Aug 26 18:28:33.194748: FIPS Product: YES Aug 26 18:28:33.194881: FIPS Kernel: NO Aug 26 18:28:33.194885: FIPS Mode: NO Aug 26 18:28:33.194888: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:28:33.195054: Initializing NSS Aug 26 18:28:33.195061: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:28:33.226009: NSS initialized Aug 26 18:28:33.226027: NSS crypto library initialized Aug 26 18:28:33.226029: FIPS HMAC integrity support [enabled] Aug 26 18:28:33.226031: FIPS mode disabled for pluto daemon Aug 26 18:28:33.258632: FIPS HMAC integrity verification self-test FAILED Aug 26 18:28:33.258734: libcap-ng support [enabled] Aug 26 18:28:33.258741: Linux audit support [enabled] Aug 26 18:28:33.258764: Linux audit activated Aug 26 18:28:33.258772: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:7016 Aug 26 18:28:33.258775: core dump dir: /tmp Aug 26 18:28:33.258777: secrets file: /etc/ipsec.secrets Aug 26 18:28:33.258779: leak-detective enabled Aug 26 18:28:33.258781: NSS crypto [enabled] Aug 26 18:28:33.258783: XAUTH PAM support [enabled] Aug 26 18:28:33.258852: | libevent is using pluto's memory allocator Aug 26 18:28:33.258860: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:28:33.258874: | libevent_malloc: new ptr-libevent@0x55ff3c46b7f8 size 40 Aug 26 18:28:33.258877: | libevent_malloc: new ptr-libevent@0x55ff3c46bcd8 size 40 Aug 26 18:28:33.258880: | libevent_malloc: new ptr-libevent@0x55ff3c46bdd8 size 40 Aug 26 18:28:33.258882: | creating event base Aug 26 18:28:33.258886: | libevent_malloc: new ptr-libevent@0x55ff3c4f04b8 size 56 Aug 26 18:28:33.258890: | libevent_malloc: new ptr-libevent@0x55ff3c494b98 size 664 Aug 26 18:28:33.258900: | libevent_malloc: new ptr-libevent@0x55ff3c4f0528 size 24 Aug 26 18:28:33.258903: | libevent_malloc: new ptr-libevent@0x55ff3c4f0578 size 384 Aug 26 18:28:33.258912: | libevent_malloc: new ptr-libevent@0x55ff3c4f0478 size 16 Aug 26 18:28:33.258915: | libevent_malloc: new ptr-libevent@0x55ff3c46b908 size 40 Aug 26 18:28:33.258917: | libevent_malloc: new ptr-libevent@0x55ff3c46bd38 size 48 Aug 26 18:28:33.258923: | libevent_realloc: new ptr-libevent@0x55ff3c495698 size 256 Aug 26 18:28:33.258925: | libevent_malloc: new ptr-libevent@0x55ff3c4f0728 size 16 Aug 26 18:28:33.258931: | libevent_free: release ptr-libevent@0x55ff3c4f04b8 Aug 26 18:28:33.258935: | libevent initialized Aug 26 18:28:33.258938: | libevent_realloc: new ptr-libevent@0x55ff3c4f04b8 size 64 Aug 26 18:28:33.258944: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:28:33.258958: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:28:33.258961: NAT-Traversal support [enabled] Aug 26 18:28:33.258964: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:28:33.258976: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:28:33.258980: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:28:33.259012: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:28:33.259016: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:28:33.259019: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:28:33.259064: Encryption algorithms: Aug 26 18:28:33.259072: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:28:33.259076: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:28:33.259080: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:28:33.259083: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:28:33.259087: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:28:33.259096: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:28:33.259100: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:28:33.259103: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:28:33.259107: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:28:33.259110: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:28:33.259114: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:28:33.259117: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:28:33.259121: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:28:33.259125: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:28:33.259128: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:28:33.259131: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:28:33.259135: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:28:33.259141: Hash algorithms: Aug 26 18:28:33.259144: MD5 IKEv1: IKE IKEv2: Aug 26 18:28:33.259147: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:28:33.259150: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:28:33.259153: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:28:33.259156: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:28:33.259169: PRF algorithms: Aug 26 18:28:33.259172: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:28:33.259175: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:28:33.259179: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:28:33.259182: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:28:33.259185: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:28:33.259188: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:28:33.259213: Integrity algorithms: Aug 26 18:28:33.259217: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:28:33.259221: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:28:33.259225: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:28:33.259228: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:28:33.259233: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:28:33.259235: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:28:33.259239: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:28:33.259242: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:28:33.259245: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:28:33.259257: DH algorithms: Aug 26 18:28:33.259260: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:28:33.259263: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:28:33.259266: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:28:33.259271: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:28:33.259274: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:28:33.259277: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:28:33.259280: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:28:33.259283: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:28:33.259286: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:28:33.259307: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:28:33.259313: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:28:33.259315: testing CAMELLIA_CBC: Aug 26 18:28:33.259318: Camellia: 16 bytes with 128-bit key Aug 26 18:28:33.259469: Camellia: 16 bytes with 128-bit key Aug 26 18:28:33.259497: Camellia: 16 bytes with 256-bit key Aug 26 18:28:33.259539: Camellia: 16 bytes with 256-bit key Aug 26 18:28:33.259565: testing AES_GCM_16: Aug 26 18:28:33.259569: empty string Aug 26 18:28:33.259598: one block Aug 26 18:28:33.259622: two blocks Aug 26 18:28:33.259647: two blocks with associated data Aug 26 18:28:33.259671: testing AES_CTR: Aug 26 18:28:33.259674: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:28:33.259699: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:28:33.259738: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:28:33.259764: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:28:33.259788: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:28:33.259813: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:28:33.259840: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:28:33.259864: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:28:33.259890: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:28:33.259917: testing AES_CBC: Aug 26 18:28:33.259920: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:28:33.259959: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:28:33.259986: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:28:33.260013: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:28:33.260046: testing AES_XCBC: Aug 26 18:28:33.260049: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:28:33.260169: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:28:33.260306: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:28:33.260435: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:28:33.260550: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:28:33.260664: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:28:33.260782: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:28:33.261042: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:28:33.261161: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:28:33.261286: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:28:33.261547: testing HMAC_MD5: Aug 26 18:28:33.261551: RFC 2104: MD5_HMAC test 1 Aug 26 18:28:33.261710: RFC 2104: MD5_HMAC test 2 Aug 26 18:28:33.261851: RFC 2104: MD5_HMAC test 3 Aug 26 18:28:33.262023: 8 CPU cores online Aug 26 18:28:33.262027: starting up 7 crypto helpers Aug 26 18:28:33.262058: started thread for crypto helper 0 Aug 26 18:28:33.262079: started thread for crypto helper 1 Aug 26 18:28:33.262090: | starting up helper thread 0 Aug 26 18:28:33.262111: | starting up helper thread 1 Aug 26 18:28:33.262127: | starting up helper thread 2 Aug 26 18:28:33.262122: started thread for crypto helper 2 Aug 26 18:28:33.262125: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:28:33.262136: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:28:33.262141: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:28:33.262151: | crypto helper 0 waiting (nothing to do) Aug 26 18:28:33.262162: started thread for crypto helper 3 Aug 26 18:28:33.262164: | starting up helper thread 3 Aug 26 18:28:33.262164: | crypto helper 1 waiting (nothing to do) Aug 26 18:28:33.262170: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:28:33.262172: | crypto helper 3 waiting (nothing to do) Aug 26 18:28:33.262177: | crypto helper 2 waiting (nothing to do) Aug 26 18:28:33.262181: started thread for crypto helper 4 Aug 26 18:28:33.262183: | starting up helper thread 4 Aug 26 18:28:33.262187: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:28:33.262189: | crypto helper 4 waiting (nothing to do) Aug 26 18:28:33.262198: started thread for crypto helper 5 Aug 26 18:28:33.262199: | starting up helper thread 5 Aug 26 18:28:33.262204: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:28:33.262205: | crypto helper 5 waiting (nothing to do) Aug 26 18:28:33.262215: started thread for crypto helper 6 Aug 26 18:28:33.262217: | starting up helper thread 6 Aug 26 18:28:33.262221: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:28:33.262222: | crypto helper 6 waiting (nothing to do) Aug 26 18:28:33.262223: | checking IKEv1 state table Aug 26 18:28:33.262232: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:28:33.262234: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:28:33.262237: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:28:33.262240: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:28:33.262243: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:28:33.262245: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:28:33.262247: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:28:33.262250: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:28:33.262252: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:28:33.262255: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:28:33.262257: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:28:33.262259: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:28:33.262262: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:28:33.262265: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:28:33.262267: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:28:33.262269: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:28:33.262272: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:28:33.262274: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:28:33.262277: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:28:33.262279: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:28:33.262282: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:28:33.262284: | -> UNDEFINED EVENT_NULL Aug 26 18:28:33.262287: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:28:33.262301: | -> UNDEFINED EVENT_NULL Aug 26 18:28:33.262304: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:28:33.262307: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:28:33.262310: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:28:33.262312: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:28:33.262327: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:28:33.262330: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:28:33.262332: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:28:33.262335: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:28:33.262337: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:28:33.262340: | -> UNDEFINED EVENT_NULL Aug 26 18:28:33.262343: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:28:33.262345: | -> UNDEFINED EVENT_NULL Aug 26 18:28:33.262348: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:28:33.262350: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:28:33.262355: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:28:33.262358: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:28:33.262360: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:28:33.262363: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:28:33.262365: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:28:33.262368: | -> UNDEFINED EVENT_NULL Aug 26 18:28:33.262370: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:28:33.262373: | -> UNDEFINED EVENT_NULL Aug 26 18:28:33.262375: | INFO: category: informational flags: 0: Aug 26 18:28:33.262378: | -> UNDEFINED EVENT_NULL Aug 26 18:28:33.262380: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:28:33.262383: | -> UNDEFINED EVENT_NULL Aug 26 18:28:33.262385: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:28:33.262388: | -> XAUTH_R1 EVENT_NULL Aug 26 18:28:33.262390: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:28:33.262393: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:28:33.262395: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:28:33.262398: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:28:33.262400: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:28:33.262403: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:28:33.262405: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:28:33.262408: | -> UNDEFINED EVENT_NULL Aug 26 18:28:33.262410: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:28:33.262413: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:28:33.262416: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:28:33.262418: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:28:33.262420: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:28:33.262423: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:28:33.262428: | checking IKEv2 state table Aug 26 18:28:33.262434: | PARENT_I0: category: ignore flags: 0: Aug 26 18:28:33.262437: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:28:33.262440: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:28:33.262443: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:28:33.262446: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:28:33.262448: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:28:33.262451: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:28:33.262454: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:28:33.262457: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:28:33.262459: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:28:33.262462: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:28:33.262465: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:28:33.262467: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:28:33.262470: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:28:33.262472: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:28:33.262475: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:28:33.262478: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:28:33.262480: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:28:33.262483: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:28:33.262486: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:28:33.262488: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:28:33.262491: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:28:33.262494: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:28:33.262498: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:28:33.262501: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:28:33.262503: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:28:33.262506: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:28:33.262509: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:28:33.262511: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:28:33.262514: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:28:33.262517: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:28:33.262520: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:28:33.262523: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:28:33.262525: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:28:33.262528: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:28:33.262531: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:28:33.262534: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:28:33.262537: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:28:33.262540: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:28:33.262542: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:28:33.262545: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:28:33.262548: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:28:33.262551: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:28:33.262554: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:28:33.262557: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:28:33.262559: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:28:33.262562: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:28:33.262577: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:28:33.262624: | Hard-wiring algorithms Aug 26 18:28:33.262627: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:28:33.262631: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:28:33.262634: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:28:33.262636: | adding 3DES_CBC to kernel algorithm db Aug 26 18:28:33.262638: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:28:33.262641: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:28:33.262643: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:28:33.262646: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:28:33.262649: | adding AES_CTR to kernel algorithm db Aug 26 18:28:33.262651: | adding AES_CBC to kernel algorithm db Aug 26 18:28:33.262653: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:28:33.262656: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:28:33.262659: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:28:33.262661: | adding NULL to kernel algorithm db Aug 26 18:28:33.262664: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:28:33.262666: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:28:33.262669: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:28:33.262671: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:28:33.262674: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:28:33.262676: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:28:33.262679: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:28:33.262681: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:28:33.262684: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:28:33.262686: | adding NONE to kernel algorithm db Aug 26 18:28:33.262709: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:28:33.262715: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:28:33.262717: | setup kernel fd callback Aug 26 18:28:33.262720: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55ff3c4f52a8 Aug 26 18:28:33.262725: | libevent_malloc: new ptr-libevent@0x55ff3c4d9568 size 128 Aug 26 18:28:33.262728: | libevent_malloc: new ptr-libevent@0x55ff3c4f53b8 size 16 Aug 26 18:28:33.262733: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55ff3c4f5dc8 Aug 26 18:28:33.262737: | libevent_malloc: new ptr-libevent@0x55ff3c496198 size 128 Aug 26 18:28:33.262740: | libevent_malloc: new ptr-libevent@0x55ff3c4f5d88 size 16 Aug 26 18:28:33.262956: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:28:33.262967: selinux support is enabled. Aug 26 18:28:33.263202: | unbound context created - setting debug level to 5 Aug 26 18:28:33.263227: | /etc/hosts lookups activated Aug 26 18:28:33.263238: | /etc/resolv.conf usage activated Aug 26 18:28:33.263313: | outgoing-port-avoid set 0-65535 Aug 26 18:28:33.263345: | outgoing-port-permit set 32768-60999 Aug 26 18:28:33.263348: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:28:33.263351: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:28:33.263354: | Setting up events, loop start Aug 26 18:28:33.263369: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55ff3c4f5e38 Aug 26 18:28:33.263372: | libevent_malloc: new ptr-libevent@0x55ff3c502048 size 128 Aug 26 18:28:33.263375: | libevent_malloc: new ptr-libevent@0x55ff3c50d318 size 16 Aug 26 18:28:33.263381: | libevent_realloc: new ptr-libevent@0x55ff3c494828 size 256 Aug 26 18:28:33.263384: | libevent_malloc: new ptr-libevent@0x55ff3c50d358 size 8 Aug 26 18:28:33.263387: | libevent_realloc: new ptr-libevent@0x55ff3c467918 size 144 Aug 26 18:28:33.263389: | libevent_malloc: new ptr-libevent@0x55ff3c4a0388 size 152 Aug 26 18:28:33.263393: | libevent_malloc: new ptr-libevent@0x55ff3c50d398 size 16 Aug 26 18:28:33.263396: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:28:33.263399: | libevent_malloc: new ptr-libevent@0x55ff3c50d3d8 size 8 Aug 26 18:28:33.263402: | libevent_malloc: new ptr-libevent@0x55ff3c498238 size 152 Aug 26 18:28:33.263404: | signal event handler PLUTO_SIGTERM installed Aug 26 18:28:33.263407: | libevent_malloc: new ptr-libevent@0x55ff3c50d418 size 8 Aug 26 18:28:33.263409: | libevent_malloc: new ptr-libevent@0x55ff3c50d458 size 152 Aug 26 18:28:33.263412: | signal event handler PLUTO_SIGHUP installed Aug 26 18:28:33.263414: | libevent_malloc: new ptr-libevent@0x55ff3c50d528 size 8 Aug 26 18:28:33.263417: | libevent_realloc: release ptr-libevent@0x55ff3c467918 Aug 26 18:28:33.263419: | libevent_realloc: new ptr-libevent@0x55ff3c50d568 size 256 Aug 26 18:28:33.263422: | libevent_malloc: new ptr-libevent@0x55ff3c50d698 size 152 Aug 26 18:28:33.263425: | signal event handler PLUTO_SIGSYS installed Aug 26 18:28:33.263736: | created addconn helper (pid:7113) using fork+execve Aug 26 18:28:33.263752: | forked child 7113 Aug 26 18:28:33.263795: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:33.263812: listening for IKE messages Aug 26 18:28:33.263849: | Inspecting interface lo Aug 26 18:28:33.263856: | found lo with address 127.0.0.1 Aug 26 18:28:33.263861: | Inspecting interface eth0 Aug 26 18:28:33.263865: | found eth0 with address 192.0.1.254 Aug 26 18:28:33.263871: | Inspecting interface eth1 Aug 26 18:28:33.263875: | found eth1 with address 192.1.2.45 Aug 26 18:28:33.263971: Kernel supports NIC esp-hw-offload Aug 26 18:28:33.264000: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Aug 26 18:28:33.264024: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:28:33.264042: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:28:33.264046: adding interface eth1/eth1 192.1.2.45:4500 Aug 26 18:28:33.264090: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Aug 26 18:28:33.264138: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:28:33.264143: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:28:33.264147: adding interface eth0/eth0 192.0.1.254:4500 Aug 26 18:28:33.264173: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:28:33.264196: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:28:33.264201: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:28:33.264205: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:28:33.264267: | no interfaces to sort Aug 26 18:28:33.264272: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:28:33.264282: | add_fd_read_event_handler: new ethX-pe@0x55ff3c50da98 Aug 26 18:28:33.264286: | libevent_malloc: new ptr-libevent@0x55ff3c501f98 size 128 Aug 26 18:28:33.264293: | libevent_malloc: new ptr-libevent@0x55ff3c50db08 size 16 Aug 26 18:28:33.264305: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:28:33.264309: | add_fd_read_event_handler: new ethX-pe@0x55ff3c50db48 Aug 26 18:28:33.264313: | libevent_malloc: new ptr-libevent@0x55ff3c496098 size 128 Aug 26 18:28:33.264317: | libevent_malloc: new ptr-libevent@0x55ff3c50dbb8 size 16 Aug 26 18:28:33.264322: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:28:33.264325: | add_fd_read_event_handler: new ethX-pe@0x55ff3c50dbf8 Aug 26 18:28:33.264329: | libevent_malloc: new ptr-libevent@0x55ff3c497a48 size 128 Aug 26 18:28:33.264332: | libevent_malloc: new ptr-libevent@0x55ff3c50dc68 size 16 Aug 26 18:28:33.264337: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 18:28:33.264341: | add_fd_read_event_handler: new ethX-pe@0x55ff3c50dca8 Aug 26 18:28:33.264344: | libevent_malloc: new ptr-libevent@0x55ff3c497998 size 128 Aug 26 18:28:33.264347: | libevent_malloc: new ptr-libevent@0x55ff3c50dd18 size 16 Aug 26 18:28:33.264352: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 18:28:33.264355: | add_fd_read_event_handler: new ethX-pe@0x55ff3c50dd58 Aug 26 18:28:33.264359: | libevent_malloc: new ptr-libevent@0x55ff3c46c4e8 size 128 Aug 26 18:28:33.264362: | libevent_malloc: new ptr-libevent@0x55ff3c50ddc8 size 16 Aug 26 18:28:33.264367: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 18:28:33.264370: | add_fd_read_event_handler: new ethX-pe@0x55ff3c50de08 Aug 26 18:28:33.264374: | libevent_malloc: new ptr-libevent@0x55ff3c46c1d8 size 128 Aug 26 18:28:33.264376: | libevent_malloc: new ptr-libevent@0x55ff3c50de78 size 16 Aug 26 18:28:33.264382: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 18:28:33.264387: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:28:33.264389: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:28:33.264410: loading secrets from "/etc/ipsec.secrets" Aug 26 18:28:33.264421: | id type added to secret(0x55ff3c467b58) PKK_PSK: @east Aug 26 18:28:33.264425: | id type added to secret(0x55ff3c467b58) PKK_PSK: @west Aug 26 18:28:33.264430: | Processing PSK at line 1: passed Aug 26 18:28:33.264433: | certs and keys locked by 'process_secret' Aug 26 18:28:33.264437: | certs and keys unlocked by 'process_secret' Aug 26 18:28:33.264451: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:33.264463: | spent 0.669 milliseconds in whack Aug 26 18:28:33.283416: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:33.283435: listening for IKE messages Aug 26 18:28:33.283478: | Inspecting interface lo Aug 26 18:28:33.283496: | found lo with address 127.0.0.1 Aug 26 18:28:33.283498: | Inspecting interface eth0 Aug 26 18:28:33.283501: | found eth0 with address 192.0.1.254 Aug 26 18:28:33.283502: | Inspecting interface eth1 Aug 26 18:28:33.283505: | found eth1 with address 192.1.2.45 Aug 26 18:28:33.283562: | no interfaces to sort Aug 26 18:28:33.283576: | libevent_free: release ptr-libevent@0x55ff3c501f98 Aug 26 18:28:33.283580: | free_event_entry: release EVENT_NULL-pe@0x55ff3c50da98 Aug 26 18:28:33.283584: | add_fd_read_event_handler: new ethX-pe@0x55ff3c50da98 Aug 26 18:28:33.283587: | libevent_malloc: new ptr-libevent@0x55ff3c501f98 size 128 Aug 26 18:28:33.283595: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:28:33.283599: | libevent_free: release ptr-libevent@0x55ff3c496098 Aug 26 18:28:33.283602: | free_event_entry: release EVENT_NULL-pe@0x55ff3c50db48 Aug 26 18:28:33.283605: | add_fd_read_event_handler: new ethX-pe@0x55ff3c50db48 Aug 26 18:28:33.283608: | libevent_malloc: new ptr-libevent@0x55ff3c496098 size 128 Aug 26 18:28:33.283613: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:28:33.283618: | libevent_free: release ptr-libevent@0x55ff3c497a48 Aug 26 18:28:33.283621: | free_event_entry: release EVENT_NULL-pe@0x55ff3c50dbf8 Aug 26 18:28:33.283624: | add_fd_read_event_handler: new ethX-pe@0x55ff3c50dbf8 Aug 26 18:28:33.283627: | libevent_malloc: new ptr-libevent@0x55ff3c497a48 size 128 Aug 26 18:28:33.283632: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 18:28:33.283636: | libevent_free: release ptr-libevent@0x55ff3c497998 Aug 26 18:28:33.283654: | free_event_entry: release EVENT_NULL-pe@0x55ff3c50dca8 Aug 26 18:28:33.283657: | add_fd_read_event_handler: new ethX-pe@0x55ff3c50dca8 Aug 26 18:28:33.283660: | libevent_malloc: new ptr-libevent@0x55ff3c497998 size 128 Aug 26 18:28:33.283665: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 18:28:33.283670: | libevent_free: release ptr-libevent@0x55ff3c46c4e8 Aug 26 18:28:33.283672: | free_event_entry: release EVENT_NULL-pe@0x55ff3c50dd58 Aug 26 18:28:33.283675: | add_fd_read_event_handler: new ethX-pe@0x55ff3c50dd58 Aug 26 18:28:33.283678: | libevent_malloc: new ptr-libevent@0x55ff3c46c4e8 size 128 Aug 26 18:28:33.283684: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 18:28:33.283688: | libevent_free: release ptr-libevent@0x55ff3c46c1d8 Aug 26 18:28:33.283691: | free_event_entry: release EVENT_NULL-pe@0x55ff3c50de08 Aug 26 18:28:33.283694: | add_fd_read_event_handler: new ethX-pe@0x55ff3c50de08 Aug 26 18:28:33.283697: | libevent_malloc: new ptr-libevent@0x55ff3c46c1d8 size 128 Aug 26 18:28:33.283702: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 18:28:33.283704: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:28:33.283706: forgetting secrets Aug 26 18:28:33.283713: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:28:33.283725: loading secrets from "/etc/ipsec.secrets" Aug 26 18:28:33.283732: | id type added to secret(0x55ff3c467b58) PKK_PSK: @east Aug 26 18:28:33.283734: | id type added to secret(0x55ff3c467b58) PKK_PSK: @west Aug 26 18:28:33.283737: | Processing PSK at line 1: passed Aug 26 18:28:33.283739: | certs and keys locked by 'process_secret' Aug 26 18:28:33.283740: | certs and keys unlocked by 'process_secret' Aug 26 18:28:33.283748: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:33.283752: | spent 0.357 milliseconds in whack Aug 26 18:28:33.284374: | processing signal PLUTO_SIGCHLD Aug 26 18:28:33.284392: | waitpid returned pid 7113 (exited with status 0) Aug 26 18:28:33.284396: | reaped addconn helper child (status 0) Aug 26 18:28:33.284402: | waitpid returned ECHILD (no child processes left) Aug 26 18:28:33.284407: | spent 0.0205 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:28:33.351083: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:33.351105: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:28:33.351108: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:28:33.351110: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:28:33.351111: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:28:33.351115: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:28:33.351120: | Added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:28:33.351163: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:28:33.351166: | from whack: got --esp= Aug 26 18:28:33.351192: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 18:28:33.351196: | counting wild cards for @west is 0 Aug 26 18:28:33.351198: | counting wild cards for @east is 0 Aug 26 18:28:33.351205: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Aug 26 18:28:33.351207: | new hp@0x55ff3c510308 Aug 26 18:28:33.351211: added connection description "westnet-eastnet-ipv4-psk-ikev2" Aug 26 18:28:33.351220: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:28:33.351231: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Aug 26 18:28:33.351238: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:33.351246: | spent 0.171 milliseconds in whack Aug 26 18:28:33.414237: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:33.414261: | old debugging base+cpu-usage + none Aug 26 18:28:33.414266: | base debugging = base+cpu-usage Aug 26 18:28:33.414270: | old impairing none + suppress-retransmits Aug 26 18:28:33.414273: | base impairing = suppress-retransmits Aug 26 18:28:33.414280: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:33.414293: | spent 0.0618 milliseconds in whack Aug 26 18:28:33.529797: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:33.529821: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 18:28:33.529826: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:28:33.529834: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Aug 26 18:28:33.529838: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Aug 26 18:28:33.529842: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 18:28:33.529845: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:28:33.529868: | creating state object #1 at 0x55ff3c5103e8 Aug 26 18:28:33.529872: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 18:28:33.529880: | pstats #1 ikev2.ike started Aug 26 18:28:33.529884: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:28:33.529888: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:28:33.529895: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:28:33.529904: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:28:33.529910: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:28:33.529915: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:28:33.529920: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #1 "westnet-eastnet-ipv4-psk-ikev2" Aug 26 18:28:33.529925: "westnet-eastnet-ipv4-psk-ikev2" #1: initiating v2 parent SA Aug 26 18:28:33.529942: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE) Aug 26 18:28:33.529958: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:28:33.529968: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:33.529973: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:28:33.529979: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:33.529983: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:28:33.529989: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:33.529992: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:28:33.529998: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:33.530009: "westnet-eastnet-ipv4-psk-ikev2": constructed local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:33.530019: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 18:28:33.530023: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ff3c512b58 Aug 26 18:28:33.530028: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:28:33.530032: | libevent_malloc: new ptr-libevent@0x55ff3c512bc8 size 128 Aug 26 18:28:33.530046: | #1 spent 0.211 milliseconds in ikev2_parent_outI1() Aug 26 18:28:33.530049: | crypto helper 0 resuming Aug 26 18:28:33.530066: | crypto helper 0 starting work-order 1 for state #1 Aug 26 18:28:33.530072: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 18:28:33.530050: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:28:33.530556: | RESET processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:28:33.530560: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:28:33.530563: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:28:33.530567: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Aug 26 18:28:33.530571: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:33.530576: | spent 0.306 milliseconds in whack Aug 26 18:28:33.531043: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.00097 seconds Aug 26 18:28:33.531054: | (#1) spent 0.967 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 18:28:33.531059: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 18:28:33.531063: | scheduling resume sending helper answer for #1 Aug 26 18:28:33.531072: | libevent_malloc: new ptr-libevent@0x7fb864002888 size 128 Aug 26 18:28:33.531082: | crypto helper 0 waiting (nothing to do) Aug 26 18:28:33.531089: | processing resume sending helper answer for #1 Aug 26 18:28:33.531101: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:28:33.531105: | crypto helper 0 replies to request ID 1 Aug 26 18:28:33.531108: | calling continuation function 0x55ff3aec3b50 Aug 26 18:28:33.531110: | ikev2_parent_outI1_continue for #1 Aug 26 18:28:33.531140: | **emit ISAKMP Message: Aug 26 18:28:33.531143: | initiator cookie: Aug 26 18:28:33.531146: | 56 a4 53 a1 8f ec f6 d7 Aug 26 18:28:33.531148: | responder cookie: Aug 26 18:28:33.531150: | 00 00 00 00 00 00 00 00 Aug 26 18:28:33.531152: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:28:33.531155: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:33.531157: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:28:33.531160: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:28:33.531162: | Message ID: 0 (0x0) Aug 26 18:28:33.531165: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:28:33.531179: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:33.531182: | Emitting ikev2_proposals ... Aug 26 18:28:33.531184: | ***emit IKEv2 Security Association Payload: Aug 26 18:28:33.531187: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:33.531189: | flags: none (0x0) Aug 26 18:28:33.531192: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:28:33.531195: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:28:33.531197: | discarding INTEG=NONE Aug 26 18:28:33.531200: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:33.531202: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:33.531204: | prop #: 1 (0x1) Aug 26 18:28:33.531207: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:33.531209: | spi size: 0 (0x0) Aug 26 18:28:33.531211: | # transforms: 11 (0xb) Aug 26 18:28:33.531213: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:33.531216: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531218: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531221: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:33.531223: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:33.531225: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531228: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:33.531230: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:33.531233: | length/value: 256 (0x100) Aug 26 18:28:33.531235: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:33.531237: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531240: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531242: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:33.531247: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:33.531250: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531253: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531255: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531257: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531259: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531261: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:33.531263: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:33.531266: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531269: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531271: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531273: | discarding INTEG=NONE Aug 26 18:28:33.531275: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531277: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531279: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531281: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:33.531284: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531287: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531308: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531311: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531313: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531315: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531318: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:33.531321: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531324: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531327: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531330: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531333: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531335: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531338: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:33.531341: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531344: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531346: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531349: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531351: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531354: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531356: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:33.531359: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531362: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531364: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531369: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531371: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531374: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531376: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:33.531379: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531382: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531384: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531387: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531389: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531392: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531394: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:33.531397: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531400: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531402: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531405: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531407: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531410: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531412: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:33.531415: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531417: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531420: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531422: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531425: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:33.531427: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531430: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:33.531433: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531436: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531438: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531440: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:28:33.531443: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:33.531446: | discarding INTEG=NONE Aug 26 18:28:33.531448: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:33.531451: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:33.531453: | prop #: 2 (0x2) Aug 26 18:28:33.531455: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:33.531458: | spi size: 0 (0x0) Aug 26 18:28:33.531460: | # transforms: 11 (0xb) Aug 26 18:28:33.531463: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:33.531466: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:33.531469: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531471: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531473: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:33.531476: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:33.531480: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531483: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:33.531486: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:33.531488: | length/value: 128 (0x80) Aug 26 18:28:33.531490: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:33.531493: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531495: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531498: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:33.531500: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:33.531503: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531506: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531509: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531511: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531513: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531516: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:33.531518: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:33.531521: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531524: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531526: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531528: | discarding INTEG=NONE Aug 26 18:28:33.531531: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531533: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531536: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531538: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:33.531541: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531544: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531546: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531549: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531551: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531554: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531556: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:33.531559: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531561: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531564: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531566: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531569: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531571: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531574: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:33.531577: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531580: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531582: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531586: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531588: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531591: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531593: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:33.531596: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531599: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531601: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531604: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531606: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531609: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531611: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:33.531614: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531617: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531619: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531622: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531624: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531626: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531629: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:33.531632: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531634: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531637: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531639: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531642: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531644: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531647: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:33.531650: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531652: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531655: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531657: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531660: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:33.531662: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531664: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:33.531667: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531670: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531672: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531675: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:28:33.531678: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:33.531681: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:33.531683: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:33.531685: | prop #: 3 (0x3) Aug 26 18:28:33.531688: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:33.531690: | spi size: 0 (0x0) Aug 26 18:28:33.531696: | # transforms: 13 (0xd) Aug 26 18:28:33.531699: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:33.531702: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:33.531704: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531707: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531709: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:33.531711: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:33.531714: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531717: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:33.531719: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:33.531722: | length/value: 256 (0x100) Aug 26 18:28:33.531724: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:33.531727: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531729: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531731: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:33.531734: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:33.531737: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531739: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531742: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531744: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531747: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531749: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:33.531752: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:33.531755: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531757: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531760: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531762: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531765: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531767: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:33.531769: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:33.531772: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531775: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531778: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531780: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531782: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531785: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:33.531787: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:33.531790: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531793: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531795: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531798: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531800: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531804: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531806: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:33.531809: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531812: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531814: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531817: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531819: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531821: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531824: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:33.531827: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531830: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531832: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531835: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531837: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531839: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531842: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:33.531845: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531847: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531850: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531852: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531855: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531857: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531860: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:33.531863: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531865: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531868: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531870: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531873: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531875: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531877: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:33.531880: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531883: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531886: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531888: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531890: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531893: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531895: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:33.531898: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531901: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531904: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531907: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531909: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531912: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531914: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:33.531917: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531920: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531922: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531925: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531927: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:33.531929: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.531932: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:33.531935: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531938: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531941: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.531943: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:28:33.531946: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:33.531949: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:33.531951: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:28:33.531953: | prop #: 4 (0x4) Aug 26 18:28:33.531956: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:33.531958: | spi size: 0 (0x0) Aug 26 18:28:33.531960: | # transforms: 13 (0xd) Aug 26 18:28:33.531963: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:33.531966: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:33.531968: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531971: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.531974: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:33.531976: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:33.531979: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.531982: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:33.531985: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:33.531988: | length/value: 128 (0x80) Aug 26 18:28:33.531991: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:33.531993: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.531996: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532000: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:33.532002: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:33.532005: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532008: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.532011: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.532013: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.532016: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532019: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:33.532021: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:33.532025: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532028: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.532031: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.532034: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.532036: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532039: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:33.532042: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:33.532045: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532048: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.532051: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.532053: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.532056: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532058: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:33.532061: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:33.532064: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532067: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.532070: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.532072: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.532075: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532077: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.532080: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:33.532083: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532085: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.532088: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.532090: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.532093: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532095: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.532098: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:33.532101: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532103: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.532106: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.532109: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.532112: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532114: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.532117: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:33.532120: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532123: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.532126: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.532129: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.532135: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532138: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.532140: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:33.532142: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532144: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.532146: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.532147: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.532149: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532151: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.532152: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:33.532154: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532156: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.532158: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.532159: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.532161: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532162: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.532164: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:33.532166: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532168: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.532169: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.532171: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.532172: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532174: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.532175: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:33.532177: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532179: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.532181: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.532182: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.532184: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:33.532185: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.532187: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:33.532189: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.532191: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.532192: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.532194: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:28:33.532196: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:33.532198: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:28:33.532200: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:28:33.532201: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:28:33.532204: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:33.532206: | flags: none (0x0) Aug 26 18:28:33.532208: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:33.532210: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:28:33.532212: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:28:33.532215: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:28:33.532217: | ikev2 g^x 87 32 b1 92 3b d2 fa d3 60 7f 5f 27 f4 45 b4 87 Aug 26 18:28:33.532219: | ikev2 g^x 12 a1 85 ea 86 25 cc be 16 38 6d 56 84 95 bf 61 Aug 26 18:28:33.532221: | ikev2 g^x dd 4a 41 31 7d 8b 36 d4 c1 1a 99 de 91 e9 4a f4 Aug 26 18:28:33.532222: | ikev2 g^x 38 ad a9 83 00 b5 e7 f7 51 b8 45 97 bc 1c f9 e9 Aug 26 18:28:33.532224: | ikev2 g^x 87 70 32 08 8d bd cf 2a 93 be e9 72 8c 08 1e de Aug 26 18:28:33.532225: | ikev2 g^x 12 51 17 42 b7 1e 2a 0c a1 3e 21 84 ce b6 2f be Aug 26 18:28:33.532227: | ikev2 g^x d5 66 10 5a c9 f3 53 f1 d7 71 a5 79 6d f4 69 85 Aug 26 18:28:33.532228: | ikev2 g^x 83 ed 3d 54 03 f0 5b d4 a0 88 1f 9c 84 30 52 c6 Aug 26 18:28:33.532230: | ikev2 g^x 53 70 b2 6b b0 da 70 43 4d f9 a6 4d 47 99 37 35 Aug 26 18:28:33.532231: | ikev2 g^x b2 31 7a f8 b1 17 ce cc 3b 5d f5 d1 3f 53 65 87 Aug 26 18:28:33.532233: | ikev2 g^x 86 c5 d6 2b 8b d8 f0 e9 04 1a dd 3b 31 2c 9e 2d Aug 26 18:28:33.532235: | ikev2 g^x 2b f2 9f 0d 3e 26 79 f3 bf dd fd 43 dd 59 46 cd Aug 26 18:28:33.532236: | ikev2 g^x db 66 07 01 54 cb 5c a7 bb 5a f9 7a c0 7d ca 88 Aug 26 18:28:33.532238: | ikev2 g^x a8 5c d7 76 30 9c d6 7a d4 ec a2 1e 8d e7 9c ac Aug 26 18:28:33.532239: | ikev2 g^x b8 a0 a5 7f c2 49 93 04 7c c1 2b e7 43 43 cb e2 Aug 26 18:28:33.532241: | ikev2 g^x b2 6e 4b ad 39 ce d7 62 5d 96 46 3d da 55 36 1f Aug 26 18:28:33.532243: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:28:33.532244: | ***emit IKEv2 Nonce Payload: Aug 26 18:28:33.532246: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:28:33.532248: | flags: none (0x0) Aug 26 18:28:33.532250: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:28:33.532252: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:28:33.532253: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:28:33.532255: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:28:33.532257: | IKEv2 nonce 25 b3 65 91 8f e8 c9 98 f8 1e 88 f3 77 7f 66 99 Aug 26 18:28:33.532259: | IKEv2 nonce dc 03 a4 ee c9 1d 12 1f b1 78 3b f5 1c 76 84 f2 Aug 26 18:28:33.532260: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:28:33.532262: | Adding a v2N Payload Aug 26 18:28:33.532264: | ***emit IKEv2 Notify Payload: Aug 26 18:28:33.532266: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:33.532267: | flags: none (0x0) Aug 26 18:28:33.532269: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:33.532271: | SPI size: 0 (0x0) Aug 26 18:28:33.532273: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:28:33.532275: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:28:33.532277: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:28:33.532279: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:28:33.532281: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:28:33.532283: | natd_hash: rcookie is zero Aug 26 18:28:33.532300: | natd_hash: hasher=0x55ff3af98800(20) Aug 26 18:28:33.532306: | natd_hash: icookie= 56 a4 53 a1 8f ec f6 d7 Aug 26 18:28:33.532308: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:28:33.532311: | natd_hash: ip= c0 01 02 2d Aug 26 18:28:33.532315: | natd_hash: port=500 Aug 26 18:28:33.532317: | natd_hash: hash= c0 96 7b e7 b9 d1 c0 33 70 e3 98 7b 6b cb b8 28 Aug 26 18:28:33.532319: | natd_hash: hash= b0 0b 26 5e Aug 26 18:28:33.532321: | Adding a v2N Payload Aug 26 18:28:33.532324: | ***emit IKEv2 Notify Payload: Aug 26 18:28:33.532326: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:33.532328: | flags: none (0x0) Aug 26 18:28:33.532331: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:33.532333: | SPI size: 0 (0x0) Aug 26 18:28:33.532335: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:28:33.532338: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:28:33.532341: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:28:33.532344: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:28:33.532346: | Notify data c0 96 7b e7 b9 d1 c0 33 70 e3 98 7b 6b cb b8 28 Aug 26 18:28:33.532349: | Notify data b0 0b 26 5e Aug 26 18:28:33.532351: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:28:33.532353: | natd_hash: rcookie is zero Aug 26 18:28:33.532363: | natd_hash: hasher=0x55ff3af98800(20) Aug 26 18:28:33.532366: | natd_hash: icookie= 56 a4 53 a1 8f ec f6 d7 Aug 26 18:28:33.532368: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:28:33.532370: | natd_hash: ip= c0 01 02 17 Aug 26 18:28:33.532372: | natd_hash: port=500 Aug 26 18:28:33.532374: | natd_hash: hash= 65 71 6d 56 76 e1 ac 31 50 4e 6e a5 59 cb d5 f8 Aug 26 18:28:33.532377: | natd_hash: hash= 74 ca e0 1e Aug 26 18:28:33.532379: | Adding a v2N Payload Aug 26 18:28:33.532381: | ***emit IKEv2 Notify Payload: Aug 26 18:28:33.532384: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:33.532386: | flags: none (0x0) Aug 26 18:28:33.532388: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:33.532390: | SPI size: 0 (0x0) Aug 26 18:28:33.532393: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:28:33.532396: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:28:33.532398: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:28:33.532401: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:28:33.532404: | Notify data 65 71 6d 56 76 e1 ac 31 50 4e 6e a5 59 cb d5 f8 Aug 26 18:28:33.532406: | Notify data 74 ca e0 1e Aug 26 18:28:33.532409: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:28:33.532412: | emitting length of ISAKMP Message: 828 Aug 26 18:28:33.532419: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:28:33.532429: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:33.532434: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:28:33.532438: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:28:33.532442: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:28:33.532445: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 18:28:33.532448: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 18:28:33.532454: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:28:33.532458: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:28:33.532472: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 18:28:33.532482: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:28:33.532488: | 56 a4 53 a1 8f ec f6 d7 00 00 00 00 00 00 00 00 Aug 26 18:28:33.532491: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:28:33.532494: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:28:33.532496: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:28:33.532499: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:28:33.532501: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:28:33.532504: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:28:33.532506: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:28:33.532509: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:28:33.532512: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:28:33.532514: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:28:33.532516: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:28:33.532519: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:28:33.532521: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:28:33.532524: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:28:33.532526: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:28:33.532528: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:28:33.532529: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:28:33.532531: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:28:33.532532: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:28:33.532534: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:28:33.532535: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:28:33.532537: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:28:33.532538: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:28:33.532540: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:28:33.532541: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:28:33.532543: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:28:33.532544: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:28:33.532546: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:28:33.532547: | 28 00 01 08 00 0e 00 00 87 32 b1 92 3b d2 fa d3 Aug 26 18:28:33.532549: | 60 7f 5f 27 f4 45 b4 87 12 a1 85 ea 86 25 cc be Aug 26 18:28:33.532550: | 16 38 6d 56 84 95 bf 61 dd 4a 41 31 7d 8b 36 d4 Aug 26 18:28:33.532552: | c1 1a 99 de 91 e9 4a f4 38 ad a9 83 00 b5 e7 f7 Aug 26 18:28:33.532553: | 51 b8 45 97 bc 1c f9 e9 87 70 32 08 8d bd cf 2a Aug 26 18:28:33.532555: | 93 be e9 72 8c 08 1e de 12 51 17 42 b7 1e 2a 0c Aug 26 18:28:33.532556: | a1 3e 21 84 ce b6 2f be d5 66 10 5a c9 f3 53 f1 Aug 26 18:28:33.532558: | d7 71 a5 79 6d f4 69 85 83 ed 3d 54 03 f0 5b d4 Aug 26 18:28:33.532559: | a0 88 1f 9c 84 30 52 c6 53 70 b2 6b b0 da 70 43 Aug 26 18:28:33.532561: | 4d f9 a6 4d 47 99 37 35 b2 31 7a f8 b1 17 ce cc Aug 26 18:28:33.532562: | 3b 5d f5 d1 3f 53 65 87 86 c5 d6 2b 8b d8 f0 e9 Aug 26 18:28:33.532564: | 04 1a dd 3b 31 2c 9e 2d 2b f2 9f 0d 3e 26 79 f3 Aug 26 18:28:33.532565: | bf dd fd 43 dd 59 46 cd db 66 07 01 54 cb 5c a7 Aug 26 18:28:33.532567: | bb 5a f9 7a c0 7d ca 88 a8 5c d7 76 30 9c d6 7a Aug 26 18:28:33.532568: | d4 ec a2 1e 8d e7 9c ac b8 a0 a5 7f c2 49 93 04 Aug 26 18:28:33.532570: | 7c c1 2b e7 43 43 cb e2 b2 6e 4b ad 39 ce d7 62 Aug 26 18:28:33.532571: | 5d 96 46 3d da 55 36 1f 29 00 00 24 25 b3 65 91 Aug 26 18:28:33.532573: | 8f e8 c9 98 f8 1e 88 f3 77 7f 66 99 dc 03 a4 ee Aug 26 18:28:33.532574: | c9 1d 12 1f b1 78 3b f5 1c 76 84 f2 29 00 00 08 Aug 26 18:28:33.532576: | 00 00 40 2e 29 00 00 1c 00 00 40 04 c0 96 7b e7 Aug 26 18:28:33.532577: | b9 d1 c0 33 70 e3 98 7b 6b cb b8 28 b0 0b 26 5e Aug 26 18:28:33.532579: | 00 00 00 1c 00 00 40 05 65 71 6d 56 76 e1 ac 31 Aug 26 18:28:33.532581: | 50 4e 6e a5 59 cb d5 f8 74 ca e0 1e Aug 26 18:28:33.532620: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:28:33.532626: | libevent_free: release ptr-libevent@0x55ff3c512bc8 Aug 26 18:28:33.532629: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ff3c512b58 Aug 26 18:28:33.532632: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:28:33.532635: "westnet-eastnet-ipv4-psk-ikev2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:28:33.532642: | event_schedule: new EVENT_RETRANSMIT-pe@0x55ff3c512b58 Aug 26 18:28:33.532646: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Aug 26 18:28:33.532649: | libevent_malloc: new ptr-libevent@0x55ff3c512bc8 size 128 Aug 26 18:28:33.532654: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29399.275108 Aug 26 18:28:33.532659: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 18:28:33.532665: | #1 spent 1.52 milliseconds in resume sending helper answer Aug 26 18:28:33.532670: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:28:33.532674: | libevent_free: release ptr-libevent@0x7fb864002888 Aug 26 18:28:33.535807: | spent 0.0031 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:28:33.535830: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 18:28:33.535834: | 56 a4 53 a1 8f ec f6 d7 8a ba 4a b0 61 5e 9d 59 Aug 26 18:28:33.535835: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 18:28:33.535837: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 18:28:33.535838: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 18:28:33.535840: | 04 00 00 0e 28 00 01 08 00 0e 00 00 c4 b9 60 19 Aug 26 18:28:33.535841: | 11 25 20 0e ae 8a fc 13 90 f5 d9 af 3e 7e e4 b3 Aug 26 18:28:33.535843: | cb 5a 30 59 95 02 91 de df 26 16 dc a4 02 3f b1 Aug 26 18:28:33.535844: | 45 11 67 38 1d a8 0f 86 dc be 20 88 85 1e e0 14 Aug 26 18:28:33.535846: | 8e c1 b3 62 52 76 55 76 93 45 ce 2c e9 5a ce bc Aug 26 18:28:33.535847: | ab a1 22 ff 98 1d 1e bd 6a 84 52 33 f6 2e d1 fc Aug 26 18:28:33.535849: | 06 cf cd 3e 44 a4 aa cf 1f 6f 62 06 a1 91 e6 17 Aug 26 18:28:33.535850: | 13 26 8a f6 f4 ac 4f 88 d1 b4 3d 1d 9b 86 c1 49 Aug 26 18:28:33.535852: | 20 b7 a7 f7 bc 88 9a a2 83 bd f1 f1 bf e6 37 ed Aug 26 18:28:33.535853: | 80 54 e0 af 08 d1 5d d1 67 a6 7f d5 97 60 14 c1 Aug 26 18:28:33.535855: | bb a9 5b 41 2d 63 8b 6a 29 c7 ea 9a 8e 25 3b 10 Aug 26 18:28:33.535856: | 26 5e ec 5d 1c 3c 44 af aa 24 20 14 08 8c ce ab Aug 26 18:28:33.535858: | 44 84 9c c5 97 f3 01 03 af a4 5c 70 43 47 3f bf Aug 26 18:28:33.535859: | 77 72 8e 73 d3 43 89 60 05 62 9b 8b 7e 4a 7d 6a Aug 26 18:28:33.535861: | ca c5 ce 89 8d d4 35 3d 30 f7 84 51 5d 67 14 79 Aug 26 18:28:33.535862: | ad 38 27 3e 1e fb b8 bf a5 94 92 7b 1e 63 ab 53 Aug 26 18:28:33.535864: | 08 be fe 98 55 af 2c 79 63 f7 4d 4d 29 00 00 24 Aug 26 18:28:33.535865: | d2 4b 3f 08 03 0f 1e 33 7c 02 9d f5 dd 31 65 ca Aug 26 18:28:33.535867: | 80 18 49 31 83 1e 53 f3 2f 7b 17 aa ec 34 d8 4c Aug 26 18:28:33.535868: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 18:28:33.535870: | 7e 6d db 50 5a f0 cf ac c3 be d6 fe b4 95 7b 6c Aug 26 18:28:33.535871: | 50 7e bb 11 00 00 00 1c 00 00 40 05 a9 ab 06 83 Aug 26 18:28:33.535873: | b8 f5 b5 7b e3 93 06 d8 c9 b3 ad 8b 69 3e ab b4 Aug 26 18:28:33.535876: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:28:33.535880: | **parse ISAKMP Message: Aug 26 18:28:33.535883: | initiator cookie: Aug 26 18:28:33.535885: | 56 a4 53 a1 8f ec f6 d7 Aug 26 18:28:33.535887: | responder cookie: Aug 26 18:28:33.535888: | 8a ba 4a b0 61 5e 9d 59 Aug 26 18:28:33.535890: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:28:33.535892: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:33.535896: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:28:33.535898: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:28:33.535900: | Message ID: 0 (0x0) Aug 26 18:28:33.535901: | length: 432 (0x1b0) Aug 26 18:28:33.535903: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 18:28:33.535906: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 18:28:33.535909: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 18:28:33.535913: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:28:33.535916: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:28:33.535918: | #1 is idle Aug 26 18:28:33.535920: | #1 idle Aug 26 18:28:33.535921: | unpacking clear payload Aug 26 18:28:33.535923: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:28:33.535926: | ***parse IKEv2 Security Association Payload: Aug 26 18:28:33.535927: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:28:33.535929: | flags: none (0x0) Aug 26 18:28:33.535931: | length: 40 (0x28) Aug 26 18:28:33.535932: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 18:28:33.535934: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:28:33.535936: | ***parse IKEv2 Key Exchange Payload: Aug 26 18:28:33.535938: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:28:33.535939: | flags: none (0x0) Aug 26 18:28:33.535941: | length: 264 (0x108) Aug 26 18:28:33.535943: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:33.535944: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:28:33.535946: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:28:33.535947: | ***parse IKEv2 Nonce Payload: Aug 26 18:28:33.535949: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:28:33.535951: | flags: none (0x0) Aug 26 18:28:33.535952: | length: 36 (0x24) Aug 26 18:28:33.535954: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:28:33.535955: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:28:33.535957: | ***parse IKEv2 Notify Payload: Aug 26 18:28:33.535959: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:28:33.535960: | flags: none (0x0) Aug 26 18:28:33.535962: | length: 8 (0x8) Aug 26 18:28:33.535964: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:33.535965: | SPI size: 0 (0x0) Aug 26 18:28:33.535967: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:28:33.535969: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:28:33.535970: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:28:33.535972: | ***parse IKEv2 Notify Payload: Aug 26 18:28:33.535973: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:28:33.535975: | flags: none (0x0) Aug 26 18:28:33.535976: | length: 28 (0x1c) Aug 26 18:28:33.535978: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:33.535980: | SPI size: 0 (0x0) Aug 26 18:28:33.535981: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:28:33.535983: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:28:33.535985: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:28:33.535987: | ***parse IKEv2 Notify Payload: Aug 26 18:28:33.535990: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:33.535992: | flags: none (0x0) Aug 26 18:28:33.535994: | length: 28 (0x1c) Aug 26 18:28:33.535997: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:33.535999: | SPI size: 0 (0x0) Aug 26 18:28:33.536002: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:28:33.536004: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:28:33.536007: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 18:28:33.536012: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:28:33.536018: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:28:33.536021: | Now let's proceed with state specific processing Aug 26 18:28:33.536023: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:28:33.536027: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 18:28:33.536044: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:33.536048: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 18:28:33.536052: | local proposal 1 type ENCR has 1 transforms Aug 26 18:28:33.536054: | local proposal 1 type PRF has 2 transforms Aug 26 18:28:33.536057: | local proposal 1 type INTEG has 1 transforms Aug 26 18:28:33.536059: | local proposal 1 type DH has 8 transforms Aug 26 18:28:33.536062: | local proposal 1 type ESN has 0 transforms Aug 26 18:28:33.536065: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:28:33.536068: | local proposal 2 type ENCR has 1 transforms Aug 26 18:28:33.536071: | local proposal 2 type PRF has 2 transforms Aug 26 18:28:33.536074: | local proposal 2 type INTEG has 1 transforms Aug 26 18:28:33.536076: | local proposal 2 type DH has 8 transforms Aug 26 18:28:33.536079: | local proposal 2 type ESN has 0 transforms Aug 26 18:28:33.536082: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:28:33.536085: | local proposal 3 type ENCR has 1 transforms Aug 26 18:28:33.536088: | local proposal 3 type PRF has 2 transforms Aug 26 18:28:33.536090: | local proposal 3 type INTEG has 2 transforms Aug 26 18:28:33.536093: | local proposal 3 type DH has 8 transforms Aug 26 18:28:33.536095: | local proposal 3 type ESN has 0 transforms Aug 26 18:28:33.536098: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:28:33.536101: | local proposal 4 type ENCR has 1 transforms Aug 26 18:28:33.536104: | local proposal 4 type PRF has 2 transforms Aug 26 18:28:33.536106: | local proposal 4 type INTEG has 2 transforms Aug 26 18:28:33.536109: | local proposal 4 type DH has 8 transforms Aug 26 18:28:33.536112: | local proposal 4 type ESN has 0 transforms Aug 26 18:28:33.536115: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:28:33.536118: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:28:33.536121: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:28:33.536124: | length: 36 (0x24) Aug 26 18:28:33.536126: | prop #: 1 (0x1) Aug 26 18:28:33.536129: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:33.536131: | spi size: 0 (0x0) Aug 26 18:28:33.536134: | # transforms: 3 (0x3) Aug 26 18:28:33.536138: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:28:33.536142: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:33.536144: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.536147: | length: 12 (0xc) Aug 26 18:28:33.536149: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:33.536152: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:33.536155: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:28:33.536158: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:33.536161: | length/value: 256 (0x100) Aug 26 18:28:33.536168: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:28:33.536171: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:33.536174: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.536177: | length: 8 (0x8) Aug 26 18:28:33.536180: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:33.536183: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:33.536187: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 18:28:33.536191: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:33.536193: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:33.536196: | length: 8 (0x8) Aug 26 18:28:33.536198: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:33.536201: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:33.536205: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:28:33.536209: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 18:28:33.536214: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 18:28:33.536218: | remote proposal 1 matches local proposal 1 Aug 26 18:28:33.536221: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 18:28:33.536224: | converting proposal to internal trans attrs Aug 26 18:28:33.536245: | natd_hash: hasher=0x55ff3af98800(20) Aug 26 18:28:33.536249: | natd_hash: icookie= 56 a4 53 a1 8f ec f6 d7 Aug 26 18:28:33.536251: | natd_hash: rcookie= 8a ba 4a b0 61 5e 9d 59 Aug 26 18:28:33.536254: | natd_hash: ip= c0 01 02 2d Aug 26 18:28:33.536257: | natd_hash: port=500 Aug 26 18:28:33.536259: | natd_hash: hash= a9 ab 06 83 b8 f5 b5 7b e3 93 06 d8 c9 b3 ad 8b Aug 26 18:28:33.536262: | natd_hash: hash= 69 3e ab b4 Aug 26 18:28:33.536270: | natd_hash: hasher=0x55ff3af98800(20) Aug 26 18:28:33.536273: | natd_hash: icookie= 56 a4 53 a1 8f ec f6 d7 Aug 26 18:28:33.536276: | natd_hash: rcookie= 8a ba 4a b0 61 5e 9d 59 Aug 26 18:28:33.536279: | natd_hash: ip= c0 01 02 17 Aug 26 18:28:33.536281: | natd_hash: port=500 Aug 26 18:28:33.536284: | natd_hash: hash= 7e 6d db 50 5a f0 cf ac c3 be d6 fe b4 95 7b 6c Aug 26 18:28:33.536287: | natd_hash: hash= 50 7e bb 11 Aug 26 18:28:33.536307: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:28:33.536310: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 18:28:33.536312: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:28:33.536316: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 18:28:33.536322: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 18:28:33.536326: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 18:28:33.536330: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:28:33.536333: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 18:28:33.536337: | libevent_free: release ptr-libevent@0x55ff3c512bc8 Aug 26 18:28:33.536340: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55ff3c512b58 Aug 26 18:28:33.536344: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ff3c512b58 Aug 26 18:28:33.536349: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:28:33.536353: | libevent_malloc: new ptr-libevent@0x55ff3c5128f8 size 128 Aug 26 18:28:33.536365: | #1 spent 0.322 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 18:28:33.536372: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:33.536369: | crypto helper 1 resuming Aug 26 18:28:33.536380: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 18:28:33.536393: | crypto helper 1 starting work-order 2 for state #1 Aug 26 18:28:33.536395: | suspending state #1 and saving MD Aug 26 18:28:33.536403: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 18:28:33.536405: | #1 is busy; has a suspended MD Aug 26 18:28:33.536412: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:28:33.536416: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:28:33.536421: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:28:33.536427: | #1 spent 0.584 milliseconds in ikev2_process_packet() Aug 26 18:28:33.536432: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:28:33.536435: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:28:33.536438: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:28:33.536443: | spent 0.601 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:28:33.537056: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 18:28:33.537380: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.000978 seconds Aug 26 18:28:33.537391: | (#1) spent 0.983 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 18:28:33.537393: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 18:28:33.537395: | scheduling resume sending helper answer for #1 Aug 26 18:28:33.537398: | libevent_malloc: new ptr-libevent@0x7fb85c000f48 size 128 Aug 26 18:28:33.537405: | crypto helper 1 waiting (nothing to do) Aug 26 18:28:33.537412: | processing resume sending helper answer for #1 Aug 26 18:28:33.537419: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:28:33.537422: | crypto helper 1 replies to request ID 2 Aug 26 18:28:33.537424: | calling continuation function 0x55ff3aec3b50 Aug 26 18:28:33.537426: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 18:28:33.537433: | creating state object #2 at 0x55ff3c5157d8 Aug 26 18:28:33.537437: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 18:28:33.537441: | pstats #2 ikev2.child started Aug 26 18:28:33.537444: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Aug 26 18:28:33.537450: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:28:33.537457: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:28:33.537462: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 18:28:33.537467: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 18:28:33.537471: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:28:33.537474: | libevent_free: release ptr-libevent@0x55ff3c5128f8 Aug 26 18:28:33.537476: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ff3c512b58 Aug 26 18:28:33.537479: | event_schedule: new EVENT_SA_REPLACE-pe@0x55ff3c512b58 Aug 26 18:28:33.537482: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 18:28:33.537485: | libevent_malloc: new ptr-libevent@0x55ff3c5128f8 size 128 Aug 26 18:28:33.537489: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 18:28:33.537494: | **emit ISAKMP Message: Aug 26 18:28:33.537497: | initiator cookie: Aug 26 18:28:33.537499: | 56 a4 53 a1 8f ec f6 d7 Aug 26 18:28:33.537502: | responder cookie: Aug 26 18:28:33.537507: | 8a ba 4a b0 61 5e 9d 59 Aug 26 18:28:33.537510: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:28:33.537513: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:33.537517: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:28:33.537519: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:28:33.537520: | Message ID: 1 (0x1) Aug 26 18:28:33.537522: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:28:33.537525: | ***emit IKEv2 Encryption Payload: Aug 26 18:28:33.537527: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:33.537529: | flags: none (0x0) Aug 26 18:28:33.537533: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:28:33.537536: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:28:33.537538: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:28:33.537548: | IKEv2 CERT: send a certificate? Aug 26 18:28:33.537551: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 18:28:33.537554: | IDr payload will be sent Aug 26 18:28:33.537567: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 18:28:33.537571: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:33.537573: | flags: none (0x0) Aug 26 18:28:33.537576: | ID type: ID_FQDN (0x2) Aug 26 18:28:33.537579: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 18:28:33.537582: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:28:33.537586: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 18:28:33.537589: | my identity 77 65 73 74 Aug 26 18:28:33.537591: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 18:28:33.537600: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 18:28:33.537604: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:28:33.537606: | flags: none (0x0) Aug 26 18:28:33.537609: | ID type: ID_FQDN (0x2) Aug 26 18:28:33.537612: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 18:28:33.537615: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 18:28:33.537618: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:28:33.537621: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 18:28:33.537624: | IDr 65 61 73 74 Aug 26 18:28:33.537627: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 18:28:33.537629: | not sending INITIAL_CONTACT Aug 26 18:28:33.537632: | ****emit IKEv2 Authentication Payload: Aug 26 18:28:33.537635: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:33.537638: | flags: none (0x0) Aug 26 18:28:33.537640: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:28:33.537643: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 18:28:33.537646: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 18:28:33.537650: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Aug 26 18:28:33.537654: | started looking for secret for @west->@east of kind PKK_PSK Aug 26 18:28:33.537658: | actually looking for secret for @west->@east of kind PKK_PSK Aug 26 18:28:33.537661: | line 1: key type PKK_PSK(@west) to type PKK_PSK Aug 26 18:28:33.537665: | 1: compared key @west to @west / @east -> 010 Aug 26 18:28:33.537671: | 2: compared key @east to @west / @east -> 014 Aug 26 18:28:33.537674: | line 1: match=014 Aug 26 18:28:33.537677: | match 014 beats previous best_match 000 match=0x55ff3c467b58 (line=1) Aug 26 18:28:33.537680: | concluding with best_match=014 best=0x55ff3c467b58 (lineno=1) Aug 26 18:28:33.537736: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 18:28:33.537742: | PSK auth 11 7b 51 32 08 94 1e f5 63 3c 5a eb dd 8e ea ae Aug 26 18:28:33.537745: | PSK auth 49 de 19 0d ac ba c0 90 10 6c f5 cd c7 33 87 b1 Aug 26 18:28:33.537747: | PSK auth b8 cd fc b8 6f d8 87 e4 40 a6 6f 0c f4 57 f3 28 Aug 26 18:28:33.537750: | PSK auth da 0a 4d d4 ef fb 8c f8 e6 dc 09 bc 70 55 82 6d Aug 26 18:28:33.537753: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 18:28:33.537757: | getting first pending from state #1 Aug 26 18:28:33.537775: | netlink_get_spi: allocated 0xc82a209a for esp.0@192.1.2.45 Aug 26 18:28:33.537780: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals) Aug 26 18:28:33.537787: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:28:33.537793: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:28:33.537796: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:28:33.537799: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:28:33.537802: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:28:33.537807: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:28:33.537810: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:28:33.537812: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:28:33.537820: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:28:33.537830: | Emitting ikev2_proposals ... Aug 26 18:28:33.537834: | ****emit IKEv2 Security Association Payload: Aug 26 18:28:33.537837: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:33.537840: | flags: none (0x0) Aug 26 18:28:33.537844: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:28:33.537847: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:28:33.537850: | discarding INTEG=NONE Aug 26 18:28:33.537853: | discarding DH=NONE Aug 26 18:28:33.537856: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:33.537858: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:33.537861: | prop #: 1 (0x1) Aug 26 18:28:33.537863: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:33.537866: | spi size: 4 (0x4) Aug 26 18:28:33.537868: | # transforms: 2 (0x2) Aug 26 18:28:33.537871: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:33.537874: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:28:33.537877: | our spi c8 2a 20 9a Aug 26 18:28:33.537880: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.537883: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.537886: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:33.537888: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:33.537891: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.537901: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:33.537905: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:33.537908: | length/value: 256 (0x100) Aug 26 18:28:33.537911: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:33.537913: | discarding INTEG=NONE Aug 26 18:28:33.537915: | discarding DH=NONE Aug 26 18:28:33.537918: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.537921: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:33.537923: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:33.537926: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:33.537929: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.537932: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.537935: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.537938: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:28:33.537941: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:33.537943: | discarding INTEG=NONE Aug 26 18:28:33.537946: | discarding DH=NONE Aug 26 18:28:33.537949: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:33.537951: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:33.537954: | prop #: 2 (0x2) Aug 26 18:28:33.537957: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:33.537960: | spi size: 4 (0x4) Aug 26 18:28:33.537962: | # transforms: 2 (0x2) Aug 26 18:28:33.537966: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:33.537969: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:33.537973: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:28:33.537975: | our spi c8 2a 20 9a Aug 26 18:28:33.537978: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.537981: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.537984: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:33.537987: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:33.537990: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.537992: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:33.537995: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:33.537998: | length/value: 128 (0x80) Aug 26 18:28:33.538001: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:33.538003: | discarding INTEG=NONE Aug 26 18:28:33.538005: | discarding DH=NONE Aug 26 18:28:33.538007: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.538010: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:33.538012: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:33.538015: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:33.538018: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.538021: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.538024: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.538026: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:28:33.538029: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:33.538034: | discarding DH=NONE Aug 26 18:28:33.538036: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:33.538039: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:33.538041: | prop #: 3 (0x3) Aug 26 18:28:33.538044: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:33.538046: | spi size: 4 (0x4) Aug 26 18:28:33.538049: | # transforms: 4 (0x4) Aug 26 18:28:33.538052: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:33.538055: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:33.538058: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:28:33.538061: | our spi c8 2a 20 9a Aug 26 18:28:33.538063: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.538066: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.538068: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:33.538071: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:33.538073: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.538076: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:33.538078: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:33.538081: | length/value: 256 (0x100) Aug 26 18:28:33.538083: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:33.538086: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.538089: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.538091: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:33.538094: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:33.538097: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.538100: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.538103: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.538106: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.538109: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.538111: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:33.538114: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:33.538117: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.538120: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.538124: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.538126: | discarding DH=NONE Aug 26 18:28:33.538129: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.538131: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:33.538134: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:33.538137: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:33.538140: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.538143: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.538146: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.538149: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 18:28:33.538151: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:33.538154: | discarding DH=NONE Aug 26 18:28:33.538159: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:33.538162: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:28:33.538165: | prop #: 4 (0x4) Aug 26 18:28:33.538167: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:33.538169: | spi size: 4 (0x4) Aug 26 18:28:33.538172: | # transforms: 4 (0x4) Aug 26 18:28:33.538176: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:33.538179: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:33.538182: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:28:33.538184: | our spi c8 2a 20 9a Aug 26 18:28:33.538187: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.538190: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.538192: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:33.538195: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:33.538198: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.538200: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:33.538203: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:33.538206: | length/value: 128 (0x80) Aug 26 18:28:33.538208: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:33.538211: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.538213: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.538215: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:33.538218: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:33.538221: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.538225: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.538227: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.538230: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.538233: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.538236: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:33.538238: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:33.538242: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.538245: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.538247: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.538249: | discarding DH=NONE Aug 26 18:28:33.538252: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:33.538255: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:33.538257: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:33.538260: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:33.538263: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.538266: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:33.538269: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:33.538272: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 18:28:33.538275: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:33.538278: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 18:28:33.538281: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:28:33.538286: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:28:33.538295: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:33.538301: | flags: none (0x0) Aug 26 18:28:33.538304: | number of TS: 1 (0x1) Aug 26 18:28:33.538308: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:28:33.538312: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:28:33.538315: | *****emit IKEv2 Traffic Selector: Aug 26 18:28:33.538317: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:28:33.538320: | IP Protocol ID: 0 (0x0) Aug 26 18:28:33.538322: | start port: 0 (0x0) Aug 26 18:28:33.538325: | end port: 65535 (0xffff) Aug 26 18:28:33.538329: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:28:33.538331: | ipv4 start c0 00 01 00 Aug 26 18:28:33.538334: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:28:33.538337: | ipv4 end c0 00 01 ff Aug 26 18:28:33.538339: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:28:33.538342: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:28:33.538345: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:28:33.538348: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:33.538351: | flags: none (0x0) Aug 26 18:28:33.538354: | number of TS: 1 (0x1) Aug 26 18:28:33.538358: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:28:33.538362: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:28:33.538365: | *****emit IKEv2 Traffic Selector: Aug 26 18:28:33.538368: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:28:33.538371: | IP Protocol ID: 0 (0x0) Aug 26 18:28:33.538375: | start port: 0 (0x0) Aug 26 18:28:33.538378: | end port: 65535 (0xffff) Aug 26 18:28:33.538381: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:28:33.538384: | ipv4 start c0 00 02 00 Aug 26 18:28:33.538387: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:28:33.538390: | ipv4 end c0 00 02 ff Aug 26 18:28:33.538393: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:28:33.538397: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:28:33.538400: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 18:28:33.538404: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:28:33.538407: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:28:33.538411: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:28:33.538414: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:28:33.538417: | emitting length of IKEv2 Encryption Payload: 337 Aug 26 18:28:33.538419: | emitting length of ISAKMP Message: 365 Aug 26 18:28:33.538439: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:33.538445: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:33.538449: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 18:28:33.538452: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 18:28:33.538455: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 18:28:33.538458: | Message ID: updating counters for #2 to 0 after switching state Aug 26 18:28:33.538465: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 18:28:33.538469: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 18:28:33.538474: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 18:28:33.538486: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 18:28:33.538492: | sending 365 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:28:33.538494: | 56 a4 53 a1 8f ec f6 d7 8a ba 4a b0 61 5e 9d 59 Aug 26 18:28:33.538496: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Aug 26 18:28:33.538499: | c8 8b f4 0b 18 4c b3 8b 8c 24 eb 92 a9 86 eb 64 Aug 26 18:28:33.538501: | a0 7e 2b 4d f9 a3 2b f6 06 18 73 6d 94 1d 9f 76 Aug 26 18:28:33.538503: | 59 8e 83 1b 6c 83 71 55 eb e0 9b 8d c0 6b e1 46 Aug 26 18:28:33.538506: | 78 57 35 78 8f 8d d3 58 83 2c cc 33 b9 51 f3 c2 Aug 26 18:28:33.538508: | 9b a6 27 3b aa a4 ce 3b ac da f3 7e 6d 5d fe 4d Aug 26 18:28:33.538510: | ec 31 c7 d3 53 7a 40 81 c5 54 44 12 74 ac 25 3d Aug 26 18:28:33.538512: | 66 6a e1 65 d7 3f 55 f6 9c c9 9f 04 9e f2 7e 44 Aug 26 18:28:33.538514: | 70 fe 44 c9 03 21 37 c0 13 db 23 7d ba de bc 7a Aug 26 18:28:33.538517: | 62 5c 6a 39 21 c7 54 6c 38 2b 79 7b 71 8b 02 0c Aug 26 18:28:33.538519: | 21 c8 54 f8 52 4c 2a 13 35 18 da a6 79 24 11 65 Aug 26 18:28:33.538521: | d0 63 03 7e f2 e4 46 34 b6 2b ef e7 81 20 4c e8 Aug 26 18:28:33.538524: | e2 d8 51 34 b4 b3 8a 70 68 d3 82 34 1f 2f 16 c9 Aug 26 18:28:33.538526: | 38 f1 ef 83 c0 4e 67 57 9e 50 6f 90 a9 05 5a 86 Aug 26 18:28:33.538528: | a6 a0 e1 14 aa ad ce 35 dd d8 3a c2 90 7f 07 31 Aug 26 18:28:33.538530: | 47 7d 55 7e b9 a9 6d a3 eb 26 0b d4 31 91 a6 7d Aug 26 18:28:33.538532: | 4d 29 9f eb ef 96 40 17 3c f7 4f 0f 8f c4 b0 ba Aug 26 18:28:33.538535: | 39 5a 5f 74 a9 2d 8a 52 07 6b fd dc f9 9d 25 7f Aug 26 18:28:33.538537: | 5f 5b 4d 7f 4d 92 a6 0b 87 fd f6 6d 5c 37 b7 92 Aug 26 18:28:33.538539: | c2 7e ea ce a6 24 5d 97 f5 b5 07 db d2 43 bd 29 Aug 26 18:28:33.538542: | ec 26 fd 53 5a b5 5b 47 8a dc 29 7b 63 c5 1f 9e Aug 26 18:28:33.538544: | 67 ee 9b 82 77 55 95 b3 92 13 5f f3 64 Aug 26 18:28:33.538589: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:28:33.538593: "westnet-eastnet-ipv4-psk-ikev2" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:28:33.538599: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fb864002b78 Aug 26 18:28:33.538603: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Aug 26 18:28:33.538607: | libevent_malloc: new ptr-libevent@0x55ff3c5164a8 size 128 Aug 26 18:28:33.538612: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29399.281065 Aug 26 18:28:33.538616: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:28:33.538622: | #1 spent 1.17 milliseconds in resume sending helper answer Aug 26 18:28:33.538628: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:28:33.538633: | libevent_free: release ptr-libevent@0x7fb85c000f48 Aug 26 18:28:33.579178: | spent 0.00278 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:28:33.579196: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 18:28:33.579199: | 56 a4 53 a1 8f ec f6 d7 8a ba 4a b0 61 5e 9d 59 Aug 26 18:28:33.579201: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Aug 26 18:28:33.579202: | 28 b9 e0 6e 1a da 38 4d 20 8a 9e b2 23 f0 e1 4e Aug 26 18:28:33.579206: | 9b 0d d8 ac a9 74 a6 4a 5e ae bf 14 36 e8 e7 fb Aug 26 18:28:33.579207: | 58 c1 70 0d 67 96 50 54 82 40 22 52 1c a9 af e9 Aug 26 18:28:33.579209: | ff ea fd 80 87 27 8c 55 67 18 19 4c b6 0e fe 9c Aug 26 18:28:33.579210: | 79 2e f9 18 8b bc d5 fa 58 66 aa 62 5d f0 2d e4 Aug 26 18:28:33.579212: | 3a 5c 36 c2 d6 d3 2f db 7d 50 7b 7e d1 ad 0d d1 Aug 26 18:28:33.579213: | 5e c1 ff af 78 e6 72 12 c6 dd 95 d0 70 15 cb 2f Aug 26 18:28:33.579215: | 6f 6a d2 50 8e e2 88 f3 56 8f 03 45 a6 6a 62 64 Aug 26 18:28:33.579216: | 32 c3 6a be ee 95 82 69 f3 23 83 69 08 eb d8 cf Aug 26 18:28:33.579218: | b7 de 9d a5 7c 89 ac d6 c5 74 48 99 c2 e2 26 89 Aug 26 18:28:33.579219: | 6e 36 2d 47 ea de ea f6 8a 2a 46 9f 32 f8 14 e8 Aug 26 18:28:33.579221: | 30 c6 c5 16 e4 96 5d fc 6a 4c 56 68 78 0e 48 a7 Aug 26 18:28:33.579222: | 4f Aug 26 18:28:33.579225: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:28:33.579228: | **parse ISAKMP Message: Aug 26 18:28:33.579230: | initiator cookie: Aug 26 18:28:33.579232: | 56 a4 53 a1 8f ec f6 d7 Aug 26 18:28:33.579233: | responder cookie: Aug 26 18:28:33.579235: | 8a ba 4a b0 61 5e 9d 59 Aug 26 18:28:33.579237: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:28:33.579239: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:33.579241: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:28:33.579243: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:28:33.579244: | Message ID: 1 (0x1) Aug 26 18:28:33.579246: | length: 225 (0xe1) Aug 26 18:28:33.579248: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:28:33.579250: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:28:33.579253: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:28:33.579258: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:28:33.579260: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:28:33.579263: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:28:33.579266: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:28:33.579267: | #2 is idle Aug 26 18:28:33.579269: | #2 idle Aug 26 18:28:33.579270: | unpacking clear payload Aug 26 18:28:33.579272: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:28:33.579274: | ***parse IKEv2 Encryption Payload: Aug 26 18:28:33.579276: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:28:33.579278: | flags: none (0x0) Aug 26 18:28:33.579279: | length: 197 (0xc5) Aug 26 18:28:33.579281: | processing payload: ISAKMP_NEXT_v2SK (len=193) Aug 26 18:28:33.579283: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:28:33.579302: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 18:28:33.579306: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 18:28:33.579309: | **parse IKEv2 Identification - Responder - Payload: Aug 26 18:28:33.579311: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:28:33.579312: | flags: none (0x0) Aug 26 18:28:33.579314: | length: 12 (0xc) Aug 26 18:28:33.579316: | ID type: ID_FQDN (0x2) Aug 26 18:28:33.579317: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 18:28:33.579319: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 18:28:33.579321: | **parse IKEv2 Authentication Payload: Aug 26 18:28:33.579322: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:28:33.579324: | flags: none (0x0) Aug 26 18:28:33.579326: | length: 72 (0x48) Aug 26 18:28:33.579327: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:28:33.579329: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 18:28:33.579331: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:28:33.579334: | **parse IKEv2 Security Association Payload: Aug 26 18:28:33.579336: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:28:33.579337: | flags: none (0x0) Aug 26 18:28:33.579339: | length: 36 (0x24) Aug 26 18:28:33.579340: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 18:28:33.579342: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:28:33.579344: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:28:33.579345: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:28:33.579347: | flags: none (0x0) Aug 26 18:28:33.579348: | length: 24 (0x18) Aug 26 18:28:33.579350: | number of TS: 1 (0x1) Aug 26 18:28:33.579352: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:28:33.579353: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:28:33.579355: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:28:33.579356: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:33.579358: | flags: none (0x0) Aug 26 18:28:33.579359: | length: 24 (0x18) Aug 26 18:28:33.579361: | number of TS: 1 (0x1) Aug 26 18:28:33.579362: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:28:33.579364: | selected state microcode Initiator: process IKE_AUTH response Aug 26 18:28:33.579366: | Now let's proceed with state specific processing Aug 26 18:28:33.579368: | calling processor Initiator: process IKE_AUTH response Aug 26 18:28:33.579372: | offered CA: '%none' Aug 26 18:28:33.579375: "westnet-eastnet-ipv4-psk-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Aug 26 18:28:33.579416: | verifying AUTH payload Aug 26 18:28:33.579420: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Aug 26 18:28:33.579437: | started looking for secret for @west->@east of kind PKK_PSK Aug 26 18:28:33.579439: | actually looking for secret for @west->@east of kind PKK_PSK Aug 26 18:28:33.579441: | line 1: key type PKK_PSK(@west) to type PKK_PSK Aug 26 18:28:33.579444: | 1: compared key @west to @west / @east -> 010 Aug 26 18:28:33.579446: | 2: compared key @east to @west / @east -> 014 Aug 26 18:28:33.579447: | line 1: match=014 Aug 26 18:28:33.579449: | match 014 beats previous best_match 000 match=0x55ff3c467b58 (line=1) Aug 26 18:28:33.579451: | concluding with best_match=014 best=0x55ff3c467b58 (lineno=1) Aug 26 18:28:33.579496: "westnet-eastnet-ipv4-psk-ikev2" #2: Authenticated using authby=secret Aug 26 18:28:33.579503: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 18:28:33.579507: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 18:28:33.579510: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:28:33.579514: | libevent_free: release ptr-libevent@0x55ff3c5128f8 Aug 26 18:28:33.579516: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55ff3c512b58 Aug 26 18:28:33.579518: | event_schedule: new EVENT_SA_REKEY-pe@0x55ff3c512b58 Aug 26 18:28:33.579521: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 18:28:33.579523: | libevent_malloc: new ptr-libevent@0x7fb85c000f48 size 128 Aug 26 18:28:33.579580: | pstats #1 ikev2.ike established Aug 26 18:28:33.579585: | TSi: parsing 1 traffic selectors Aug 26 18:28:33.579588: | ***parse IKEv2 Traffic Selector: Aug 26 18:28:33.579590: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:28:33.579591: | IP Protocol ID: 0 (0x0) Aug 26 18:28:33.579593: | length: 16 (0x10) Aug 26 18:28:33.579595: | start port: 0 (0x0) Aug 26 18:28:33.579596: | end port: 65535 (0xffff) Aug 26 18:28:33.579598: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:28:33.579600: | TS low c0 00 01 00 Aug 26 18:28:33.579602: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:28:33.579603: | TS high c0 00 01 ff Aug 26 18:28:33.579605: | TSi: parsed 1 traffic selectors Aug 26 18:28:33.579606: | TSr: parsing 1 traffic selectors Aug 26 18:28:33.579608: | ***parse IKEv2 Traffic Selector: Aug 26 18:28:33.579612: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:28:33.579613: | IP Protocol ID: 0 (0x0) Aug 26 18:28:33.579615: | length: 16 (0x10) Aug 26 18:28:33.579616: | start port: 0 (0x0) Aug 26 18:28:33.579618: | end port: 65535 (0xffff) Aug 26 18:28:33.579619: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:28:33.579621: | TS low c0 00 02 00 Aug 26 18:28:33.579623: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:28:33.579624: | TS high c0 00 02 ff Aug 26 18:28:33.579626: | TSr: parsed 1 traffic selectors Aug 26 18:28:33.579629: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:28:33.579633: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:28:33.579637: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 18:28:33.579639: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:28:33.579641: | TSi[0] port match: YES fitness 65536 Aug 26 18:28:33.579643: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:28:33.579645: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:28:33.579648: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:28:33.579651: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 18:28:33.579653: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:28:33.579655: | TSr[0] port match: YES fitness 65536 Aug 26 18:28:33.579656: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:28:33.579658: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:28:33.579660: | best fit so far: TSi[0] TSr[0] Aug 26 18:28:33.579662: | found an acceptable TSi/TSr Traffic Selector Aug 26 18:28:33.579663: | printing contents struct traffic_selector Aug 26 18:28:33.579665: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:28:33.579666: | ipprotoid: 0 Aug 26 18:28:33.579668: | port range: 0-65535 Aug 26 18:28:33.579670: | ip range: 192.0.1.0-192.0.1.255 Aug 26 18:28:33.579672: | printing contents struct traffic_selector Aug 26 18:28:33.579673: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:28:33.579675: | ipprotoid: 0 Aug 26 18:28:33.579676: | port range: 0-65535 Aug 26 18:28:33.579678: | ip range: 192.0.2.0-192.0.2.255 Aug 26 18:28:33.579687: | using existing local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:28:33.579690: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 18:28:33.579692: | local proposal 1 type ENCR has 1 transforms Aug 26 18:28:33.579694: | local proposal 1 type PRF has 0 transforms Aug 26 18:28:33.579696: | local proposal 1 type INTEG has 1 transforms Aug 26 18:28:33.579697: | local proposal 1 type DH has 1 transforms Aug 26 18:28:33.579699: | local proposal 1 type ESN has 1 transforms Aug 26 18:28:33.579701: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:28:33.579703: | local proposal 2 type ENCR has 1 transforms Aug 26 18:28:33.579705: | local proposal 2 type PRF has 0 transforms Aug 26 18:28:33.579706: | local proposal 2 type INTEG has 1 transforms Aug 26 18:28:33.579708: | local proposal 2 type DH has 1 transforms Aug 26 18:28:33.579709: | local proposal 2 type ESN has 1 transforms Aug 26 18:28:33.579711: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:28:33.579713: | local proposal 3 type ENCR has 1 transforms Aug 26 18:28:33.579714: | local proposal 3 type PRF has 0 transforms Aug 26 18:28:33.579719: | local proposal 3 type INTEG has 2 transforms Aug 26 18:28:33.579721: | local proposal 3 type DH has 1 transforms Aug 26 18:28:33.579723: | local proposal 3 type ESN has 1 transforms Aug 26 18:28:33.579725: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:28:33.579726: | local proposal 4 type ENCR has 1 transforms Aug 26 18:28:33.579728: | local proposal 4 type PRF has 0 transforms Aug 26 18:28:33.579729: | local proposal 4 type INTEG has 2 transforms Aug 26 18:28:33.579731: | local proposal 4 type DH has 1 transforms Aug 26 18:28:33.579733: | local proposal 4 type ESN has 1 transforms Aug 26 18:28:33.579734: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:28:33.579737: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:28:33.579738: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:28:33.579740: | length: 32 (0x20) Aug 26 18:28:33.579742: | prop #: 1 (0x1) Aug 26 18:28:33.579743: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:33.579745: | spi size: 4 (0x4) Aug 26 18:28:33.579746: | # transforms: 2 (0x2) Aug 26 18:28:33.579748: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:28:33.579750: | remote SPI 9a 3a e0 94 Aug 26 18:28:33.579752: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:28:33.579754: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:33.579756: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:33.579757: | length: 12 (0xc) Aug 26 18:28:33.579759: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:33.579761: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:33.579762: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:28:33.579764: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:33.579766: | length/value: 256 (0x100) Aug 26 18:28:33.579769: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:28:33.579770: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:33.579772: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:33.579774: | length: 8 (0x8) Aug 26 18:28:33.579775: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:33.579777: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:33.579779: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:28:33.579781: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 18:28:33.579784: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 18:28:33.579786: | remote proposal 1 matches local proposal 1 Aug 26 18:28:33.579788: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Aug 26 18:28:33.579791: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=9a3ae094;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 18:28:33.579793: | converting proposal to internal trans attrs Aug 26 18:28:33.579797: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 18:28:33.579898: | install_ipsec_sa() for #2: inbound and outbound Aug 26 18:28:33.579901: | could_route called for westnet-eastnet-ipv4-psk-ikev2 (kind=CK_PERMANENT) Aug 26 18:28:33.579903: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:28:33.579906: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 18:28:33.579907: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 18:28:33.579910: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 18:28:33.579912: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:28:33.579915: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:28:33.579917: | AES_GCM_16 requires 4 salt bytes Aug 26 18:28:33.579920: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:28:33.579923: | setting IPsec SA replay-window to 32 Aug 26 18:28:33.579925: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 18:28:33.579928: | netlink: enabling tunnel mode Aug 26 18:28:33.579929: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:28:33.579931: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:28:33.579989: | netlink response for Add SA esp.9a3ae094@192.1.2.23 included non-error error Aug 26 18:28:33.579994: | set up outgoing SA, ref=0/0 Aug 26 18:28:33.579996: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:28:33.579998: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:28:33.579999: | AES_GCM_16 requires 4 salt bytes Aug 26 18:28:33.580001: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:28:33.580003: | setting IPsec SA replay-window to 32 Aug 26 18:28:33.580005: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 18:28:33.580007: | netlink: enabling tunnel mode Aug 26 18:28:33.580009: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:28:33.580010: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:28:33.580046: | netlink response for Add SA esp.c82a209a@192.1.2.45 included non-error error Aug 26 18:28:33.580053: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:28:33.580061: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Aug 26 18:28:33.580065: | IPsec Sa SPD priority set to 1042407 Aug 26 18:28:33.580085: | raw_eroute result=success Aug 26 18:28:33.580088: | set up incoming SA, ref=0/0 Aug 26 18:28:33.580090: | sr for #2: unrouted Aug 26 18:28:33.580092: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:28:33.580094: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:28:33.580096: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 18:28:33.580098: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 18:28:33.580100: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 18:28:33.580102: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 18:28:33.580105: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:28:33.580109: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 18:28:33.580111: | IPsec Sa SPD priority set to 1042407 Aug 26 18:28:33.580119: | raw_eroute result=success Aug 26 18:28:33.580122: | running updown command "ipsec _updown" for verb up Aug 26 18:28:33.580123: | command executing up-client Aug 26 18:28:33.580140: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Aug 26 18:28:33.580144: | popen cmd is 1049 chars long Aug 26 18:28:33.580146: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Aug 26 18:28:33.580148: | cmd( 80):4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.: Aug 26 18:28:33.580150: | cmd( 160):2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='19: Aug 26 18:28:33.580152: | cmd( 240):2.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCO: Aug 26 18:28:33.580153: | cmd( 320):L='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_P: Aug 26 18:28:33.580155: | cmd( 400):EER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0: Aug 26 18:28:33.580157: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 18:28:33.580158: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=': Aug 26 18:28:33.580160: | cmd( 640):PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: Aug 26 18:28:33.580162: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Aug 26 18:28:33.580163: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Aug 26 18:28:33.580165: | cmd( 880):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Aug 26 18:28:33.580167: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9a3ae094 SPI_OUT=0xc82a209a ipsec _up: Aug 26 18:28:33.580168: | cmd(1040):down 2>&1: Aug 26 18:28:33.589253: | route_and_eroute: firewall_notified: true Aug 26 18:28:33.589271: | running updown command "ipsec _updown" for verb prepare Aug 26 18:28:33.589274: | command executing prepare-client Aug 26 18:28:33.589302: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR Aug 26 18:28:33.589306: | popen cmd is 1054 chars long Aug 26 18:28:33.589309: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 18:28:33.589311: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: Aug 26 18:28:33.589312: | cmd( 160):92.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NE: Aug 26 18:28:33.589314: | cmd( 240):T='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Aug 26 18:28:33.589316: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PL: Aug 26 18:28:33.589317: | cmd( 400):UTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.: Aug 26 18:28:33.589319: | cmd( 480):0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: Aug 26 18:28:33.589321: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL: Aug 26 18:28:33.589322: | cmd( 640):ICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Aug 26 18:28:33.589324: | cmd( 720):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Aug 26 18:28:33.589328: | cmd( 800):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Aug 26 18:28:33.589330: | cmd( 880):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Aug 26 18:28:33.589332: | cmd( 960):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9a3ae094 SPI_OUT=0xc82a209a ipse: Aug 26 18:28:33.589333: | cmd(1040):c _updown 2>&1: Aug 26 18:28:33.600325: | running updown command "ipsec _updown" for verb route Aug 26 18:28:33.600347: | command executing route-client Aug 26 18:28:33.600377: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=' Aug 26 18:28:33.600381: | popen cmd is 1052 chars long Aug 26 18:28:33.600384: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Aug 26 18:28:33.600388: | cmd( 80):ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192: Aug 26 18:28:33.600390: | cmd( 160):.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET=: Aug 26 18:28:33.600393: | cmd( 240):'192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROT: Aug 26 18:28:33.600396: | cmd( 320):OCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUT: Aug 26 18:28:33.600399: | cmd( 400):O_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 18:28:33.600402: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 18:28:33.600405: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Aug 26 18:28:33.600407: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUT: Aug 26 18:28:33.600411: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Aug 26 18:28:33.600414: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Aug 26 18:28:33.600417: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Aug 26 18:28:33.600419: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9a3ae094 SPI_OUT=0xc82a209a ipsec : Aug 26 18:28:33.600422: | cmd(1040):_updown 2>&1: Aug 26 18:28:33.615607: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x55ff3c50e888,sr=0x55ff3c50e888} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 18:28:33.615717: | #1 spent 1.6 milliseconds in install_ipsec_sa() Aug 26 18:28:33.615729: | inR2: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 18:28:33.615733: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:28:33.615738: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 18:28:33.615749: | libevent_free: release ptr-libevent@0x55ff3c5164a8 Aug 26 18:28:33.615755: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fb864002b78 Aug 26 18:28:33.615763: | #2 spent 2.17 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 18:28:33.615775: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:33.615781: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 18:28:33.615785: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 18:28:33.615790: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 18:28:33.615793: | Message ID: updating counters for #2 to 1 after switching state Aug 26 18:28:33.615800: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 18:28:33.615806: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:28:33.615810: | pstats #2 ikev2.child established Aug 26 18:28:33.615820: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 18:28:33.615834: | NAT-T: encaps is 'auto' Aug 26 18:28:33.615839: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x9a3ae094 <0xc82a209a xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 18:28:33.615844: | releasing whack for #2 (sock=fd@25) Aug 26 18:28:33.615852: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 18:28:33.615856: | releasing whack and unpending for parent #1 Aug 26 18:28:33.615860: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Aug 26 18:28:33.615867: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" Aug 26 18:28:33.615870: | removing pending policy for no connection {0x55ff3c467898} Aug 26 18:28:33.615879: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 18:28:33.615885: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 18:28:33.615890: | event_schedule: new EVENT_SA_REKEY-pe@0x7fb864002b78 Aug 26 18:28:33.615894: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 18:28:33.615899: | libevent_malloc: new ptr-libevent@0x55ff3c514c08 size 128 Aug 26 18:28:33.615907: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:28:33.615914: | #1 spent 2.5 milliseconds in ikev2_process_packet() Aug 26 18:28:33.615919: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:28:33.615926: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:28:33.615930: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:28:33.615935: | spent 2.52 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:28:33.615950: | processing signal PLUTO_SIGCHLD Aug 26 18:28:33.615956: | waitpid returned ECHILD (no child processes left) Aug 26 18:28:33.615961: | spent 0.00599 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:28:33.615964: | processing signal PLUTO_SIGCHLD Aug 26 18:28:33.615968: | waitpid returned ECHILD (no child processes left) Aug 26 18:28:33.615973: | spent 0.00422 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:28:33.615976: | processing signal PLUTO_SIGCHLD Aug 26 18:28:33.615979: | waitpid returned ECHILD (no child processes left) Aug 26 18:28:33.615983: | spent 0.00371 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:28:36.805919: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:36.805951: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:28:36.805958: | FOR_EACH_STATE_... in sort_states Aug 26 18:28:36.805967: | get_sa_info esp.c82a209a@192.1.2.45 Aug 26 18:28:36.805988: | get_sa_info esp.9a3ae094@192.1.2.23 Aug 26 18:28:36.806008: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:36.806022: | spent 0.112 milliseconds in whack Aug 26 18:28:37.695416: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:37.695751: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:28:37.695762: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:28:37.695855: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:28:37.695861: | FOR_EACH_STATE_... in sort_states Aug 26 18:28:37.695881: | get_sa_info esp.c82a209a@192.1.2.45 Aug 26 18:28:37.695905: | get_sa_info esp.9a3ae094@192.1.2.23 Aug 26 18:28:37.695940: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:37.695951: | spent 0.547 milliseconds in whack Aug 26 18:28:37.968031: | spent 0.00275 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:28:37.968058: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 18:28:37.968061: | 56 a4 53 a1 8f ec f6 d7 8a ba 4a b0 61 5e 9d 59 Aug 26 18:28:37.968064: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:28:37.968066: | 3a 12 73 dd d3 3f 83 1d 29 3e a0 3c fa 4f 99 86 Aug 26 18:28:37.968067: | 17 5b 9b 5d d3 7a 6e 43 9d d7 5b 49 47 34 99 9e Aug 26 18:28:37.968069: | 70 72 02 dd ee Aug 26 18:28:37.968074: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:28:37.968077: | **parse ISAKMP Message: Aug 26 18:28:37.968080: | initiator cookie: Aug 26 18:28:37.968082: | 56 a4 53 a1 8f ec f6 d7 Aug 26 18:28:37.968085: | responder cookie: Aug 26 18:28:37.968087: | 8a ba 4a b0 61 5e 9d 59 Aug 26 18:28:37.968090: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:28:37.968093: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:37.968095: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:28:37.968100: | flags: none (0x0) Aug 26 18:28:37.968103: | Message ID: 0 (0x0) Aug 26 18:28:37.968105: | length: 69 (0x45) Aug 26 18:28:37.968108: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:28:37.968111: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:28:37.968115: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:28:37.968121: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:28:37.968124: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:28:37.968129: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:28:37.968132: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 18:28:37.968137: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Aug 26 18:28:37.968140: | unpacking clear payload Aug 26 18:28:37.968143: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:28:37.968146: | ***parse IKEv2 Encryption Payload: Aug 26 18:28:37.968150: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:28:37.968152: | flags: none (0x0) Aug 26 18:28:37.968155: | length: 41 (0x29) Aug 26 18:28:37.968158: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 18:28:37.968163: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 18:28:37.968167: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:28:37.968191: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:28:37.968196: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:28:37.968199: | **parse IKEv2 Delete Payload: Aug 26 18:28:37.968202: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:37.968204: | flags: none (0x0) Aug 26 18:28:37.968207: | length: 12 (0xc) Aug 26 18:28:37.968209: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:28:37.968212: | SPI size: 4 (0x4) Aug 26 18:28:37.968217: | number of SPIs: 1 (0x1) Aug 26 18:28:37.968220: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 18:28:37.968222: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:28:37.968225: | Now let's proceed with state specific processing Aug 26 18:28:37.968228: | calling processor I3: INFORMATIONAL Request Aug 26 18:28:37.968231: | an informational request should send a response Aug 26 18:28:37.968255: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:28:37.968260: | **emit ISAKMP Message: Aug 26 18:28:37.968263: | initiator cookie: Aug 26 18:28:37.968266: | 56 a4 53 a1 8f ec f6 d7 Aug 26 18:28:37.968268: | responder cookie: Aug 26 18:28:37.968271: | 8a ba 4a b0 61 5e 9d 59 Aug 26 18:28:37.968274: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:28:37.968277: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:37.968280: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:28:37.968283: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:28:37.968286: | Message ID: 0 (0x0) Aug 26 18:28:37.968297: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:28:37.968303: | ***emit IKEv2 Encryption Payload: Aug 26 18:28:37.968307: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:37.968310: | flags: none (0x0) Aug 26 18:28:37.968313: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:28:37.968317: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:28:37.968320: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:28:37.968334: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 18:28:37.968337: | SPI 9a 3a e0 94 Aug 26 18:28:37.968340: | delete PROTO_v2_ESP SA(0x9a3ae094) Aug 26 18:28:37.968344: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 18:28:37.968348: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 18:28:37.968351: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x9a3ae094) Aug 26 18:28:37.968355: "westnet-eastnet-ipv4-psk-ikev2" #1: received Delete SA payload: replace IPsec State #2 now Aug 26 18:28:37.968359: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 18:28:37.968363: | libevent_free: release ptr-libevent@0x55ff3c514c08 Aug 26 18:28:37.968367: | free_event_entry: release EVENT_SA_REKEY-pe@0x7fb864002b78 Aug 26 18:28:37.968370: | event_schedule: new EVENT_SA_REPLACE-pe@0x7fb864002b78 Aug 26 18:28:37.968375: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 18:28:37.968379: | libevent_malloc: new ptr-libevent@0x55ff3c5164a8 size 128 Aug 26 18:28:37.968383: | ****emit IKEv2 Delete Payload: Aug 26 18:28:37.968387: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:37.968389: | flags: none (0x0) Aug 26 18:28:37.968392: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:28:37.968394: | SPI size: 4 (0x4) Aug 26 18:28:37.968397: | number of SPIs: 1 (0x1) Aug 26 18:28:37.968400: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:28:37.968404: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:28:37.968407: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 18:28:37.968410: | local SPIs c8 2a 20 9a Aug 26 18:28:37.968413: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:28:37.968417: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:28:37.968421: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:28:37.968424: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:28:37.968429: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:28:37.968432: | emitting length of ISAKMP Message: 69 Aug 26 18:28:37.968453: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:28:37.968458: | 56 a4 53 a1 8f ec f6 d7 8a ba 4a b0 61 5e 9d 59 Aug 26 18:28:37.968461: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:28:37.968463: | dc 24 64 e1 4f 72 3d 6e 3b 23 fa 28 67 a5 63 31 Aug 26 18:28:37.968466: | 4b d0 6b 66 31 e2 37 bd f9 42 9a 02 0d 76 63 7e Aug 26 18:28:37.968468: | 35 b2 d6 f1 29 Aug 26 18:28:37.968498: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:28:37.968505: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:28:37.968512: | #1 spent 0.261 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 18:28:37.968517: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:37.968522: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 18:28:37.968525: | Message ID: updating counters for #1 to 0 after switching state Aug 26 18:28:37.968530: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 18:28:37.968535: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 18:28:37.968538: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I3: PARENT SA established Aug 26 18:28:37.968543: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:28:37.968548: | #1 spent 0.485 milliseconds in ikev2_process_packet() Aug 26 18:28:37.968553: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:28:37.968556: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:28:37.968559: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:28:37.968564: | spent 0.501 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:28:37.968571: | timer_event_cb: processing event@0x7fb864002b78 Aug 26 18:28:37.968574: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 18:28:37.968580: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:28:37.968584: | picked newest_ipsec_sa #2 for #2 Aug 26 18:28:37.968587: | replacing stale CHILD SA Aug 26 18:28:37.968591: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:28:37.968594: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:28:37.968597: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 18:28:37.968602: | creating state object #3 at 0x55ff3c51acb8 Aug 26 18:28:37.968605: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 18:28:37.968614: | pstats #3 ikev2.child started Aug 26 18:28:37.968617: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #3 for IPSEC SA Aug 26 18:28:37.968623: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:28:37.968633: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:28:37.968638: | suspend processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:28:37.968645: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:28:37.968650: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 18:28:37.968654: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 18:28:37.968657: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals) Aug 26 18:28:37.968665: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:28:37.968672: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:28:37.968675: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:28:37.968680: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:28:37.968683: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:28:37.968688: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:28:37.968692: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:28:37.968696: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:28:37.968704: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:28:37.968711: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 18:28:37.968714: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55ff3c512cc8 Aug 26 18:28:37.968718: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 18:28:37.968721: | libevent_malloc: new ptr-libevent@0x55ff3c514c08 size 128 Aug 26 18:28:37.968726: | RESET processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:28:37.968730: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55ff3c515608 Aug 26 18:28:37.968734: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 18:28:37.968737: | libevent_malloc: new ptr-libevent@0x55ff3c512848 size 128 Aug 26 18:28:37.968741: | libevent_free: release ptr-libevent@0x55ff3c5164a8 Aug 26 18:28:37.968744: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7fb864002b78 Aug 26 18:28:37.968749: | #2 spent 0.177 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:28:37.968753: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:28:37.968759: | timer_event_cb: processing event@0x55ff3c512cc8 Aug 26 18:28:37.968762: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 18:28:37.968767: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:28:37.968774: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Aug 26 18:28:37.968777: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fb864002b78 Aug 26 18:28:37.968781: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:28:37.968785: | libevent_malloc: new ptr-libevent@0x55ff3c5164a8 size 128 Aug 26 18:28:37.968793: | libevent_free: release ptr-libevent@0x55ff3c514c08 Aug 26 18:28:37.968797: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55ff3c512cc8 Aug 26 18:28:37.968803: | #3 spent 0.0429 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 18:28:37.968809: | stop processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:28:37.968817: | timer_event_cb: processing event@0x55ff3c515608 Aug 26 18:28:37.968820: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 18:28:37.968825: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:28:37.968829: | crypto helper 3 resuming Aug 26 18:28:37.968830: | picked newest_ipsec_sa #2 for #2 Aug 26 18:28:37.968850: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:28:37.968844: | crypto helper 3 starting work-order 3 for state #3 Aug 26 18:28:37.968854: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 18:28:37.968866: | pstats #2 ikev2.child deleted completed Aug 26 18:28:37.968861: | crypto helper 3 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Aug 26 18:28:37.968870: | #2 spent 2.35 milliseconds in total Aug 26 18:28:37.968883: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:28:37.968888: "westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_V2_IPSEC_I) aged 4.431s and NOT sending notification Aug 26 18:28:37.968891: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 18:28:37.968897: | get_sa_info esp.9a3ae094@192.1.2.23 Aug 26 18:28:37.968912: | get_sa_info esp.c82a209a@192.1.2.45 Aug 26 18:28:37.968921: "westnet-eastnet-ipv4-psk-ikev2" #2: ESP traffic information: in=336B out=336B Aug 26 18:28:37.968925: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:28:37.968981: | running updown command "ipsec _updown" for verb down Aug 26 18:28:37.968987: | command executing down-client Aug 26 18:28:37.969013: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844113' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Aug 26 18:28:37.969017: | popen cmd is 1060 chars long Aug 26 18:28:37.969020: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Aug 26 18:28:37.969023: | cmd( 80):pv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.: Aug 26 18:28:37.969026: | cmd( 160):1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET=': Aug 26 18:28:37.969029: | cmd( 240):192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTO: Aug 26 18:28:37.969032: | cmd( 320):COL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO: Aug 26 18:28:37.969034: | cmd( 400):_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Aug 26 18:28:37.969037: | cmd( 480):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Aug 26 18:28:37.969040: | cmd( 560):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844113' PLUTO_CO: Aug 26 18:28:37.969043: | cmd( 640):NN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_: Aug 26 18:28:37.969045: | cmd( 720):NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 P: Aug 26 18:28:37.969048: | cmd( 800):LUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PE: Aug 26 18:28:37.969054: | cmd( 880):ER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' V: Aug 26 18:28:37.969056: | cmd( 960):TI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9a3ae094 SPI_OUT=0xc82a209: Aug 26 18:28:37.969059: | cmd(1040):a ipsec _updown 2>&1: Aug 26 18:28:37.969536: | crypto helper 3 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.000674 seconds Aug 26 18:28:37.969555: | (#3) spent 0.685 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 18:28:37.969558: | crypto helper 3 sending results from work-order 3 for state #3 to event queue Aug 26 18:28:37.969560: | scheduling resume sending helper answer for #3 Aug 26 18:28:37.969562: | libevent_malloc: new ptr-libevent@0x7fb860002888 size 128 Aug 26 18:28:37.969579: | crypto helper 3 waiting (nothing to do) Aug 26 18:28:37.976584: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:28:37.976596: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:28:37.976601: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:28:37.976606: | IPsec Sa SPD priority set to 1042407 Aug 26 18:28:37.976633: | delete esp.9a3ae094@192.1.2.23 Aug 26 18:28:37.976648: | netlink response for Del SA esp.9a3ae094@192.1.2.23 included non-error error Aug 26 18:28:37.976652: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:28:37.976657: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 18:28:37.976672: | raw_eroute result=success Aug 26 18:28:37.976675: | delete esp.c82a209a@192.1.2.45 Aug 26 18:28:37.976682: | netlink response for Del SA esp.c82a209a@192.1.2.45 included non-error error Aug 26 18:28:37.976691: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 18:28:37.976693: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 18:28:37.976696: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:28:37.976701: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:28:37.976712: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 18:28:37.976714: | can't expire unused IKE SA #1; it has the child #3 Aug 26 18:28:37.976717: | libevent_free: release ptr-libevent@0x55ff3c512848 Aug 26 18:28:37.976719: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55ff3c515608 Aug 26 18:28:37.976721: | in statetime_stop() and could not find #2 Aug 26 18:28:37.976723: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:28:37.976737: | spent 0.00202 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:28:37.976750: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 18:28:37.976752: | 56 a4 53 a1 8f ec f6 d7 8a ba 4a b0 61 5e 9d 59 Aug 26 18:28:37.976753: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 18:28:37.976755: | ed 8f c6 ff 72 28 ac ea dc 14 e8 46 8e 2a 3f b7 Aug 26 18:28:37.976757: | 0d 41 8e d7 a8 49 42 79 8c 7d f4 c5 22 95 d0 7e Aug 26 18:28:37.976758: | 0a Aug 26 18:28:37.976762: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:28:37.976764: | **parse ISAKMP Message: Aug 26 18:28:37.976766: | initiator cookie: Aug 26 18:28:37.976768: | 56 a4 53 a1 8f ec f6 d7 Aug 26 18:28:37.976769: | responder cookie: Aug 26 18:28:37.976771: | 8a ba 4a b0 61 5e 9d 59 Aug 26 18:28:37.976773: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:28:37.976774: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:37.976776: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:28:37.976778: | flags: none (0x0) Aug 26 18:28:37.976780: | Message ID: 1 (0x1) Aug 26 18:28:37.976784: | length: 65 (0x41) Aug 26 18:28:37.976786: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:28:37.976788: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:28:37.976790: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:28:37.976794: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:28:37.976796: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:28:37.976799: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:28:37.976801: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:28:37.976804: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Aug 26 18:28:37.976806: | unpacking clear payload Aug 26 18:28:37.976807: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:28:37.976809: | ***parse IKEv2 Encryption Payload: Aug 26 18:28:37.976811: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:28:37.976813: | flags: none (0x0) Aug 26 18:28:37.976814: | length: 37 (0x25) Aug 26 18:28:37.976816: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 18:28:37.976819: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 18:28:37.976821: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:28:37.976836: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:28:37.976838: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:28:37.976840: | **parse IKEv2 Delete Payload: Aug 26 18:28:37.976842: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:37.976844: | flags: none (0x0) Aug 26 18:28:37.976845: | length: 8 (0x8) Aug 26 18:28:37.976847: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 18:28:37.976848: | SPI size: 0 (0x0) Aug 26 18:28:37.976850: | number of SPIs: 0 (0x0) Aug 26 18:28:37.976852: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 18:28:37.976853: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:28:37.976855: | Now let's proceed with state specific processing Aug 26 18:28:37.976857: | calling processor I3: INFORMATIONAL Request Aug 26 18:28:37.976860: | an informational request should send a response Aug 26 18:28:37.976879: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:28:37.976882: | **emit ISAKMP Message: Aug 26 18:28:37.976883: | initiator cookie: Aug 26 18:28:37.976885: | 56 a4 53 a1 8f ec f6 d7 Aug 26 18:28:37.976886: | responder cookie: Aug 26 18:28:37.976888: | 8a ba 4a b0 61 5e 9d 59 Aug 26 18:28:37.976890: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:28:37.976891: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:37.976893: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:28:37.976895: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:28:37.976897: | Message ID: 1 (0x1) Aug 26 18:28:37.976898: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:28:37.976900: | ***emit IKEv2 Encryption Payload: Aug 26 18:28:37.976902: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:37.976904: | flags: none (0x0) Aug 26 18:28:37.976906: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:28:37.976908: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:28:37.976910: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:28:37.976917: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:28:37.976919: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:28:37.976922: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:28:37.976924: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 18:28:37.976926: | emitting length of ISAKMP Message: 57 Aug 26 18:28:37.976937: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:28:37.976940: | 56 a4 53 a1 8f ec f6 d7 8a ba 4a b0 61 5e 9d 59 Aug 26 18:28:37.976941: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Aug 26 18:28:37.976943: | 00 5f 25 61 f8 56 38 d3 30 e4 1b d8 8a f6 c2 df Aug 26 18:28:37.976944: | 45 22 5a ff 82 b6 51 8b 26 Aug 26 18:28:37.976964: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:28:37.976967: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:28:37.976970: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 18:28:37.976972: | pstats #3 ikev2.child deleted other Aug 26 18:28:37.976975: | #3 spent 0.0429 milliseconds in total Aug 26 18:28:37.976978: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:28:37.976981: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:28:37.976983: "westnet-eastnet-ipv4-psk-ikev2" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.008s and NOT sending notification Aug 26 18:28:37.976985: | child state #3: CHILDSA_DEL(informational) => delete Aug 26 18:28:37.976988: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:28:37.976990: | libevent_free: release ptr-libevent@0x55ff3c5164a8 Aug 26 18:28:37.976993: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fb864002b78 Aug 26 18:28:37.976996: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:28:37.977000: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 18:28:37.977010: | raw_eroute result=success Aug 26 18:28:37.977013: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 18:28:37.977015: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 18:28:37.977020: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:28:37.977022: | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:28:37.977025: | resume processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:28:37.977028: | State DB: IKEv2 state not found (delete_my_family) Aug 26 18:28:37.977030: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 18:28:37.977032: | pstats #1 ikev2.ike deleted completed Aug 26 18:28:37.977035: | #1 spent 8.43 milliseconds in total Aug 26 18:28:37.977038: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:28:37.977040: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting state (STATE_IKESA_DEL) aged 4.447s and NOT sending notification Aug 26 18:28:37.977042: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 18:28:37.977073: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 18:28:37.977077: | libevent_free: release ptr-libevent@0x7fb85c000f48 Aug 26 18:28:37.977080: | free_event_entry: release EVENT_SA_REKEY-pe@0x55ff3c512b58 Aug 26 18:28:37.977082: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:28:37.977084: | picked newest_isakmp_sa #0 for #1 Aug 26 18:28:37.977086: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:28:37.977090: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 0 seconds Aug 26 18:28:37.977092: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 18:28:37.977095: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 18:28:37.977097: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 18:28:37.977099: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 18:28:37.977122: | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:28:37.977140: | in statetime_stop() and could not find #1 Aug 26 18:28:37.977143: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:37.977146: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 18:28:37.977148: | STF_OK but no state object remains Aug 26 18:28:37.977149: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:28:37.977151: | in statetime_stop() and could not find #1 Aug 26 18:28:37.977154: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:28:37.977156: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:28:37.977158: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:28:37.977161: | spent 0.414 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:28:37.977166: | processing resume sending helper answer for #3 Aug 26 18:28:37.977169: | crypto helper 3 replies to request ID 3 Aug 26 18:28:37.977171: | calling continuation function 0x55ff3aec3b50 Aug 26 18:28:37.977172: | work-order 3 state #3 crypto result suppressed Aug 26 18:28:37.977180: | (#3) spent 0.011 milliseconds in resume sending helper answer Aug 26 18:28:37.977183: | libevent_free: release ptr-libevent@0x7fb860002888 Aug 26 18:28:37.977185: | processing signal PLUTO_SIGCHLD Aug 26 18:28:37.977189: | waitpid returned ECHILD (no child processes left) Aug 26 18:28:37.977191: | spent 0.00411 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:28:37.977195: | processing global timer EVENT_REVIVE_CONNS Aug 26 18:28:37.977197: Initiating connection westnet-eastnet-ipv4-psk-ikev2 which received a Delete/Notify but must remain up per local policy Aug 26 18:28:37.977199: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:28:37.977202: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Aug 26 18:28:37.977204: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Aug 26 18:28:37.977206: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 18:28:37.977209: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:28:37.977212: | creating state object #4 at 0x55ff3c5157d8 Aug 26 18:28:37.977214: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 18:28:37.977218: | pstats #4 ikev2.ike started Aug 26 18:28:37.977220: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:28:37.977222: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:28:37.977225: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:28:37.977229: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:28:37.977232: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:28:37.977234: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:28:37.977237: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #4 "westnet-eastnet-ipv4-psk-ikev2" Aug 26 18:28:37.977241: "westnet-eastnet-ipv4-psk-ikev2" #4: initiating v2 parent SA Aug 26 18:28:37.977252: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:37.977255: | adding ikev2_outI1 KE work-order 4 for state #4 Aug 26 18:28:37.977257: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fb85c001f18 Aug 26 18:28:37.977260: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 18:28:37.977262: | libevent_malloc: new ptr-libevent@0x55ff3c512848 size 128 Aug 26 18:28:37.977269: | #4 spent 0.0666 milliseconds in ikev2_parent_outI1() Aug 26 18:28:37.977272: | RESET processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:28:37.977274: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:28:37.977276: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:28:37.977279: | spent 0.0817 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 18:28:37.977278: | crypto helper 2 resuming Aug 26 18:28:37.977310: | crypto helper 2 starting work-order 4 for state #4 Aug 26 18:28:37.977316: | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Aug 26 18:28:37.978211: | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.000896 seconds Aug 26 18:28:37.978220: | (#4) spent 0.904 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Aug 26 18:28:37.978224: | crypto helper 2 sending results from work-order 4 for state #4 to event queue Aug 26 18:28:37.978228: | scheduling resume sending helper answer for #4 Aug 26 18:28:37.978231: | libevent_malloc: new ptr-libevent@0x7fb854002888 size 128 Aug 26 18:28:37.978238: | crypto helper 2 waiting (nothing to do) Aug 26 18:28:37.978277: | processing resume sending helper answer for #4 Aug 26 18:28:37.978286: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:28:37.978313: | crypto helper 2 replies to request ID 4 Aug 26 18:28:37.978316: | calling continuation function 0x55ff3aec3b50 Aug 26 18:28:37.978318: | ikev2_parent_outI1_continue for #4 Aug 26 18:28:37.978321: | **emit ISAKMP Message: Aug 26 18:28:37.978323: | initiator cookie: Aug 26 18:28:37.978325: | 49 c1 8b 1e f1 57 27 14 Aug 26 18:28:37.978327: | responder cookie: Aug 26 18:28:37.978328: | 00 00 00 00 00 00 00 00 Aug 26 18:28:37.978330: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:28:37.978332: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:37.978334: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:28:37.978335: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:28:37.978337: | Message ID: 0 (0x0) Aug 26 18:28:37.978339: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:28:37.978349: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:37.978353: | Emitting ikev2_proposals ... Aug 26 18:28:37.978356: | ***emit IKEv2 Security Association Payload: Aug 26 18:28:37.978357: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:37.978359: | flags: none (0x0) Aug 26 18:28:37.978361: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:28:37.978363: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:28:37.978365: | discarding INTEG=NONE Aug 26 18:28:37.978367: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:37.978369: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:37.978370: | prop #: 1 (0x1) Aug 26 18:28:37.978372: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:37.978374: | spi size: 0 (0x0) Aug 26 18:28:37.978375: | # transforms: 11 (0xb) Aug 26 18:28:37.978377: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:37.978379: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978381: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978383: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:37.978384: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:37.978386: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978388: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:37.978390: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:37.978392: | length/value: 256 (0x100) Aug 26 18:28:37.978394: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:37.978395: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978397: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978399: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:37.978400: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:37.978402: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978404: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978406: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978408: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978409: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978411: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:37.978412: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:37.978414: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978416: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978418: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978419: | discarding INTEG=NONE Aug 26 18:28:37.978421: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978422: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978424: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978426: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:37.978428: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978430: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978432: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978434: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978435: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978438: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978440: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:37.978443: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978446: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978448: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978450: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978453: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978456: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978459: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:37.978463: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978466: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978470: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978473: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978476: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978479: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978482: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:37.978486: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978489: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978492: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978494: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978497: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978499: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978502: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:37.978505: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978508: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978511: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978513: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978516: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978519: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978521: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:37.978524: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978527: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978530: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978533: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978535: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978538: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978543: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:37.978546: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978549: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978552: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978555: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978558: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:37.978560: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978563: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:37.978566: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978569: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978572: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978575: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:28:37.978578: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:37.978580: | discarding INTEG=NONE Aug 26 18:28:37.978583: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:37.978585: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:37.978588: | prop #: 2 (0x2) Aug 26 18:28:37.978590: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:37.978593: | spi size: 0 (0x0) Aug 26 18:28:37.978595: | # transforms: 11 (0xb) Aug 26 18:28:37.978598: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:37.978601: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:37.978604: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978607: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978610: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:37.978612: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:37.978615: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978618: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:37.978621: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:37.978623: | length/value: 128 (0x80) Aug 26 18:28:37.978626: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:37.978628: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978631: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978634: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:37.978636: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:37.978639: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978642: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978645: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978648: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978650: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978653: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:37.978655: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:37.978658: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978663: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978666: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978669: | discarding INTEG=NONE Aug 26 18:28:37.978671: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978673: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978676: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978678: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:37.978680: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978683: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978685: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978687: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978689: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978691: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978693: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:37.978695: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978698: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978700: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978702: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978704: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978706: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978708: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:37.978711: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978713: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978716: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978718: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978721: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978723: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978725: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:37.978728: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978731: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978734: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978736: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978739: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978741: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978744: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:37.978746: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978749: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978752: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978754: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978757: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978759: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978763: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:37.978766: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978770: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978773: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978776: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978779: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978782: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978784: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:37.978787: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978790: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978792: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978794: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978795: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:37.978797: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978799: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:37.978800: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978802: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978804: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978806: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:28:37.978808: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:37.978809: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:37.978811: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:37.978813: | prop #: 3 (0x3) Aug 26 18:28:37.978814: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:37.978816: | spi size: 0 (0x0) Aug 26 18:28:37.978817: | # transforms: 13 (0xd) Aug 26 18:28:37.978819: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:37.978821: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:37.978823: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978825: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978826: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:37.978828: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:37.978830: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978831: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:37.978833: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:37.978835: | length/value: 256 (0x100) Aug 26 18:28:37.978836: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:37.978838: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978840: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978841: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:37.978843: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:37.978845: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978847: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978849: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978851: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978853: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978854: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:37.978856: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:37.978858: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978860: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978861: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978863: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978864: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978866: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:37.978868: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:37.978869: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978871: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978873: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978875: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978876: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978878: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:37.978879: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:37.978881: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978883: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978885: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978886: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978888: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978889: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978891: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:37.978893: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978895: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978896: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978898: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978899: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978901: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978903: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:37.978905: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978906: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978908: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978910: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978911: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978913: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978914: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:37.978916: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978919: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978921: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978922: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978924: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978925: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978927: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:37.978929: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978931: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978932: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978934: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978935: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978937: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978939: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:37.978941: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978942: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978944: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978946: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978947: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978949: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978950: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:37.978952: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978954: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978956: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978957: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978959: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978960: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978962: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:37.978964: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978966: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978967: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978969: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.978970: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:37.978972: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.978974: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:37.978976: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.978977: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.978979: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.978981: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:28:37.978983: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:37.978985: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:37.978987: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:28:37.978988: | prop #: 4 (0x4) Aug 26 18:28:37.978990: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:37.978992: | spi size: 0 (0x0) Aug 26 18:28:37.978993: | # transforms: 13 (0xd) Aug 26 18:28:37.978995: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:37.978997: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:37.978999: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.979000: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979002: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:37.979004: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:37.979005: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.979007: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:37.979009: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:37.979010: | length/value: 128 (0x80) Aug 26 18:28:37.979012: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:37.979014: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.979015: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979017: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:37.979018: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:37.979020: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979022: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.979024: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.979025: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.979027: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979029: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:37.979030: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:37.979032: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979034: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.979036: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.979037: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.979039: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979040: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:37.979042: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:37.979044: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979046: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.979047: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.979049: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.979050: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979053: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:37.979056: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:37.979058: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979063: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.979067: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.979070: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.979073: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979075: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.979078: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:37.979082: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979085: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.979088: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.979091: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.979093: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979096: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.979098: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:37.979102: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979104: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.979107: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.979110: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.979112: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979115: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.979117: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:37.979120: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979123: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.979126: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.979128: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.979131: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979133: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.979136: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:37.979139: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979141: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.979144: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.979147: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.979149: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979152: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.979154: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:37.979157: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979160: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.979162: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.979165: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.979168: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979171: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.979174: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:37.979179: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979184: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.979186: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.979189: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.979191: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979194: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.979196: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:37.979199: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979202: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.979205: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.979207: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:37.979210: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:37.979213: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:37.979215: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:37.979218: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:37.979221: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:37.979224: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:37.979226: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:28:37.979229: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:37.979232: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:28:37.979235: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:28:37.979237: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:28:37.979240: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:37.979243: | flags: none (0x0) Aug 26 18:28:37.979245: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:37.979248: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:28:37.979251: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:28:37.979255: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:28:37.979258: | ikev2 g^x 6a 51 d3 d9 8c 27 4f 30 b6 3b 6f 9b 3b 8a 42 e9 Aug 26 18:28:37.979260: | ikev2 g^x 9f 37 a3 b6 99 5b bd 54 1d e6 ac 4f c3 30 d7 07 Aug 26 18:28:37.979262: | ikev2 g^x 20 65 9f 6e bc 55 3c 39 c3 13 99 65 5e 26 33 c7 Aug 26 18:28:37.979263: | ikev2 g^x 0c b0 e4 63 95 b2 0c f5 23 07 99 e4 19 61 5f ba Aug 26 18:28:37.979265: | ikev2 g^x db c5 f3 02 d1 79 73 d9 d4 fb 27 6f 9f 7f 7b 60 Aug 26 18:28:37.979267: | ikev2 g^x c5 0b 69 4b 6c 63 ba 8b 49 da 03 5e 0d d9 9c 6c Aug 26 18:28:37.979268: | ikev2 g^x 43 c2 4f e2 ae e4 84 04 fd d4 a6 32 ac 16 ce 8b Aug 26 18:28:37.979270: | ikev2 g^x a1 8a 0b 39 d6 b0 04 f1 3c c2 45 0a 92 e8 16 95 Aug 26 18:28:37.979271: | ikev2 g^x 98 db b8 c8 33 ab 21 fb ba 45 67 3d 16 64 30 27 Aug 26 18:28:37.979273: | ikev2 g^x a7 7a cc 47 32 50 88 03 c3 e3 7d 85 96 28 8a ea Aug 26 18:28:37.979274: | ikev2 g^x 27 b3 7e 26 4a 0d 9d 54 90 7a ec 1f fd 39 d8 5d Aug 26 18:28:37.979276: | ikev2 g^x d6 f0 c4 15 74 1c bd 0c 2b 98 96 d1 50 68 1f 71 Aug 26 18:28:37.979277: | ikev2 g^x ca ab ad 6c ae 6d 07 23 23 19 f1 3a 18 92 0a a2 Aug 26 18:28:37.979282: | ikev2 g^x c3 5d cd 86 ed 57 bc e3 0d 66 8f e8 ad c7 2b a7 Aug 26 18:28:37.979284: | ikev2 g^x cc 45 95 e7 6a 49 cb 03 23 4a 04 59 bd cb e6 d5 Aug 26 18:28:37.979285: | ikev2 g^x 34 26 78 78 f8 1d f8 68 d6 2b 98 9a 60 09 6d 04 Aug 26 18:28:37.979287: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:28:37.979295: | ***emit IKEv2 Nonce Payload: Aug 26 18:28:37.979297: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:28:37.979299: | flags: none (0x0) Aug 26 18:28:37.979301: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:28:37.979303: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:28:37.979305: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:28:37.979307: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:28:37.979308: | IKEv2 nonce 87 1a dd d0 48 1c 93 f5 47 9a b2 b1 4e 61 b6 86 Aug 26 18:28:37.979310: | IKEv2 nonce 6f 1d a8 ad 9b b1 8f a7 54 bb 97 2f 8d be 89 b9 Aug 26 18:28:37.979311: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:28:37.979313: | Adding a v2N Payload Aug 26 18:28:37.979315: | ***emit IKEv2 Notify Payload: Aug 26 18:28:37.979317: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:37.979318: | flags: none (0x0) Aug 26 18:28:37.979320: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:37.979322: | SPI size: 0 (0x0) Aug 26 18:28:37.979323: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:28:37.979325: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:28:37.979327: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:28:37.979329: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:28:37.979331: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:28:37.979333: | natd_hash: rcookie is zero Aug 26 18:28:37.979342: | natd_hash: hasher=0x55ff3af98800(20) Aug 26 18:28:37.979344: | natd_hash: icookie= 49 c1 8b 1e f1 57 27 14 Aug 26 18:28:37.979346: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:28:37.979347: | natd_hash: ip= c0 01 02 2d Aug 26 18:28:37.979349: | natd_hash: port=500 Aug 26 18:28:37.979351: | natd_hash: hash= 57 1c ee e8 5b 1c 52 ff 27 3e d9 a3 18 0a 60 ab Aug 26 18:28:37.979352: | natd_hash: hash= 5b 2c 0c 44 Aug 26 18:28:37.979354: | Adding a v2N Payload Aug 26 18:28:37.979355: | ***emit IKEv2 Notify Payload: Aug 26 18:28:37.979357: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:37.979359: | flags: none (0x0) Aug 26 18:28:37.979360: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:37.979362: | SPI size: 0 (0x0) Aug 26 18:28:37.979364: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:28:37.979366: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:28:37.979368: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:28:37.979370: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:28:37.979371: | Notify data 57 1c ee e8 5b 1c 52 ff 27 3e d9 a3 18 0a 60 ab Aug 26 18:28:37.979373: | Notify data 5b 2c 0c 44 Aug 26 18:28:37.979374: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:28:37.979376: | natd_hash: rcookie is zero Aug 26 18:28:37.979380: | natd_hash: hasher=0x55ff3af98800(20) Aug 26 18:28:37.979381: | natd_hash: icookie= 49 c1 8b 1e f1 57 27 14 Aug 26 18:28:37.979383: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:28:37.979385: | natd_hash: ip= c0 01 02 17 Aug 26 18:28:37.979386: | natd_hash: port=500 Aug 26 18:28:37.979388: | natd_hash: hash= 6a 41 41 86 f6 c1 a9 06 84 5a 71 53 02 9e c4 4d Aug 26 18:28:37.979391: | natd_hash: hash= 54 b1 c7 12 Aug 26 18:28:37.979392: | Adding a v2N Payload Aug 26 18:28:37.979394: | ***emit IKEv2 Notify Payload: Aug 26 18:28:37.979395: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:37.979397: | flags: none (0x0) Aug 26 18:28:37.979399: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:37.979400: | SPI size: 0 (0x0) Aug 26 18:28:37.979402: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:28:37.979404: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:28:37.979406: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:28:37.979407: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:28:37.979409: | Notify data 6a 41 41 86 f6 c1 a9 06 84 5a 71 53 02 9e c4 4d Aug 26 18:28:37.979411: | Notify data 54 b1 c7 12 Aug 26 18:28:37.979412: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:28:37.979414: | emitting length of ISAKMP Message: 828 Aug 26 18:28:37.979419: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:28:37.979423: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:37.979425: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:28:37.979427: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:28:37.979430: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:28:37.979431: | Message ID: updating counters for #4 to 4294967295 after switching state Aug 26 18:28:37.979433: | Message ID: IKE #4 skipping update_recv as MD is fake Aug 26 18:28:37.979437: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:28:37.979439: "westnet-eastnet-ipv4-psk-ikev2" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:28:37.979442: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 18:28:37.979446: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Aug 26 18:28:37.979448: | 49 c1 8b 1e f1 57 27 14 00 00 00 00 00 00 00 00 Aug 26 18:28:37.979450: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:28:37.979451: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:28:37.979453: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:28:37.979454: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:28:37.979456: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:28:37.979457: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:28:37.979459: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:28:37.979460: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:28:37.979462: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:28:37.979463: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:28:37.979465: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:28:37.979466: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:28:37.979468: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:28:37.979469: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:28:37.979471: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:28:37.979472: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:28:37.979474: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:28:37.979475: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:28:37.979477: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:28:37.979478: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:28:37.979481: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:28:37.979483: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:28:37.979484: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:28:37.979486: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:28:37.979487: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:28:37.979489: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:28:37.979490: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:28:37.979492: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:28:37.979493: | 28 00 01 08 00 0e 00 00 6a 51 d3 d9 8c 27 4f 30 Aug 26 18:28:37.979495: | b6 3b 6f 9b 3b 8a 42 e9 9f 37 a3 b6 99 5b bd 54 Aug 26 18:28:37.979496: | 1d e6 ac 4f c3 30 d7 07 20 65 9f 6e bc 55 3c 39 Aug 26 18:28:37.979498: | c3 13 99 65 5e 26 33 c7 0c b0 e4 63 95 b2 0c f5 Aug 26 18:28:37.979499: | 23 07 99 e4 19 61 5f ba db c5 f3 02 d1 79 73 d9 Aug 26 18:28:37.979501: | d4 fb 27 6f 9f 7f 7b 60 c5 0b 69 4b 6c 63 ba 8b Aug 26 18:28:37.979502: | 49 da 03 5e 0d d9 9c 6c 43 c2 4f e2 ae e4 84 04 Aug 26 18:28:37.979504: | fd d4 a6 32 ac 16 ce 8b a1 8a 0b 39 d6 b0 04 f1 Aug 26 18:28:37.979505: | 3c c2 45 0a 92 e8 16 95 98 db b8 c8 33 ab 21 fb Aug 26 18:28:37.979507: | ba 45 67 3d 16 64 30 27 a7 7a cc 47 32 50 88 03 Aug 26 18:28:37.979508: | c3 e3 7d 85 96 28 8a ea 27 b3 7e 26 4a 0d 9d 54 Aug 26 18:28:37.979510: | 90 7a ec 1f fd 39 d8 5d d6 f0 c4 15 74 1c bd 0c Aug 26 18:28:37.979511: | 2b 98 96 d1 50 68 1f 71 ca ab ad 6c ae 6d 07 23 Aug 26 18:28:37.979513: | 23 19 f1 3a 18 92 0a a2 c3 5d cd 86 ed 57 bc e3 Aug 26 18:28:37.979514: | 0d 66 8f e8 ad c7 2b a7 cc 45 95 e7 6a 49 cb 03 Aug 26 18:28:37.979516: | 23 4a 04 59 bd cb e6 d5 34 26 78 78 f8 1d f8 68 Aug 26 18:28:37.979517: | d6 2b 98 9a 60 09 6d 04 29 00 00 24 87 1a dd d0 Aug 26 18:28:37.979519: | 48 1c 93 f5 47 9a b2 b1 4e 61 b6 86 6f 1d a8 ad Aug 26 18:28:37.979520: | 9b b1 8f a7 54 bb 97 2f 8d be 89 b9 29 00 00 08 Aug 26 18:28:37.979522: | 00 00 40 2e 29 00 00 1c 00 00 40 04 57 1c ee e8 Aug 26 18:28:37.979523: | 5b 1c 52 ff 27 3e d9 a3 18 0a 60 ab 5b 2c 0c 44 Aug 26 18:28:37.979525: | 00 00 00 1c 00 00 40 05 6a 41 41 86 f6 c1 a9 06 Aug 26 18:28:37.979526: | 84 5a 71 53 02 9e c4 4d 54 b1 c7 12 Aug 26 18:28:37.979549: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:28:37.979553: | libevent_free: release ptr-libevent@0x55ff3c512848 Aug 26 18:28:37.979555: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fb85c001f18 Aug 26 18:28:37.979557: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:28:37.979559: "westnet-eastnet-ipv4-psk-ikev2" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:28:37.979562: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fb85c001f18 Aug 26 18:28:37.979564: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #4 Aug 26 18:28:37.979566: | libevent_malloc: new ptr-libevent@0x55ff3c5164a8 size 128 Aug 26 18:28:37.979570: | #4 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29403.722029 Aug 26 18:28:37.979572: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Aug 26 18:28:37.979577: | #4 spent 1.25 milliseconds in resume sending helper answer Aug 26 18:28:37.979580: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:28:37.979582: | libevent_free: release ptr-libevent@0x7fb854002888 Aug 26 18:28:38.695523: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:38.695548: shutting down Aug 26 18:28:38.695563: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 18:28:38.695569: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:28:38.695575: forgetting secrets Aug 26 18:28:38.695579: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:28:38.695585: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in delete_connection() at connections.c:189) Aug 26 18:28:38.695589: | removing pending policy for no connection {0x55ff3c467898} Aug 26 18:28:38.695593: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:28:38.695596: | pass 0 Aug 26 18:28:38.695599: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:28:38.695602: | state #4 Aug 26 18:28:38.695606: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:28:38.695613: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:28:38.695617: | pstats #4 ikev2.ike deleted other Aug 26 18:28:38.695623: | #4 spent 2.22 milliseconds in total Aug 26 18:28:38.695629: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:28:38.695634: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting state (STATE_PARENT_I1) aged 0.718s and NOT sending notification Aug 26 18:28:38.695637: | parent state #4: PARENT_I1(half-open IKE SA) => delete Aug 26 18:28:38.695641: | state #4 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:28:38.695644: | #4 STATE_PARENT_I1: retransmits: cleared Aug 26 18:28:38.695649: | libevent_free: release ptr-libevent@0x55ff3c5164a8 Aug 26 18:28:38.695653: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fb85c001f18 Aug 26 18:28:38.695657: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:28:38.695660: | picked newest_isakmp_sa #0 for #4 Aug 26 18:28:38.695664: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:28:38.695668: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 5 seconds Aug 26 18:28:38.695672: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 18:28:38.695678: | stop processing: connection "westnet-eastnet-ipv4-psk-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 18:28:38.695681: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 18:28:38.695684: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 18:28:38.695687: | State DB: deleting IKEv2 state #4 in PARENT_I1 Aug 26 18:28:38.695691: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 18:28:38.695712: | stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:28:38.695719: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:28:38.695722: | pass 1 Aug 26 18:28:38.695725: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:28:38.695729: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:28:38.695732: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:28:38.695736: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:28:38.695771: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:28:38.695783: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:28:38.695787: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 18:28:38.695791: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 18:28:38.695794: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL Aug 26 18:28:38.695798: | running updown command "ipsec _updown" for verb unroute Aug 26 18:28:38.695801: | command executing unroute-client Aug 26 18:28:38.695828: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA Aug 26 18:28:38.695831: | popen cmd is 1041 chars long Aug 26 18:28:38.695834: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 18:28:38.695836: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: Aug 26 18:28:38.695839: | cmd( 160):92.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NE: Aug 26 18:28:38.695841: | cmd( 240):T='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Aug 26 18:28:38.695843: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' P: Aug 26 18:28:38.695845: | cmd( 400):LUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192: Aug 26 18:28:38.695848: | cmd( 480):.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PR: Aug 26 18:28:38.695850: | cmd( 560):OTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO: Aug 26 18:28:38.695853: | cmd( 640):LICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' P: Aug 26 18:28:38.695855: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Aug 26 18:28:38.695858: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Aug 26 18:28:38.695861: | cmd( 880):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Aug 26 18:28:38.695863: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&: Aug 26 18:28:38.695866: | cmd(1040):1: Aug 26 18:28:38.706068: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706089: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706093: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706105: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706119: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706132: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706150: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706163: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706175: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706188: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706198: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706211: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706221: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706231: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706240: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706250: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706260: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706270: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706280: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706339: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706345: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706355: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706365: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706374: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706383: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706392: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706403: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706615: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.706625: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.722526: | free hp@0x55ff3c510308 Aug 26 18:28:38.722541: | flush revival: connection 'westnet-eastnet-ipv4-psk-ikev2' revival flushed Aug 26 18:28:38.722549: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 18:28:38.722569: | crl fetch request list locked by 'free_crl_fetch' Aug 26 18:28:38.722572: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 18:28:38.722586: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 18:28:38.722590: shutting down interface lo/lo 127.0.0.1:500 Aug 26 18:28:38.722594: shutting down interface eth0/eth0 192.0.1.254:4500 Aug 26 18:28:38.722597: shutting down interface eth0/eth0 192.0.1.254:500 Aug 26 18:28:38.722600: shutting down interface eth1/eth1 192.1.2.45:4500 Aug 26 18:28:38.722603: shutting down interface eth1/eth1 192.1.2.45:500 Aug 26 18:28:38.722607: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 18:28:38.722618: | libevent_free: release ptr-libevent@0x55ff3c501f98 Aug 26 18:28:38.722623: | free_event_entry: release EVENT_NULL-pe@0x55ff3c50da98 Aug 26 18:28:38.722634: | libevent_free: release ptr-libevent@0x55ff3c496098 Aug 26 18:28:38.722637: | free_event_entry: release EVENT_NULL-pe@0x55ff3c50db48 Aug 26 18:28:38.722645: | libevent_free: release ptr-libevent@0x55ff3c497a48 Aug 26 18:28:38.722648: | free_event_entry: release EVENT_NULL-pe@0x55ff3c50dbf8 Aug 26 18:28:38.722654: | libevent_free: release ptr-libevent@0x55ff3c497998 Aug 26 18:28:38.722657: | free_event_entry: release EVENT_NULL-pe@0x55ff3c50dca8 Aug 26 18:28:38.722662: | libevent_free: release ptr-libevent@0x55ff3c46c4e8 Aug 26 18:28:38.722665: | free_event_entry: release EVENT_NULL-pe@0x55ff3c50dd58 Aug 26 18:28:38.722671: | libevent_free: release ptr-libevent@0x55ff3c46c1d8 Aug 26 18:28:38.722674: | free_event_entry: release EVENT_NULL-pe@0x55ff3c50de08 Aug 26 18:28:38.722679: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:28:38.723096: | libevent_free: release ptr-libevent@0x55ff3c502048 Aug 26 18:28:38.723103: | free_event_entry: release EVENT_NULL-pe@0x55ff3c4f5e38 Aug 26 18:28:38.723108: | libevent_free: release ptr-libevent@0x55ff3c496198 Aug 26 18:28:38.723111: | free_event_entry: release EVENT_NULL-pe@0x55ff3c4f5dc8 Aug 26 18:28:38.723116: | libevent_free: release ptr-libevent@0x55ff3c4d9568 Aug 26 18:28:38.723119: | free_event_entry: release EVENT_NULL-pe@0x55ff3c4f52a8 Aug 26 18:28:38.723122: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 18:28:38.723125: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 18:28:38.723127: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 18:28:38.723130: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 18:28:38.723132: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 18:28:38.723135: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 18:28:38.723137: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 18:28:38.723140: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 18:28:38.723146: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 18:28:38.723151: | libevent_free: release ptr-libevent@0x55ff3c4a0388 Aug 26 18:28:38.723154: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 18:28:38.723157: | libevent_free: release ptr-libevent@0x55ff3c498238 Aug 26 18:28:38.723160: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 18:28:38.723163: | libevent_free: release ptr-libevent@0x55ff3c50d458 Aug 26 18:28:38.723165: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 18:28:38.723169: | libevent_free: release ptr-libevent@0x55ff3c50d698 Aug 26 18:28:38.723171: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 18:28:38.723173: | releasing event base Aug 26 18:28:38.723184: | libevent_free: release ptr-libevent@0x55ff3c50d568 Aug 26 18:28:38.723187: | libevent_free: release ptr-libevent@0x55ff3c4f0578 Aug 26 18:28:38.723191: | libevent_free: release ptr-libevent@0x55ff3c4f0528 Aug 26 18:28:38.723194: | libevent_free: release ptr-libevent@0x55ff3c4f04b8 Aug 26 18:28:38.723197: | libevent_free: release ptr-libevent@0x55ff3c4f0478 Aug 26 18:28:38.723200: | libevent_free: release ptr-libevent@0x55ff3c50d318 Aug 26 18:28:38.723202: | libevent_free: release ptr-libevent@0x55ff3c50d398 Aug 26 18:28:38.723205: | libevent_free: release ptr-libevent@0x55ff3c4f0728 Aug 26 18:28:38.723207: | libevent_free: release ptr-libevent@0x55ff3c4f53b8 Aug 26 18:28:38.723210: | libevent_free: release ptr-libevent@0x55ff3c4f5d88 Aug 26 18:28:38.723212: | libevent_free: release ptr-libevent@0x55ff3c50de78 Aug 26 18:28:38.723215: | libevent_free: release ptr-libevent@0x55ff3c50ddc8 Aug 26 18:28:38.723217: | libevent_free: release ptr-libevent@0x55ff3c50dd18 Aug 26 18:28:38.723220: | libevent_free: release ptr-libevent@0x55ff3c50dc68 Aug 26 18:28:38.723222: | libevent_free: release ptr-libevent@0x55ff3c50dbb8 Aug 26 18:28:38.723225: | libevent_free: release ptr-libevent@0x55ff3c50db08 Aug 26 18:28:38.723228: | libevent_free: release ptr-libevent@0x55ff3c495698 Aug 26 18:28:38.723230: | libevent_free: release ptr-libevent@0x55ff3c50d418 Aug 26 18:28:38.723233: | libevent_free: release ptr-libevent@0x55ff3c50d3d8 Aug 26 18:28:38.723235: | libevent_free: release ptr-libevent@0x55ff3c50d358 Aug 26 18:28:38.723238: | libevent_free: release ptr-libevent@0x55ff3c50d528 Aug 26 18:28:38.723240: | libevent_free: release ptr-libevent@0x55ff3c494828 Aug 26 18:28:38.723243: | libevent_free: release ptr-libevent@0x55ff3c46b908 Aug 26 18:28:38.723246: | libevent_free: release ptr-libevent@0x55ff3c46bd38 Aug 26 18:28:38.723248: | libevent_free: release ptr-libevent@0x55ff3c494b98 Aug 26 18:28:38.723251: | releasing global libevent data Aug 26 18:28:38.723255: | libevent_free: release ptr-libevent@0x55ff3c46b7f8 Aug 26 18:28:38.723258: | libevent_free: release ptr-libevent@0x55ff3c46bcd8 Aug 26 18:28:38.723261: | libevent_free: release ptr-libevent@0x55ff3c46bdd8 Aug 26 18:28:38.723307: leak detective found no leaks