Aug 26 18:24:26.396731: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:26.396734: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:26.396736: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:26.396739: | length: 100 (0x64) Aug 26 18:24:26.396741: | prop #: 1 (0x1) Aug 26 18:24:26.396744: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:26.396746: | spi size: 0 (0x0) Aug 26 18:24:26.396749: | # transforms: 11 (0xb) Aug 26 18:24:26.396752: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Aug 26 18:24:26.396755: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.396758: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.396760: | length: 12 (0xc) Aug 26 18:24:26.396763: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:26.396766: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:26.396768: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:26.396771: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:26.396773: | length/value: 256 (0x100) Aug 26 18:24:26.396778: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:26.396780: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.396783: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.396785: | length: 8 (0x8) Aug 26 18:24:26.396788: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:26.396792: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:26.396796: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 18:24:26.396799: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Aug 26 18:24:26.396802: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Aug 26 18:24:26.396805: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Aug 26 18:24:26.396808: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.396810: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.396813: | length: 8 (0x8) Aug 26 18:24:26.396815: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:26.396818: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:26.396821: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.396823: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.396825: | length: 8 (0x8) Aug 26 18:24:26.396828: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.396830: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:26.396834: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:24:26.396837: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Aug 26 18:24:26.396841: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Aug 26 18:24:26.396844: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Aug 26 18:24:26.396846: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.396849: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.396851: | length: 8 (0x8) Aug 26 18:24:26.396854: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.396856: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:26.396859: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.396861: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.396864: | length: 8 (0x8) Aug 26 18:24:26.396866: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.396869: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:26.396871: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.396874: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.396876: | length: 8 (0x8) Aug 26 18:24:26.396878: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.396881: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:26.396884: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.396886: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.396889: | length: 8 (0x8) Aug 26 18:24:26.396891: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.396893: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:26.396896: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.396899: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.396901: | length: 8 (0x8) Aug 26 18:24:26.396903: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.396906: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:26.396909: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.396911: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.396913: | length: 8 (0x8) Aug 26 18:24:26.396916: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.396918: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:26.396921: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.396924: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:26.396926: | length: 8 (0x8) Aug 26 18:24:26.396928: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.396934: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:26.396938: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 18:24:26.396942: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 18:24:26.396945: | remote proposal 1 matches local proposal 1 Aug 26 18:24:26.396948: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:26.396950: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:26.396953: | length: 100 (0x64) Aug 26 18:24:26.396955: | prop #: 2 (0x2) Aug 26 18:24:26.396958: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:26.396960: | spi size: 0 (0x0) Aug 26 18:24:26.396962: | # transforms: 11 (0xb) Aug 26 18:24:26.396966: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:26.396968: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.396971: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.396973: | length: 12 (0xc) Aug 26 18:24:26.396975: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:26.396978: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:26.396980: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:26.396983: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:26.396985: | length/value: 128 (0x80) Aug 26 18:24:26.396988: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.396991: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.396993: | length: 8 (0x8) Aug 26 18:24:26.396996: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:26.396998: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:26.397001: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397003: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397006: | length: 8 (0x8) Aug 26 18:24:26.397008: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:26.397010: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:26.397013: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397016: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397018: | length: 8 (0x8) Aug 26 18:24:26.397020: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397023: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:26.397025: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397028: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397030: | length: 8 (0x8) Aug 26 18:24:26.397033: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397035: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:26.397038: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397041: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397043: | length: 8 (0x8) Aug 26 18:24:26.397045: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397048: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:26.397050: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397053: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397055: | length: 8 (0x8) Aug 26 18:24:26.397057: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397060: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:26.397063: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397065: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397067: | length: 8 (0x8) Aug 26 18:24:26.397070: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397072: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:26.397075: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397078: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397080: | length: 8 (0x8) Aug 26 18:24:26.397082: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397086: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:26.397089: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397091: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397094: | length: 8 (0x8) Aug 26 18:24:26.397096: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397099: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:26.397101: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397104: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:26.397106: | length: 8 (0x8) Aug 26 18:24:26.397108: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397111: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:26.397115: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Aug 26 18:24:26.397118: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Aug 26 18:24:26.397120: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:26.397123: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:26.397125: | length: 116 (0x74) Aug 26 18:24:26.397128: | prop #: 3 (0x3) Aug 26 18:24:26.397130: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:26.397133: | spi size: 0 (0x0) Aug 26 18:24:26.397135: | # transforms: 13 (0xd) Aug 26 18:24:26.397139: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:26.397141: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397144: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397146: | length: 12 (0xc) Aug 26 18:24:26.397149: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:26.397151: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:26.397154: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:26.397156: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:26.397159: | length/value: 256 (0x100) Aug 26 18:24:26.397162: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397164: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397166: | length: 8 (0x8) Aug 26 18:24:26.397169: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:26.397171: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:26.397174: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397177: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397179: | length: 8 (0x8) Aug 26 18:24:26.397181: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:26.397184: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:26.397186: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397189: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397191: | length: 8 (0x8) Aug 26 18:24:26.397194: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:26.397196: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:26.397199: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397202: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397204: | length: 8 (0x8) Aug 26 18:24:26.397206: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:26.397209: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:26.397212: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397214: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397217: | length: 8 (0x8) Aug 26 18:24:26.397219: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397222: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:26.397224: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397227: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397229: | length: 8 (0x8) Aug 26 18:24:26.397232: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397234: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:26.397238: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397241: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397243: | length: 8 (0x8) Aug 26 18:24:26.397246: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397248: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:26.397251: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397253: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397255: | length: 8 (0x8) Aug 26 18:24:26.397258: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397260: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:26.397263: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397265: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397268: | length: 8 (0x8) Aug 26 18:24:26.397270: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397273: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:26.397275: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397278: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397280: | length: 8 (0x8) Aug 26 18:24:26.397282: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397285: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:26.397295: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397300: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397302: | length: 8 (0x8) Aug 26 18:24:26.397305: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397307: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:26.397310: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397313: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:26.397315: | length: 8 (0x8) Aug 26 18:24:26.397317: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397320: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:26.397324: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 18:24:26.397327: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 18:24:26.397329: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:26.397332: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:26.397334: | length: 116 (0x74) Aug 26 18:24:26.397337: | prop #: 4 (0x4) Aug 26 18:24:26.397339: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:26.397341: | spi size: 0 (0x0) Aug 26 18:24:26.397344: | # transforms: 13 (0xd) Aug 26 18:24:26.397347: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:24:26.397350: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397352: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397355: | length: 12 (0xc) Aug 26 18:24:26.397357: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:26.397359: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:26.397362: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:26.397365: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:26.397367: | length/value: 128 (0x80) Aug 26 18:24:26.397370: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397372: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397375: | length: 8 (0x8) Aug 26 18:24:26.397377: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:26.397380: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:26.397383: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397385: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397387: | length: 8 (0x8) Aug 26 18:24:26.397390: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:26.397392: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:26.397395: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397399: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397401: | length: 8 (0x8) Aug 26 18:24:26.397404: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:26.397406: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:26.397409: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397412: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397414: | length: 8 (0x8) Aug 26 18:24:26.397416: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:26.397419: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:26.397422: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397425: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397427: | length: 8 (0x8) Aug 26 18:24:26.397430: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397432: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:26.397435: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397437: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397440: | length: 8 (0x8) Aug 26 18:24:26.397442: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397445: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:26.397447: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397450: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397452: | length: 8 (0x8) Aug 26 18:24:26.397455: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397457: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:26.397460: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397462: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397465: | length: 8 (0x8) Aug 26 18:24:26.397467: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397470: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:26.397472: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397475: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397477: | length: 8 (0x8) Aug 26 18:24:26.397480: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397482: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:26.397485: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397488: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397490: | length: 8 (0x8) Aug 26 18:24:26.397492: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397495: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:26.397498: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397500: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.397503: | length: 8 (0x8) Aug 26 18:24:26.397505: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397508: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:26.397510: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:26.397513: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:26.397515: | length: 8 (0x8) Aug 26 18:24:26.397518: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.397520: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:26.397524: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 18:24:26.397527: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 18:24:26.397531: "northnet-eastnet-ipv4" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Aug 26 18:24:26.397537: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Aug 26 18:24:26.397540: | converting proposal to internal trans attrs Aug 26 18:24:26.397544: | natd_hash: rcookie is zero Aug 26 18:24:26.397553: | natd_hash: hasher=0x55d86664b800(20) Aug 26 18:24:26.397555: | natd_hash: icookie= a2 24 da 50 b9 cc 37 1e Aug 26 18:24:26.397558: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:26.397560: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:26.397562: | natd_hash: port=500 Aug 26 18:24:26.397565: | natd_hash: hash= 5e 3b 5e f4 c2 89 d4 be 3e 69 2e eb 65 c4 c4 15 Aug 26 18:24:26.397567: | natd_hash: hash= e6 91 d8 ba Aug 26 18:24:26.397570: | natd_hash: rcookie is zero Aug 26 18:24:26.397577: | natd_hash: hasher=0x55d86664b800(20) Aug 26 18:24:26.397579: | natd_hash: icookie= a2 24 da 50 b9 cc 37 1e Aug 26 18:24:26.397582: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:26.397584: | natd_hash: ip= c0 01 03 21 Aug 26 18:24:26.397586: | natd_hash: port=500 Aug 26 18:24:26.397589: | natd_hash: hash= 41 5f a3 9f 31 71 32 fa 16 9c 17 b8 1a 76 6e 49 Aug 26 18:24:26.397591: | natd_hash: hash= d6 a0 32 22 Aug 26 18:24:26.397594: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:24:26.397596: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 18:24:26.397599: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:24:26.397602: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Aug 26 18:24:26.397606: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Aug 26 18:24:26.397609: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d866ca50a8 Aug 26 18:24:26.397613: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:24:26.397616: | libevent_malloc: new ptr-libevent@0x55d866ca5428 size 128 Aug 26 18:24:26.397627: | #1 spent 1.02 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Aug 26 18:24:26.397634: | [RE]START processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:26.397636: | crypto helper 0 resuming Aug 26 18:24:26.397653: | crypto helper 0 starting work-order 1 for state #1 Aug 26 18:24:26.397660: | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Aug 26 18:24:26.398658: | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000997 seconds Aug 26 18:24:26.398674: | (#1) spent 1.01 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Aug 26 18:24:26.398679: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 18:24:26.398683: | scheduling resume sending helper answer for #1 Aug 26 18:24:26.398687: | libevent_malloc: new ptr-libevent@0x7ff1b0002888 size 128 Aug 26 18:24:26.398694: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:26.397637: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Aug 26 18:24:26.398704: | suspending state #1 and saving MD Aug 26 18:24:26.398707: | #1 is busy; has a suspended MD Aug 26 18:24:26.398714: | [RE]START processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:26.398720: | "northnet-eastnet-ipv4" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:26.398726: | stop processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:26.398733: | #1 spent 1.53 milliseconds in ikev2_process_packet() Aug 26 18:24:26.398738: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 18:24:26.398745: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:26.398749: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:26.398754: | spent 1.56 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:26.398763: | processing resume sending helper answer for #1 Aug 26 18:24:26.398770: | start processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:24:26.398774: | crypto helper 0 replies to request ID 1 Aug 26 18:24:26.398778: | calling continuation function 0x55d866576b50 Aug 26 18:24:26.398782: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Aug 26 18:24:26.398817: | **emit ISAKMP Message: Aug 26 18:24:26.398821: | initiator cookie: Aug 26 18:24:26.398824: | a2 24 da 50 b9 cc 37 1e Aug 26 18:24:26.398828: | responder cookie: Aug 26 18:24:26.398830: | 91 19 95 72 d6 80 ce 22 Aug 26 18:24:26.398834: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:26.398838: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:26.398841: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:26.398845: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:26.398848: | Message ID: 0 (0x0) Aug 26 18:24:26.398852: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:26.398856: | Emitting ikev2_proposal ... Aug 26 18:24:26.398860: | ***emit IKEv2 Security Association Payload: Aug 26 18:24:26.398863: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:26.398866: | flags: none (0x0) Aug 26 18:24:26.398871: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:26.398876: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:26.398880: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:26.398883: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:26.398886: | prop #: 1 (0x1) Aug 26 18:24:26.398890: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:26.398893: | spi size: 0 (0x0) Aug 26 18:24:26.398896: | # transforms: 3 (0x3) Aug 26 18:24:26.398900: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:26.398904: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:26.398908: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.398911: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:26.398914: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:26.398919: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:26.398923: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:26.398926: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:26.398930: | length/value: 256 (0x100) Aug 26 18:24:26.398933: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:26.398937: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:26.398940: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.398944: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:26.398947: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:26.398952: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.398957: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:26.398960: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:26.398964: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:26.398967: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:26.398972: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:26.398976: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:26.398981: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:26.398985: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:26.398989: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:26.398992: | emitting length of IKEv2 Proposal Substructure Payload: 36 Aug 26 18:24:26.398996: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:26.399000: | emitting length of IKEv2 Security Association Payload: 40 Aug 26 18:24:26.399004: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:26.399008: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:24:26.399012: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:26.399015: | flags: none (0x0) Aug 26 18:24:26.399018: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:26.399023: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:24:26.399027: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:24:26.399031: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:24:26.399035: | ikev2 g^x 42 c4 1a aa 9b 41 7a d2 1e 33 83 68 2b 76 88 c9 Aug 26 18:24:26.399039: | ikev2 g^x 22 5b 82 7f c6 06 ac 6e 12 71 53 a8 80 24 85 f7 Aug 26 18:24:26.399042: | ikev2 g^x cc bf 8d 1c 45 05 64 35 c5 6b 58 37 bb 69 44 c7 Aug 26 18:24:26.399045: | ikev2 g^x 98 b6 c5 09 fa 72 5e 89 20 bd 92 fe f4 94 d1 24 Aug 26 18:24:26.399048: | ikev2 g^x c0 8e cd 5e 4c 6b 14 52 36 10 eb 6f 9c 25 47 03 Aug 26 18:24:26.399052: | ikev2 g^x 7b 77 5b 02 24 8e b6 e8 0c 7a 10 7a 51 bf 7e be Aug 26 18:24:26.399055: | ikev2 g^x c2 d1 27 9f 2f 43 62 c6 5e c4 99 e9 3a 23 8d 54 Aug 26 18:24:26.399059: | ikev2 g^x 7f 18 0d 75 49 87 47 4d 06 63 aa 79 6a 25 af f9 Aug 26 18:24:26.399062: | ikev2 g^x cd 47 da 1b a4 8c e4 e9 0d b3 ea 35 4d 51 94 9d Aug 26 18:24:26.399065: | ikev2 g^x 46 22 c6 84 e0 f3 11 67 45 c6 49 d1 f1 00 8e 27 Aug 26 18:24:26.399069: | ikev2 g^x 7d 8e 28 66 93 51 7c 0b 44 2e 3f 2c d4 35 4c 74 Aug 26 18:24:26.399072: | ikev2 g^x 96 6c dd ed a6 55 a8 8b b9 f8 ec 62 6c 28 8e 34 Aug 26 18:24:26.399076: | ikev2 g^x c2 09 c9 7e a0 46 f6 d7 2f f1 11 d7 21 d0 cb bc Aug 26 18:24:26.399080: | ikev2 g^x 10 43 8d 9d 7d 0d f9 da fd 81 53 a8 61 82 6b e9 Aug 26 18:24:26.399083: | ikev2 g^x 06 59 18 02 70 3d d7 64 54 9a dc a4 91 33 7c 62 Aug 26 18:24:26.399086: | ikev2 g^x f7 82 cf c3 c9 e5 0c 75 fd 93 ba ce 68 26 ef 9f Aug 26 18:24:26.399090: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:24:26.399094: | ***emit IKEv2 Nonce Payload: Aug 26 18:24:26.399098: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:26.399101: | flags: none (0x0) Aug 26 18:24:26.399106: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:24:26.399111: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:24:26.399115: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:24:26.399119: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:24:26.399123: | IKEv2 nonce e5 22 99 1e 2c 57 a8 63 f3 c3 dd 7d 1e 55 3c ba Aug 26 18:24:26.399126: | IKEv2 nonce c5 ef b3 1d cd c9 ac ad b4 0b 15 6c 7d c2 9f 0f Aug 26 18:24:26.399130: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:24:26.399136: | Adding a v2N Payload Aug 26 18:24:26.399140: | ***emit IKEv2 Notify Payload: Aug 26 18:24:26.399144: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:26.399147: | flags: none (0x0) Aug 26 18:24:26.399151: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:26.399154: | SPI size: 0 (0x0) Aug 26 18:24:26.399158: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:26.399163: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:26.399168: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:26.399171: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:24:26.399175: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:24:26.399186: | natd_hash: hasher=0x55d86664b800(20) Aug 26 18:24:26.399190: | natd_hash: icookie= a2 24 da 50 b9 cc 37 1e Aug 26 18:24:26.399193: | natd_hash: rcookie= 91 19 95 72 d6 80 ce 22 Aug 26 18:24:26.399196: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:26.399199: | natd_hash: port=500 Aug 26 18:24:26.399203: | natd_hash: hash= 56 cf 1d 37 d5 55 d5 5d f7 d3 31 a8 a7 22 4c a6 Aug 26 18:24:26.399206: | natd_hash: hash= d9 bc 7e 8e Aug 26 18:24:26.399208: | Adding a v2N Payload Aug 26 18:24:26.399212: | ***emit IKEv2 Notify Payload: Aug 26 18:24:26.399215: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:26.399218: | flags: none (0x0) Aug 26 18:24:26.399221: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:26.399224: | SPI size: 0 (0x0) Aug 26 18:24:26.399227: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:26.399232: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:26.399236: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:26.399240: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:26.399244: | Notify data 56 cf 1d 37 d5 55 d5 5d f7 d3 31 a8 a7 22 4c a6 Aug 26 18:24:26.399247: | Notify data d9 bc 7e 8e Aug 26 18:24:26.399250: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:26.399257: | natd_hash: hasher=0x55d86664b800(20) Aug 26 18:24:26.399261: | natd_hash: icookie= a2 24 da 50 b9 cc 37 1e Aug 26 18:24:26.399264: | natd_hash: rcookie= 91 19 95 72 d6 80 ce 22 Aug 26 18:24:26.399267: | natd_hash: ip= c0 01 03 21 Aug 26 18:24:26.399270: | natd_hash: port=500 Aug 26 18:24:26.399274: | natd_hash: hash= be 87 54 04 10 a2 66 07 ad 6f 68 28 5e 90 f5 2d Aug 26 18:24:26.399277: | natd_hash: hash= 47 23 12 39 Aug 26 18:24:26.399280: | Adding a v2N Payload Aug 26 18:24:26.399284: | ***emit IKEv2 Notify Payload: Aug 26 18:24:26.399287: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:26.399296: | flags: none (0x0) Aug 26 18:24:26.399300: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:26.399303: | SPI size: 0 (0x0) Aug 26 18:24:26.399307: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:26.399311: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:26.399315: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:26.399319: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:26.399322: | Notify data be 87 54 04 10 a2 66 07 ad 6f 68 28 5e 90 f5 2d Aug 26 18:24:26.399325: | Notify data 47 23 12 39 Aug 26 18:24:26.399328: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:26.399332: | emitting length of ISAKMP Message: 432 Aug 26 18:24:26.399340: | [RE]START processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:26.399345: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Aug 26 18:24:26.399350: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Aug 26 18:24:26.399354: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Aug 26 18:24:26.399358: | Message ID: updating counters for #1 to 0 after switching state Aug 26 18:24:26.399365: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 18:24:26.399371: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:26.399376: "northnet-eastnet-ipv4" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 18:24:26.399382: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 18:24:26.399392: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:24:26.399396: | a2 24 da 50 b9 cc 37 1e 91 19 95 72 d6 80 ce 22 Aug 26 18:24:26.399399: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 18:24:26.399402: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 18:24:26.399405: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 18:24:26.399409: | 04 00 00 0e 28 00 01 08 00 0e 00 00 42 c4 1a aa Aug 26 18:24:26.399412: | 9b 41 7a d2 1e 33 83 68 2b 76 88 c9 22 5b 82 7f Aug 26 18:24:26.399415: | c6 06 ac 6e 12 71 53 a8 80 24 85 f7 cc bf 8d 1c Aug 26 18:24:26.399418: | 45 05 64 35 c5 6b 58 37 bb 69 44 c7 98 b6 c5 09 Aug 26 18:24:26.399421: | fa 72 5e 89 20 bd 92 fe f4 94 d1 24 c0 8e cd 5e Aug 26 18:24:26.399424: | 4c 6b 14 52 36 10 eb 6f 9c 25 47 03 7b 77 5b 02 Aug 26 18:24:26.399427: | 24 8e b6 e8 0c 7a 10 7a 51 bf 7e be c2 d1 27 9f Aug 26 18:24:26.399430: | 2f 43 62 c6 5e c4 99 e9 3a 23 8d 54 7f 18 0d 75 Aug 26 18:24:26.399433: | 49 87 47 4d 06 63 aa 79 6a 25 af f9 cd 47 da 1b Aug 26 18:24:26.399436: | a4 8c e4 e9 0d b3 ea 35 4d 51 94 9d 46 22 c6 84 Aug 26 18:24:26.399440: | e0 f3 11 67 45 c6 49 d1 f1 00 8e 27 7d 8e 28 66 Aug 26 18:24:26.399443: | 93 51 7c 0b 44 2e 3f 2c d4 35 4c 74 96 6c dd ed Aug 26 18:24:26.399446: | a6 55 a8 8b b9 f8 ec 62 6c 28 8e 34 c2 09 c9 7e Aug 26 18:24:26.399449: | a0 46 f6 d7 2f f1 11 d7 21 d0 cb bc 10 43 8d 9d Aug 26 18:24:26.399452: | 7d 0d f9 da fd 81 53 a8 61 82 6b e9 06 59 18 02 Aug 26 18:24:26.399455: | 70 3d d7 64 54 9a dc a4 91 33 7c 62 f7 82 cf c3 Aug 26 18:24:26.399458: | c9 e5 0c 75 fd 93 ba ce 68 26 ef 9f 29 00 00 24 Aug 26 18:24:26.399461: | e5 22 99 1e 2c 57 a8 63 f3 c3 dd 7d 1e 55 3c ba Aug 26 18:24:26.399464: | c5 ef b3 1d cd c9 ac ad b4 0b 15 6c 7d c2 9f 0f Aug 26 18:24:26.399468: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 18:24:26.399471: | 56 cf 1d 37 d5 55 d5 5d f7 d3 31 a8 a7 22 4c a6 Aug 26 18:24:26.399474: | d9 bc 7e 8e 00 00 00 1c 00 00 40 05 be 87 54 04 Aug 26 18:24:26.399477: | 10 a2 66 07 ad 6f 68 28 5e 90 f5 2d 47 23 12 39 Aug 26 18:24:26.399523: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:26.399528: | libevent_free: release ptr-libevent@0x55d866ca5428 Aug 26 18:24:26.399532: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d866ca50a8 Aug 26 18:24:26.399537: | event_schedule: new EVENT_SO_DISCARD-pe@0x55d866ca50a8 Aug 26 18:24:26.399541: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Aug 26 18:24:26.399545: | libevent_malloc: new ptr-libevent@0x55d866ca6e58 size 128 Aug 26 18:24:26.399550: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:24:26.399556: | #1 spent 0.754 milliseconds in resume sending helper answer Aug 26 18:24:26.399563: | stop processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:24:26.399567: | libevent_free: release ptr-libevent@0x7ff1b0002888 Aug 26 18:24:43.676321: | processing global timer EVENT_SHUNT_SCAN Aug 26 18:24:43.676350: | expiring aged bare shunts from shunt table Aug 26 18:24:43.676357: | spent 0.00495 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 18:25:03.678324: | processing global timer EVENT_SHUNT_SCAN Aug 26 18:25:03.678346: | expiring aged bare shunts from shunt table Aug 26 18:25:03.678365: | spent 0.00457 milliseconds in global timer EVENT_SHUNT_SCAN