Aug 26 18:24:48.867585: FIPS Product: YES Aug 26 18:24:48.867677: FIPS Kernel: NO Aug 26 18:24:48.867681: FIPS Mode: NO Aug 26 18:24:48.867684: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:24:48.867831: Initializing NSS Aug 26 18:24:48.867840: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:24:48.913988: NSS initialized Aug 26 18:24:48.914007: NSS crypto library initialized Aug 26 18:24:48.914010: FIPS HMAC integrity support [enabled] Aug 26 18:24:48.914012: FIPS mode disabled for pluto daemon Aug 26 18:24:48.952476: FIPS HMAC integrity verification self-test FAILED Aug 26 18:24:48.952574: libcap-ng support [enabled] Aug 26 18:24:48.952583: Linux audit support [enabled] Aug 26 18:24:48.952928: Linux audit activated Aug 26 18:24:48.952936: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:28867 Aug 26 18:24:48.952939: core dump dir: /tmp Aug 26 18:24:48.952941: secrets file: /etc/ipsec.secrets Aug 26 18:24:48.952943: leak-detective disabled Aug 26 18:24:48.952945: NSS crypto [enabled] Aug 26 18:24:48.952947: XAUTH PAM support [enabled] Aug 26 18:24:48.953016: | libevent is using pluto's memory allocator Aug 26 18:24:48.953025: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:24:48.953037: | libevent_malloc: new ptr-libevent@0x5652a844e160 size 40 Aug 26 18:24:48.953040: | libevent_malloc: new ptr-libevent@0x5652a844f410 size 40 Aug 26 18:24:48.953044: | libevent_malloc: new ptr-libevent@0x5652a844f440 size 40 Aug 26 18:24:48.953046: | creating event base Aug 26 18:24:48.953049: | libevent_malloc: new ptr-libevent@0x5652a844f3d0 size 56 Aug 26 18:24:48.953052: | libevent_malloc: new ptr-libevent@0x5652a844f470 size 664 Aug 26 18:24:48.953064: | libevent_malloc: new ptr-libevent@0x5652a844f710 size 24 Aug 26 18:24:48.953069: | libevent_malloc: new ptr-libevent@0x5652a8440f20 size 384 Aug 26 18:24:48.953078: | libevent_malloc: new ptr-libevent@0x5652a844f730 size 16 Aug 26 18:24:48.953094: | libevent_malloc: new ptr-libevent@0x5652a844f750 size 40 Aug 26 18:24:48.953097: | libevent_malloc: new ptr-libevent@0x5652a844f780 size 48 Aug 26 18:24:48.953103: | libevent_realloc: new ptr-libevent@0x5652a83d1370 size 256 Aug 26 18:24:48.953106: | libevent_malloc: new ptr-libevent@0x5652a844f7c0 size 16 Aug 26 18:24:48.953112: | libevent_free: release ptr-libevent@0x5652a844f3d0 Aug 26 18:24:48.953115: | libevent initialized Aug 26 18:24:48.953119: | libevent_realloc: new ptr-libevent@0x5652a844f7e0 size 64 Aug 26 18:24:48.953123: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:24:48.953139: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:24:48.953141: NAT-Traversal support [enabled] Aug 26 18:24:48.953144: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:24:48.953150: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:24:48.953154: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:24:48.953190: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:24:48.953194: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:24:48.953197: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:24:48.953243: Encryption algorithms: Aug 26 18:24:48.953251: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:24:48.953255: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:24:48.953259: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:24:48.953263: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:24:48.953266: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:24:48.953275: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:24:48.953280: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:24:48.953283: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:24:48.953287: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:24:48.953315: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:24:48.953319: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:24:48.953322: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:24:48.953326: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:24:48.953342: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:24:48.953346: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:24:48.953349: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:24:48.953353: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:24:48.953359: Hash algorithms: Aug 26 18:24:48.953362: MD5 IKEv1: IKE IKEv2: Aug 26 18:24:48.953365: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:24:48.953368: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:24:48.953371: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:24:48.953374: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:24:48.953387: PRF algorithms: Aug 26 18:24:48.953390: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:24:48.953393: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:24:48.953397: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:24:48.953400: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:24:48.953403: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:24:48.953406: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:24:48.953431: Integrity algorithms: Aug 26 18:24:48.953435: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:24:48.953438: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:24:48.953443: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:24:48.953447: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:24:48.953451: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:24:48.953454: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:24:48.953457: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:24:48.953460: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:24:48.953464: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:24:48.953475: DH algorithms: Aug 26 18:24:48.953479: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:24:48.953482: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:24:48.953485: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:24:48.953490: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:24:48.953493: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:24:48.953496: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:24:48.953499: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:24:48.953502: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:24:48.953505: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:24:48.953508: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:24:48.953511: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:24:48.953514: testing CAMELLIA_CBC: Aug 26 18:24:48.953516: Camellia: 16 bytes with 128-bit key Aug 26 18:24:48.953626: Camellia: 16 bytes with 128-bit key Aug 26 18:24:48.953653: Camellia: 16 bytes with 256-bit key Aug 26 18:24:48.953681: Camellia: 16 bytes with 256-bit key Aug 26 18:24:48.953709: testing AES_GCM_16: Aug 26 18:24:48.953712: empty string Aug 26 18:24:48.953738: one block Aug 26 18:24:48.953761: two blocks Aug 26 18:24:48.953784: two blocks with associated data Aug 26 18:24:48.953808: testing AES_CTR: Aug 26 18:24:48.953811: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:24:48.953835: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:24:48.953860: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:24:48.953885: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:24:48.953909: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:24:48.953934: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:24:48.953960: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:24:48.953986: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:24:48.954012: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:24:48.954038: testing AES_CBC: Aug 26 18:24:48.954040: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:24:48.954064: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:24:48.954091: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:24:48.954118: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:24:48.954151: testing AES_XCBC: Aug 26 18:24:48.954155: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:24:48.954261: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:24:48.954412: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:24:48.954527: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:24:48.954641: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:24:48.954757: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:24:48.954875: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:24:48.955151: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:24:48.955268: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:24:48.955407: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:24:48.955628: testing HMAC_MD5: Aug 26 18:24:48.955632: RFC 2104: MD5_HMAC test 1 Aug 26 18:24:48.955795: RFC 2104: MD5_HMAC test 2 Aug 26 18:24:48.955940: RFC 2104: MD5_HMAC test 3 Aug 26 18:24:48.956183: 8 CPU cores online Aug 26 18:24:48.956188: starting up 7 crypto helpers Aug 26 18:24:48.956219: started thread for crypto helper 0 Aug 26 18:24:48.956225: | starting up helper thread 0 Aug 26 18:24:48.956238: started thread for crypto helper 1 Aug 26 18:24:48.956240: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:24:48.956243: | starting up helper thread 1 Aug 26 18:24:48.956258: started thread for crypto helper 2 Aug 26 18:24:48.956263: | starting up helper thread 2 Aug 26 18:24:48.956261: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:24:48.956244: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:48.956283: started thread for crypto helper 3 Aug 26 18:24:48.956276: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:24:48.956296: | crypto helper 2 waiting (nothing to do) Aug 26 18:24:48.956301: | crypto helper 1 waiting (nothing to do) Aug 26 18:24:48.956302: | starting up helper thread 3 Aug 26 18:24:48.956304: started thread for crypto helper 4 Aug 26 18:24:48.956323: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:24:48.956327: | crypto helper 3 waiting (nothing to do) Aug 26 18:24:48.956332: | starting up helper thread 4 Aug 26 18:24:48.956338: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:24:48.956339: started thread for crypto helper 5 Aug 26 18:24:48.956340: | crypto helper 4 waiting (nothing to do) Aug 26 18:24:48.956344: | starting up helper thread 5 Aug 26 18:24:48.956356: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:24:48.956359: | crypto helper 5 waiting (nothing to do) Aug 26 18:24:48.956373: started thread for crypto helper 6 Aug 26 18:24:48.956375: | starting up helper thread 6 Aug 26 18:24:48.956386: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:24:48.956390: | crypto helper 6 waiting (nothing to do) Aug 26 18:24:48.956377: | checking IKEv1 state table Aug 26 18:24:48.956405: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:48.956408: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:24:48.956411: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:48.956414: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:24:48.956417: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:24:48.956419: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:24:48.956421: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:48.956424: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:48.956427: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:24:48.956429: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:24:48.956431: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:48.956434: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:48.956436: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:24:48.956439: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:48.956441: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:48.956443: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:48.956446: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:24:48.956448: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:48.956451: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:48.956453: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:48.956456: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:24:48.956458: | -> UNDEFINED EVENT_NULL Aug 26 18:24:48.956461: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:24:48.956463: | -> UNDEFINED EVENT_NULL Aug 26 18:24:48.956466: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:48.956468: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:24:48.956471: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:48.956473: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:48.956476: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:48.956479: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:24:48.956481: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:48.956483: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:48.956486: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:24:48.956488: | -> UNDEFINED EVENT_NULL Aug 26 18:24:48.956491: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:24:48.956493: | -> UNDEFINED EVENT_NULL Aug 26 18:24:48.956496: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:24:48.956499: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:24:48.956504: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:24:48.956507: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:24:48.956510: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:24:48.956512: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:24:48.956515: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:24:48.956517: | -> UNDEFINED EVENT_NULL Aug 26 18:24:48.956520: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:24:48.956522: | -> UNDEFINED EVENT_NULL Aug 26 18:24:48.956525: | INFO: category: informational flags: 0: Aug 26 18:24:48.956527: | -> UNDEFINED EVENT_NULL Aug 26 18:24:48.956530: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:24:48.956533: | -> UNDEFINED EVENT_NULL Aug 26 18:24:48.956535: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:24:48.956538: | -> XAUTH_R1 EVENT_NULL Aug 26 18:24:48.956540: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:24:48.956543: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:48.956545: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:24:48.956548: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:24:48.956551: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:24:48.956553: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:24:48.956556: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:24:48.956558: | -> UNDEFINED EVENT_NULL Aug 26 18:24:48.956561: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:24:48.956564: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:48.956566: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:24:48.956569: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:24:48.956571: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:24:48.956574: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:24:48.956580: | checking IKEv2 state table Aug 26 18:24:48.956586: | PARENT_I0: category: ignore flags: 0: Aug 26 18:24:48.956589: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:24:48.956592: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:48.956595: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:24:48.956598: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:24:48.956601: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:24:48.956603: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:24:48.956606: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:24:48.956609: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:24:48.956611: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:24:48.956614: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:24:48.956617: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:24:48.956620: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:24:48.956622: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:24:48.956625: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:24:48.956627: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:24:48.956630: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:48.956633: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:24:48.956635: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:24:48.956638: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:24:48.956641: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:24:48.956644: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:24:48.956647: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:24:48.956651: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:24:48.956654: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:24:48.956657: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:24:48.956660: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:24:48.956662: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:24:48.956665: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:24:48.956668: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:24:48.956671: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:24:48.956674: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:48.956677: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:24:48.956679: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:24:48.956682: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:24:48.956685: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:24:48.956688: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:24:48.956691: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:24:48.956694: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:24:48.956696: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:24:48.956699: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:48.956702: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:24:48.956705: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:24:48.956708: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:24:48.956711: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:24:48.956713: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:24:48.956716: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:24:48.956729: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:24:48.957014: | Hard-wiring algorithms Aug 26 18:24:48.957018: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:24:48.957022: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:24:48.957025: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:24:48.957027: | adding 3DES_CBC to kernel algorithm db Aug 26 18:24:48.957030: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:24:48.957033: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:24:48.957035: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:24:48.957038: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:24:48.957040: | adding AES_CTR to kernel algorithm db Aug 26 18:24:48.957043: | adding AES_CBC to kernel algorithm db Aug 26 18:24:48.957045: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:24:48.957048: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:24:48.957050: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:24:48.957053: | adding NULL to kernel algorithm db Aug 26 18:24:48.957056: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:24:48.957058: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:24:48.957061: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:24:48.957063: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:24:48.957066: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:24:48.957068: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:24:48.957071: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:24:48.957073: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:24:48.957076: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:24:48.957078: | adding NONE to kernel algorithm db Aug 26 18:24:48.957101: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:24:48.957108: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:24:48.957111: | setup kernel fd callback Aug 26 18:24:48.957115: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x5652a8459b80 Aug 26 18:24:48.957118: | libevent_malloc: new ptr-libevent@0x5652a8460ee0 size 128 Aug 26 18:24:48.957122: | libevent_malloc: new ptr-libevent@0x5652a8454df0 size 16 Aug 26 18:24:48.957128: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x5652a8454420 Aug 26 18:24:48.957131: | libevent_malloc: new ptr-libevent@0x5652a8460f70 size 128 Aug 26 18:24:48.957134: | libevent_malloc: new ptr-libevent@0x5652a844f830 size 16 Aug 26 18:24:48.957357: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:24:48.957369: selinux support is enabled. Aug 26 18:24:48.957827: | unbound context created - setting debug level to 5 Aug 26 18:24:48.957854: | /etc/hosts lookups activated Aug 26 18:24:48.957869: | /etc/resolv.conf usage activated Aug 26 18:24:48.957931: | outgoing-port-avoid set 0-65535 Aug 26 18:24:48.957961: | outgoing-port-permit set 32768-60999 Aug 26 18:24:48.957964: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:24:48.957967: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:24:48.957970: | Setting up events, loop start Aug 26 18:24:48.957973: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x5652a8454170 Aug 26 18:24:48.957977: | libevent_malloc: new ptr-libevent@0x5652a846b490 size 128 Aug 26 18:24:48.957980: | libevent_malloc: new ptr-libevent@0x5652a846b520 size 16 Aug 26 18:24:48.957986: | libevent_realloc: new ptr-libevent@0x5652a83cf6c0 size 256 Aug 26 18:24:48.957989: | libevent_malloc: new ptr-libevent@0x5652a846b540 size 8 Aug 26 18:24:48.957993: | libevent_realloc: new ptr-libevent@0x5652a8460350 size 144 Aug 26 18:24:48.957996: | libevent_malloc: new ptr-libevent@0x5652a846b560 size 152 Aug 26 18:24:48.957999: | libevent_malloc: new ptr-libevent@0x5652a846b600 size 16 Aug 26 18:24:48.958003: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:24:48.958006: | libevent_malloc: new ptr-libevent@0x5652a846b620 size 8 Aug 26 18:24:48.958009: | libevent_malloc: new ptr-libevent@0x5652a846b640 size 152 Aug 26 18:24:48.958012: | signal event handler PLUTO_SIGTERM installed Aug 26 18:24:48.958015: | libevent_malloc: new ptr-libevent@0x5652a846b6e0 size 8 Aug 26 18:24:48.958018: | libevent_malloc: new ptr-libevent@0x5652a846b700 size 152 Aug 26 18:24:48.958020: | signal event handler PLUTO_SIGHUP installed Aug 26 18:24:48.958023: | libevent_malloc: new ptr-libevent@0x5652a846b7a0 size 8 Aug 26 18:24:48.958026: | libevent_realloc: release ptr-libevent@0x5652a8460350 Aug 26 18:24:48.958029: | libevent_realloc: new ptr-libevent@0x5652a846b7c0 size 256 Aug 26 18:24:48.958031: | libevent_malloc: new ptr-libevent@0x5652a8460350 size 152 Aug 26 18:24:48.958034: | signal event handler PLUTO_SIGSYS installed Aug 26 18:24:48.959655: | created addconn helper (pid:28924) using fork+execve Aug 26 18:24:48.959681: | forked child 28924 Aug 26 18:24:48.959726: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:48.959744: listening for IKE messages Aug 26 18:24:48.959837: | Inspecting interface lo Aug 26 18:24:48.959846: | found lo with address 127.0.0.1 Aug 26 18:24:48.959849: | Inspecting interface eth0 Aug 26 18:24:48.959853: | found eth0 with address 192.0.3.254 Aug 26 18:24:48.959856: | Inspecting interface eth1 Aug 26 18:24:48.959861: | found eth1 with address 192.1.3.33 Aug 26 18:24:48.959974: Kernel supports NIC esp-hw-offload Aug 26 18:24:48.959986: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Aug 26 18:24:48.960037: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:48.960043: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:48.960047: adding interface eth1/eth1 192.1.3.33:4500 Aug 26 18:24:48.960077: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Aug 26 18:24:48.960101: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:48.960105: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:48.960109: adding interface eth0/eth0 192.0.3.254:4500 Aug 26 18:24:48.960131: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:24:48.960151: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:48.960155: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:48.960158: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:24:48.960223: | no interfaces to sort Aug 26 18:24:48.960228: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:24:48.960237: | add_fd_read_event_handler: new ethX-pe@0x5652a8454ef0 Aug 26 18:24:48.960241: | libevent_malloc: new ptr-libevent@0x5652a846bb30 size 128 Aug 26 18:24:48.960245: | libevent_malloc: new ptr-libevent@0x5652a846bbc0 size 16 Aug 26 18:24:48.960256: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:48.960259: | add_fd_read_event_handler: new ethX-pe@0x5652a846bbe0 Aug 26 18:24:48.960262: | libevent_malloc: new ptr-libevent@0x5652a846bc20 size 128 Aug 26 18:24:48.960265: | libevent_malloc: new ptr-libevent@0x5652a846bcb0 size 16 Aug 26 18:24:48.960270: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:48.960272: | add_fd_read_event_handler: new ethX-pe@0x5652a846bcd0 Aug 26 18:24:48.960275: | libevent_malloc: new ptr-libevent@0x5652a846bd10 size 128 Aug 26 18:24:48.960278: | libevent_malloc: new ptr-libevent@0x5652a846bda0 size 16 Aug 26 18:24:48.960283: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 18:24:48.960286: | add_fd_read_event_handler: new ethX-pe@0x5652a846bdc0 Aug 26 18:24:48.960303: | libevent_malloc: new ptr-libevent@0x5652a846be00 size 128 Aug 26 18:24:48.960306: | libevent_malloc: new ptr-libevent@0x5652a846be90 size 16 Aug 26 18:24:48.960311: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 18:24:48.960314: | add_fd_read_event_handler: new ethX-pe@0x5652a846beb0 Aug 26 18:24:48.960317: | libevent_malloc: new ptr-libevent@0x5652a846bef0 size 128 Aug 26 18:24:48.960319: | libevent_malloc: new ptr-libevent@0x5652a846bf80 size 16 Aug 26 18:24:48.960323: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 18:24:48.960326: | add_fd_read_event_handler: new ethX-pe@0x5652a846bfa0 Aug 26 18:24:48.960329: | libevent_malloc: new ptr-libevent@0x5652a846bfe0 size 128 Aug 26 18:24:48.960331: | libevent_malloc: new ptr-libevent@0x5652a846c070 size 16 Aug 26 18:24:48.960335: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 18:24:48.960342: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:48.960345: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:48.960368: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:48.960386: | saving Modulus Aug 26 18:24:48.960392: | saving PublicExponent Aug 26 18:24:48.960396: | ignoring PrivateExponent Aug 26 18:24:48.960399: | ignoring Prime1 Aug 26 18:24:48.960402: | ignoring Prime2 Aug 26 18:24:48.960406: | ignoring Exponent1 Aug 26 18:24:48.960409: | ignoring Exponent2 Aug 26 18:24:48.960412: | ignoring Coefficient Aug 26 18:24:48.960415: | ignoring CKAIDNSS Aug 26 18:24:48.960463: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 18:24:48.960467: | computed rsa CKAID 88 aa 7c 5d Aug 26 18:24:48.960471: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 18:24:48.960476: | certs and keys locked by 'process_secret' Aug 26 18:24:48.960482: | certs and keys unlocked by 'process_secret' Aug 26 18:24:48.960492: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:48.960499: | spent 0.773 milliseconds in whack Aug 26 18:24:48.994623: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:48.994658: listening for IKE messages Aug 26 18:24:48.994948: | Inspecting interface lo Aug 26 18:24:48.994957: | found lo with address 127.0.0.1 Aug 26 18:24:48.994959: | Inspecting interface eth0 Aug 26 18:24:48.994962: | found eth0 with address 192.0.3.254 Aug 26 18:24:48.994964: | Inspecting interface eth1 Aug 26 18:24:48.994967: | found eth1 with address 192.1.3.33 Aug 26 18:24:48.995030: | no interfaces to sort Aug 26 18:24:48.995042: | libevent_free: release ptr-libevent@0x5652a846bb30 Aug 26 18:24:48.995046: | free_event_entry: release EVENT_NULL-pe@0x5652a8454ef0 Aug 26 18:24:48.995049: | add_fd_read_event_handler: new ethX-pe@0x5652a8454ef0 Aug 26 18:24:48.995053: | libevent_malloc: new ptr-libevent@0x5652a846bb30 size 128 Aug 26 18:24:48.995061: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:48.995066: | libevent_free: release ptr-libevent@0x5652a846bc20 Aug 26 18:24:48.995069: | free_event_entry: release EVENT_NULL-pe@0x5652a846bbe0 Aug 26 18:24:48.995072: | add_fd_read_event_handler: new ethX-pe@0x5652a846bbe0 Aug 26 18:24:48.995075: | libevent_malloc: new ptr-libevent@0x5652a846bc20 size 128 Aug 26 18:24:48.995080: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:48.995085: | libevent_free: release ptr-libevent@0x5652a846bd10 Aug 26 18:24:48.995088: | free_event_entry: release EVENT_NULL-pe@0x5652a846bcd0 Aug 26 18:24:48.995091: | add_fd_read_event_handler: new ethX-pe@0x5652a846bcd0 Aug 26 18:24:48.995094: | libevent_malloc: new ptr-libevent@0x5652a846bd10 size 128 Aug 26 18:24:48.995100: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 18:24:48.995104: | libevent_free: release ptr-libevent@0x5652a846be00 Aug 26 18:24:48.995107: | free_event_entry: release EVENT_NULL-pe@0x5652a846bdc0 Aug 26 18:24:48.995110: | add_fd_read_event_handler: new ethX-pe@0x5652a846bdc0 Aug 26 18:24:48.995113: | libevent_malloc: new ptr-libevent@0x5652a846be00 size 128 Aug 26 18:24:48.995118: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 18:24:48.995122: | libevent_free: release ptr-libevent@0x5652a846bef0 Aug 26 18:24:48.995125: | free_event_entry: release EVENT_NULL-pe@0x5652a846beb0 Aug 26 18:24:48.995128: | add_fd_read_event_handler: new ethX-pe@0x5652a846beb0 Aug 26 18:24:48.995131: | libevent_malloc: new ptr-libevent@0x5652a846bef0 size 128 Aug 26 18:24:48.995137: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 18:24:48.995141: | libevent_free: release ptr-libevent@0x5652a846bfe0 Aug 26 18:24:48.995144: | free_event_entry: release EVENT_NULL-pe@0x5652a846bfa0 Aug 26 18:24:48.995147: | add_fd_read_event_handler: new ethX-pe@0x5652a846bfa0 Aug 26 18:24:48.995150: | libevent_malloc: new ptr-libevent@0x5652a846bfe0 size 128 Aug 26 18:24:48.995155: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 18:24:48.995159: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:48.995161: forgetting secrets Aug 26 18:24:48.995171: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:48.995189: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:48.995206: | saving Modulus Aug 26 18:24:48.995210: | saving PublicExponent Aug 26 18:24:48.995214: | ignoring PrivateExponent Aug 26 18:24:48.995216: | ignoring Prime1 Aug 26 18:24:48.995218: | ignoring Prime2 Aug 26 18:24:48.995220: | ignoring Exponent1 Aug 26 18:24:48.995222: | ignoring Exponent2 Aug 26 18:24:48.995224: | ignoring Coefficient Aug 26 18:24:48.995226: | ignoring CKAIDNSS Aug 26 18:24:48.995243: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 18:24:48.995245: | computed rsa CKAID 88 aa 7c 5d Aug 26 18:24:48.995248: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 18:24:48.995253: | certs and keys locked by 'process_secret' Aug 26 18:24:48.995255: | certs and keys unlocked by 'process_secret' Aug 26 18:24:48.995263: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:48.995268: | spent 0.667 milliseconds in whack Aug 26 18:24:48.995766: | processing signal PLUTO_SIGCHLD Aug 26 18:24:48.995784: | waitpid returned pid 28924 (exited with status 0) Aug 26 18:24:48.995792: | reaped addconn helper child (status 0) Aug 26 18:24:48.995798: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:48.995803: | spent 0.0236 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:49.046118: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:49.046136: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:49.046139: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:49.046141: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:49.046142: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:49.046145: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:49.046151: | Added new connection north-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:49.046153: | No AUTH policy was set - defaulting to RSASIG Aug 26 18:24:49.046173: | ike (phase1) algorithm values: AES_CBC_256-HMAC_SHA2_256-MODP2048 Aug 26 18:24:49.046175: | from whack: got --esp=aes128-sha2_512;modp3072 Aug 26 18:24:49.046185: | ESP/AH string values: AES_CBC_128-HMAC_SHA2_512_256-MODP3072 Aug 26 18:24:49.046188: | counting wild cards for @north is 0 Aug 26 18:24:49.046191: | counting wild cards for @east is 0 Aug 26 18:24:49.046198: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Aug 26 18:24:49.046201: | new hp@0x5652a8438620 Aug 26 18:24:49.046204: added connection description "north-eastnets/0x1" Aug 26 18:24:49.046212: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:49.046219: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Aug 26 18:24:49.046226: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:49.046232: | spent 0.121 milliseconds in whack Aug 26 18:24:49.046269: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:49.046275: add keyid @north Aug 26 18:24:49.046278: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Aug 26 18:24:49.046280: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Aug 26 18:24:49.046281: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Aug 26 18:24:49.046283: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Aug 26 18:24:49.046284: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Aug 26 18:24:49.046286: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Aug 26 18:24:49.046328: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Aug 26 18:24:49.046334: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Aug 26 18:24:49.046337: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Aug 26 18:24:49.046339: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Aug 26 18:24:49.046341: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Aug 26 18:24:49.046343: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Aug 26 18:24:49.046345: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Aug 26 18:24:49.046347: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Aug 26 18:24:49.046349: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Aug 26 18:24:49.046352: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Aug 26 18:24:49.046354: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Aug 26 18:24:49.046356: | add pubkey c7 5e a5 99 Aug 26 18:24:49.046379: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 18:24:49.046381: | computed rsa CKAID 88 aa 7c 5d Aug 26 18:24:49.046390: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:49.046393: | spent 0.0878 milliseconds in whack Aug 26 18:24:49.046456: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:49.046468: add keyid @east Aug 26 18:24:49.046472: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 18:24:49.046473: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 18:24:49.046475: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 18:24:49.046477: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 18:24:49.046478: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 18:24:49.046480: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 18:24:49.046481: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 18:24:49.046483: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 18:24:49.046484: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 18:24:49.046486: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 18:24:49.046487: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 18:24:49.046489: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 18:24:49.046490: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 18:24:49.046492: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 18:24:49.046493: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 18:24:49.046495: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 18:24:49.046496: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 18:24:49.046498: | add pubkey 51 51 48 ef Aug 26 18:24:49.046505: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 18:24:49.046507: | computed rsa CKAID 8a 82 25 f1 Aug 26 18:24:49.046515: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:49.046519: | spent 0.068 milliseconds in whack Aug 26 18:24:49.046578: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:49.046590: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:49.046592: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:49.046594: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:49.046596: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:49.046598: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:49.046602: | Added new connection north-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:49.046604: | No AUTH policy was set - defaulting to RSASIG Aug 26 18:24:49.046616: | ike (phase1) algorithm values: AES_CBC_256-HMAC_SHA2_256-MODP2048 Aug 26 18:24:49.046618: | from whack: got --esp=aes128-sha2_512;modp3072 Aug 26 18:24:49.046627: | ESP/AH string values: AES_CBC_128-HMAC_SHA2_512_256-MODP3072 Aug 26 18:24:49.046630: | counting wild cards for @north is 0 Aug 26 18:24:49.046632: | counting wild cards for @east is 0 Aug 26 18:24:49.046636: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Aug 26 18:24:49.046639: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x5652a8438620: north-eastnets/0x1 Aug 26 18:24:49.046641: added connection description "north-eastnets/0x2" Aug 26 18:24:49.046647: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:49.046654: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.22.0/24 Aug 26 18:24:49.046674: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:49.046678: | spent 0.106 milliseconds in whack Aug 26 18:24:49.046749: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:49.046761: add keyid @north Aug 26 18:24:49.046768: | unreference key: 0x5652a83c68f0 @north cnt 1-- Aug 26 18:24:49.046771: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Aug 26 18:24:49.046772: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Aug 26 18:24:49.046774: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Aug 26 18:24:49.046776: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Aug 26 18:24:49.046777: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Aug 26 18:24:49.046779: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Aug 26 18:24:49.046780: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Aug 26 18:24:49.046782: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Aug 26 18:24:49.046783: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Aug 26 18:24:49.046785: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Aug 26 18:24:49.046786: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Aug 26 18:24:49.046788: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Aug 26 18:24:49.046789: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Aug 26 18:24:49.046791: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Aug 26 18:24:49.046792: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Aug 26 18:24:49.046794: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Aug 26 18:24:49.046796: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Aug 26 18:24:49.046797: | add pubkey c7 5e a5 99 Aug 26 18:24:49.046804: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 18:24:49.046806: | computed rsa CKAID 88 aa 7c 5d Aug 26 18:24:49.046813: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:49.046817: | spent 0.073 milliseconds in whack Aug 26 18:24:49.046869: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:49.046876: add keyid @east Aug 26 18:24:49.046879: | unreference key: 0x5652a846d1b0 @east cnt 1-- Aug 26 18:24:49.046882: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 18:24:49.046883: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 18:24:49.046885: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 18:24:49.046886: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 18:24:49.046888: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 18:24:49.046889: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 18:24:49.046891: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 18:24:49.046892: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 18:24:49.046894: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 18:24:49.046895: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 18:24:49.046897: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 18:24:49.046898: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 18:24:49.046900: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 18:24:49.046901: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 18:24:49.046903: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 18:24:49.046905: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 18:24:49.046906: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 18:24:49.046907: | add pubkey 51 51 48 ef Aug 26 18:24:49.046913: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 18:24:49.046915: | computed rsa CKAID 8a 82 25 f1 Aug 26 18:24:49.046920: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:49.046923: | spent 0.0571 milliseconds in whack