Aug 26 18:28:30.939348: FIPS Product: YES Aug 26 18:28:30.939473: FIPS Kernel: NO Aug 26 18:28:30.939477: FIPS Mode: NO Aug 26 18:28:30.939480: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:28:30.939630: Initializing NSS Aug 26 18:28:30.939637: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:28:30.983902: NSS initialized Aug 26 18:28:30.983917: NSS crypto library initialized Aug 26 18:28:30.983921: FIPS HMAC integrity support [enabled] Aug 26 18:28:30.983923: FIPS mode disabled for pluto daemon Aug 26 18:28:31.045831: FIPS HMAC integrity verification self-test FAILED Aug 26 18:28:31.045991: libcap-ng support [enabled] Aug 26 18:28:31.046006: Linux audit support [enabled] Aug 26 18:28:31.046609: Linux audit activated Aug 26 18:28:31.046624: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2249 Aug 26 18:28:31.046629: core dump dir: /tmp Aug 26 18:28:31.046632: secrets file: /etc/ipsec.secrets Aug 26 18:28:31.046635: leak-detective enabled Aug 26 18:28:31.046638: NSS crypto [enabled] Aug 26 18:28:31.046641: XAUTH PAM support [enabled] Aug 26 18:28:31.046736: | libevent is using pluto's memory allocator Aug 26 18:28:31.046746: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:28:31.046760: | libevent_malloc: new ptr-libevent@0x56528a7717f8 size 40 Aug 26 18:28:31.046763: | libevent_malloc: new ptr-libevent@0x56528a771cd8 size 40 Aug 26 18:28:31.046766: | libevent_malloc: new ptr-libevent@0x56528a771dd8 size 40 Aug 26 18:28:31.046769: | creating event base Aug 26 18:28:31.046772: | libevent_malloc: new ptr-libevent@0x56528a7f64b8 size 56 Aug 26 18:28:31.046776: | libevent_malloc: new ptr-libevent@0x56528a79ab98 size 664 Aug 26 18:28:31.046786: | libevent_malloc: new ptr-libevent@0x56528a7f6528 size 24 Aug 26 18:28:31.046788: | libevent_malloc: new ptr-libevent@0x56528a7f6578 size 384 Aug 26 18:28:31.046797: | libevent_malloc: new ptr-libevent@0x56528a7f6478 size 16 Aug 26 18:28:31.046800: | libevent_malloc: new ptr-libevent@0x56528a771908 size 40 Aug 26 18:28:31.046802: | libevent_malloc: new ptr-libevent@0x56528a771d38 size 48 Aug 26 18:28:31.046808: | libevent_realloc: new ptr-libevent@0x56528a79b698 size 256 Aug 26 18:28:31.046811: | libevent_malloc: new ptr-libevent@0x56528a7f6728 size 16 Aug 26 18:28:31.046816: | libevent_free: release ptr-libevent@0x56528a7f64b8 Aug 26 18:28:31.046821: | libevent initialized Aug 26 18:28:31.046825: | libevent_realloc: new ptr-libevent@0x56528a7f64b8 size 64 Aug 26 18:28:31.046829: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:28:31.046849: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:28:31.046852: NAT-Traversal support [enabled] Aug 26 18:28:31.046855: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:28:31.046869: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:28:31.046874: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:28:31.046912: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:28:31.046917: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:28:31.046920: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:28:31.046974: Encryption algorithms: Aug 26 18:28:31.046983: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:28:31.046988: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:28:31.046992: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:28:31.046996: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:28:31.047000: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:28:31.047009: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:28:31.047013: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:28:31.047017: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:28:31.047021: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:28:31.047024: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:28:31.047028: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:28:31.047032: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:28:31.047036: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:28:31.047040: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:28:31.047044: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:28:31.047046: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:28:31.047049: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:28:31.047056: Hash algorithms: Aug 26 18:28:31.047059: MD5 IKEv1: IKE IKEv2: Aug 26 18:28:31.047063: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:28:31.047066: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:28:31.047069: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:28:31.047072: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:28:31.047086: PRF algorithms: Aug 26 18:28:31.047089: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:28:31.047093: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:28:31.047097: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:28:31.047101: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:28:31.047104: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:28:31.047107: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:28:31.047135: Integrity algorithms: Aug 26 18:28:31.047140: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:28:31.047144: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:28:31.047149: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:28:31.047153: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:28:31.047157: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:28:31.047161: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:28:31.047165: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:28:31.047168: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:28:31.047172: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:28:31.047185: DH algorithms: Aug 26 18:28:31.047189: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:28:31.047193: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:28:31.047196: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:28:31.047202: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:28:31.047205: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:28:31.047208: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:28:31.047211: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:28:31.047215: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:28:31.047218: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:28:31.047221: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:28:31.047224: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:28:31.047227: testing CAMELLIA_CBC: Aug 26 18:28:31.047230: Camellia: 16 bytes with 128-bit key Aug 26 18:28:31.047358: Camellia: 16 bytes with 128-bit key Aug 26 18:28:31.047397: Camellia: 16 bytes with 256-bit key Aug 26 18:28:31.047431: Camellia: 16 bytes with 256-bit key Aug 26 18:28:31.047464: testing AES_GCM_16: Aug 26 18:28:31.047468: empty string Aug 26 18:28:31.047501: one block Aug 26 18:28:31.047531: two blocks Aug 26 18:28:31.047559: two blocks with associated data Aug 26 18:28:31.047586: testing AES_CTR: Aug 26 18:28:31.047590: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:28:31.047619: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:28:31.047649: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:28:31.047679: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:28:31.047705: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:28:31.047732: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:28:31.047752: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:28:31.047769: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:28:31.047786: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:28:31.047804: testing AES_CBC: Aug 26 18:28:31.047806: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:28:31.047823: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:28:31.047840: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:28:31.047858: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:28:31.047878: testing AES_XCBC: Aug 26 18:28:31.047880: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:28:31.047955: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:28:31.048037: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:28:31.048111: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:28:31.048187: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:28:31.048262: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:28:31.048380: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:28:31.048675: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:28:31.048812: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:28:31.048956: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:28:31.049211: testing HMAC_MD5: Aug 26 18:28:31.049217: RFC 2104: MD5_HMAC test 1 Aug 26 18:28:31.049409: RFC 2104: MD5_HMAC test 2 Aug 26 18:28:31.049573: RFC 2104: MD5_HMAC test 3 Aug 26 18:28:31.049775: 8 CPU cores online Aug 26 18:28:31.049781: starting up 7 crypto helpers Aug 26 18:28:31.049815: started thread for crypto helper 0 Aug 26 18:28:31.049838: started thread for crypto helper 1 Aug 26 18:28:31.049858: started thread for crypto helper 2 Aug 26 18:28:31.049878: started thread for crypto helper 3 Aug 26 18:28:31.049897: started thread for crypto helper 4 Aug 26 18:28:31.049916: started thread for crypto helper 5 Aug 26 18:28:31.049942: started thread for crypto helper 6 Aug 26 18:28:31.049946: | checking IKEv1 state table Aug 26 18:28:31.049954: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:28:31.049956: | starting up helper thread 5 Aug 26 18:28:31.049957: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:28:31.049962: | starting up helper thread 1 Aug 26 18:28:31.049987: | starting up helper thread 0 Aug 26 18:28:31.049993: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:28:31.049978: | starting up helper thread 6 Aug 26 18:28:31.049998: | crypto helper 1 waiting (nothing to do) Aug 26 18:28:31.049979: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:28:31.050006: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:28:31.050010: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:28:31.050012: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:28:31.050015: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:28:31.050017: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:28:31.050020: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:28:31.050023: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:28:31.050025: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:28:31.050027: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:28:31.050031: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:28:31.050033: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:28:31.050035: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:28:31.050038: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:28:31.050041: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:28:31.050043: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:28:31.050046: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:28:31.050048: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:28:31.050051: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:28:31.050053: | -> UNDEFINED EVENT_NULL Aug 26 18:28:31.050056: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:28:31.050059: | -> UNDEFINED EVENT_NULL Aug 26 18:28:31.050061: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:28:31.050064: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:28:31.050067: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:28:31.050069: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:28:31.050072: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:28:31.050074: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:28:31.050077: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:28:31.050079: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:28:31.050082: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:28:31.050085: | -> UNDEFINED EVENT_NULL Aug 26 18:28:31.050088: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:28:31.050090: | -> UNDEFINED EVENT_NULL Aug 26 18:28:31.050093: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:28:31.050095: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:28:31.050098: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:28:31.050101: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:28:31.050104: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:28:31.050106: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:28:31.050109: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:28:31.050112: | -> UNDEFINED EVENT_NULL Aug 26 18:28:31.050115: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:28:31.050117: | -> UNDEFINED EVENT_NULL Aug 26 18:28:31.050120: | INFO: category: informational flags: 0: Aug 26 18:28:31.050122: | -> UNDEFINED EVENT_NULL Aug 26 18:28:31.050125: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:28:31.050128: | -> UNDEFINED EVENT_NULL Aug 26 18:28:31.050131: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:28:31.050133: | -> XAUTH_R1 EVENT_NULL Aug 26 18:28:31.050136: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:28:31.050138: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:28:31.050141: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:28:31.050144: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:28:31.050155: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:28:31.050158: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:28:31.050161: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:28:31.050163: | -> UNDEFINED EVENT_NULL Aug 26 18:28:31.050166: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:28:31.050168: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:28:31.050171: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:28:31.050174: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:28:31.050177: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:28:31.050179: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:28:31.050185: | checking IKEv2 state table Aug 26 18:28:31.050191: | PARENT_I0: category: ignore flags: 0: Aug 26 18:28:31.050195: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:28:31.050198: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:28:31.050201: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:28:31.050204: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:28:31.050207: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:28:31.050210: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:28:31.050213: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:28:31.050216: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:28:31.050219: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:28:31.050222: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:28:31.050225: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:28:31.050228: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:28:31.050230: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:28:31.050233: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:28:31.050236: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:28:31.050239: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:28:31.050241: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:28:31.050245: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:28:31.050247: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:28:31.050250: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:28:31.050254: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:28:31.050256: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:28:31.050259: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:28:31.050262: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:28:31.050265: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:28:31.050267: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:28:31.050270: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:28:31.050273: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:28:31.050276: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:28:31.050279: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:28:31.050282: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:28:31.050285: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:28:31.050313: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:28:31.050320: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:28:31.050326: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:28:31.050327: | starting up helper thread 2 Aug 26 18:28:31.050329: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:28:31.050343: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:28:31.050334: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:28:31.050345: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:28:31.050359: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:28:31.050362: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:28:31.050365: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:28:31.050368: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:28:31.050371: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:28:31.050374: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:28:31.050377: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:28:31.050380: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:28:31.050384: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:28:31.049973: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:28:31.049994: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:28:31.050400: | starting up helper thread 4 Aug 26 18:28:31.050401: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:28:31.050350: | crypto helper 2 waiting (nothing to do) Aug 26 18:28:31.050609: | crypto helper 6 waiting (nothing to do) Aug 26 18:28:31.050618: | crypto helper 5 waiting (nothing to do) Aug 26 18:28:31.050624: | crypto helper 0 waiting (nothing to do) Aug 26 18:28:31.051195: | Hard-wiring algorithms Aug 26 18:28:31.051205: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:28:31.051210: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:28:31.051213: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:28:31.051215: | adding 3DES_CBC to kernel algorithm db Aug 26 18:28:31.051217: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:28:31.051220: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:28:31.051222: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:28:31.051225: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:28:31.051227: | adding AES_CTR to kernel algorithm db Aug 26 18:28:31.051229: | adding AES_CBC to kernel algorithm db Aug 26 18:28:31.051232: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:28:31.051234: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:28:31.051237: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:28:31.051239: | adding NULL to kernel algorithm db Aug 26 18:28:31.051242: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:28:31.051245: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:28:31.051248: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:28:31.051250: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:28:31.051253: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:28:31.051255: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:28:31.051258: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:28:31.051261: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:28:31.051263: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:28:31.051265: | adding NONE to kernel algorithm db Aug 26 18:28:31.051298: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:28:31.051312: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:28:31.051315: | setup kernel fd callback Aug 26 18:28:31.051319: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x56528a7fb2a8 Aug 26 18:28:31.051325: | libevent_malloc: new ptr-libevent@0x56528a7df568 size 128 Aug 26 18:28:31.051334: | libevent_malloc: new ptr-libevent@0x56528a7fb3b8 size 16 Aug 26 18:28:31.053935: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x56528a7fbdc8 Aug 26 18:28:31.053956: | libevent_malloc: new ptr-libevent@0x56528a79c198 size 128 Aug 26 18:28:31.053962: | libevent_malloc: new ptr-libevent@0x56528a7fbd88 size 16 Aug 26 18:28:31.059305: | starting up helper thread 3 Aug 26 18:28:31.059333: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:28:31.059337: | crypto helper 3 waiting (nothing to do) Aug 26 18:28:31.059729: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:28:31.059744: selinux support is enabled. Aug 26 18:28:31.069051: | unbound context created - setting debug level to 5 Aug 26 18:28:31.069091: | /etc/hosts lookups activated Aug 26 18:28:31.069104: | /etc/resolv.conf usage activated Aug 26 18:28:31.069167: | outgoing-port-avoid set 0-65535 Aug 26 18:28:31.069196: | outgoing-port-permit set 32768-60999 Aug 26 18:28:31.069199: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:28:31.069202: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:28:31.069206: | Setting up events, loop start Aug 26 18:28:31.069210: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x56528a7fbe38 Aug 26 18:28:31.069214: | libevent_malloc: new ptr-libevent@0x56528a808048 size 128 Aug 26 18:28:31.069219: | libevent_malloc: new ptr-libevent@0x56528a813318 size 16 Aug 26 18:28:31.069227: | libevent_realloc: new ptr-libevent@0x56528a79a828 size 256 Aug 26 18:28:31.069231: | libevent_malloc: new ptr-libevent@0x56528a813358 size 8 Aug 26 18:28:31.069234: | libevent_realloc: new ptr-libevent@0x56528a76d918 size 144 Aug 26 18:28:31.069237: | libevent_malloc: new ptr-libevent@0x56528a7a6388 size 152 Aug 26 18:28:31.069241: | libevent_malloc: new ptr-libevent@0x56528a813398 size 16 Aug 26 18:28:31.069245: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:28:31.069248: | libevent_malloc: new ptr-libevent@0x56528a8133d8 size 8 Aug 26 18:28:31.069251: | libevent_malloc: new ptr-libevent@0x56528a79e238 size 152 Aug 26 18:28:31.069254: | signal event handler PLUTO_SIGTERM installed Aug 26 18:28:31.069257: | libevent_malloc: new ptr-libevent@0x56528a813418 size 8 Aug 26 18:28:31.069260: | libevent_malloc: new ptr-libevent@0x56528a813458 size 152 Aug 26 18:28:31.069263: | signal event handler PLUTO_SIGHUP installed Aug 26 18:28:31.069265: | libevent_malloc: new ptr-libevent@0x56528a813528 size 8 Aug 26 18:28:31.069268: | libevent_realloc: release ptr-libevent@0x56528a76d918 Aug 26 18:28:31.069271: | libevent_realloc: new ptr-libevent@0x56528a813568 size 256 Aug 26 18:28:31.069274: | libevent_malloc: new ptr-libevent@0x56528a813698 size 152 Aug 26 18:28:31.069277: | signal event handler PLUTO_SIGSYS installed Aug 26 18:28:31.069604: | created addconn helper (pid:2626) using fork+execve Aug 26 18:28:31.069625: | forked child 2626 Aug 26 18:28:31.069669: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:31.069687: listening for IKE messages Aug 26 18:28:31.069785: | Inspecting interface lo Aug 26 18:28:31.069792: | found lo with address 127.0.0.1 Aug 26 18:28:31.069798: | Inspecting interface eth0 Aug 26 18:28:31.069802: | found eth0 with address 192.0.2.254 Aug 26 18:28:31.069807: | Inspecting interface eth1 Aug 26 18:28:31.069812: | found eth1 with address 192.1.2.23 Aug 26 18:28:31.069885: Kernel supports NIC esp-hw-offload Aug 26 18:28:31.069896: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Aug 26 18:28:31.069948: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:28:31.069954: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:28:31.069958: adding interface eth1/eth1 192.1.2.23:4500 Aug 26 18:28:31.069982: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Aug 26 18:28:31.084426: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:28:31.084451: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:28:31.084458: adding interface eth0/eth0 192.0.2.254:4500 Aug 26 18:28:31.084511: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:28:31.084720: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:28:31.084726: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:28:31.084730: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:28:31.084821: | no interfaces to sort Aug 26 18:28:31.084826: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:28:31.084835: | add_fd_read_event_handler: new ethX-pe@0x56528a813a98 Aug 26 18:28:31.084840: | libevent_malloc: new ptr-libevent@0x56528a807f98 size 128 Aug 26 18:28:31.084845: | libevent_malloc: new ptr-libevent@0x56528a813b08 size 16 Aug 26 18:28:31.084854: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:28:31.084857: | add_fd_read_event_handler: new ethX-pe@0x56528a813b48 Aug 26 18:28:31.084861: | libevent_malloc: new ptr-libevent@0x56528a79c098 size 128 Aug 26 18:28:31.084864: | libevent_malloc: new ptr-libevent@0x56528a813bb8 size 16 Aug 26 18:28:31.084869: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:28:31.084872: | add_fd_read_event_handler: new ethX-pe@0x56528a813bf8 Aug 26 18:28:31.084876: | libevent_malloc: new ptr-libevent@0x56528a79da48 size 128 Aug 26 18:28:31.084879: | libevent_malloc: new ptr-libevent@0x56528a813c68 size 16 Aug 26 18:28:31.084885: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 18:28:31.084888: | add_fd_read_event_handler: new ethX-pe@0x56528a813ca8 Aug 26 18:28:31.084891: | libevent_malloc: new ptr-libevent@0x56528a79d998 size 128 Aug 26 18:28:31.084894: | libevent_malloc: new ptr-libevent@0x56528a813d18 size 16 Aug 26 18:28:31.084899: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 18:28:31.084902: | add_fd_read_event_handler: new ethX-pe@0x56528a813d58 Aug 26 18:28:31.084906: | libevent_malloc: new ptr-libevent@0x56528a7724e8 size 128 Aug 26 18:28:31.084909: | libevent_malloc: new ptr-libevent@0x56528a813dc8 size 16 Aug 26 18:28:31.084915: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 18:28:31.084918: | add_fd_read_event_handler: new ethX-pe@0x56528a813e08 Aug 26 18:28:31.084920: | libevent_malloc: new ptr-libevent@0x56528a7721d8 size 128 Aug 26 18:28:31.084923: | libevent_malloc: new ptr-libevent@0x56528a813e78 size 16 Aug 26 18:28:31.084928: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 18:28:31.084932: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:28:31.084935: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:28:31.084954: loading secrets from "/etc/ipsec.secrets" Aug 26 18:28:31.086760: | id type added to secret(0x56528a76db58) PKK_PSK: @east Aug 26 18:28:31.086777: | id type added to secret(0x56528a76db58) PKK_PSK: @west Aug 26 18:28:31.086785: | Processing PSK at line 1: passed Aug 26 18:28:31.086788: | certs and keys locked by 'process_secret' Aug 26 18:28:31.086792: | certs and keys unlocked by 'process_secret' Aug 26 18:28:31.088278: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:31.088307: | spent 0.826 milliseconds in whack Aug 26 18:28:31.088330: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:28:31.088338: | crypto helper 4 waiting (nothing to do) Aug 26 18:28:31.154365: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:31.154394: listening for IKE messages Aug 26 18:28:31.154426: | Inspecting interface lo Aug 26 18:28:31.154433: | found lo with address 127.0.0.1 Aug 26 18:28:31.154436: | Inspecting interface eth0 Aug 26 18:28:31.154441: | found eth0 with address 192.0.2.254 Aug 26 18:28:31.154443: | Inspecting interface eth1 Aug 26 18:28:31.154447: | found eth1 with address 192.1.2.23 Aug 26 18:28:31.154509: | no interfaces to sort Aug 26 18:28:31.154523: | libevent_free: release ptr-libevent@0x56528a807f98 Aug 26 18:28:31.154527: | free_event_entry: release EVENT_NULL-pe@0x56528a813a98 Aug 26 18:28:31.154530: | add_fd_read_event_handler: new ethX-pe@0x56528a813a98 Aug 26 18:28:31.154533: | libevent_malloc: new ptr-libevent@0x56528a807f98 size 128 Aug 26 18:28:31.154541: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:28:31.154546: | libevent_free: release ptr-libevent@0x56528a79c098 Aug 26 18:28:31.154548: | free_event_entry: release EVENT_NULL-pe@0x56528a813b48 Aug 26 18:28:31.154551: | add_fd_read_event_handler: new ethX-pe@0x56528a813b48 Aug 26 18:28:31.154554: | libevent_malloc: new ptr-libevent@0x56528a79c098 size 128 Aug 26 18:28:31.154559: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:28:31.154563: | libevent_free: release ptr-libevent@0x56528a79da48 Aug 26 18:28:31.154565: | free_event_entry: release EVENT_NULL-pe@0x56528a813bf8 Aug 26 18:28:31.154568: | add_fd_read_event_handler: new ethX-pe@0x56528a813bf8 Aug 26 18:28:31.154571: | libevent_malloc: new ptr-libevent@0x56528a79da48 size 128 Aug 26 18:28:31.154575: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 18:28:31.154580: | libevent_free: release ptr-libevent@0x56528a79d998 Aug 26 18:28:31.154582: | free_event_entry: release EVENT_NULL-pe@0x56528a813ca8 Aug 26 18:28:31.154585: | add_fd_read_event_handler: new ethX-pe@0x56528a813ca8 Aug 26 18:28:31.154588: | libevent_malloc: new ptr-libevent@0x56528a79d998 size 128 Aug 26 18:28:31.154592: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 18:28:31.154596: | libevent_free: release ptr-libevent@0x56528a7724e8 Aug 26 18:28:31.154599: | free_event_entry: release EVENT_NULL-pe@0x56528a813d58 Aug 26 18:28:31.154601: | add_fd_read_event_handler: new ethX-pe@0x56528a813d58 Aug 26 18:28:31.154604: | libevent_malloc: new ptr-libevent@0x56528a7724e8 size 128 Aug 26 18:28:31.154608: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 18:28:31.154612: | libevent_free: release ptr-libevent@0x56528a7721d8 Aug 26 18:28:31.154615: | free_event_entry: release EVENT_NULL-pe@0x56528a813e08 Aug 26 18:28:31.154617: | add_fd_read_event_handler: new ethX-pe@0x56528a813e08 Aug 26 18:28:31.154620: | libevent_malloc: new ptr-libevent@0x56528a7721d8 size 128 Aug 26 18:28:31.154625: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 18:28:31.154628: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:28:31.154631: forgetting secrets Aug 26 18:28:31.154636: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:28:31.154649: loading secrets from "/etc/ipsec.secrets" Aug 26 18:28:31.154655: | id type added to secret(0x56528a76db58) PKK_PSK: @east Aug 26 18:28:31.154659: | id type added to secret(0x56528a76db58) PKK_PSK: @west Aug 26 18:28:31.154663: | Processing PSK at line 1: passed Aug 26 18:28:31.154665: | certs and keys locked by 'process_secret' Aug 26 18:28:31.154668: | certs and keys unlocked by 'process_secret' Aug 26 18:28:31.154675: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:31.154683: | spent 0.319 milliseconds in whack Aug 26 18:28:31.155260: | processing signal PLUTO_SIGCHLD Aug 26 18:28:31.155277: | waitpid returned pid 2626 (exited with status 0) Aug 26 18:28:31.155281: | reaped addconn helper child (status 0) Aug 26 18:28:31.155287: | waitpid returned ECHILD (no child processes left) Aug 26 18:28:31.155299: | spent 0.0263 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:28:31.218686: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:31.218718: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:28:31.218723: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:28:31.218726: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:28:31.218728: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:28:31.218733: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:28:31.218740: | Added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:28:31.218807: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:28:31.218812: | from whack: got --esp= Aug 26 18:28:31.218854: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 18:28:31.218860: | counting wild cards for @west is 0 Aug 26 18:28:31.218864: | counting wild cards for @east is 0 Aug 26 18:28:31.218875: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none Aug 26 18:28:31.218879: | new hp@0x56528a8162c8 Aug 26 18:28:31.218883: added connection description "westnet-eastnet-ipv4-psk-ikev2" Aug 26 18:28:31.218895: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:28:31.218908: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24 Aug 26 18:28:31.218918: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:31.218926: | spent 0.25 milliseconds in whack Aug 26 18:28:34.266296: | spent 0.00268 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:28:34.266329: | *received 828 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Aug 26 18:28:34.266334: | 0b 65 11 ed 31 8e d0 ff 00 00 00 00 00 00 00 00 Aug 26 18:28:34.266336: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:28:34.266339: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:28:34.266341: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:28:34.266344: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:28:34.266346: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:28:34.266349: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:28:34.266351: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:28:34.266354: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:28:34.266356: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:28:34.266358: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:28:34.266361: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:28:34.266364: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:28:34.266366: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:28:34.266368: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:28:34.266371: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:28:34.266373: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:28:34.266376: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:28:34.266378: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:28:34.266381: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:28:34.266383: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:28:34.266385: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:28:34.266388: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:28:34.266390: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:28:34.266393: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:28:34.266395: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:28:34.266398: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:28:34.266400: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:28:34.266403: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:28:34.266408: | 28 00 01 08 00 0e 00 00 b9 5c b9 b7 e5 90 ab 9b Aug 26 18:28:34.266411: | 48 ee 95 00 99 90 1b 71 68 02 0a 2a f2 c8 f5 c5 Aug 26 18:28:34.266413: | ba 74 35 40 a4 74 e8 1d 72 a9 9b 6a ac 11 60 c1 Aug 26 18:28:34.266416: | 32 2e 91 4a 26 16 77 86 bf 5e 9a a9 4f 3f 82 52 Aug 26 18:28:34.266419: | 73 9a e9 54 96 9c 22 7e 00 b8 8b 7e 12 d2 d2 9a Aug 26 18:28:34.266421: | ec e2 1c c1 68 53 ef 49 3b 9e e3 99 65 29 83 85 Aug 26 18:28:34.266424: | 81 7c 73 d9 eb 12 59 9c 47 90 7a ba bb c8 29 8f Aug 26 18:28:34.266427: | c3 b8 5b 1d c3 ad c0 c5 5a 1f 86 4f 31 b0 df c9 Aug 26 18:28:34.266429: | 49 6e 14 cb e8 37 a9 84 f4 51 ba d0 91 33 ef e6 Aug 26 18:28:34.266431: | 9d 32 8e 12 99 15 aa 20 80 cb 2a 44 51 1d 0c 85 Aug 26 18:28:34.266434: | e3 79 74 51 16 50 2e 73 52 e4 65 16 4b 30 b5 a2 Aug 26 18:28:34.266436: | 14 83 36 c0 9b f6 c6 0f f4 36 3a 33 6b 77 a5 cd Aug 26 18:28:34.266439: | 17 7f f4 96 42 0d 70 bf 07 cc 25 1d e2 9a cd e6 Aug 26 18:28:34.266442: | 2c a5 91 d4 80 90 0c 04 f1 59 b5 1c 34 b4 fd bc Aug 26 18:28:34.266444: | 6f bd b1 cb 21 5b 56 6f 0e e9 60 e7 ed dd 7e c5 Aug 26 18:28:34.266447: | cd 7f d4 57 50 44 d8 bb a5 1b 3c 6c d2 5c 0c 4c Aug 26 18:28:34.266449: | d5 98 2a dd ce 99 fe 20 29 00 00 24 5b a7 13 2b Aug 26 18:28:34.266452: | 29 73 2c 32 f9 02 bc 70 c7 cc 27 4b 1c 09 e3 33 Aug 26 18:28:34.266454: | 7d ec 98 6b 51 51 9d eb 35 81 0f a8 29 00 00 08 Aug 26 18:28:34.266457: | 00 00 40 2e 29 00 00 1c 00 00 40 04 45 96 57 0c Aug 26 18:28:34.266460: | ed 12 8f fe b7 8e d2 4a f7 37 93 70 19 9b d8 3f Aug 26 18:28:34.266462: | 00 00 00 1c 00 00 40 05 f7 33 b6 e2 32 77 51 29 Aug 26 18:28:34.266465: | 4a d1 74 3c b7 21 a2 23 57 cc 46 7f Aug 26 18:28:34.266473: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Aug 26 18:28:34.266478: | **parse ISAKMP Message: Aug 26 18:28:34.266481: | initiator cookie: Aug 26 18:28:34.266484: | 0b 65 11 ed 31 8e d0 ff Aug 26 18:28:34.266486: | responder cookie: Aug 26 18:28:34.266489: | 00 00 00 00 00 00 00 00 Aug 26 18:28:34.266492: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:28:34.266496: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:34.266498: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:28:34.266501: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:28:34.266504: | Message ID: 0 (0x0) Aug 26 18:28:34.266507: | length: 828 (0x33c) Aug 26 18:28:34.266510: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 18:28:34.266514: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Aug 26 18:28:34.266518: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Aug 26 18:28:34.266521: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:28:34.266525: | ***parse IKEv2 Security Association Payload: Aug 26 18:28:34.266527: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:28:34.266530: | flags: none (0x0) Aug 26 18:28:34.266532: | length: 436 (0x1b4) Aug 26 18:28:34.266535: | processing payload: ISAKMP_NEXT_v2SA (len=432) Aug 26 18:28:34.266538: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:28:34.266541: | ***parse IKEv2 Key Exchange Payload: Aug 26 18:28:34.266544: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:28:34.266547: | flags: none (0x0) Aug 26 18:28:34.266549: | length: 264 (0x108) Aug 26 18:28:34.266552: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:34.266554: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:28:34.266557: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:28:34.266560: | ***parse IKEv2 Nonce Payload: Aug 26 18:28:34.266562: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:28:34.266565: | flags: none (0x0) Aug 26 18:28:34.266567: | length: 36 (0x24) Aug 26 18:28:34.266570: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:28:34.266573: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:28:34.266578: | ***parse IKEv2 Notify Payload: Aug 26 18:28:34.266580: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:28:34.266583: | flags: none (0x0) Aug 26 18:28:34.266586: | length: 8 (0x8) Aug 26 18:28:34.266589: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:34.266591: | SPI size: 0 (0x0) Aug 26 18:28:34.266594: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:28:34.266597: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:28:34.266599: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:28:34.266602: | ***parse IKEv2 Notify Payload: Aug 26 18:28:34.266604: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:28:34.266607: | flags: none (0x0) Aug 26 18:28:34.266610: | length: 28 (0x1c) Aug 26 18:28:34.266612: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:34.266614: | SPI size: 0 (0x0) Aug 26 18:28:34.266617: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:28:34.266619: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:28:34.266622: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:28:34.266624: | ***parse IKEv2 Notify Payload: Aug 26 18:28:34.266627: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:34.266629: | flags: none (0x0) Aug 26 18:28:34.266631: | length: 28 (0x1c) Aug 26 18:28:34.266634: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:34.266637: | SPI size: 0 (0x0) Aug 26 18:28:34.266640: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:28:34.266642: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:28:34.266645: | DDOS disabled and no cookie sent, continuing Aug 26 18:28:34.266651: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 18:28:34.266658: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 18:28:34.266661: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 18:28:34.266666: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Aug 26 18:28:34.266669: | find_next_host_connection returns empty Aug 26 18:28:34.266673: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 18:28:34.266676: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 18:28:34.266679: | find_next_host_connection returns empty Aug 26 18:28:34.266683: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Aug 26 18:28:34.266688: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 18:28:34.266694: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 18:28:34.266697: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 18:28:34.266700: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Aug 26 18:28:34.266703: | find_next_host_connection returns empty Aug 26 18:28:34.266707: | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 18:28:34.266711: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 18:28:34.266713: | find_next_host_connection returns empty Aug 26 18:28:34.266717: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW Aug 26 18:28:34.266723: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports Aug 26 18:28:34.266728: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 18:28:34.266731: | find_next_host_connection policy=PSK+IKEV2_ALLOW Aug 26 18:28:34.266734: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Aug 26 18:28:34.266739: | find_next_host_connection returns westnet-eastnet-ipv4-psk-ikev2 Aug 26 18:28:34.266743: | find_next_host_connection policy=PSK+IKEV2_ALLOW Aug 26 18:28:34.266746: | find_next_host_connection returns empty Aug 26 18:28:34.266749: | found connection: westnet-eastnet-ipv4-psk-ikev2 with policy PSK+IKEV2_ALLOW Aug 26 18:28:34.266780: | creating state object #1 at 0x56528a817f98 Aug 26 18:28:34.266784: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 18:28:34.266792: | pstats #1 ikev2.ike started Aug 26 18:28:34.266796: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:28:34.266800: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Aug 26 18:28:34.266806: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:28:34.266816: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:28:34.266820: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:28:34.266825: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:28:34.266829: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 18:28:34.266833: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Aug 26 18:28:34.266838: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 18:28:34.266842: | #1 in state PARENT_R0: processing SA_INIT request Aug 26 18:28:34.266845: | selected state microcode Respond to IKE_SA_INIT Aug 26 18:28:34.266848: | Now let's proceed with state specific processing Aug 26 18:28:34.266850: | calling processor Respond to IKE_SA_INIT Aug 26 18:28:34.266866: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:28:34.266870: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA responder matching remote proposals) Aug 26 18:28:34.266878: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:28:34.266886: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:34.266890: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:28:34.266896: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:34.266900: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:28:34.266906: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:34.266910: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:28:34.266915: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:34.266927: "westnet-eastnet-ipv4-psk-ikev2": constructed local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:34.266934: | Comparing remote proposals against IKE responder 4 local proposals Aug 26 18:28:34.266940: | local proposal 1 type ENCR has 1 transforms Aug 26 18:28:34.266942: | local proposal 1 type PRF has 2 transforms Aug 26 18:28:34.266945: | local proposal 1 type INTEG has 1 transforms Aug 26 18:28:34.266948: | local proposal 1 type DH has 8 transforms Aug 26 18:28:34.266950: | local proposal 1 type ESN has 0 transforms Aug 26 18:28:34.266954: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:28:34.266956: | local proposal 2 type ENCR has 1 transforms Aug 26 18:28:34.266959: | local proposal 2 type PRF has 2 transforms Aug 26 18:28:34.266961: | local proposal 2 type INTEG has 1 transforms Aug 26 18:28:34.266964: | local proposal 2 type DH has 8 transforms Aug 26 18:28:34.266966: | local proposal 2 type ESN has 0 transforms Aug 26 18:28:34.266969: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:28:34.266972: | local proposal 3 type ENCR has 1 transforms Aug 26 18:28:34.266974: | local proposal 3 type PRF has 2 transforms Aug 26 18:28:34.266977: | local proposal 3 type INTEG has 2 transforms Aug 26 18:28:34.266979: | local proposal 3 type DH has 8 transforms Aug 26 18:28:34.266982: | local proposal 3 type ESN has 0 transforms Aug 26 18:28:34.266985: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:28:34.266988: | local proposal 4 type ENCR has 1 transforms Aug 26 18:28:34.266990: | local proposal 4 type PRF has 2 transforms Aug 26 18:28:34.266993: | local proposal 4 type INTEG has 2 transforms Aug 26 18:28:34.266995: | local proposal 4 type DH has 8 transforms Aug 26 18:28:34.266998: | local proposal 4 type ESN has 0 transforms Aug 26 18:28:34.267001: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:28:34.267004: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:28:34.267007: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:34.267009: | length: 100 (0x64) Aug 26 18:28:34.267012: | prop #: 1 (0x1) Aug 26 18:28:34.267014: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:34.267017: | spi size: 0 (0x0) Aug 26 18:28:34.267019: | # transforms: 11 (0xb) Aug 26 18:28:34.267023: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Aug 26 18:28:34.267026: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267029: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267032: | length: 12 (0xc) Aug 26 18:28:34.267034: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:34.267037: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:34.267040: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:28:34.267043: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:34.267045: | length/value: 256 (0x100) Aug 26 18:28:34.267049: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:28:34.267052: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267055: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267057: | length: 8 (0x8) Aug 26 18:28:34.267060: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:34.267062: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:34.267065: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 18:28:34.267069: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Aug 26 18:28:34.267074: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Aug 26 18:28:34.267077: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Aug 26 18:28:34.267080: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267083: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267085: | length: 8 (0x8) Aug 26 18:28:34.267088: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:34.267090: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:34.267093: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267096: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267098: | length: 8 (0x8) Aug 26 18:28:34.267101: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267103: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:34.267107: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:28:34.267110: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Aug 26 18:28:34.267113: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Aug 26 18:28:34.267117: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Aug 26 18:28:34.267119: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267122: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267124: | length: 8 (0x8) Aug 26 18:28:34.267127: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267130: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:34.267132: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267135: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267137: | length: 8 (0x8) Aug 26 18:28:34.267140: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267142: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:34.267144: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267146: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267148: | length: 8 (0x8) Aug 26 18:28:34.267150: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267153: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:34.267155: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267157: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267159: | length: 8 (0x8) Aug 26 18:28:34.267162: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267164: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:34.267167: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267169: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267172: | length: 8 (0x8) Aug 26 18:28:34.267174: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267177: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:34.267180: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267182: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267184: | length: 8 (0x8) Aug 26 18:28:34.267187: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267190: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:34.267192: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267195: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:34.267198: | length: 8 (0x8) Aug 26 18:28:34.267200: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267203: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:34.267207: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 18:28:34.267212: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 18:28:34.267216: | remote proposal 1 matches local proposal 1 Aug 26 18:28:34.267220: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:28:34.267222: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:34.267225: | length: 100 (0x64) Aug 26 18:28:34.267227: | prop #: 2 (0x2) Aug 26 18:28:34.267230: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:34.267232: | spi size: 0 (0x0) Aug 26 18:28:34.267234: | # transforms: 11 (0xb) Aug 26 18:28:34.267238: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:28:34.267240: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267243: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267245: | length: 12 (0xc) Aug 26 18:28:34.267248: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:34.267250: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:34.267253: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:28:34.267255: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:34.267258: | length/value: 128 (0x80) Aug 26 18:28:34.267261: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267263: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267266: | length: 8 (0x8) Aug 26 18:28:34.267268: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:34.267271: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:34.267274: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267276: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267278: | length: 8 (0x8) Aug 26 18:28:34.267281: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:34.267283: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:34.267286: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267292: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267298: | length: 8 (0x8) Aug 26 18:28:34.267300: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267303: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:34.267306: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267308: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267310: | length: 8 (0x8) Aug 26 18:28:34.267313: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267315: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:34.267318: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267320: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267323: | length: 8 (0x8) Aug 26 18:28:34.267325: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267327: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:34.267330: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267333: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267335: | length: 8 (0x8) Aug 26 18:28:34.267337: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267340: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:34.267343: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267345: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267347: | length: 8 (0x8) Aug 26 18:28:34.267350: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267352: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:34.267355: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267357: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267359: | length: 8 (0x8) Aug 26 18:28:34.267361: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267364: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:34.267367: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267369: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267372: | length: 8 (0x8) Aug 26 18:28:34.267374: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267380: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:34.267383: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267386: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:34.267389: | length: 8 (0x8) Aug 26 18:28:34.267391: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267394: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:34.267397: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Aug 26 18:28:34.267400: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Aug 26 18:28:34.267403: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:28:34.267405: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:34.267408: | length: 116 (0x74) Aug 26 18:28:34.267410: | prop #: 3 (0x3) Aug 26 18:28:34.267412: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:34.267415: | spi size: 0 (0x0) Aug 26 18:28:34.267417: | # transforms: 13 (0xd) Aug 26 18:28:34.267420: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:28:34.267422: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267424: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267427: | length: 12 (0xc) Aug 26 18:28:34.267430: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:34.267432: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:34.267435: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:28:34.267438: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:34.267440: | length/value: 256 (0x100) Aug 26 18:28:34.267442: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267445: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267447: | length: 8 (0x8) Aug 26 18:28:34.267449: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:34.267452: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:34.267454: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267457: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267459: | length: 8 (0x8) Aug 26 18:28:34.267462: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:34.267465: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:34.267467: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267470: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267472: | length: 8 (0x8) Aug 26 18:28:34.267475: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:34.267477: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:34.267480: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267483: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267485: | length: 8 (0x8) Aug 26 18:28:34.267487: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:34.267489: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:34.267492: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267495: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267497: | length: 8 (0x8) Aug 26 18:28:34.267500: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267502: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:34.267505: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267507: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267509: | length: 8 (0x8) Aug 26 18:28:34.267510: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267512: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:34.267514: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267515: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267517: | length: 8 (0x8) Aug 26 18:28:34.267518: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267520: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:34.267523: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267525: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267527: | length: 8 (0x8) Aug 26 18:28:34.267528: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267530: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:34.267533: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267536: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267538: | length: 8 (0x8) Aug 26 18:28:34.267540: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267543: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:34.267546: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267548: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267551: | length: 8 (0x8) Aug 26 18:28:34.267554: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267556: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:34.267559: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267562: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267564: | length: 8 (0x8) Aug 26 18:28:34.267567: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267570: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:34.267573: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267575: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:34.267578: | length: 8 (0x8) Aug 26 18:28:34.267580: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267584: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:34.267588: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 18:28:34.267591: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 18:28:34.267593: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:28:34.267596: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:28:34.267599: | length: 116 (0x74) Aug 26 18:28:34.267601: | prop #: 4 (0x4) Aug 26 18:28:34.267603: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:34.267606: | spi size: 0 (0x0) Aug 26 18:28:34.267608: | # transforms: 13 (0xd) Aug 26 18:28:34.267612: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:28:34.267614: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267617: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267620: | length: 12 (0xc) Aug 26 18:28:34.267622: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:34.267625: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:34.267628: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:28:34.267631: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:34.267633: | length/value: 128 (0x80) Aug 26 18:28:34.267636: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267638: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267641: | length: 8 (0x8) Aug 26 18:28:34.267643: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:34.267646: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:34.267649: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267652: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267654: | length: 8 (0x8) Aug 26 18:28:34.267657: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:34.267659: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:34.267662: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267665: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267667: | length: 8 (0x8) Aug 26 18:28:34.267670: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:34.267672: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:34.267675: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267681: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267684: | length: 8 (0x8) Aug 26 18:28:34.267687: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:34.267689: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:34.267692: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267695: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267697: | length: 8 (0x8) Aug 26 18:28:34.267700: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267703: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:34.267706: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267708: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267711: | length: 8 (0x8) Aug 26 18:28:34.267713: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267716: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:34.267719: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267722: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267724: | length: 8 (0x8) Aug 26 18:28:34.267726: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267729: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:34.267732: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267734: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267737: | length: 8 (0x8) Aug 26 18:28:34.267739: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267741: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:34.267744: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267746: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267748: | length: 8 (0x8) Aug 26 18:28:34.267750: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267753: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:34.267755: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267758: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267760: | length: 8 (0x8) Aug 26 18:28:34.267762: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267765: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:34.267768: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267770: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.267773: | length: 8 (0x8) Aug 26 18:28:34.267775: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267777: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:34.267779: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.267781: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:34.267784: | length: 8 (0x8) Aug 26 18:28:34.267785: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.267788: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:34.267791: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 18:28:34.267793: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 18:28:34.267798: "westnet-eastnet-ipv4-psk-ikev2" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Aug 26 18:28:34.267803: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Aug 26 18:28:34.267806: | converting proposal to internal trans attrs Aug 26 18:28:34.267810: | natd_hash: rcookie is zero Aug 26 18:28:34.267826: | natd_hash: hasher=0x565289e4c800(20) Aug 26 18:28:34.267829: | natd_hash: icookie= 0b 65 11 ed 31 8e d0 ff Aug 26 18:28:34.267831: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:28:34.267834: | natd_hash: ip= c0 01 02 17 Aug 26 18:28:34.267836: | natd_hash: port=500 Aug 26 18:28:34.267839: | natd_hash: hash= f7 33 b6 e2 32 77 51 29 4a d1 74 3c b7 21 a2 23 Aug 26 18:28:34.267841: | natd_hash: hash= 57 cc 46 7f Aug 26 18:28:34.267844: | natd_hash: rcookie is zero Aug 26 18:28:34.267850: | natd_hash: hasher=0x565289e4c800(20) Aug 26 18:28:34.267853: | natd_hash: icookie= 0b 65 11 ed 31 8e d0 ff Aug 26 18:28:34.267856: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:28:34.267858: | natd_hash: ip= c0 01 02 2d Aug 26 18:28:34.267861: | natd_hash: port=500 Aug 26 18:28:34.267864: | natd_hash: hash= 45 96 57 0c ed 12 8f fe b7 8e d2 4a f7 37 93 70 Aug 26 18:28:34.267866: | natd_hash: hash= 19 9b d8 3f Aug 26 18:28:34.267870: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:28:34.267872: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 18:28:34.267876: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:28:34.267880: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 Aug 26 18:28:34.267884: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Aug 26 18:28:34.267888: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56528a817b78 Aug 26 18:28:34.267892: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:28:34.267896: | libevent_malloc: new ptr-libevent@0x56528a81a2f8 size 128 Aug 26 18:28:34.267911: | #1 spent 1.05 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Aug 26 18:28:34.267914: | crypto helper 1 resuming Aug 26 18:28:34.267929: | crypto helper 1 starting work-order 1 for state #1 Aug 26 18:28:34.267934: | crypto helper 1 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Aug 26 18:28:34.267919: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:34.267999: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Aug 26 18:28:34.268004: | suspending state #1 and saving MD Aug 26 18:28:34.268006: | #1 is busy; has a suspended MD Aug 26 18:28:34.268012: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:28:34.268015: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:28:34.268021: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:28:34.268027: | #1 spent 1.64 milliseconds in ikev2_process_packet() Aug 26 18:28:34.268031: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Aug 26 18:28:34.268035: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:28:34.268038: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:28:34.268042: | spent 1.66 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:28:34.268989: | crypto helper 1 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.001054 seconds Aug 26 18:28:34.269004: | (#1) spent 1.06 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Aug 26 18:28:34.269008: | crypto helper 1 sending results from work-order 1 for state #1 to event queue Aug 26 18:28:34.269011: | scheduling resume sending helper answer for #1 Aug 26 18:28:34.269016: | libevent_malloc: new ptr-libevent@0x7fc894002888 size 128 Aug 26 18:28:34.269025: | crypto helper 1 waiting (nothing to do) Aug 26 18:28:34.269034: | processing resume sending helper answer for #1 Aug 26 18:28:34.269047: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797) Aug 26 18:28:34.269053: | crypto helper 1 replies to request ID 1 Aug 26 18:28:34.269055: | calling continuation function 0x565289d77b50 Aug 26 18:28:34.269059: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Aug 26 18:28:34.269092: | **emit ISAKMP Message: Aug 26 18:28:34.269096: | initiator cookie: Aug 26 18:28:34.269099: | 0b 65 11 ed 31 8e d0 ff Aug 26 18:28:34.269102: | responder cookie: Aug 26 18:28:34.269104: | e0 94 43 d7 e8 f8 e5 5f Aug 26 18:28:34.269107: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:28:34.269111: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:34.269114: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:28:34.269117: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:28:34.269119: | Message ID: 0 (0x0) Aug 26 18:28:34.269122: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:28:34.269125: | Emitting ikev2_proposal ... Aug 26 18:28:34.269128: | ***emit IKEv2 Security Association Payload: Aug 26 18:28:34.269131: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:34.269133: | flags: none (0x0) Aug 26 18:28:34.269136: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:28:34.269139: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:28:34.269142: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:34.269144: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:28:34.269146: | prop #: 1 (0x1) Aug 26 18:28:34.269148: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:34.269150: | spi size: 0 (0x0) Aug 26 18:28:34.269152: | # transforms: 3 (0x3) Aug 26 18:28:34.269155: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:34.269158: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:34.269160: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.269163: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:34.269166: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:34.269169: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:34.269172: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:34.269175: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:34.269177: | length/value: 256 (0x100) Aug 26 18:28:34.269180: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:34.269183: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:34.269186: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.269188: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:34.269191: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:34.269195: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.269198: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:34.269201: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:34.269204: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:34.269207: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:34.269209: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:34.269212: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:34.269215: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.269220: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:34.269223: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:34.269226: | emitting length of IKEv2 Proposal Substructure Payload: 36 Aug 26 18:28:34.269229: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:34.269231: | emitting length of IKEv2 Security Association Payload: 40 Aug 26 18:28:34.269234: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:28:34.269237: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:28:34.269240: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:34.269243: | flags: none (0x0) Aug 26 18:28:34.269246: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:34.269249: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:28:34.269252: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:28:34.269256: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:28:34.269259: | ikev2 g^x 50 6e e0 0a b5 30 26 86 32 8b 4b bc d1 31 1f 02 Aug 26 18:28:34.269261: | ikev2 g^x 55 c0 48 12 ae 06 55 71 b5 af f6 78 33 fd 98 8a Aug 26 18:28:34.269264: | ikev2 g^x d7 91 6e 35 2e b7 2d 85 33 b8 a4 9e 31 d7 db 80 Aug 26 18:28:34.269266: | ikev2 g^x 76 a8 89 06 5b 43 bb 14 40 df 4d a1 8e af 5c 3a Aug 26 18:28:34.269269: | ikev2 g^x 50 97 55 f5 ae 7a 1e d2 fa ce 48 5d 6d 81 04 e2 Aug 26 18:28:34.269271: | ikev2 g^x 0c ae 4f 1d b1 58 df f6 38 71 10 6a a8 93 1a bc Aug 26 18:28:34.269274: | ikev2 g^x 85 c1 50 ee 19 66 19 aa e6 64 dc 00 a1 67 fb c6 Aug 26 18:28:34.269276: | ikev2 g^x 93 1f 04 50 12 2f f7 db 0b 75 9a c7 6f 14 8e 8a Aug 26 18:28:34.269279: | ikev2 g^x 88 d3 c7 62 c0 49 09 02 26 b9 36 63 ef c4 48 4e Aug 26 18:28:34.269281: | ikev2 g^x 75 80 23 42 88 d1 66 d1 95 c1 21 43 21 b1 0d 52 Aug 26 18:28:34.269284: | ikev2 g^x b9 71 11 b0 45 2e 5f 6e 86 bc ed e8 b6 33 be c2 Aug 26 18:28:34.269286: | ikev2 g^x 7a 84 ba 23 8f c5 b6 90 2f 08 cd 3f 9a 47 a6 e0 Aug 26 18:28:34.269331: | ikev2 g^x 00 ce d7 a9 f9 1f 2b d0 85 c4 f6 89 09 b5 fb 39 Aug 26 18:28:34.269334: | ikev2 g^x 34 5c ed bc c3 b1 30 b8 02 44 87 50 b7 49 22 d7 Aug 26 18:28:34.269337: | ikev2 g^x 41 31 65 5f 8c d3 51 7f 0a d3 f0 11 ff d6 65 e2 Aug 26 18:28:34.269339: | ikev2 g^x 3c 68 74 db f1 51 0e da b7 b1 86 c1 91 d5 ce 9c Aug 26 18:28:34.269342: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:28:34.269345: | ***emit IKEv2 Nonce Payload: Aug 26 18:28:34.269348: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:28:34.269351: | flags: none (0x0) Aug 26 18:28:34.269354: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:28:34.269357: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:28:34.269360: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:28:34.269363: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:28:34.269365: | IKEv2 nonce 1e ab 7f 1c 88 15 97 02 a8 ca 81 c9 a6 59 c5 80 Aug 26 18:28:34.269368: | IKEv2 nonce 3e cb 98 f3 94 ab 4d ba 5b 58 69 68 1a 54 ad 50 Aug 26 18:28:34.269371: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:28:34.269374: | Adding a v2N Payload Aug 26 18:28:34.269377: | ***emit IKEv2 Notify Payload: Aug 26 18:28:34.269379: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:34.269382: | flags: none (0x0) Aug 26 18:28:34.269385: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:34.269389: | SPI size: 0 (0x0) Aug 26 18:28:34.269392: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:28:34.269396: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:28:34.269399: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:28:34.269401: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:28:34.269405: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:28:34.269417: | natd_hash: hasher=0x565289e4c800(20) Aug 26 18:28:34.269420: | natd_hash: icookie= 0b 65 11 ed 31 8e d0 ff Aug 26 18:28:34.269423: | natd_hash: rcookie= e0 94 43 d7 e8 f8 e5 5f Aug 26 18:28:34.269426: | natd_hash: ip= c0 01 02 17 Aug 26 18:28:34.269428: | natd_hash: port=500 Aug 26 18:28:34.269431: | natd_hash: hash= f4 72 b2 8b 1f f5 3b 24 fd ff ee 52 55 4e 64 2e Aug 26 18:28:34.269433: | natd_hash: hash= ee 07 7d a9 Aug 26 18:28:34.269436: | Adding a v2N Payload Aug 26 18:28:34.269438: | ***emit IKEv2 Notify Payload: Aug 26 18:28:34.269441: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:34.269444: | flags: none (0x0) Aug 26 18:28:34.269446: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:34.269449: | SPI size: 0 (0x0) Aug 26 18:28:34.269452: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:28:34.269455: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:28:34.269457: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:28:34.269461: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:28:34.269463: | Notify data f4 72 b2 8b 1f f5 3b 24 fd ff ee 52 55 4e 64 2e Aug 26 18:28:34.269466: | Notify data ee 07 7d a9 Aug 26 18:28:34.269469: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:28:34.269475: | natd_hash: hasher=0x565289e4c800(20) Aug 26 18:28:34.269477: | natd_hash: icookie= 0b 65 11 ed 31 8e d0 ff Aug 26 18:28:34.269480: | natd_hash: rcookie= e0 94 43 d7 e8 f8 e5 5f Aug 26 18:28:34.269482: | natd_hash: ip= c0 01 02 2d Aug 26 18:28:34.269485: | natd_hash: port=500 Aug 26 18:28:34.269487: | natd_hash: hash= e8 6e ca d9 12 20 04 86 1c 95 e9 bf 76 95 02 46 Aug 26 18:28:34.269490: | natd_hash: hash= 36 a1 24 bb Aug 26 18:28:34.269493: | Adding a v2N Payload Aug 26 18:28:34.269495: | ***emit IKEv2 Notify Payload: Aug 26 18:28:34.269498: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:34.269501: | flags: none (0x0) Aug 26 18:28:34.269503: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:34.269506: | SPI size: 0 (0x0) Aug 26 18:28:34.269508: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:28:34.269511: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:28:34.269514: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:28:34.269517: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:28:34.269520: | Notify data e8 6e ca d9 12 20 04 86 1c 95 e9 bf 76 95 02 46 Aug 26 18:28:34.269522: | Notify data 36 a1 24 bb Aug 26 18:28:34.269525: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:28:34.269528: | emitting length of ISAKMP Message: 432 Aug 26 18:28:34.269535: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:34.269539: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Aug 26 18:28:34.269542: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Aug 26 18:28:34.269546: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Aug 26 18:28:34.269549: | Message ID: updating counters for #1 to 0 after switching state Aug 26 18:28:34.269556: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 18:28:34.269561: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 18:28:34.269566: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 18:28:34.269572: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) Aug 26 18:28:34.269578: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Aug 26 18:28:34.269584: | 0b 65 11 ed 31 8e d0 ff e0 94 43 d7 e8 f8 e5 5f Aug 26 18:28:34.269587: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 18:28:34.269589: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 18:28:34.269592: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 18:28:34.269594: | 04 00 00 0e 28 00 01 08 00 0e 00 00 50 6e e0 0a Aug 26 18:28:34.269597: | b5 30 26 86 32 8b 4b bc d1 31 1f 02 55 c0 48 12 Aug 26 18:28:34.269599: | ae 06 55 71 b5 af f6 78 33 fd 98 8a d7 91 6e 35 Aug 26 18:28:34.269602: | 2e b7 2d 85 33 b8 a4 9e 31 d7 db 80 76 a8 89 06 Aug 26 18:28:34.269604: | 5b 43 bb 14 40 df 4d a1 8e af 5c 3a 50 97 55 f5 Aug 26 18:28:34.269607: | ae 7a 1e d2 fa ce 48 5d 6d 81 04 e2 0c ae 4f 1d Aug 26 18:28:34.269609: | b1 58 df f6 38 71 10 6a a8 93 1a bc 85 c1 50 ee Aug 26 18:28:34.269612: | 19 66 19 aa e6 64 dc 00 a1 67 fb c6 93 1f 04 50 Aug 26 18:28:34.269615: | 12 2f f7 db 0b 75 9a c7 6f 14 8e 8a 88 d3 c7 62 Aug 26 18:28:34.269617: | c0 49 09 02 26 b9 36 63 ef c4 48 4e 75 80 23 42 Aug 26 18:28:34.269620: | 88 d1 66 d1 95 c1 21 43 21 b1 0d 52 b9 71 11 b0 Aug 26 18:28:34.269622: | 45 2e 5f 6e 86 bc ed e8 b6 33 be c2 7a 84 ba 23 Aug 26 18:28:34.269625: | 8f c5 b6 90 2f 08 cd 3f 9a 47 a6 e0 00 ce d7 a9 Aug 26 18:28:34.269627: | f9 1f 2b d0 85 c4 f6 89 09 b5 fb 39 34 5c ed bc Aug 26 18:28:34.269630: | c3 b1 30 b8 02 44 87 50 b7 49 22 d7 41 31 65 5f Aug 26 18:28:34.269632: | 8c d3 51 7f 0a d3 f0 11 ff d6 65 e2 3c 68 74 db Aug 26 18:28:34.269635: | f1 51 0e da b7 b1 86 c1 91 d5 ce 9c 29 00 00 24 Aug 26 18:28:34.269637: | 1e ab 7f 1c 88 15 97 02 a8 ca 81 c9 a6 59 c5 80 Aug 26 18:28:34.269640: | 3e cb 98 f3 94 ab 4d ba 5b 58 69 68 1a 54 ad 50 Aug 26 18:28:34.269642: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 18:28:34.269645: | f4 72 b2 8b 1f f5 3b 24 fd ff ee 52 55 4e 64 2e Aug 26 18:28:34.269647: | ee 07 7d a9 00 00 00 1c 00 00 40 05 e8 6e ca d9 Aug 26 18:28:34.269650: | 12 20 04 86 1c 95 e9 bf 76 95 02 46 36 a1 24 bb Aug 26 18:28:34.269674: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:28:34.269679: | libevent_free: release ptr-libevent@0x56528a81a2f8 Aug 26 18:28:34.269682: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56528a817b78 Aug 26 18:28:34.269686: | event_schedule: new EVENT_SO_DISCARD-pe@0x56528a817b78 Aug 26 18:28:34.269690: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Aug 26 18:28:34.269693: | libevent_malloc: new ptr-libevent@0x56528a81b448 size 128 Aug 26 18:28:34.269697: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:28:34.269703: | #1 spent 0.613 milliseconds in resume sending helper answer Aug 26 18:28:34.269708: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833) Aug 26 18:28:34.269712: | libevent_free: release ptr-libevent@0x7fc894002888 Aug 26 18:28:34.274776: | spent 0.00293 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:28:34.274803: | *received 365 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Aug 26 18:28:34.274807: | 0b 65 11 ed 31 8e d0 ff e0 94 43 d7 e8 f8 e5 5f Aug 26 18:28:34.274812: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Aug 26 18:28:34.274815: | 90 f4 94 0b 24 63 54 63 a8 6d dc a0 5b 11 24 4e Aug 26 18:28:34.274817: | 95 02 67 8b 9e ab b7 be f1 e0 20 46 29 f7 1f f5 Aug 26 18:28:34.274820: | 80 e0 7d da 0d 45 07 d8 dc cc b2 76 b8 4a 61 26 Aug 26 18:28:34.274823: | e4 88 f6 05 cf 61 b4 1d db f5 fa 02 a0 08 71 22 Aug 26 18:28:34.274825: | ea 0f 08 ff b9 ac 65 ba 81 82 a8 07 60 74 94 99 Aug 26 18:28:34.274828: | 95 19 77 9c 23 34 29 1b 40 22 8d ee 12 8d c7 fa Aug 26 18:28:34.274830: | 47 8d 40 12 ba a9 0a d5 71 ec 01 8c 36 2e 78 3a Aug 26 18:28:34.274832: | 9c 1f bd 3f aa fc a0 e4 02 06 92 98 e6 81 3d 06 Aug 26 18:28:34.274835: | b8 73 f4 e2 66 5d d0 97 32 4f e0 9a 9d 0f 91 f4 Aug 26 18:28:34.274837: | 33 20 ba 29 94 c4 0c b1 0b 60 26 77 2f f7 09 b2 Aug 26 18:28:34.274840: | f9 f3 22 4a a1 d4 9a b5 08 d5 4e 22 93 ee e9 94 Aug 26 18:28:34.274842: | 48 38 b8 8e d4 1e 29 54 16 5c 90 ac f4 80 2f 19 Aug 26 18:28:34.274845: | a2 98 88 34 0e 7c de 3b 64 8d 27 a4 fb 4a b1 76 Aug 26 18:28:34.274847: | c7 1f 08 a1 09 3c dc 54 7d 7f a3 8f 8b 0b ec be Aug 26 18:28:34.274850: | d0 c5 f4 b7 09 35 38 00 43 d0 88 7b 69 4a f4 46 Aug 26 18:28:34.274852: | 2f 12 59 56 95 a3 c0 ea 16 20 2b f6 93 95 c3 80 Aug 26 18:28:34.274855: | e9 10 fc 26 78 74 8c 8a 52 14 e7 b7 7d eb ab d4 Aug 26 18:28:34.274857: | 9f 24 35 8b 37 1d 04 2a c8 e4 f3 bc c5 75 48 eb Aug 26 18:28:34.274860: | 18 77 a1 0f 3e bb e6 bc 4f ef 2d 92 a2 90 ea 00 Aug 26 18:28:34.274862: | 0d 96 c7 e7 9c 33 63 d7 37 8e 79 9c c6 9e a4 ad Aug 26 18:28:34.274864: | 3b 93 e6 97 72 39 80 d3 1a 10 0f c2 34 Aug 26 18:28:34.274870: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Aug 26 18:28:34.274874: | **parse ISAKMP Message: Aug 26 18:28:34.274877: | initiator cookie: Aug 26 18:28:34.274879: | 0b 65 11 ed 31 8e d0 ff Aug 26 18:28:34.274882: | responder cookie: Aug 26 18:28:34.274884: | e0 94 43 d7 e8 f8 e5 5f Aug 26 18:28:34.274888: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:28:34.274891: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:34.274893: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:28:34.274896: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:28:34.274899: | Message ID: 1 (0x1) Aug 26 18:28:34.274901: | length: 365 (0x16d) Aug 26 18:28:34.274904: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:28:34.274908: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 18:28:34.274912: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 18:28:34.274918: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:28:34.274922: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:28:34.274926: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:28:34.274929: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:28:34.274934: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Aug 26 18:28:34.274936: | unpacking clear payload Aug 26 18:28:34.274939: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:28:34.274942: | ***parse IKEv2 Encryption Payload: Aug 26 18:28:34.274945: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 18:28:34.274948: | flags: none (0x0) Aug 26 18:28:34.274950: | length: 337 (0x151) Aug 26 18:28:34.274953: | processing payload: ISAKMP_NEXT_v2SK (len=333) Aug 26 18:28:34.274958: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 18:28:34.274961: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 18:28:34.274965: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 18:28:34.274968: | Now let's proceed with state specific processing Aug 26 18:28:34.274971: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 18:28:34.274974: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Aug 26 18:28:34.274978: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 18:28:34.274982: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Aug 26 18:28:34.274985: | state #1 requesting EVENT_SO_DISCARD to be deleted Aug 26 18:28:34.274989: | libevent_free: release ptr-libevent@0x56528a81b448 Aug 26 18:28:34.274993: | free_event_entry: release EVENT_SO_DISCARD-pe@0x56528a817b78 Aug 26 18:28:34.274996: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56528a817b78 Aug 26 18:28:34.275000: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:28:34.275003: | libevent_malloc: new ptr-libevent@0x7fc894002888 size 128 Aug 26 18:28:34.275015: | #1 spent 0.0393 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Aug 26 18:28:34.275021: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:34.275025: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Aug 26 18:28:34.275022: | crypto helper 2 resuming Aug 26 18:28:34.275043: | crypto helper 2 starting work-order 2 for state #1 Aug 26 18:28:34.275049: | crypto helper 2 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Aug 26 18:28:34.275938: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 18:28:34.276420: | crypto helper 2 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.00137 seconds Aug 26 18:28:34.276435: | (#1) spent 1.35 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Aug 26 18:28:34.276439: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Aug 26 18:28:34.276442: | scheduling resume sending helper answer for #1 Aug 26 18:28:34.276446: | libevent_malloc: new ptr-libevent@0x7fc88c000f48 size 128 Aug 26 18:28:34.276453: | crypto helper 2 waiting (nothing to do) Aug 26 18:28:34.275032: | suspending state #1 and saving MD Aug 26 18:28:34.276464: | #1 is busy; has a suspended MD Aug 26 18:28:34.276471: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:28:34.276476: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:28:34.276481: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:28:34.276489: | #1 spent 0.272 milliseconds in ikev2_process_packet() Aug 26 18:28:34.276494: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Aug 26 18:28:34.276498: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:28:34.276502: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:28:34.276506: | spent 0.291 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:28:34.276517: | processing resume sending helper answer for #1 Aug 26 18:28:34.276522: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797) Aug 26 18:28:34.276527: | crypto helper 2 replies to request ID 2 Aug 26 18:28:34.276529: | calling continuation function 0x565289d77b50 Aug 26 18:28:34.276533: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Aug 26 18:28:34.276536: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 18:28:34.276550: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 18:28:34.276554: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Aug 26 18:28:34.276561: | **parse IKEv2 Identification - Initiator - Payload: Aug 26 18:28:34.276565: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:28:34.276568: | flags: none (0x0) Aug 26 18:28:34.276570: | length: 12 (0xc) Aug 26 18:28:34.276573: | ID type: ID_FQDN (0x2) Aug 26 18:28:34.276576: | processing payload: ISAKMP_NEXT_v2IDi (len=4) Aug 26 18:28:34.276579: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 18:28:34.276582: | **parse IKEv2 Identification - Responder - Payload: Aug 26 18:28:34.276585: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:28:34.276588: | flags: none (0x0) Aug 26 18:28:34.276590: | length: 12 (0xc) Aug 26 18:28:34.276592: | ID type: ID_FQDN (0x2) Aug 26 18:28:34.276595: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 18:28:34.276597: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 18:28:34.276600: | **parse IKEv2 Authentication Payload: Aug 26 18:28:34.276603: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:28:34.276605: | flags: none (0x0) Aug 26 18:28:34.276608: | length: 72 (0x48) Aug 26 18:28:34.276610: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:28:34.276613: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 18:28:34.276615: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:28:34.276618: | **parse IKEv2 Security Association Payload: Aug 26 18:28:34.276620: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:28:34.276622: | flags: none (0x0) Aug 26 18:28:34.276625: | length: 164 (0xa4) Aug 26 18:28:34.276627: | processing payload: ISAKMP_NEXT_v2SA (len=160) Aug 26 18:28:34.276630: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:28:34.276632: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:28:34.276635: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:28:34.276637: | flags: none (0x0) Aug 26 18:28:34.276640: | length: 24 (0x18) Aug 26 18:28:34.276642: | number of TS: 1 (0x1) Aug 26 18:28:34.276645: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:28:34.276647: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:28:34.276650: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:28:34.276652: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:34.276655: | flags: none (0x0) Aug 26 18:28:34.276657: | length: 24 (0x18) Aug 26 18:28:34.276659: | number of TS: 1 (0x1) Aug 26 18:28:34.276662: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:28:34.276664: | selected state microcode Responder: process IKE_AUTH request Aug 26 18:28:34.276667: | Now let's proceed with state specific processing Aug 26 18:28:34.276669: | calling processor Responder: process IKE_AUTH request Aug 26 18:28:34.276675: "westnet-eastnet-ipv4-psk-ikev2" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Aug 26 18:28:34.276682: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:28:34.276685: | received IDr payload - extracting our alleged ID Aug 26 18:28:34.276690: | refine_host_connection for IKEv2: starting with "westnet-eastnet-ipv4-psk-ikev2" Aug 26 18:28:34.276695: | match_id a=@west Aug 26 18:28:34.276697: | b=@west Aug 26 18:28:34.276700: | results matched Aug 26 18:28:34.276704: | refine_host_connection: checking "westnet-eastnet-ipv4-psk-ikev2" against "westnet-eastnet-ipv4-psk-ikev2", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Aug 26 18:28:34.276707: | Warning: not switching back to template of current instance Aug 26 18:28:34.276709: | Peer expects us to be @east (ID_FQDN) according to its IDr payload Aug 26 18:28:34.276712: | This connection's local id is @east (ID_FQDN) Aug 26 18:28:34.276715: | refine_host_connection: checked westnet-eastnet-ipv4-psk-ikev2 against westnet-eastnet-ipv4-psk-ikev2, now for see if best Aug 26 18:28:34.276719: | started looking for secret for @east->@west of kind PKK_PSK Aug 26 18:28:34.276726: | actually looking for secret for @east->@west of kind PKK_PSK Aug 26 18:28:34.276730: | line 1: key type PKK_PSK(@east) to type PKK_PSK Aug 26 18:28:34.276734: | 1: compared key @west to @east / @west -> 004 Aug 26 18:28:34.276737: | 2: compared key @east to @east / @west -> 014 Aug 26 18:28:34.276740: | line 1: match=014 Aug 26 18:28:34.276743: | match 014 beats previous best_match 000 match=0x56528a76db58 (line=1) Aug 26 18:28:34.276746: | concluding with best_match=014 best=0x56528a76db58 (lineno=1) Aug 26 18:28:34.276749: | returning because exact peer id match Aug 26 18:28:34.276752: | offered CA: '%none' Aug 26 18:28:34.276756: "westnet-eastnet-ipv4-psk-ikev2" #1: IKEv2 mode peer ID is ID_FQDN: '@west' Aug 26 18:28:34.276777: | verifying AUTH payload Aug 26 18:28:34.276782: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret Aug 26 18:28:34.276785: | started looking for secret for @east->@west of kind PKK_PSK Aug 26 18:28:34.276788: | actually looking for secret for @east->@west of kind PKK_PSK Aug 26 18:28:34.276791: | line 1: key type PKK_PSK(@east) to type PKK_PSK Aug 26 18:28:34.276795: | 1: compared key @west to @east / @west -> 004 Aug 26 18:28:34.276798: | 2: compared key @east to @east / @west -> 014 Aug 26 18:28:34.276801: | line 1: match=014 Aug 26 18:28:34.276803: | match 014 beats previous best_match 000 match=0x56528a76db58 (line=1) Aug 26 18:28:34.276807: | concluding with best_match=014 best=0x56528a76db58 (lineno=1) Aug 26 18:28:34.276874: "westnet-eastnet-ipv4-psk-ikev2" #1: Authenticated using authby=secret Aug 26 18:28:34.276880: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Aug 26 18:28:34.276886: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Aug 26 18:28:34.276889: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:28:34.276893: | libevent_free: release ptr-libevent@0x7fc894002888 Aug 26 18:28:34.276897: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56528a817b78 Aug 26 18:28:34.276900: | event_schedule: new EVENT_SA_REKEY-pe@0x56528a817b78 Aug 26 18:28:34.276904: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Aug 26 18:28:34.276907: | libevent_malloc: new ptr-libevent@0x56528a81b448 size 128 Aug 26 18:28:34.277010: | pstats #1 ikev2.ike established Aug 26 18:28:34.277020: | **emit ISAKMP Message: Aug 26 18:28:34.277023: | initiator cookie: Aug 26 18:28:34.277026: | 0b 65 11 ed 31 8e d0 ff Aug 26 18:28:34.277028: | responder cookie: Aug 26 18:28:34.277030: | e0 94 43 d7 e8 f8 e5 5f Aug 26 18:28:34.277034: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:28:34.277037: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:34.277039: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:28:34.277042: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:28:34.277045: | Message ID: 1 (0x1) Aug 26 18:28:34.277048: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:28:34.277051: | IKEv2 CERT: send a certificate? Aug 26 18:28:34.277055: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 18:28:34.277057: | ***emit IKEv2 Encryption Payload: Aug 26 18:28:34.277060: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:34.277062: | flags: none (0x0) Aug 26 18:28:34.277066: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:28:34.277069: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:28:34.277072: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:28:34.277082: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:28:34.277096: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 18:28:34.277099: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:34.277102: | flags: none (0x0) Aug 26 18:28:34.277107: | ID type: ID_FQDN (0x2) Aug 26 18:28:34.277110: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 18:28:34.277113: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:28:34.277117: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Aug 26 18:28:34.277119: | my identity 65 61 73 74 Aug 26 18:28:34.277122: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 18:28:34.277129: | assembled IDr payload Aug 26 18:28:34.277132: | CHILD SA proposals received Aug 26 18:28:34.277134: | going to assemble AUTH payload Aug 26 18:28:34.277137: | ****emit IKEv2 Authentication Payload: Aug 26 18:28:34.277140: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:28:34.277142: | flags: none (0x0) Aug 26 18:28:34.277145: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:28:34.277148: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Aug 26 18:28:34.277151: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 18:28:34.277154: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 18:28:34.277157: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret Aug 26 18:28:34.277160: | started looking for secret for @east->@west of kind PKK_PSK Aug 26 18:28:34.277163: | actually looking for secret for @east->@west of kind PKK_PSK Aug 26 18:28:34.277166: | line 1: key type PKK_PSK(@east) to type PKK_PSK Aug 26 18:28:34.277169: | 1: compared key @west to @east / @west -> 004 Aug 26 18:28:34.277172: | 2: compared key @east to @east / @west -> 014 Aug 26 18:28:34.277175: | line 1: match=014 Aug 26 18:28:34.277177: | match 014 beats previous best_match 000 match=0x56528a76db58 (line=1) Aug 26 18:28:34.277180: | concluding with best_match=014 best=0x56528a76db58 (lineno=1) Aug 26 18:28:34.277238: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 18:28:34.277243: | PSK auth ae c2 5e 1e eb c5 c8 d9 91 8d cd c5 a1 5f 8e 93 Aug 26 18:28:34.277246: | PSK auth 3e f2 70 52 a8 3e 24 fa 6b 86 07 1e dd 27 34 50 Aug 26 18:28:34.277248: | PSK auth 79 e5 54 20 16 98 d8 e2 55 9a 42 93 bf 55 33 23 Aug 26 18:28:34.277251: | PSK auth 55 9b 42 2d ec 46 27 72 29 08 8b 1a 17 21 c1 2a Aug 26 18:28:34.277254: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 18:28:34.277259: | creating state object #2 at 0x56528a81bff8 Aug 26 18:28:34.277262: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 18:28:34.277267: | pstats #2 ikev2.child started Aug 26 18:28:34.277270: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Aug 26 18:28:34.277276: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:28:34.277283: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:28:34.277292: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Aug 26 18:28:34.277301: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Aug 26 18:28:34.277305: | Child SA TS Request has ike->sa == md->st; so using parent connection Aug 26 18:28:34.277309: | TSi: parsing 1 traffic selectors Aug 26 18:28:34.277312: | ***parse IKEv2 Traffic Selector: Aug 26 18:28:34.277315: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:28:34.277318: | IP Protocol ID: 0 (0x0) Aug 26 18:28:34.277323: | length: 16 (0x10) Aug 26 18:28:34.277325: | start port: 0 (0x0) Aug 26 18:28:34.277328: | end port: 65535 (0xffff) Aug 26 18:28:34.277332: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:28:34.277335: | TS low c0 00 01 00 Aug 26 18:28:34.277338: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:28:34.277340: | TS high c0 00 01 ff Aug 26 18:28:34.277343: | TSi: parsed 1 traffic selectors Aug 26 18:28:34.277346: | TSr: parsing 1 traffic selectors Aug 26 18:28:34.277349: | ***parse IKEv2 Traffic Selector: Aug 26 18:28:34.277351: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:28:34.277354: | IP Protocol ID: 0 (0x0) Aug 26 18:28:34.277357: | length: 16 (0x10) Aug 26 18:28:34.277360: | start port: 0 (0x0) Aug 26 18:28:34.277363: | end port: 65535 (0xffff) Aug 26 18:28:34.277365: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:28:34.277368: | TS low c0 00 02 00 Aug 26 18:28:34.277371: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:28:34.277374: | TS high c0 00 02 ff Aug 26 18:28:34.277377: | TSr: parsed 1 traffic selectors Aug 26 18:28:34.277379: | looking for best SPD in current connection Aug 26 18:28:34.277386: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:28:34.277392: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:28:34.277399: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 18:28:34.277403: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:28:34.277406: | TSi[0] port match: YES fitness 65536 Aug 26 18:28:34.277409: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:28:34.277413: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:28:34.277418: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:28:34.277424: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 18:28:34.277427: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:28:34.277430: | TSr[0] port match: YES fitness 65536 Aug 26 18:28:34.277433: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:28:34.277436: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:28:34.277439: | best fit so far: TSi[0] TSr[0] Aug 26 18:28:34.277442: | found better spd route for TSi[0],TSr[0] Aug 26 18:28:34.277444: | looking for better host pair Aug 26 18:28:34.277450: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 18:28:34.277455: | checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found Aug 26 18:28:34.277458: | investigating connection "westnet-eastnet-ipv4-psk-ikev2" as a better match Aug 26 18:28:34.277461: | match_id a=@west Aug 26 18:28:34.277464: | b=@west Aug 26 18:28:34.277466: | results matched Aug 26 18:28:34.277471: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:28:34.277476: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:28:34.277482: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 18:28:34.277485: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:28:34.277488: | TSi[0] port match: YES fitness 65536 Aug 26 18:28:34.277491: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:28:34.277494: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:28:34.277498: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:28:34.277504: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 18:28:34.277507: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:28:34.277510: | TSr[0] port match: YES fitness 65536 Aug 26 18:28:34.277515: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:28:34.277518: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:28:34.277521: | best fit so far: TSi[0] TSr[0] Aug 26 18:28:34.277524: | did not find a better connection using host pair Aug 26 18:28:34.277527: | printing contents struct traffic_selector Aug 26 18:28:34.277529: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 18:28:34.277532: | ipprotoid: 0 Aug 26 18:28:34.277534: | port range: 0-65535 Aug 26 18:28:34.277539: | ip range: 192.0.2.0-192.0.2.255 Aug 26 18:28:34.277542: | printing contents struct traffic_selector Aug 26 18:28:34.277544: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 18:28:34.277546: | ipprotoid: 0 Aug 26 18:28:34.277549: | port range: 0-65535 Aug 26 18:28:34.277553: | ip range: 192.0.1.0-192.0.1.255 Aug 26 18:28:34.277557: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals) Aug 26 18:28:34.277564: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:28:34.277571: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:28:34.277574: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:28:34.277578: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:28:34.277582: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:28:34.277586: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:28:34.277589: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:28:34.277594: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:28:34.277602: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:28:34.277606: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Aug 26 18:28:34.277609: | local proposal 1 type ENCR has 1 transforms Aug 26 18:28:34.277612: | local proposal 1 type PRF has 0 transforms Aug 26 18:28:34.277614: | local proposal 1 type INTEG has 1 transforms Aug 26 18:28:34.277617: | local proposal 1 type DH has 1 transforms Aug 26 18:28:34.277620: | local proposal 1 type ESN has 1 transforms Aug 26 18:28:34.277623: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:28:34.277626: | local proposal 2 type ENCR has 1 transforms Aug 26 18:28:34.277628: | local proposal 2 type PRF has 0 transforms Aug 26 18:28:34.277631: | local proposal 2 type INTEG has 1 transforms Aug 26 18:28:34.277633: | local proposal 2 type DH has 1 transforms Aug 26 18:28:34.277636: | local proposal 2 type ESN has 1 transforms Aug 26 18:28:34.277639: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:28:34.277642: | local proposal 3 type ENCR has 1 transforms Aug 26 18:28:34.277645: | local proposal 3 type PRF has 0 transforms Aug 26 18:28:34.277647: | local proposal 3 type INTEG has 2 transforms Aug 26 18:28:34.277650: | local proposal 3 type DH has 1 transforms Aug 26 18:28:34.277652: | local proposal 3 type ESN has 1 transforms Aug 26 18:28:34.277655: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:28:34.277658: | local proposal 4 type ENCR has 1 transforms Aug 26 18:28:34.277661: | local proposal 4 type PRF has 0 transforms Aug 26 18:28:34.277664: | local proposal 4 type INTEG has 2 transforms Aug 26 18:28:34.277666: | local proposal 4 type DH has 1 transforms Aug 26 18:28:34.277670: | local proposal 4 type ESN has 1 transforms Aug 26 18:28:34.277673: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:28:34.277676: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:28:34.277679: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:34.277682: | length: 32 (0x20) Aug 26 18:28:34.277684: | prop #: 1 (0x1) Aug 26 18:28:34.277687: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:34.277689: | spi size: 4 (0x4) Aug 26 18:28:34.277692: | # transforms: 2 (0x2) Aug 26 18:28:34.277696: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:28:34.277699: | remote SPI ca 35 07 15 Aug 26 18:28:34.277702: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Aug 26 18:28:34.277706: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.277709: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.277712: | length: 12 (0xc) Aug 26 18:28:34.277714: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:34.277717: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:34.277720: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:28:34.277723: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:34.277726: | length/value: 256 (0x100) Aug 26 18:28:34.277730: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:28:34.277733: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.277736: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:34.277738: | length: 8 (0x8) Aug 26 18:28:34.277741: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:34.277744: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:34.277748: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:28:34.277752: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Aug 26 18:28:34.277755: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Aug 26 18:28:34.277759: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Aug 26 18:28:34.277763: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 18:28:34.277768: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 18:28:34.277771: | remote proposal 1 matches local proposal 1 Aug 26 18:28:34.277775: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:28:34.277777: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:34.277780: | length: 32 (0x20) Aug 26 18:28:34.277783: | prop #: 2 (0x2) Aug 26 18:28:34.277786: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:34.277789: | spi size: 4 (0x4) Aug 26 18:28:34.277791: | # transforms: 2 (0x2) Aug 26 18:28:34.277794: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:28:34.277797: | remote SPI ca 35 07 15 Aug 26 18:28:34.277801: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:28:34.277804: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.277807: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.277809: | length: 12 (0xc) Aug 26 18:28:34.277812: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:34.277815: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:34.277818: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:28:34.277821: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:34.277824: | length/value: 128 (0x80) Aug 26 18:28:34.277827: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.277830: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:34.277833: | length: 8 (0x8) Aug 26 18:28:34.277836: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:34.277840: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:34.277845: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Aug 26 18:28:34.277848: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Aug 26 18:28:34.277851: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:28:34.277854: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:34.277857: | length: 48 (0x30) Aug 26 18:28:34.277860: | prop #: 3 (0x3) Aug 26 18:28:34.277862: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:34.277865: | spi size: 4 (0x4) Aug 26 18:28:34.277867: | # transforms: 4 (0x4) Aug 26 18:28:34.277871: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:28:34.277873: | remote SPI ca 35 07 15 Aug 26 18:28:34.277877: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:28:34.277880: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.277882: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.277885: | length: 12 (0xc) Aug 26 18:28:34.277888: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:34.277891: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:34.277894: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:28:34.277896: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:34.277899: | length/value: 256 (0x100) Aug 26 18:28:34.277903: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.277906: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.277908: | length: 8 (0x8) Aug 26 18:28:34.277911: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:34.277914: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:34.277917: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.277920: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.277922: | length: 8 (0x8) Aug 26 18:28:34.277925: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:34.277928: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:34.277931: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.277934: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:34.277936: | length: 8 (0x8) Aug 26 18:28:34.277938: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:34.277941: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:34.277945: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 18:28:34.277949: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 18:28:34.277952: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:28:34.277955: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:28:34.277957: | length: 48 (0x30) Aug 26 18:28:34.277960: | prop #: 4 (0x4) Aug 26 18:28:34.277962: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:34.277965: | spi size: 4 (0x4) Aug 26 18:28:34.277968: | # transforms: 4 (0x4) Aug 26 18:28:34.277971: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:28:34.277973: | remote SPI ca 35 07 15 Aug 26 18:28:34.277976: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:28:34.277979: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.277982: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.277985: | length: 12 (0xc) Aug 26 18:28:34.277987: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:34.277990: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:34.277993: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:28:34.277996: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:34.277998: | length/value: 128 (0x80) Aug 26 18:28:34.278002: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.278004: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.278009: | length: 8 (0x8) Aug 26 18:28:34.278012: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:34.278014: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:34.278017: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.278020: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.278023: | length: 8 (0x8) Aug 26 18:28:34.278025: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:34.278028: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:34.278031: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:34.278034: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:34.278036: | length: 8 (0x8) Aug 26 18:28:34.278039: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:34.278041: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:34.278045: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 18:28:34.278048: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 18:28:34.278054: "westnet-eastnet-ipv4-psk-ikev2" #1: proposal 1:ESP:SPI=ca350715;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 18:28:34.278060: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=ca350715;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 18:28:34.278063: | converting proposal to internal trans attrs Aug 26 18:28:34.278082: | netlink_get_spi: allocated 0xdb067b5f for esp.0@192.1.2.23 Aug 26 18:28:34.278085: | Emitting ikev2_proposal ... Aug 26 18:28:34.278088: | ****emit IKEv2 Security Association Payload: Aug 26 18:28:34.278091: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:34.278094: | flags: none (0x0) Aug 26 18:28:34.278097: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:28:34.278100: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:28:34.278104: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:34.278107: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:28:34.278109: | prop #: 1 (0x1) Aug 26 18:28:34.278112: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:34.278115: | spi size: 4 (0x4) Aug 26 18:28:34.278117: | # transforms: 2 (0x2) Aug 26 18:28:34.278120: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:34.278123: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:28:34.278126: | our spi db 06 7b 5f Aug 26 18:28:34.278129: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:34.278131: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.278134: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:34.278136: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:34.278140: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:34.278143: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:34.278147: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:34.278149: | length/value: 256 (0x100) Aug 26 18:28:34.278152: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:34.278155: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:34.278158: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:34.278161: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:34.278163: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:34.278166: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:34.278171: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:34.278174: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:34.278177: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:28:34.278180: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:34.278182: | emitting length of IKEv2 Security Association Payload: 36 Aug 26 18:28:34.278185: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:28:34.278188: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:28:34.278191: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:34.278193: | flags: none (0x0) Aug 26 18:28:34.278196: | number of TS: 1 (0x1) Aug 26 18:28:34.278199: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:28:34.278202: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:28:34.278205: | *****emit IKEv2 Traffic Selector: Aug 26 18:28:34.278208: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:28:34.278210: | IP Protocol ID: 0 (0x0) Aug 26 18:28:34.278213: | start port: 0 (0x0) Aug 26 18:28:34.278215: | end port: 65535 (0xffff) Aug 26 18:28:34.278218: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:28:34.278221: | ipv4 start c0 00 01 00 Aug 26 18:28:34.278223: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:28:34.278226: | ipv4 end c0 00 01 ff Aug 26 18:28:34.278228: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:28:34.278231: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:28:34.278234: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:28:34.278236: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:34.278239: | flags: none (0x0) Aug 26 18:28:34.278241: | number of TS: 1 (0x1) Aug 26 18:28:34.278245: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:28:34.278248: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:28:34.278251: | *****emit IKEv2 Traffic Selector: Aug 26 18:28:34.278253: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:28:34.278256: | IP Protocol ID: 0 (0x0) Aug 26 18:28:34.278258: | start port: 0 (0x0) Aug 26 18:28:34.278261: | end port: 65535 (0xffff) Aug 26 18:28:34.278264: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:28:34.278266: | ipv4 start c0 00 02 00 Aug 26 18:28:34.278269: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:28:34.278271: | ipv4 end c0 00 02 ff Aug 26 18:28:34.278274: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:28:34.278277: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:28:34.278279: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:28:34.278283: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 18:28:34.278459: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Aug 26 18:28:34.278470: | #1 spent 1.77 milliseconds Aug 26 18:28:34.278474: | install_ipsec_sa() for #2: inbound and outbound Aug 26 18:28:34.278477: | could_route called for westnet-eastnet-ipv4-psk-ikev2 (kind=CK_PERMANENT) Aug 26 18:28:34.278480: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:28:34.278483: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 18:28:34.278489: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 18:28:34.278493: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 18:28:34.278497: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:28:34.278501: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:28:34.278504: | AES_GCM_16 requires 4 salt bytes Aug 26 18:28:34.278507: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:28:34.278511: | setting IPsec SA replay-window to 32 Aug 26 18:28:34.278514: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 18:28:34.278518: | netlink: enabling tunnel mode Aug 26 18:28:34.278521: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:28:34.278524: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:28:34.278592: | netlink response for Add SA esp.ca350715@192.1.2.45 included non-error error Aug 26 18:28:34.278598: | set up outgoing SA, ref=0/0 Aug 26 18:28:34.278601: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:28:34.278605: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:28:34.278607: | AES_GCM_16 requires 4 salt bytes Aug 26 18:28:34.278610: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:28:34.278614: | setting IPsec SA replay-window to 32 Aug 26 18:28:34.278618: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 18:28:34.278620: | netlink: enabling tunnel mode Aug 26 18:28:34.278623: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:28:34.278626: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:28:34.278658: | netlink response for Add SA esp.db067b5f@192.1.2.23 included non-error error Aug 26 18:28:34.278663: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:28:34.278671: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 18:28:34.278675: | IPsec Sa SPD priority set to 1042407 Aug 26 18:28:34.278696: | raw_eroute result=success Aug 26 18:28:34.278700: | set up incoming SA, ref=0/0 Aug 26 18:28:34.278703: | sr for #2: unrouted Aug 26 18:28:34.278706: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:28:34.278709: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:28:34.278712: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 18:28:34.278715: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 18:28:34.278719: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 18:28:34.278722: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 18:28:34.278726: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:28:34.278734: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute) Aug 26 18:28:34.278736: | IPsec Sa SPD priority set to 1042407 Aug 26 18:28:34.278748: | raw_eroute result=success Aug 26 18:28:34.278752: | running updown command "ipsec _updown" for verb up Aug 26 18:28:34.278755: | command executing up-client Aug 26 18:28:34.278781: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_I Aug 26 18:28:34.278787: | popen cmd is 1046 chars long Aug 26 18:28:34.278790: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Aug 26 18:28:34.278793: | cmd( 80):4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.: Aug 26 18:28:34.278796: | cmd( 160):2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='19: Aug 26 18:28:34.278799: | cmd( 240):2.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCO: Aug 26 18:28:34.278801: | cmd( 320):L='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_P: Aug 26 18:28:34.278804: | cmd( 400):EER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0: Aug 26 18:28:34.278807: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 18:28:34.278810: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=': Aug 26 18:28:34.278812: | cmd( 640):PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Aug 26 18:28:34.278815: | cmd( 720):_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C: Aug 26 18:28:34.278818: | cmd( 800):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P: Aug 26 18:28:34.278821: | cmd( 880):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT: Aug 26 18:28:34.278823: | cmd( 960):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0xca350715 SPI_OUT=0xdb067b5f ipsec _updow: Aug 26 18:28:34.278826: | cmd(1040):n 2>&1: Aug 26 18:28:34.290647: | route_and_eroute: firewall_notified: true Aug 26 18:28:34.290663: | running updown command "ipsec _updown" for verb prepare Aug 26 18:28:34.290667: | command executing prepare-client Aug 26 18:28:34.290701: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED= Aug 26 18:28:34.290705: | popen cmd is 1051 chars long Aug 26 18:28:34.290708: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 18:28:34.290711: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='1: Aug 26 18:28:34.290714: | cmd( 160):92.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NE: Aug 26 18:28:34.290716: | cmd( 240):T='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Aug 26 18:28:34.290719: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PL: Aug 26 18:28:34.290722: | cmd( 400):UTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.: Aug 26 18:28:34.290729: | cmd( 480):0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: Aug 26 18:28:34.290731: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL: Aug 26 18:28:34.290734: | cmd( 640):ICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Aug 26 18:28:34.290737: | cmd( 720):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Aug 26 18:28:34.290739: | cmd( 800):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Aug 26 18:28:34.290742: | cmd( 880):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Aug 26 18:28:34.290745: | cmd( 960):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xca350715 SPI_OUT=0xdb067b5f ipsec _: Aug 26 18:28:34.290747: | cmd(1040):updown 2>&1: Aug 26 18:28:34.302404: | running updown command "ipsec _updown" for verb route Aug 26 18:28:34.302426: | command executing route-client Aug 26 18:28:34.302459: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Aug 26 18:28:34.302463: | popen cmd is 1049 chars long Aug 26 18:28:34.302466: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Aug 26 18:28:34.302469: | cmd( 80):ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192: Aug 26 18:28:34.302472: | cmd( 160):.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET=: Aug 26 18:28:34.302475: | cmd( 240):'192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROT: Aug 26 18:28:34.302477: | cmd( 320):OCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUT: Aug 26 18:28:34.302587: | cmd( 400):O_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 18:28:34.302590: | cmd( 480):1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 18:28:34.302593: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Aug 26 18:28:34.302596: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: Aug 26 18:28:34.302598: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Aug 26 18:28:34.302601: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Aug 26 18:28:34.302603: | cmd( 880):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Aug 26 18:28:34.302606: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xca350715 SPI_OUT=0xdb067b5f ipsec _up: Aug 26 18:28:34.302609: | cmd(1040):down 2>&1: Aug 26 18:28:34.319203: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x56528a814888,sr=0x56528a814888} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 18:28:34.319301: | #1 spent 1.81 milliseconds in install_ipsec_sa() Aug 26 18:28:34.319313: | ISAKMP_v2_IKE_AUTH: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 18:28:34.319320: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:28:34.319324: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:28:34.319329: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:28:34.319332: | emitting length of IKEv2 Encryption Payload: 197 Aug 26 18:28:34.319335: | emitting length of ISAKMP Message: 225 Aug 26 18:28:34.319372: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Aug 26 18:28:34.319379: | #1 spent 3.67 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Aug 26 18:28:34.319388: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:34.319395: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:34.319400: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Aug 26 18:28:34.319404: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Aug 26 18:28:34.319408: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Aug 26 18:28:34.319413: | Message ID: updating counters for #2 to 1 after switching state Aug 26 18:28:34.319420: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Aug 26 18:28:34.319425: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Aug 26 18:28:34.319428: | pstats #2 ikev2.child established Aug 26 18:28:34.319439: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] Aug 26 18:28:34.319444: | NAT-T: encaps is 'auto' Aug 26 18:28:34.319449: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xca350715 <0xdb067b5f xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 18:28:34.319455: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) Aug 26 18:28:34.319464: | sending 225 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Aug 26 18:28:34.319467: | 0b 65 11 ed 31 8e d0 ff e0 94 43 d7 e8 f8 e5 5f Aug 26 18:28:34.319470: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Aug 26 18:28:34.319472: | 66 66 f3 77 95 d9 fe 8a b9 00 5b 3b 49 a5 07 97 Aug 26 18:28:34.319475: | 62 94 18 7b d6 a2 fa 7a 7a 3c c2 94 31 19 75 d8 Aug 26 18:28:34.319478: | e5 22 3a 70 0c 5e 65 53 6d fa d5 47 2d 2a a2 8e Aug 26 18:28:34.319481: | 4c 1a 0d 32 b4 68 42 1f 35 af 02 41 12 cc 73 58 Aug 26 18:28:34.319483: | 3a 90 11 1f 08 8b 5e 3e af 31 cf 1b 2c fe eb 5c Aug 26 18:28:34.319486: | 60 2c ac b4 39 44 65 98 9f 5e bb 4e 7c 8c 66 cd Aug 26 18:28:34.319488: | 39 4e 83 87 07 14 03 2a a8 10 69 98 05 d3 e2 c3 Aug 26 18:28:34.319491: | ca 77 8a a0 89 c6 47 63 8b 67 49 be e6 05 86 77 Aug 26 18:28:34.319494: | 3b 27 24 0b c6 b6 3e 62 a5 c1 38 b5 61 62 55 d3 Aug 26 18:28:34.319496: | 47 b8 19 46 01 cf b8 72 19 5d 94 9a e0 2d a6 44 Aug 26 18:28:34.319499: | a6 63 95 e9 4c 5d 93 e0 1c 55 b9 62 91 cd 99 13 Aug 26 18:28:34.319502: | c9 42 9d 8d 3e af 80 39 78 d8 99 07 00 91 98 e2 Aug 26 18:28:34.319504: | 46 Aug 26 18:28:34.320127: | releasing whack for #2 (sock=fd@-1) Aug 26 18:28:34.320136: | releasing whack and unpending for parent #1 Aug 26 18:28:34.320139: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Aug 26 18:28:34.320144: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Aug 26 18:28:34.320148: | event_schedule: new EVENT_SA_REKEY-pe@0x7fc894002b78 Aug 26 18:28:34.320154: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Aug 26 18:28:34.320158: | libevent_malloc: new ptr-libevent@0x56528a81bef8 size 128 Aug 26 18:28:34.320172: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:28:34.320179: | #1 spent 4.04 milliseconds in resume sending helper answer Aug 26 18:28:34.320185: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833) Aug 26 18:28:34.320190: | libevent_free: release ptr-libevent@0x7fc88c000f48 Aug 26 18:28:34.320205: | processing signal PLUTO_SIGCHLD Aug 26 18:28:34.320210: | waitpid returned ECHILD (no child processes left) Aug 26 18:28:34.320215: | spent 0.0053 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:28:34.320218: | processing signal PLUTO_SIGCHLD Aug 26 18:28:34.320221: | waitpid returned ECHILD (no child processes left) Aug 26 18:28:34.320225: | spent 0.00352 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:28:34.320228: | processing signal PLUTO_SIGCHLD Aug 26 18:28:34.320232: | waitpid returned ECHILD (no child processes left) Aug 26 18:28:34.320235: | spent 0.00351 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:28:37.962403: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:37.962569: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:28:37.962573: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:28:37.962620: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:28:37.962624: | FOR_EACH_STATE_... in sort_states Aug 26 18:28:37.962633: | get_sa_info esp.db067b5f@192.1.2.23 Aug 26 18:28:37.962646: | get_sa_info esp.ca350715@192.1.2.45 Aug 26 18:28:37.962662: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:37.962668: | spent 0.272 milliseconds in whack Aug 26 18:28:38.766376: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:38.766398: shutting down Aug 26 18:28:38.766409: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 18:28:38.766416: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:28:38.766420: forgetting secrets Aug 26 18:28:38.766428: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:28:38.766434: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in delete_connection() at connections.c:189) Aug 26 18:28:38.766438: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:28:38.766440: | pass 0 Aug 26 18:28:38.766444: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:28:38.766447: | state #2 Aug 26 18:28:38.766452: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:28:38.766459: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:28:38.766463: | pstats #2 ikev2.child deleted completed Aug 26 18:28:38.766469: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in delete_state() at state.c:879) Aug 26 18:28:38.766474: "westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_V2_IPSEC_R) aged 4.489s and sending notification Aug 26 18:28:38.766478: | child state #2: V2_IPSEC_R(established CHILD SA) => delete Aug 26 18:28:38.766484: | get_sa_info esp.ca350715@192.1.2.45 Aug 26 18:28:38.766499: | get_sa_info esp.db067b5f@192.1.2.23 Aug 26 18:28:38.766507: "westnet-eastnet-ipv4-psk-ikev2" #2: ESP traffic information: in=336B out=336B Aug 26 18:28:38.766511: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_R Aug 26 18:28:38.766515: | Opening output PBS informational exchange delete request Aug 26 18:28:38.766519: | **emit ISAKMP Message: Aug 26 18:28:38.766522: | initiator cookie: Aug 26 18:28:38.766528: | 0b 65 11 ed 31 8e d0 ff Aug 26 18:28:38.766531: | responder cookie: Aug 26 18:28:38.766534: | e0 94 43 d7 e8 f8 e5 5f Aug 26 18:28:38.766537: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:28:38.766541: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:38.766545: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:28:38.766548: | flags: none (0x0) Aug 26 18:28:38.766551: | Message ID: 0 (0x0) Aug 26 18:28:38.766555: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:28:38.766558: | ***emit IKEv2 Encryption Payload: Aug 26 18:28:38.766562: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:38.766565: | flags: none (0x0) Aug 26 18:28:38.766569: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:28:38.766573: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:28:38.766577: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:28:38.766594: | ****emit IKEv2 Delete Payload: Aug 26 18:28:38.766598: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:38.766601: | flags: none (0x0) Aug 26 18:28:38.766604: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:28:38.766607: | SPI size: 4 (0x4) Aug 26 18:28:38.766610: | number of SPIs: 1 (0x1) Aug 26 18:28:38.766615: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:28:38.766619: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:28:38.766623: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 18:28:38.766626: | local spis db 06 7b 5f Aug 26 18:28:38.766629: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:28:38.766633: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:28:38.766637: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:28:38.766641: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:28:38.766644: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:28:38.766647: | emitting length of ISAKMP Message: 69 Aug 26 18:28:38.766675: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) Aug 26 18:28:38.766679: | 0b 65 11 ed 31 8e d0 ff e0 94 43 d7 e8 f8 e5 5f Aug 26 18:28:38.766682: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:28:38.766685: | 93 fb d1 c6 13 45 7f 01 fd 5f 3d 09 05 76 56 78 Aug 26 18:28:38.766688: | e6 38 01 88 35 2d c4 fe 37 67 38 67 0d 02 bd 43 Aug 26 18:28:38.766691: | df 26 1a 3a 95 Aug 26 18:28:38.766739: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Aug 26 18:28:38.766744: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Aug 26 18:28:38.766751: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:28:38.766754: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 18:28:38.766760: | libevent_free: release ptr-libevent@0x56528a81bef8 Aug 26 18:28:38.766764: | free_event_entry: release EVENT_SA_REKEY-pe@0x7fc894002b78 Aug 26 18:28:38.766811: | running updown command "ipsec _updown" for verb down Aug 26 18:28:38.766817: | command executing down-client Aug 26 18:28:38.766852: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844114' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR Aug 26 18:28:38.766858: | popen cmd is 1057 chars long Aug 26 18:28:38.766863: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Aug 26 18:28:38.766866: | cmd( 80):pv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.: Aug 26 18:28:38.766870: | cmd( 160):1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET=': Aug 26 18:28:38.766874: | cmd( 240):192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTO: Aug 26 18:28:38.766877: | cmd( 320):COL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO: Aug 26 18:28:38.766881: | cmd( 400):_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1: Aug 26 18:28:38.766885: | cmd( 480):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Aug 26 18:28:38.766889: | cmd( 560):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844114' PLUTO_CO: Aug 26 18:28:38.766892: | cmd( 640):NN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO': Aug 26 18:28:38.766896: | cmd( 720): PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUT: Aug 26 18:28:38.766899: | cmd( 800):O_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_: Aug 26 18:28:38.766903: | cmd( 880):BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_: Aug 26 18:28:38.766907: | cmd( 960):IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xca350715 SPI_OUT=0xdb067b5f i: Aug 26 18:28:38.766910: | cmd(1040):psec _updown 2>&1: Aug 26 18:28:38.777711: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:28:38.777727: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:28:38.777731: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:28:38.777737: | IPsec Sa SPD priority set to 1042407 Aug 26 18:28:38.777774: | delete esp.ca350715@192.1.2.45 Aug 26 18:28:38.777793: | netlink response for Del SA esp.ca350715@192.1.2.45 included non-error error Aug 26 18:28:38.777797: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:28:38.777805: | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 18:28:38.777827: | raw_eroute result=success Aug 26 18:28:38.777832: | delete esp.db067b5f@192.1.2.23 Aug 26 18:28:38.777842: | netlink response for Del SA esp.db067b5f@192.1.2.23 included non-error error Aug 26 18:28:38.777855: | stop processing: connection "westnet-eastnet-ipv4-psk-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 18:28:38.777860: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 18:28:38.777863: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 18:28:38.777867: | State DB: deleting IKEv2 state #2 in V2_IPSEC_R Aug 26 18:28:38.777874: | child state #2: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Aug 26 18:28:38.777884: | stop processing: state #2 from 192.1.2.45:500 (in delete_state() at state.c:1143) Aug 26 18:28:38.777898: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:28:38.777905: | state #1 Aug 26 18:28:38.777908: | pass 1 Aug 26 18:28:38.777911: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:28:38.777913: | state #1 Aug 26 18:28:38.777918: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:28:38.777921: | pstats #1 ikev2.ike deleted completed Aug 26 18:28:38.777929: | #1 spent 8.97 milliseconds in total Aug 26 18:28:38.777934: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in delete_state() at state.c:879) Aug 26 18:28:38.777939: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting state (STATE_PARENT_R2) aged 4.511s and sending notification Aug 26 18:28:38.777943: | parent state #1: PARENT_R2(established IKE SA) => delete Aug 26 18:28:38.778007: | #1 send IKEv2 delete notification for STATE_PARENT_R2 Aug 26 18:28:38.778012: | Opening output PBS informational exchange delete request Aug 26 18:28:38.778016: | **emit ISAKMP Message: Aug 26 18:28:38.778019: | initiator cookie: Aug 26 18:28:38.778021: | 0b 65 11 ed 31 8e d0 ff Aug 26 18:28:38.778024: | responder cookie: Aug 26 18:28:38.778026: | e0 94 43 d7 e8 f8 e5 5f Aug 26 18:28:38.778030: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:28:38.778033: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:38.778035: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:28:38.778040: | flags: none (0x0) Aug 26 18:28:38.778043: | Message ID: 1 (0x1) Aug 26 18:28:38.778046: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:28:38.778049: | ***emit IKEv2 Encryption Payload: Aug 26 18:28:38.778053: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:38.778055: | flags: none (0x0) Aug 26 18:28:38.778059: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:28:38.778062: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:28:38.778067: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:28:38.778084: | ****emit IKEv2 Delete Payload: Aug 26 18:28:38.778088: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:38.778091: | flags: none (0x0) Aug 26 18:28:38.778094: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 18:28:38.778097: | SPI size: 0 (0x0) Aug 26 18:28:38.778099: | number of SPIs: 0 (0x0) Aug 26 18:28:38.778103: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:28:38.778107: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:28:38.778110: | emitting length of IKEv2 Delete Payload: 8 Aug 26 18:28:38.778113: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:28:38.778117: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:28:38.778120: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:28:38.778122: | emitting length of IKEv2 Encryption Payload: 37 Aug 26 18:28:38.778124: | emitting length of ISAKMP Message: 65 Aug 26 18:28:38.778153: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Aug 26 18:28:38.778156: | 0b 65 11 ed 31 8e d0 ff e0 94 43 d7 e8 f8 e5 5f Aug 26 18:28:38.778158: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 18:28:38.778160: | fe bf d3 54 fd 64 93 39 51 b5 7f cb 8d 10 7b 7d Aug 26 18:28:38.778162: | b5 55 6b 56 55 d5 3a 09 ec 89 a4 a7 96 da 81 aa Aug 26 18:28:38.778164: | b8 Aug 26 18:28:38.778211: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Aug 26 18:28:38.778218: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Aug 26 18:28:38.778224: | Message ID: #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=1 wip.responder=-1 Aug 26 18:28:38.778229: | Message ID: sent #1 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=0->1 wip.responder=-1 Aug 26 18:28:38.778232: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 18:28:38.778244: | libevent_free: release ptr-libevent@0x56528a81b448 Aug 26 18:28:38.778248: | free_event_entry: release EVENT_SA_REKEY-pe@0x56528a817b78 Aug 26 18:28:38.778253: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:28:38.778257: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 18:28:38.778260: | State DB: deleting IKEv2 state #1 in PARENT_R2 Aug 26 18:28:38.778264: | parent state #1: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Aug 26 18:28:38.778337: | stop processing: state #1 from 192.1.2.45:500 (in delete_state() at state.c:1143) Aug 26 18:28:38.778370: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:28:38.778375: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:28:38.778378: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:28:38.778381: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:28:38.778400: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 18:28:38.778411: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:28:38.778415: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 18:28:38.778419: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 18:28:38.778423: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL Aug 26 18:28:38.778427: | running updown command "ipsec _updown" for verb unroute Aug 26 18:28:38.778430: | command executing unroute-client Aug 26 18:28:38.778464: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED Aug 26 18:28:38.778468: | popen cmd is 1038 chars long Aug 26 18:28:38.778471: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 18:28:38.778475: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='1: Aug 26 18:28:38.778479: | cmd( 160):92.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NE: Aug 26 18:28:38.778482: | cmd( 240):T='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Aug 26 18:28:38.778486: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' P: Aug 26 18:28:38.778489: | cmd( 400):LUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192: Aug 26 18:28:38.778495: | cmd( 480):.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PR: Aug 26 18:28:38.778499: | cmd( 560):OTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO: Aug 26 18:28:38.778502: | cmd( 640):LICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUT: Aug 26 18:28:38.778506: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Aug 26 18:28:38.778509: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Aug 26 18:28:38.778513: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Aug 26 18:28:38.778517: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 18:28:38.791446: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.791511: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.791545: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.791578: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.791611: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.791644: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.791680: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.791714: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.791747: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.791779: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.791814: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.791849: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.791883: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.791916: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.791949: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.791981: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.792015: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.792048: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.792081: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.792113: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.792146: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.792181: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.792214: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.792246: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.792277: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.792321: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.792654: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.792687: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:38.802565: | free hp@0x56528a8162c8 Aug 26 18:28:38.802581: | flush revival: connection 'westnet-eastnet-ipv4-psk-ikev2' wasn't on the list Aug 26 18:28:38.802584: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 18:28:38.802599: | crl fetch request list locked by 'free_crl_fetch' Aug 26 18:28:38.802601: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 18:28:38.802613: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 18:28:38.802616: shutting down interface lo/lo 127.0.0.1:500 Aug 26 18:28:38.802618: shutting down interface eth0/eth0 192.0.2.254:4500 Aug 26 18:28:38.802620: shutting down interface eth0/eth0 192.0.2.254:500 Aug 26 18:28:38.802622: shutting down interface eth1/eth1 192.1.2.23:4500 Aug 26 18:28:38.802624: shutting down interface eth1/eth1 192.1.2.23:500 Aug 26 18:28:38.802631: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 18:28:38.802642: | libevent_free: release ptr-libevent@0x56528a807f98 Aug 26 18:28:38.802646: | free_event_entry: release EVENT_NULL-pe@0x56528a813a98 Aug 26 18:28:38.802655: | libevent_free: release ptr-libevent@0x56528a79c098 Aug 26 18:28:38.802657: | free_event_entry: release EVENT_NULL-pe@0x56528a813b48 Aug 26 18:28:38.802663: | libevent_free: release ptr-libevent@0x56528a79da48 Aug 26 18:28:38.802665: | free_event_entry: release EVENT_NULL-pe@0x56528a813bf8 Aug 26 18:28:38.802670: | libevent_free: release ptr-libevent@0x56528a79d998 Aug 26 18:28:38.802672: | free_event_entry: release EVENT_NULL-pe@0x56528a813ca8 Aug 26 18:28:38.802677: | libevent_free: release ptr-libevent@0x56528a7724e8 Aug 26 18:28:38.802679: | free_event_entry: release EVENT_NULL-pe@0x56528a813d58 Aug 26 18:28:38.802684: | libevent_free: release ptr-libevent@0x56528a7721d8 Aug 26 18:28:38.802686: | free_event_entry: release EVENT_NULL-pe@0x56528a813e08 Aug 26 18:28:38.802689: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:28:38.803127: | libevent_free: release ptr-libevent@0x56528a808048 Aug 26 18:28:38.803136: | free_event_entry: release EVENT_NULL-pe@0x56528a7fbe38 Aug 26 18:28:38.803143: | libevent_free: release ptr-libevent@0x56528a79c198 Aug 26 18:28:38.803146: | free_event_entry: release EVENT_NULL-pe@0x56528a7fbdc8 Aug 26 18:28:38.803151: | libevent_free: release ptr-libevent@0x56528a7df568 Aug 26 18:28:38.803154: | free_event_entry: release EVENT_NULL-pe@0x56528a7fb2a8 Aug 26 18:28:38.803158: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 18:28:38.803161: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 18:28:38.803163: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 18:28:38.803166: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 18:28:38.803169: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 18:28:38.803171: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 18:28:38.803174: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 18:28:38.803177: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 18:28:38.803180: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 18:28:38.803185: | libevent_free: release ptr-libevent@0x56528a7a6388 Aug 26 18:28:38.803188: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 18:28:38.803192: | libevent_free: release ptr-libevent@0x56528a79e238 Aug 26 18:28:38.803195: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 18:28:38.803198: | libevent_free: release ptr-libevent@0x56528a813458 Aug 26 18:28:38.803201: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 18:28:38.803204: | libevent_free: release ptr-libevent@0x56528a813698 Aug 26 18:28:38.803207: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 18:28:38.803210: | releasing event base Aug 26 18:28:38.803225: | libevent_free: release ptr-libevent@0x56528a813568 Aug 26 18:28:38.803228: | libevent_free: release ptr-libevent@0x56528a7f6578 Aug 26 18:28:38.803232: | libevent_free: release ptr-libevent@0x56528a7f6528 Aug 26 18:28:38.803235: | libevent_free: release ptr-libevent@0x56528a7f64b8 Aug 26 18:28:38.803238: | libevent_free: release ptr-libevent@0x56528a7f6478 Aug 26 18:28:38.803241: | libevent_free: release ptr-libevent@0x56528a813318 Aug 26 18:28:38.803244: | libevent_free: release ptr-libevent@0x56528a813398 Aug 26 18:28:38.803247: | libevent_free: release ptr-libevent@0x56528a7f6728 Aug 26 18:28:38.803250: | libevent_free: release ptr-libevent@0x56528a7fb3b8 Aug 26 18:28:38.803253: | libevent_free: release ptr-libevent@0x56528a7fbd88 Aug 26 18:28:38.803255: | libevent_free: release ptr-libevent@0x56528a813e78 Aug 26 18:28:38.803258: | libevent_free: release ptr-libevent@0x56528a813dc8 Aug 26 18:28:38.803261: | libevent_free: release ptr-libevent@0x56528a813d18 Aug 26 18:28:38.803264: | libevent_free: release ptr-libevent@0x56528a813c68 Aug 26 18:28:38.803266: | libevent_free: release ptr-libevent@0x56528a813bb8 Aug 26 18:28:38.803269: | libevent_free: release ptr-libevent@0x56528a813b08 Aug 26 18:28:38.803275: | libevent_free: release ptr-libevent@0x56528a79b698 Aug 26 18:28:38.803278: | libevent_free: release ptr-libevent@0x56528a813418 Aug 26 18:28:38.803281: | libevent_free: release ptr-libevent@0x56528a8133d8 Aug 26 18:28:38.803283: | libevent_free: release ptr-libevent@0x56528a813358 Aug 26 18:28:38.803286: | libevent_free: release ptr-libevent@0x56528a813528 Aug 26 18:28:38.803292: | libevent_free: release ptr-libevent@0x56528a79a828 Aug 26 18:28:38.803298: | libevent_free: release ptr-libevent@0x56528a771908 Aug 26 18:28:38.803301: | libevent_free: release ptr-libevent@0x56528a771d38 Aug 26 18:28:38.803303: | libevent_free: release ptr-libevent@0x56528a79ab98 Aug 26 18:28:38.803306: | releasing global libevent data Aug 26 18:28:38.803309: | libevent_free: release ptr-libevent@0x56528a7717f8 Aug 26 18:28:38.803313: | libevent_free: release ptr-libevent@0x56528a771cd8 Aug 26 18:28:38.803316: | libevent_free: release ptr-libevent@0x56528a771dd8 Aug 26 18:28:38.803361: leak detective found no leaks