Aug 26 18:24:47.726921: FIPS Product: YES Aug 26 18:24:47.727044: FIPS Kernel: NO Aug 26 18:24:47.727048: FIPS Mode: NO Aug 26 18:24:47.727050: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:24:47.727195: Initializing NSS Aug 26 18:24:47.727204: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:24:47.764621: NSS initialized Aug 26 18:24:47.764634: NSS crypto library initialized Aug 26 18:24:47.764637: FIPS HMAC integrity support [enabled] Aug 26 18:24:47.764640: FIPS mode disabled for pluto daemon Aug 26 18:24:47.797899: FIPS HMAC integrity verification self-test FAILED Aug 26 18:24:47.798025: libcap-ng support [enabled] Aug 26 18:24:47.798033: Linux audit support [enabled] Aug 26 18:24:47.798063: Linux audit activated Aug 26 18:24:47.798066: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:26525 Aug 26 18:24:47.798068: core dump dir: /tmp Aug 26 18:24:47.798070: secrets file: /etc/ipsec.secrets Aug 26 18:24:47.798071: leak-detective enabled Aug 26 18:24:47.798072: NSS crypto [enabled] Aug 26 18:24:47.798074: XAUTH PAM support [enabled] Aug 26 18:24:47.798129: | libevent is using pluto's memory allocator Aug 26 18:24:47.798135: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:24:47.798147: | libevent_malloc: new ptr-libevent@0x558fa9d40ba8 size 40 Aug 26 18:24:47.798152: | libevent_malloc: new ptr-libevent@0x558fa9d40cd8 size 40 Aug 26 18:24:47.798154: | libevent_malloc: new ptr-libevent@0x558fa9d40dd8 size 40 Aug 26 18:24:47.798156: | creating event base Aug 26 18:24:47.798158: | libevent_malloc: new ptr-libevent@0x558fa9dc5408 size 56 Aug 26 18:24:47.798161: | libevent_malloc: new ptr-libevent@0x558fa9d69c68 size 664 Aug 26 18:24:47.798170: | libevent_malloc: new ptr-libevent@0x558fa9dc5478 size 24 Aug 26 18:24:47.798172: | libevent_malloc: new ptr-libevent@0x558fa9dc54c8 size 384 Aug 26 18:24:47.798180: | libevent_malloc: new ptr-libevent@0x558fa9dc53c8 size 16 Aug 26 18:24:47.798182: | libevent_malloc: new ptr-libevent@0x558fa9d40908 size 40 Aug 26 18:24:47.798183: | libevent_malloc: new ptr-libevent@0x558fa9d40d38 size 48 Aug 26 18:24:47.798187: | libevent_realloc: new ptr-libevent@0x558fa9d698f8 size 256 Aug 26 18:24:47.798189: | libevent_malloc: new ptr-libevent@0x558fa9dc5678 size 16 Aug 26 18:24:47.798193: | libevent_free: release ptr-libevent@0x558fa9dc5408 Aug 26 18:24:47.798195: | libevent initialized Aug 26 18:24:47.798198: | libevent_realloc: new ptr-libevent@0x558fa9dc5408 size 64 Aug 26 18:24:47.798200: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:24:47.798214: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:24:47.798216: NAT-Traversal support [enabled] Aug 26 18:24:47.798218: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:24:47.798222: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:24:47.798225: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:24:47.798248: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:24:47.798251: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:24:47.798253: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:24:47.798285: Encryption algorithms: Aug 26 18:24:47.798307: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:24:47.798313: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:24:47.798315: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:24:47.798318: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:24:47.798320: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:24:47.798326: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:24:47.798329: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:24:47.798331: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:24:47.798333: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:24:47.798335: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:24:47.798338: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:24:47.798340: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:24:47.798342: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:24:47.798345: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:24:47.798347: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:24:47.798349: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:24:47.798352: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:24:47.798359: Hash algorithms: Aug 26 18:24:47.798362: MD5 IKEv1: IKE IKEv2: Aug 26 18:24:47.798364: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:24:47.798367: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:24:47.798370: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:24:47.798373: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:24:47.798385: PRF algorithms: Aug 26 18:24:47.798388: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:24:47.798391: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:24:47.798394: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:24:47.798397: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:24:47.798400: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:24:47.798403: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:24:47.798426: Integrity algorithms: Aug 26 18:24:47.798430: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:24:47.798434: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:24:47.798438: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:24:47.798441: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:24:47.798445: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:24:47.798448: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:24:47.798451: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:24:47.798454: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:24:47.798457: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:24:47.798469: DH algorithms: Aug 26 18:24:47.798472: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:24:47.798475: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:24:47.798478: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:24:47.798484: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:24:47.798487: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:24:47.798490: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:24:47.798493: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:24:47.798496: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:24:47.798499: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:24:47.798502: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:24:47.798505: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:24:47.798507: testing CAMELLIA_CBC: Aug 26 18:24:47.798510: Camellia: 16 bytes with 128-bit key Aug 26 18:24:47.798602: Camellia: 16 bytes with 128-bit key Aug 26 18:24:47.798625: Camellia: 16 bytes with 256-bit key Aug 26 18:24:47.798655: Camellia: 16 bytes with 256-bit key Aug 26 18:24:47.798685: testing AES_GCM_16: Aug 26 18:24:47.798690: empty string Aug 26 18:24:47.798718: one block Aug 26 18:24:47.798748: two blocks Aug 26 18:24:47.798777: two blocks with associated data Aug 26 18:24:47.798807: testing AES_CTR: Aug 26 18:24:47.798811: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:24:47.798839: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:24:47.798869: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:24:47.798901: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:24:47.798930: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:24:47.798960: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:24:47.798987: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:24:47.799013: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:24:47.799040: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:24:47.799064: testing AES_CBC: Aug 26 18:24:47.799066: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:24:47.799084: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:24:47.799102: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:24:47.799120: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:24:47.799141: testing AES_XCBC: Aug 26 18:24:47.799143: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:24:47.799252: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:24:47.799372: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:24:47.799455: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:24:47.799531: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:24:47.799607: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:24:47.799686: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:24:47.799856: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:24:47.799936: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:24:47.800019: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:24:47.800164: testing HMAC_MD5: Aug 26 18:24:47.800167: RFC 2104: MD5_HMAC test 1 Aug 26 18:24:47.800280: RFC 2104: MD5_HMAC test 2 Aug 26 18:24:47.800380: RFC 2104: MD5_HMAC test 3 Aug 26 18:24:47.800581: 8 CPU cores online Aug 26 18:24:47.800587: starting up 7 crypto helpers Aug 26 18:24:47.800620: started thread for crypto helper 0 Aug 26 18:24:47.800626: | starting up helper thread 0 Aug 26 18:24:47.800644: started thread for crypto helper 1 Aug 26 18:24:47.800648: | starting up helper thread 1 Aug 26 18:24:47.800650: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:24:47.800665: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:24:47.800667: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:47.800674: started thread for crypto helper 2 Aug 26 18:24:47.800686: | crypto helper 1 waiting (nothing to do) Aug 26 18:24:47.800686: | starting up helper thread 2 Aug 26 18:24:47.800702: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:24:47.800705: | crypto helper 2 waiting (nothing to do) Aug 26 18:24:47.800706: started thread for crypto helper 3 Aug 26 18:24:47.800711: | starting up helper thread 3 Aug 26 18:24:47.800729: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:24:47.800734: | crypto helper 3 waiting (nothing to do) Aug 26 18:24:47.800729: started thread for crypto helper 4 Aug 26 18:24:47.800762: started thread for crypto helper 5 Aug 26 18:24:47.800764: | starting up helper thread 5 Aug 26 18:24:47.800773: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:24:47.800776: | crypto helper 5 waiting (nothing to do) Aug 26 18:24:47.800785: started thread for crypto helper 6 Aug 26 18:24:47.800787: | starting up helper thread 6 Aug 26 18:24:47.800789: | checking IKEv1 state table Aug 26 18:24:47.800796: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:24:47.800805: | crypto helper 6 waiting (nothing to do) Aug 26 18:24:47.800806: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:47.800814: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:24:47.800817: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:47.800820: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:24:47.800823: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:24:47.800825: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:24:47.800828: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:47.800830: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:47.800833: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:24:47.800836: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:24:47.800839: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:47.800841: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:47.800844: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:24:47.800846: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:47.800849: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:47.800851: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:47.800854: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:24:47.800856: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:47.800859: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:47.800861: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:47.800864: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:24:47.800867: | -> UNDEFINED EVENT_NULL Aug 26 18:24:47.800870: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:24:47.800872: | -> UNDEFINED EVENT_NULL Aug 26 18:24:47.800875: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:47.800878: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:24:47.800881: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:47.800883: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:47.800886: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:47.800889: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:24:47.800891: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:47.800894: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:47.800896: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:24:47.800899: | -> UNDEFINED EVENT_NULL Aug 26 18:24:47.800901: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:24:47.800904: | -> UNDEFINED EVENT_NULL Aug 26 18:24:47.800907: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:24:47.800910: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:24:47.800913: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:24:47.800915: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:24:47.800918: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:24:47.800925: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:24:47.800928: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:24:47.800930: | -> UNDEFINED EVENT_NULL Aug 26 18:24:47.800933: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:24:47.800936: | -> UNDEFINED EVENT_NULL Aug 26 18:24:47.800939: | INFO: category: informational flags: 0: Aug 26 18:24:47.800941: | -> UNDEFINED EVENT_NULL Aug 26 18:24:47.800944: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:24:47.800947: | -> UNDEFINED EVENT_NULL Aug 26 18:24:47.800950: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:24:47.800952: | -> XAUTH_R1 EVENT_NULL Aug 26 18:24:47.800955: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:24:47.800958: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:47.800961: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:24:47.800964: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:24:47.800967: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:24:47.800969: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:24:47.800972: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:24:47.800975: | -> UNDEFINED EVENT_NULL Aug 26 18:24:47.800978: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:24:47.800980: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:47.800983: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:24:47.800986: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:24:47.800989: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:24:47.800992: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:24:47.800999: | checking IKEv2 state table Aug 26 18:24:47.801006: | PARENT_I0: category: ignore flags: 0: Aug 26 18:24:47.801009: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:24:47.801013: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:47.801016: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:24:47.801019: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:24:47.801023: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:24:47.801026: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:24:47.801029: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:24:47.801032: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:24:47.801035: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:24:47.801037: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:24:47.801040: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:24:47.801043: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:24:47.801046: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:24:47.801048: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:24:47.801051: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:24:47.801054: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:47.801057: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:24:47.801061: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:24:47.801063: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:24:47.801066: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:24:47.801069: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:24:47.801072: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:24:47.801075: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:24:47.801078: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:24:47.801083: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:24:47.801087: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:24:47.801090: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:24:47.801093: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:24:47.801096: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:24:47.801099: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:24:47.801101: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:47.801104: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:24:47.801107: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:24:47.801111: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:24:47.801113: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:24:47.801117: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:24:47.801120: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:24:47.801122: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:24:47.801125: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:24:47.801128: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:47.801131: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:24:47.801135: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:24:47.801138: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:24:47.801140: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:24:47.801143: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:24:47.801146: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:24:47.801161: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:24:47.801645: | Hard-wiring algorithms Aug 26 18:24:47.801653: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:24:47.801657: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:24:47.801659: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:24:47.801661: | adding 3DES_CBC to kernel algorithm db Aug 26 18:24:47.801662: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:24:47.801664: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:24:47.801666: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:24:47.801667: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:24:47.801669: | adding AES_CTR to kernel algorithm db Aug 26 18:24:47.801671: | adding AES_CBC to kernel algorithm db Aug 26 18:24:47.801672: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:24:47.801674: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:24:47.801676: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:24:47.801677: | adding NULL to kernel algorithm db Aug 26 18:24:47.801679: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:24:47.801681: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:24:47.801683: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:24:47.801684: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:24:47.801686: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:24:47.801687: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:24:47.801689: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:24:47.801691: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:24:47.801692: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:24:47.801694: | adding NONE to kernel algorithm db Aug 26 18:24:47.801715: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:24:47.801720: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:24:47.801722: | setup kernel fd callback Aug 26 18:24:47.801727: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x558fa9dca0d8 Aug 26 18:24:47.801731: | libevent_malloc: new ptr-libevent@0x558fa9dae498 size 128 Aug 26 18:24:47.801733: | libevent_malloc: new ptr-libevent@0x558fa9dca1e8 size 16 Aug 26 18:24:47.801738: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x558fa9dcac18 Aug 26 18:24:47.801740: | libevent_malloc: new ptr-libevent@0x558fa9d6ce78 size 128 Aug 26 18:24:47.801741: | libevent_malloc: new ptr-libevent@0x558fa9dcabd8 size 16 Aug 26 18:24:47.801885: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:24:47.801892: selinux support is enabled. Aug 26 18:24:47.802250: | unbound context created - setting debug level to 5 Aug 26 18:24:47.802274: | /etc/hosts lookups activated Aug 26 18:24:47.802284: | /etc/resolv.conf usage activated Aug 26 18:24:47.802297: | starting up helper thread 4 Aug 26 18:24:47.802313: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:24:47.802317: | crypto helper 4 waiting (nothing to do) Aug 26 18:24:47.802351: | outgoing-port-avoid set 0-65535 Aug 26 18:24:47.802383: | outgoing-port-permit set 32768-60999 Aug 26 18:24:47.802386: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:24:47.802390: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:24:47.802393: | Setting up events, loop start Aug 26 18:24:47.802397: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x558fa9dcac88 Aug 26 18:24:47.802400: | libevent_malloc: new ptr-libevent@0x558fa9dd6e18 size 128 Aug 26 18:24:47.802404: | libevent_malloc: new ptr-libevent@0x558fa9de2068 size 16 Aug 26 18:24:47.802410: | libevent_realloc: new ptr-libevent@0x558fa9de20a8 size 256 Aug 26 18:24:47.802413: | libevent_malloc: new ptr-libevent@0x558fa9de21d8 size 8 Aug 26 18:24:47.802417: | libevent_realloc: new ptr-libevent@0x558fa9d6c598 size 144 Aug 26 18:24:47.802420: | libevent_malloc: new ptr-libevent@0x558fa9d75608 size 152 Aug 26 18:24:47.802423: | libevent_malloc: new ptr-libevent@0x558fa9de2218 size 16 Aug 26 18:24:47.802428: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:24:47.802431: | libevent_malloc: new ptr-libevent@0x558fa9de2258 size 8 Aug 26 18:24:47.802436: | libevent_malloc: new ptr-libevent@0x558fa9d6d498 size 152 Aug 26 18:24:47.802439: | signal event handler PLUTO_SIGTERM installed Aug 26 18:24:47.802442: | libevent_malloc: new ptr-libevent@0x558fa9de2298 size 8 Aug 26 18:24:47.802445: | libevent_malloc: new ptr-libevent@0x558fa9de22d8 size 152 Aug 26 18:24:47.802448: | signal event handler PLUTO_SIGHUP installed Aug 26 18:24:47.802452: | libevent_malloc: new ptr-libevent@0x558fa9de23a8 size 8 Aug 26 18:24:47.802454: | libevent_realloc: release ptr-libevent@0x558fa9d6c598 Aug 26 18:24:47.802458: | libevent_realloc: new ptr-libevent@0x558fa9de23e8 size 256 Aug 26 18:24:47.802461: | libevent_malloc: new ptr-libevent@0x558fa9de2518 size 152 Aug 26 18:24:47.802464: | signal event handler PLUTO_SIGSYS installed Aug 26 18:24:47.802823: | created addconn helper (pid:26721) using fork+execve Aug 26 18:24:47.802842: | forked child 26721 Aug 26 18:24:47.802883: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:47.803271: listening for IKE messages Aug 26 18:24:47.803325: | Inspecting interface lo Aug 26 18:24:47.803337: | found lo with address 127.0.0.1 Aug 26 18:24:47.803345: | Inspecting interface eth0 Aug 26 18:24:47.803350: | found eth0 with address 192.0.1.254 Aug 26 18:24:47.803352: | Inspecting interface eth1 Aug 26 18:24:47.803356: | found eth1 with address 192.1.2.45 Aug 26 18:24:47.803444: Kernel supports NIC esp-hw-offload Aug 26 18:24:47.803456: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Aug 26 18:24:47.803479: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:47.803484: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:47.803486: adding interface eth1/eth1 192.1.2.45:4500 Aug 26 18:24:47.803512: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Aug 26 18:24:47.803530: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:47.803533: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:47.803535: adding interface eth0/eth0 192.0.1.254:4500 Aug 26 18:24:47.803555: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:24:47.803573: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:47.803576: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:47.803578: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:24:47.803643: | no interfaces to sort Aug 26 18:24:47.803649: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:24:47.803659: | add_fd_read_event_handler: new ethX-pe@0x558fa9de2af8 Aug 26 18:24:47.803663: | libevent_malloc: new ptr-libevent@0x558fa9dd6d68 size 128 Aug 26 18:24:47.803667: | libevent_malloc: new ptr-libevent@0x558fa9de2b68 size 16 Aug 26 18:24:47.803674: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:47.803677: | add_fd_read_event_handler: new ethX-pe@0x558fa9de2ba8 Aug 26 18:24:47.803682: | libevent_malloc: new ptr-libevent@0x558fa9d6b3a8 size 128 Aug 26 18:24:47.803686: | libevent_malloc: new ptr-libevent@0x558fa9de2c18 size 16 Aug 26 18:24:47.803691: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:47.803694: | add_fd_read_event_handler: new ethX-pe@0x558fa9de2c58 Aug 26 18:24:47.803700: | libevent_malloc: new ptr-libevent@0x558fa9d6c498 size 128 Aug 26 18:24:47.803703: | libevent_malloc: new ptr-libevent@0x558fa9de2cc8 size 16 Aug 26 18:24:47.803708: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 18:24:47.803711: | add_fd_read_event_handler: new ethX-pe@0x558fa9de2d08 Aug 26 18:24:47.803716: | libevent_malloc: new ptr-libevent@0x558fa9d6d3c8 size 128 Aug 26 18:24:47.803720: | libevent_malloc: new ptr-libevent@0x558fa9de2d78 size 16 Aug 26 18:24:47.803725: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 18:24:47.803728: | add_fd_read_event_handler: new ethX-pe@0x558fa9de2db8 Aug 26 18:24:47.803733: | libevent_malloc: new ptr-libevent@0x558fa9d414e8 size 128 Aug 26 18:24:47.803736: | libevent_malloc: new ptr-libevent@0x558fa9de2e28 size 16 Aug 26 18:24:47.803741: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 18:24:47.803742: | add_fd_read_event_handler: new ethX-pe@0x558fa9de2e68 Aug 26 18:24:47.803744: | libevent_malloc: new ptr-libevent@0x558fa9d411d8 size 128 Aug 26 18:24:47.803746: | libevent_malloc: new ptr-libevent@0x558fa9de2ed8 size 16 Aug 26 18:24:47.803749: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 18:24:47.803753: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:47.803755: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:47.803770: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:47.803784: | saving Modulus Aug 26 18:24:47.803791: | saving PublicExponent Aug 26 18:24:47.803794: | ignoring PrivateExponent Aug 26 18:24:47.803796: | ignoring Prime1 Aug 26 18:24:47.803798: | ignoring Prime2 Aug 26 18:24:47.803800: | ignoring Exponent1 Aug 26 18:24:47.803802: | ignoring Exponent2 Aug 26 18:24:47.803804: | ignoring Coefficient Aug 26 18:24:47.803806: | ignoring CKAIDNSS Aug 26 18:24:47.803838: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Aug 26 18:24:47.803840: | computed rsa CKAID 7f 0f 03 50 Aug 26 18:24:47.803843: loaded private key for keyid: PKK_RSA:AQOm9dY/4 Aug 26 18:24:47.803848: | certs and keys locked by 'process_secret' Aug 26 18:24:47.803853: | certs and keys unlocked by 'process_secret' Aug 26 18:24:47.803863: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:47.803871: | spent 0.993 milliseconds in whack Aug 26 18:24:47.827868: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:47.827892: listening for IKE messages Aug 26 18:24:47.827928: | Inspecting interface lo Aug 26 18:24:47.827933: | found lo with address 127.0.0.1 Aug 26 18:24:47.827935: | Inspecting interface eth0 Aug 26 18:24:47.827938: | found eth0 with address 192.0.1.254 Aug 26 18:24:47.827940: | Inspecting interface eth1 Aug 26 18:24:47.827942: | found eth1 with address 192.1.2.45 Aug 26 18:24:47.827997: | no interfaces to sort Aug 26 18:24:47.828005: | libevent_free: release ptr-libevent@0x558fa9dd6d68 Aug 26 18:24:47.828007: | free_event_entry: release EVENT_NULL-pe@0x558fa9de2af8 Aug 26 18:24:47.828009: | add_fd_read_event_handler: new ethX-pe@0x558fa9de2af8 Aug 26 18:24:47.828012: | libevent_malloc: new ptr-libevent@0x558fa9dd6d68 size 128 Aug 26 18:24:47.828017: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:47.828020: | libevent_free: release ptr-libevent@0x558fa9d6b3a8 Aug 26 18:24:47.828022: | free_event_entry: release EVENT_NULL-pe@0x558fa9de2ba8 Aug 26 18:24:47.828023: | add_fd_read_event_handler: new ethX-pe@0x558fa9de2ba8 Aug 26 18:24:47.828025: | libevent_malloc: new ptr-libevent@0x558fa9d6b3a8 size 128 Aug 26 18:24:47.828028: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:47.828031: | libevent_free: release ptr-libevent@0x558fa9d6c498 Aug 26 18:24:47.828033: | free_event_entry: release EVENT_NULL-pe@0x558fa9de2c58 Aug 26 18:24:47.828034: | add_fd_read_event_handler: new ethX-pe@0x558fa9de2c58 Aug 26 18:24:47.828036: | libevent_malloc: new ptr-libevent@0x558fa9d6c498 size 128 Aug 26 18:24:47.828040: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 18:24:47.828042: | libevent_free: release ptr-libevent@0x558fa9d6d3c8 Aug 26 18:24:47.828044: | free_event_entry: release EVENT_NULL-pe@0x558fa9de2d08 Aug 26 18:24:47.828045: | add_fd_read_event_handler: new ethX-pe@0x558fa9de2d08 Aug 26 18:24:47.828047: | libevent_malloc: new ptr-libevent@0x558fa9d6d3c8 size 128 Aug 26 18:24:47.828050: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 18:24:47.828053: | libevent_free: release ptr-libevent@0x558fa9d414e8 Aug 26 18:24:47.828054: | free_event_entry: release EVENT_NULL-pe@0x558fa9de2db8 Aug 26 18:24:47.828056: | add_fd_read_event_handler: new ethX-pe@0x558fa9de2db8 Aug 26 18:24:47.828058: | libevent_malloc: new ptr-libevent@0x558fa9d414e8 size 128 Aug 26 18:24:47.828061: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 18:24:47.828063: | libevent_free: release ptr-libevent@0x558fa9d411d8 Aug 26 18:24:47.828065: | free_event_entry: release EVENT_NULL-pe@0x558fa9de2e68 Aug 26 18:24:47.828067: | add_fd_read_event_handler: new ethX-pe@0x558fa9de2e68 Aug 26 18:24:47.828068: | libevent_malloc: new ptr-libevent@0x558fa9d411d8 size 128 Aug 26 18:24:47.828071: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 18:24:47.828074: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:47.828075: forgetting secrets Aug 26 18:24:47.828083: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:47.828093: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:47.828104: | saving Modulus Aug 26 18:24:47.828106: | saving PublicExponent Aug 26 18:24:47.828108: | ignoring PrivateExponent Aug 26 18:24:47.828110: | ignoring Prime1 Aug 26 18:24:47.828112: | ignoring Prime2 Aug 26 18:24:47.828114: | ignoring Exponent1 Aug 26 18:24:47.828116: | ignoring Exponent2 Aug 26 18:24:47.828118: | ignoring Coefficient Aug 26 18:24:47.828120: | ignoring CKAIDNSS Aug 26 18:24:47.828139: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Aug 26 18:24:47.828141: | computed rsa CKAID 7f 0f 03 50 Aug 26 18:24:47.828144: loaded private key for keyid: PKK_RSA:AQOm9dY/4 Aug 26 18:24:47.828148: | certs and keys locked by 'process_secret' Aug 26 18:24:47.828150: | certs and keys unlocked by 'process_secret' Aug 26 18:24:47.828157: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:47.828162: | spent 0.301 milliseconds in whack Aug 26 18:24:47.828734: | processing signal PLUTO_SIGCHLD Aug 26 18:24:47.828749: | waitpid returned pid 26721 (exited with status 0) Aug 26 18:24:47.828755: | reaped addconn helper child (status 0) Aug 26 18:24:47.828760: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:47.828763: | spent 0.017 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:47.917283: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:47.917548: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:47.917570: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:24:47.917583: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:47.917591: | spent 0.311 milliseconds in whack Aug 26 18:24:48.209279: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:48.209315: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:48.209320: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:48.209322: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:48.209323: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:48.209326: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:48.209332: | Added new connection westnet-eastnet-ikev2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:48.209334: | No AUTH policy was set - defaulting to RSASIG Aug 26 18:24:48.209373: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:24:48.209376: | from whack: got --esp= Aug 26 18:24:48.209400: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 18:24:48.209404: | counting wild cards for @west is 0 Aug 26 18:24:48.209407: | counting wild cards for @east is 0 Aug 26 18:24:48.209413: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Aug 26 18:24:48.209415: | new hp@0x558fa9de5548 Aug 26 18:24:48.209418: added connection description "westnet-eastnet-ikev2" Aug 26 18:24:48.209426: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:48.209434: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Aug 26 18:24:48.209440: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:48.209445: | spent 0.16 milliseconds in whack Aug 26 18:24:48.209519: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:48.209531: add keyid @west Aug 26 18:24:48.209535: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Aug 26 18:24:48.209536: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Aug 26 18:24:48.209538: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Aug 26 18:24:48.209539: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Aug 26 18:24:48.209541: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Aug 26 18:24:48.209543: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Aug 26 18:24:48.209544: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Aug 26 18:24:48.209546: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Aug 26 18:24:48.209547: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Aug 26 18:24:48.209549: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Aug 26 18:24:48.209550: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Aug 26 18:24:48.209556: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Aug 26 18:24:48.209557: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Aug 26 18:24:48.209559: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Aug 26 18:24:48.209560: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Aug 26 18:24:48.209562: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Aug 26 18:24:48.209564: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Aug 26 18:24:48.209565: | add pubkey 15 04 37 f9 Aug 26 18:24:48.209582: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Aug 26 18:24:48.209584: | computed rsa CKAID 7f 0f 03 50 Aug 26 18:24:48.209593: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:48.209597: | spent 0.0839 milliseconds in whack Aug 26 18:24:48.209669: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:48.209681: add keyid @east Aug 26 18:24:48.209684: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 18:24:48.209686: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 18:24:48.209688: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 18:24:48.209689: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 18:24:48.209691: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 18:24:48.209692: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 18:24:48.209694: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 18:24:48.209696: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 18:24:48.209697: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 18:24:48.209699: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 18:24:48.209700: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 18:24:48.209702: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 18:24:48.209703: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 18:24:48.209705: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 18:24:48.209706: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 18:24:48.209708: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 18:24:48.209709: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 18:24:48.209711: | add pubkey 51 51 48 ef Aug 26 18:24:48.209720: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 18:24:48.209722: | computed rsa CKAID 8a 82 25 f1 Aug 26 18:24:48.209730: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:48.209734: | spent 0.0705 milliseconds in whack Aug 26 18:24:48.270435: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:48.270460: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 18:24:48.270479: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:48.270486: | start processing: connection "westnet-eastnet-ikev2" (in initiate_a_connection() at initiate.c:186) Aug 26 18:24:48.270505: | connection 'westnet-eastnet-ikev2' +POLICY_UP Aug 26 18:24:48.270509: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 18:24:48.270512: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:48.270549: | creating state object #1 at 0x558fa9de5b38 Aug 26 18:24:48.270567: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 18:24:48.270574: | pstats #1 ikev2.ike started Aug 26 18:24:48.270576: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:24:48.270579: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:24:48.270583: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:48.270592: | suspend processing: connection "westnet-eastnet-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:24:48.270596: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:24:48.270599: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:24:48.270602: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ikev2" IKE SA #1 "westnet-eastnet-ikev2" Aug 26 18:24:48.270605: "westnet-eastnet-ikev2" #1: initiating v2 parent SA Aug 26 18:24:48.270614: | constructing local IKE proposals for westnet-eastnet-ikev2 (IKE SA initiator selecting KE) Aug 26 18:24:48.270620: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:48.270640: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:48.270642: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:48.270646: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:48.270663: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:48.270667: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:48.270669: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:48.270672: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:48.270678: "westnet-eastnet-ikev2": constructed local IKE proposals for westnet-eastnet-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:48.270686: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 18:24:48.270688: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x558fa9de5628 Aug 26 18:24:48.270691: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:24:48.270694: | libevent_malloc: new ptr-libevent@0x558fa9de59a8 size 128 Aug 26 18:24:48.270705: | #1 spent 0.219 milliseconds in ikev2_parent_outI1() Aug 26 18:24:48.270707: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:48.270710: | RESET processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:48.270710: | crypto helper 0 resuming Aug 26 18:24:48.270728: | crypto helper 0 starting work-order 1 for state #1 Aug 26 18:24:48.270735: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 18:24:48.270712: | RESET processing: connection "westnet-eastnet-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:48.270741: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:24:48.270747: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Aug 26 18:24:48.270750: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:48.270753: | spent 0.337 milliseconds in whack Aug 26 18:24:48.271633: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000898 seconds Aug 26 18:24:48.271647: | (#1) spent 0.893 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 18:24:48.271651: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 18:24:48.271654: | scheduling resume sending helper answer for #1 Aug 26 18:24:48.271657: | libevent_malloc: new ptr-libevent@0x7fd724002888 size 128 Aug 26 18:24:48.271666: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:48.271675: | processing resume sending helper answer for #1 Aug 26 18:24:48.271687: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:48.271693: | crypto helper 0 replies to request ID 1 Aug 26 18:24:48.271696: | calling continuation function 0x558fa9b29b50 Aug 26 18:24:48.271699: | ikev2_parent_outI1_continue for #1 Aug 26 18:24:48.271733: | **emit ISAKMP Message: Aug 26 18:24:48.271737: | initiator cookie: Aug 26 18:24:48.271740: | 12 52 17 9e ec b0 bb 96 Aug 26 18:24:48.271743: | responder cookie: Aug 26 18:24:48.271745: | 00 00 00 00 00 00 00 00 Aug 26 18:24:48.271748: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:48.271751: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:48.271754: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:48.271757: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:48.271760: | Message ID: 0 (0x0) Aug 26 18:24:48.271763: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:48.271779: | using existing local IKE proposals for connection westnet-eastnet-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:48.271782: | Emitting ikev2_proposals ... Aug 26 18:24:48.271784: | ***emit IKEv2 Security Association Payload: Aug 26 18:24:48.271786: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:48.271788: | flags: none (0x0) Aug 26 18:24:48.271790: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:48.271792: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:48.271794: | discarding INTEG=NONE Aug 26 18:24:48.271796: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:48.271798: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:48.271800: | prop #: 1 (0x1) Aug 26 18:24:48.271801: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:48.271803: | spi size: 0 (0x0) Aug 26 18:24:48.271805: | # transforms: 11 (0xb) Aug 26 18:24:48.271807: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:48.271808: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.271810: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271812: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:48.271813: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:48.271818: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.271820: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:48.271822: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:48.271824: | length/value: 256 (0x100) Aug 26 18:24:48.271826: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:48.271828: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.271829: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271831: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:48.271832: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:48.271834: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271836: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.271838: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.271840: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.271841: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271843: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:48.271844: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:48.271846: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271848: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.271850: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.271851: | discarding INTEG=NONE Aug 26 18:24:48.271853: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.271854: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271856: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.271857: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:48.271859: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271861: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.271863: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.271864: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.271866: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271867: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.271869: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:48.271871: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271873: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.271874: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.271876: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.271877: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271879: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.271880: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:48.271882: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271884: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.271886: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.271887: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.271891: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271893: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.271894: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:48.271896: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271898: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.271900: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.271901: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.271903: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271904: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.271906: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:48.271908: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271910: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.271911: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.271913: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.271914: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271916: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.271917: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:48.271919: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271921: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.271923: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.271924: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.271926: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271927: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.271929: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:48.271931: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271932: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.271934: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.271936: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.271937: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:48.271939: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.271940: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:48.271942: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271944: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.271946: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.271947: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:48.271949: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:48.271951: | discarding INTEG=NONE Aug 26 18:24:48.271952: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:48.271954: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:48.271955: | prop #: 2 (0x2) Aug 26 18:24:48.271957: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:48.271958: | spi size: 0 (0x0) Aug 26 18:24:48.271961: | # transforms: 11 (0xb) Aug 26 18:24:48.271963: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:48.271965: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:48.271967: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.271968: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271970: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:48.271972: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:48.271973: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.271975: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:48.271977: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:48.271978: | length/value: 128 (0x80) Aug 26 18:24:48.271980: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:48.271981: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.271983: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271984: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:48.271986: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:48.271988: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271990: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.271991: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.271993: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.271994: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.271996: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:48.271998: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:48.271999: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272001: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272003: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272004: | discarding INTEG=NONE Aug 26 18:24:48.272006: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272007: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272009: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272010: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:48.272012: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272014: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272016: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272017: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272019: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272020: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272022: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:48.272024: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272025: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272027: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272029: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272033: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272035: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272036: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:48.272038: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272040: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272042: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272043: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272045: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272046: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272048: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:48.272049: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272051: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272053: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272054: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272056: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272057: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272059: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:48.272061: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272063: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272064: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272066: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272067: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272069: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272070: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:48.272072: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272074: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272076: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272077: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272079: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272080: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272082: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:48.272084: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272085: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272087: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272089: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272090: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:48.272092: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272093: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:48.272095: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272097: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272100: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272101: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:48.272103: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:48.272105: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:48.272106: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:48.272108: | prop #: 3 (0x3) Aug 26 18:24:48.272109: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:48.272111: | spi size: 0 (0x0) Aug 26 18:24:48.272112: | # transforms: 13 (0xd) Aug 26 18:24:48.272114: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:48.272116: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:48.272118: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272119: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272121: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:48.272122: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:48.272124: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272126: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:48.272127: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:48.272129: | length/value: 256 (0x100) Aug 26 18:24:48.272130: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:48.272132: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272133: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272135: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:48.272137: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:48.272138: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272140: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272142: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272143: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272145: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272147: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:48.272148: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:48.272150: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272152: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272153: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272155: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272156: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272158: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:48.272160: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:48.272161: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272163: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272165: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272166: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272168: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272169: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:48.272172: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:48.272174: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272176: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272177: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272179: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272180: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272182: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272183: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:48.272185: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272187: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272189: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272190: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272192: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272193: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272195: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:48.272197: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272198: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272200: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272202: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272203: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272205: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272206: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:48.272208: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272210: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272211: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272213: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272215: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272216: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272218: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:48.272219: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272221: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272223: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272224: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272226: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272227: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272229: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:48.272231: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272233: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272234: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272237: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272238: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272240: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272241: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:48.272243: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272245: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272247: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272248: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272250: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272251: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272253: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:48.272255: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272256: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272258: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272259: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272261: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:48.272263: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272264: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:48.272266: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272268: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272269: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272271: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:48.272273: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:48.272274: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:48.272276: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:48.272277: | prop #: 4 (0x4) Aug 26 18:24:48.272279: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:48.272280: | spi size: 0 (0x0) Aug 26 18:24:48.272282: | # transforms: 13 (0xd) Aug 26 18:24:48.272284: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:48.272286: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:48.272291: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272312: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272314: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:48.272317: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:48.272320: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272322: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:48.272325: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:48.272326: | length/value: 128 (0x80) Aug 26 18:24:48.272328: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:48.272330: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272344: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272346: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:48.272347: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:48.272349: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272352: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272354: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272356: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272357: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272359: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:48.272360: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:48.272362: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272364: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272365: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272367: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272368: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272370: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:48.272372: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:48.272373: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272375: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272377: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272378: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272380: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272381: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:48.272383: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:48.272385: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272387: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272388: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272390: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272391: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272393: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272394: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:48.272396: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272398: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272400: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272401: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272403: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272404: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272406: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:48.272408: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272409: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272411: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272413: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272414: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272417: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272418: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:48.272420: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272422: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272424: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272425: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272427: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272428: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272430: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:48.272432: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272433: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272435: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272437: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272438: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272440: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272441: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:48.272443: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272445: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272446: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272448: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272449: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272451: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272452: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:48.272454: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272456: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272458: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272459: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272461: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272462: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272464: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:48.272466: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272468: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272469: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272471: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.272472: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:48.272474: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.272475: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:48.272477: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.272479: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.272481: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.272483: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:48.272485: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:48.272487: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:24:48.272488: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:48.272490: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:24:48.272492: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:48.272493: | flags: none (0x0) Aug 26 18:24:48.272495: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:48.272497: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:24:48.272499: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:24:48.272501: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:24:48.272503: | ikev2 g^x 54 9d 29 11 b8 58 cd fd bc 08 cf f8 f5 41 a8 40 Aug 26 18:24:48.272505: | ikev2 g^x d7 57 75 04 e0 f6 1a a9 8e c6 af ab 26 a2 fe 8c Aug 26 18:24:48.272506: | ikev2 g^x e1 fb fc c7 f6 c5 50 ae 45 a1 41 35 9c b1 37 98 Aug 26 18:24:48.272508: | ikev2 g^x 56 8b 36 9c 73 12 99 19 f2 58 fe 5e 7a ff 1c 04 Aug 26 18:24:48.272509: | ikev2 g^x 83 4c 2c f1 e0 a5 b5 2e 58 10 fe 8f 90 7d 7f f4 Aug 26 18:24:48.272511: | ikev2 g^x 6c 26 52 22 af 96 0e ab ab ba 8d 11 4d d2 1d 2c Aug 26 18:24:48.272512: | ikev2 g^x 63 1b a9 45 a8 35 8d 66 ff c5 3a 5c e2 92 c8 43 Aug 26 18:24:48.272514: | ikev2 g^x 7a b9 2c 34 c1 be 21 b3 bf 7a 5e 4e 8c 27 07 b5 Aug 26 18:24:48.272515: | ikev2 g^x 7a 19 af 56 aa 19 92 a5 21 a6 af 46 3f 92 48 b2 Aug 26 18:24:48.272517: | ikev2 g^x ef 82 c3 c1 86 57 b7 c3 1d eb a6 65 2e e5 bd 02 Aug 26 18:24:48.272518: | ikev2 g^x d5 7c 2b 08 9f 50 a0 1e 7c 58 47 22 30 9c 46 d2 Aug 26 18:24:48.272520: | ikev2 g^x b3 bc 72 c2 8b 95 ed 7f 2b 88 19 0a a9 ba 00 02 Aug 26 18:24:48.272521: | ikev2 g^x 3d 04 ed a4 08 ca dd 8b db 56 d5 d3 b9 d0 06 89 Aug 26 18:24:48.272523: | ikev2 g^x 61 85 74 b8 ea a5 04 98 1c 3b 40 42 e3 40 2c 3a Aug 26 18:24:48.272524: | ikev2 g^x 41 8a 72 b3 21 42 d5 59 15 01 9d d6 ed 36 a7 c4 Aug 26 18:24:48.272526: | ikev2 g^x 07 ac 84 f4 46 7b b2 2f fa 1e be 6f 53 aa d3 37 Aug 26 18:24:48.272527: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:24:48.272529: | ***emit IKEv2 Nonce Payload: Aug 26 18:24:48.272531: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:48.272532: | flags: none (0x0) Aug 26 18:24:48.272534: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:24:48.272536: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:24:48.272538: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:24:48.272540: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:24:48.272541: | IKEv2 nonce 17 96 c1 52 89 37 04 88 a4 79 07 bb 96 93 54 87 Aug 26 18:24:48.272543: | IKEv2 nonce 80 bb 84 74 b0 68 85 6c e7 29 e8 3c 6b 55 b4 65 Aug 26 18:24:48.272544: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:24:48.272546: | Adding a v2N Payload Aug 26 18:24:48.272548: | ***emit IKEv2 Notify Payload: Aug 26 18:24:48.272549: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:48.272551: | flags: none (0x0) Aug 26 18:24:48.272553: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:48.272554: | SPI size: 0 (0x0) Aug 26 18:24:48.272556: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:48.272558: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:48.272561: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:48.272562: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:24:48.272565: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:24:48.272566: | natd_hash: rcookie is zero Aug 26 18:24:48.272576: | natd_hash: hasher=0x558fa9bfe800(20) Aug 26 18:24:48.272578: | natd_hash: icookie= 12 52 17 9e ec b0 bb 96 Aug 26 18:24:48.272579: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:48.272581: | natd_hash: ip= c0 01 02 2d Aug 26 18:24:48.272582: | natd_hash: port=500 Aug 26 18:24:48.272584: | natd_hash: hash= 15 ce 4b 2f 25 05 e9 22 18 2c dd f7 8e 53 b5 9f Aug 26 18:24:48.272585: | natd_hash: hash= 6f 97 f7 15 Aug 26 18:24:48.272587: | Adding a v2N Payload Aug 26 18:24:48.272588: | ***emit IKEv2 Notify Payload: Aug 26 18:24:48.272590: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:48.272591: | flags: none (0x0) Aug 26 18:24:48.272593: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:48.272594: | SPI size: 0 (0x0) Aug 26 18:24:48.272596: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:48.272598: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:48.272600: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:48.272602: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:48.272603: | Notify data 15 ce 4b 2f 25 05 e9 22 18 2c dd f7 8e 53 b5 9f Aug 26 18:24:48.272605: | Notify data 6f 97 f7 15 Aug 26 18:24:48.272607: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:48.272608: | natd_hash: rcookie is zero Aug 26 18:24:48.272612: | natd_hash: hasher=0x558fa9bfe800(20) Aug 26 18:24:48.272613: | natd_hash: icookie= 12 52 17 9e ec b0 bb 96 Aug 26 18:24:48.272615: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:48.272616: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:48.272618: | natd_hash: port=500 Aug 26 18:24:48.272619: | natd_hash: hash= 61 31 b3 d7 4a 80 72 4c 53 27 56 18 6e 21 fe 12 Aug 26 18:24:48.272621: | natd_hash: hash= ab 61 5b 65 Aug 26 18:24:48.272622: | Adding a v2N Payload Aug 26 18:24:48.272624: | ***emit IKEv2 Notify Payload: Aug 26 18:24:48.272625: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:48.272627: | flags: none (0x0) Aug 26 18:24:48.272628: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:48.272630: | SPI size: 0 (0x0) Aug 26 18:24:48.272631: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:48.272633: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:48.272635: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:48.272637: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:48.272638: | Notify data 61 31 b3 d7 4a 80 72 4c 53 27 56 18 6e 21 fe 12 Aug 26 18:24:48.272640: | Notify data ab 61 5b 65 Aug 26 18:24:48.272641: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:48.272643: | emitting length of ISAKMP Message: 828 Aug 26 18:24:48.272648: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:24:48.272654: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:48.272658: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:24:48.272660: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:24:48.272662: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:24:48.272664: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 18:24:48.272667: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 18:24:48.272670: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:24:48.272673: "westnet-eastnet-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:24:48.272681: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 18:24:48.272703: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:48.272705: | 12 52 17 9e ec b0 bb 96 00 00 00 00 00 00 00 00 Aug 26 18:24:48.272707: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:24:48.272708: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:24:48.272710: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:24:48.272712: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:24:48.272713: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:24:48.272715: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:24:48.272717: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:24:48.272719: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:24:48.272722: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:24:48.272724: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:24:48.272726: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:24:48.272728: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:24:48.272743: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:24:48.272745: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:24:48.272747: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:24:48.272749: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:24:48.272766: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:24:48.272768: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:24:48.272770: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:24:48.272773: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:24:48.272775: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:24:48.272777: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:24:48.272780: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:24:48.272782: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:24:48.272784: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:24:48.272787: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:24:48.272789: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:24:48.272791: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:24:48.272793: | 28 00 01 08 00 0e 00 00 54 9d 29 11 b8 58 cd fd Aug 26 18:24:48.272795: | bc 08 cf f8 f5 41 a8 40 d7 57 75 04 e0 f6 1a a9 Aug 26 18:24:48.272797: | 8e c6 af ab 26 a2 fe 8c e1 fb fc c7 f6 c5 50 ae Aug 26 18:24:48.272799: | 45 a1 41 35 9c b1 37 98 56 8b 36 9c 73 12 99 19 Aug 26 18:24:48.272802: | f2 58 fe 5e 7a ff 1c 04 83 4c 2c f1 e0 a5 b5 2e Aug 26 18:24:48.272804: | 58 10 fe 8f 90 7d 7f f4 6c 26 52 22 af 96 0e ab Aug 26 18:24:48.272806: | ab ba 8d 11 4d d2 1d 2c 63 1b a9 45 a8 35 8d 66 Aug 26 18:24:48.272808: | ff c5 3a 5c e2 92 c8 43 7a b9 2c 34 c1 be 21 b3 Aug 26 18:24:48.272811: | bf 7a 5e 4e 8c 27 07 b5 7a 19 af 56 aa 19 92 a5 Aug 26 18:24:48.272813: | 21 a6 af 46 3f 92 48 b2 ef 82 c3 c1 86 57 b7 c3 Aug 26 18:24:48.272815: | 1d eb a6 65 2e e5 bd 02 d5 7c 2b 08 9f 50 a0 1e Aug 26 18:24:48.272817: | 7c 58 47 22 30 9c 46 d2 b3 bc 72 c2 8b 95 ed 7f Aug 26 18:24:48.272820: | 2b 88 19 0a a9 ba 00 02 3d 04 ed a4 08 ca dd 8b Aug 26 18:24:48.272822: | db 56 d5 d3 b9 d0 06 89 61 85 74 b8 ea a5 04 98 Aug 26 18:24:48.272825: | 1c 3b 40 42 e3 40 2c 3a 41 8a 72 b3 21 42 d5 59 Aug 26 18:24:48.272829: | 15 01 9d d6 ed 36 a7 c4 07 ac 84 f4 46 7b b2 2f Aug 26 18:24:48.272831: | fa 1e be 6f 53 aa d3 37 29 00 00 24 17 96 c1 52 Aug 26 18:24:48.272834: | 89 37 04 88 a4 79 07 bb 96 93 54 87 80 bb 84 74 Aug 26 18:24:48.272849: | b0 68 85 6c e7 29 e8 3c 6b 55 b4 65 29 00 00 08 Aug 26 18:24:48.272851: | 00 00 40 2e 29 00 00 1c 00 00 40 04 15 ce 4b 2f Aug 26 18:24:48.272853: | 25 05 e9 22 18 2c dd f7 8e 53 b5 9f 6f 97 f7 15 Aug 26 18:24:48.272855: | 00 00 00 1c 00 00 40 05 61 31 b3 d7 4a 80 72 4c Aug 26 18:24:48.272870: | 53 27 56 18 6e 21 fe 12 ab 61 5b 65 Aug 26 18:24:48.272910: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:48.272915: | libevent_free: release ptr-libevent@0x558fa9de59a8 Aug 26 18:24:48.272917: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x558fa9de5628 Aug 26 18:24:48.272919: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:24:48.272922: | event_schedule: new EVENT_RETRANSMIT-pe@0x558fa9de5628 Aug 26 18:24:48.272925: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 18:24:48.272927: | libevent_malloc: new ptr-libevent@0x558fa9de8368 size 128 Aug 26 18:24:48.272931: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29174.015389 Aug 26 18:24:48.272934: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 18:24:48.272938: | #1 spent 1.22 milliseconds in resume sending helper answer Aug 26 18:24:48.272941: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:48.272943: | libevent_free: release ptr-libevent@0x7fd724002888 Aug 26 18:24:48.275753: | spent 0.00292 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:48.275774: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 18:24:48.275777: | 12 52 17 9e ec b0 bb 96 a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:48.275779: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 18:24:48.275781: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 18:24:48.275782: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 18:24:48.275784: | 04 00 00 0e 28 00 01 08 00 0e 00 00 2e 00 8c 81 Aug 26 18:24:48.275785: | ca 1f 25 1c ce 57 92 dd f5 32 19 ad 19 ad 78 b9 Aug 26 18:24:48.275787: | 01 fb 3d e6 05 33 07 c6 22 a2 cb e2 b4 55 09 ab Aug 26 18:24:48.275788: | 79 48 d7 65 ac 72 93 d8 6e f5 7e 07 bd dc 14 84 Aug 26 18:24:48.275790: | 97 b6 17 7c e6 44 a1 e4 37 22 59 f3 4c 56 ab eb Aug 26 18:24:48.275791: | 08 5c 1e 8e 99 28 2b 3b 46 01 fe 32 ba b4 54 22 Aug 26 18:24:48.275793: | d4 b6 8f 5d 2c 22 1f 2f 3a a8 af 03 b1 b4 fc 44 Aug 26 18:24:48.275794: | 0e 4a 01 7f e1 cb 52 50 ca 07 cd a5 aa 71 e9 0a Aug 26 18:24:48.275796: | a1 52 1b 28 57 ab 2e 3b b0 73 0f 59 68 d5 52 12 Aug 26 18:24:48.275797: | c0 03 e8 ac 0d ed 6b c7 27 25 ae ae 8b 01 fb 98 Aug 26 18:24:48.275799: | cc e8 c2 9d 9a cc 70 65 60 3d 5e 1d bc ea 77 3b Aug 26 18:24:48.275800: | 3c b5 7e 0a f1 1f 59 6b 26 bc ac 99 7a f2 3e fb Aug 26 18:24:48.275802: | 1f 9b e8 6f 98 d8 ec 28 55 cb 45 a9 0c 75 a7 79 Aug 26 18:24:48.275804: | 76 df 1e 91 b1 93 3b b7 25 4e fd 23 7b f1 b8 44 Aug 26 18:24:48.275805: | d4 5e 35 25 39 89 a0 95 fe de 8c c9 db 74 f0 6b Aug 26 18:24:48.275807: | d7 e4 a7 8a d8 08 e7 80 61 45 71 23 a6 68 6c 90 Aug 26 18:24:48.275808: | e8 f3 18 e4 9e 6c 36 63 91 5f 43 ed 29 00 00 24 Aug 26 18:24:48.275810: | 5c ea 84 9a 53 3c 29 62 f4 d0 72 af 2e 3b fe df Aug 26 18:24:48.275811: | 05 5d 77 6b 3e bb a4 5d 00 54 ce 94 74 83 68 f1 Aug 26 18:24:48.275813: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 18:24:48.275814: | 55 4b 99 b5 90 02 23 ea b2 9e 85 81 45 44 06 fe Aug 26 18:24:48.275816: | e1 74 a1 70 00 00 00 1c 00 00 40 05 47 d0 30 35 Aug 26 18:24:48.275817: | 0c a2 bf fb 59 c2 48 c0 ab e3 4e 23 aa 91 b7 45 Aug 26 18:24:48.275822: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:48.275825: | **parse ISAKMP Message: Aug 26 18:24:48.275827: | initiator cookie: Aug 26 18:24:48.275829: | 12 52 17 9e ec b0 bb 96 Aug 26 18:24:48.275830: | responder cookie: Aug 26 18:24:48.275832: | a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:48.275833: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:48.275835: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:48.275837: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:48.275839: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:48.275841: | Message ID: 0 (0x0) Aug 26 18:24:48.275842: | length: 432 (0x1b0) Aug 26 18:24:48.275844: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 18:24:48.275847: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 18:24:48.275849: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 18:24:48.275854: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:48.275857: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:48.275858: | #1 is idle Aug 26 18:24:48.275860: | #1 idle Aug 26 18:24:48.275862: | unpacking clear payload Aug 26 18:24:48.275864: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:48.275866: | ***parse IKEv2 Security Association Payload: Aug 26 18:24:48.275867: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:24:48.275869: | flags: none (0x0) Aug 26 18:24:48.275871: | length: 40 (0x28) Aug 26 18:24:48.275872: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 18:24:48.275874: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:24:48.275876: | ***parse IKEv2 Key Exchange Payload: Aug 26 18:24:48.275878: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:24:48.275879: | flags: none (0x0) Aug 26 18:24:48.275881: | length: 264 (0x108) Aug 26 18:24:48.275882: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:48.275884: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:24:48.275886: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:24:48.275887: | ***parse IKEv2 Nonce Payload: Aug 26 18:24:48.275889: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:48.275890: | flags: none (0x0) Aug 26 18:24:48.275892: | length: 36 (0x24) Aug 26 18:24:48.275893: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:24:48.275895: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:48.275897: | ***parse IKEv2 Notify Payload: Aug 26 18:24:48.275898: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:48.275900: | flags: none (0x0) Aug 26 18:24:48.275901: | length: 8 (0x8) Aug 26 18:24:48.275903: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:48.275905: | SPI size: 0 (0x0) Aug 26 18:24:48.275907: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:48.275908: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:24:48.275910: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:48.275912: | ***parse IKEv2 Notify Payload: Aug 26 18:24:48.275913: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:48.275915: | flags: none (0x0) Aug 26 18:24:48.275916: | length: 28 (0x1c) Aug 26 18:24:48.275918: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:48.275919: | SPI size: 0 (0x0) Aug 26 18:24:48.275921: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:48.275922: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:48.275924: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:48.275925: | ***parse IKEv2 Notify Payload: Aug 26 18:24:48.275927: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:48.275929: | flags: none (0x0) Aug 26 18:24:48.275931: | length: 28 (0x1c) Aug 26 18:24:48.275933: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:48.275934: | SPI size: 0 (0x0) Aug 26 18:24:48.275936: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:48.275938: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:48.275940: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 18:24:48.275942: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:24:48.275944: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:24:48.275946: | Now let's proceed with state specific processing Aug 26 18:24:48.275948: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:24:48.275951: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 18:24:48.275961: | using existing local IKE proposals for connection westnet-eastnet-ikev2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:48.275964: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 18:24:48.275967: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:48.275968: | local proposal 1 type PRF has 2 transforms Aug 26 18:24:48.275970: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:48.275972: | local proposal 1 type DH has 8 transforms Aug 26 18:24:48.275973: | local proposal 1 type ESN has 0 transforms Aug 26 18:24:48.275976: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:48.275977: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:48.275979: | local proposal 2 type PRF has 2 transforms Aug 26 18:24:48.275980: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:48.275982: | local proposal 2 type DH has 8 transforms Aug 26 18:24:48.275984: | local proposal 2 type ESN has 0 transforms Aug 26 18:24:48.275986: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:48.275987: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:48.275989: | local proposal 3 type PRF has 2 transforms Aug 26 18:24:48.275990: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:48.275992: | local proposal 3 type DH has 8 transforms Aug 26 18:24:48.275993: | local proposal 3 type ESN has 0 transforms Aug 26 18:24:48.275995: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:48.275997: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:48.275999: | local proposal 4 type PRF has 2 transforms Aug 26 18:24:48.276000: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:48.276002: | local proposal 4 type DH has 8 transforms Aug 26 18:24:48.276003: | local proposal 4 type ESN has 0 transforms Aug 26 18:24:48.276005: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:48.276007: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:48.276009: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:48.276010: | length: 36 (0x24) Aug 26 18:24:48.276012: | prop #: 1 (0x1) Aug 26 18:24:48.276014: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:48.276015: | spi size: 0 (0x0) Aug 26 18:24:48.276017: | # transforms: 3 (0x3) Aug 26 18:24:48.276019: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:24:48.276021: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:48.276024: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.276025: | length: 12 (0xc) Aug 26 18:24:48.276027: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:48.276029: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:48.276030: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:48.276032: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:48.276034: | length/value: 256 (0x100) Aug 26 18:24:48.276036: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:48.276038: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:48.276040: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.276041: | length: 8 (0x8) Aug 26 18:24:48.276043: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:48.276044: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:48.276047: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 18:24:48.276048: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:48.276050: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:48.276051: | length: 8 (0x8) Aug 26 18:24:48.276053: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:48.276055: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:48.276057: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:24:48.276059: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 18:24:48.276062: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 18:24:48.276064: | remote proposal 1 matches local proposal 1 Aug 26 18:24:48.276066: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 18:24:48.276067: | converting proposal to internal trans attrs Aug 26 18:24:48.276081: | natd_hash: hasher=0x558fa9bfe800(20) Aug 26 18:24:48.276083: | natd_hash: icookie= 12 52 17 9e ec b0 bb 96 Aug 26 18:24:48.276085: | natd_hash: rcookie= a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:48.276086: | natd_hash: ip= c0 01 02 2d Aug 26 18:24:48.276088: | natd_hash: port=500 Aug 26 18:24:48.276090: | natd_hash: hash= 47 d0 30 35 0c a2 bf fb 59 c2 48 c0 ab e3 4e 23 Aug 26 18:24:48.276091: | natd_hash: hash= aa 91 b7 45 Aug 26 18:24:48.276095: | natd_hash: hasher=0x558fa9bfe800(20) Aug 26 18:24:48.276097: | natd_hash: icookie= 12 52 17 9e ec b0 bb 96 Aug 26 18:24:48.276098: | natd_hash: rcookie= a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:48.276100: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:48.276101: | natd_hash: port=500 Aug 26 18:24:48.276103: | natd_hash: hash= 55 4b 99 b5 90 02 23 ea b2 9e 85 81 45 44 06 fe Aug 26 18:24:48.276104: | natd_hash: hash= e1 74 a1 70 Aug 26 18:24:48.276106: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:24:48.276107: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 18:24:48.276109: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:24:48.276111: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 18:24:48.276116: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 18:24:48.276120: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 18:24:48.276122: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:24:48.276124: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 18:24:48.276127: | libevent_free: release ptr-libevent@0x558fa9de8368 Aug 26 18:24:48.276129: | free_event_entry: release EVENT_RETRANSMIT-pe@0x558fa9de5628 Aug 26 18:24:48.276133: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x558fa9de5628 Aug 26 18:24:48.276136: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:24:48.276138: | libevent_malloc: new ptr-libevent@0x7fd724002888 size 128 Aug 26 18:24:48.276147: | #1 spent 0.195 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 18:24:48.276153: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:48.276153: | crypto helper 1 resuming Aug 26 18:24:48.276155: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 18:24:48.276169: | crypto helper 1 starting work-order 2 for state #1 Aug 26 18:24:48.276171: | suspending state #1 and saving MD Aug 26 18:24:48.276176: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 18:24:48.276178: | #1 is busy; has a suspended MD Aug 26 18:24:48.276182: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:48.276185: | "westnet-eastnet-ikev2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:48.276188: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:48.276192: | #1 spent 0.421 milliseconds in ikev2_process_packet() Aug 26 18:24:48.276195: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:48.276197: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:48.276199: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:48.276203: | spent 0.431 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:48.277086: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 18:24:48.277564: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001387 seconds Aug 26 18:24:48.277577: | (#1) spent 1.38 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 18:24:48.277581: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 18:24:48.277584: | scheduling resume sending helper answer for #1 Aug 26 18:24:48.277588: | libevent_malloc: new ptr-libevent@0x7fd71c000f48 size 128 Aug 26 18:24:48.277596: | crypto helper 1 waiting (nothing to do) Aug 26 18:24:48.277606: | processing resume sending helper answer for #1 Aug 26 18:24:48.277616: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:48.277621: | crypto helper 1 replies to request ID 2 Aug 26 18:24:48.277624: | calling continuation function 0x558fa9b29b50 Aug 26 18:24:48.277627: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 18:24:48.277635: | creating state object #2 at 0x558fa9deabd8 Aug 26 18:24:48.277638: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 18:24:48.277642: | pstats #2 ikev2.child started Aug 26 18:24:48.277646: | duplicating state object #1 "westnet-eastnet-ikev2" as #2 for IPSEC SA Aug 26 18:24:48.277651: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:48.277659: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:48.277663: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 18:24:48.277668: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 18:24:48.277672: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:48.277675: | libevent_free: release ptr-libevent@0x7fd724002888 Aug 26 18:24:48.277679: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x558fa9de5628 Aug 26 18:24:48.277682: | event_schedule: new EVENT_SA_REPLACE-pe@0x558fa9de5628 Aug 26 18:24:48.277685: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 18:24:48.277693: | libevent_malloc: new ptr-libevent@0x7fd724002888 size 128 Aug 26 18:24:48.277698: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 18:24:48.277705: | **emit ISAKMP Message: Aug 26 18:24:48.277708: | initiator cookie: Aug 26 18:24:48.277711: | 12 52 17 9e ec b0 bb 96 Aug 26 18:24:48.277714: | responder cookie: Aug 26 18:24:48.277716: | a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:48.277720: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:48.277724: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:48.277727: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:48.277730: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:48.277733: | Message ID: 1 (0x1) Aug 26 18:24:48.277736: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:48.277739: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:48.277742: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:48.277744: | flags: none (0x0) Aug 26 18:24:48.277748: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:48.277751: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:24:48.277755: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:48.277764: | IKEv2 CERT: send a certificate? Aug 26 18:24:48.277767: | IKEv2 CERT: no certificate to send Aug 26 18:24:48.277769: | IDr payload will be sent Aug 26 18:24:48.277785: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 18:24:48.277804: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:48.277807: | flags: none (0x0) Aug 26 18:24:48.277810: | ID type: ID_FQDN (0x2) Aug 26 18:24:48.277814: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 18:24:48.277817: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:48.277821: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 18:24:48.277823: | my identity 77 65 73 74 Aug 26 18:24:48.277827: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 18:24:48.277836: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 18:24:48.277840: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:24:48.277842: | flags: none (0x0) Aug 26 18:24:48.277844: | ID type: ID_FQDN (0x2) Aug 26 18:24:48.277846: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 18:24:48.277848: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 18:24:48.277850: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:48.277852: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 18:24:48.277853: | IDr 65 61 73 74 Aug 26 18:24:48.277855: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 18:24:48.277857: | not sending INITIAL_CONTACT Aug 26 18:24:48.277859: | ****emit IKEv2 Authentication Payload: Aug 26 18:24:48.277860: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:48.277862: | flags: none (0x0) Aug 26 18:24:48.277864: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 18:24:48.277866: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 18:24:48.277868: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 18:24:48.277872: | started looking for secret for @west->@east of kind PKK_RSA Aug 26 18:24:48.277876: | actually looking for secret for @west->@east of kind PKK_RSA Aug 26 18:24:48.277878: | line 1: key type PKK_RSA(@west) to type PKK_RSA Aug 26 18:24:48.277881: | 1: compared key (none) to @west / @east -> 002 Aug 26 18:24:48.277883: | 2: compared key (none) to @west / @east -> 002 Aug 26 18:24:48.277885: | line 1: match=002 Aug 26 18:24:48.277886: | match 002 beats previous best_match 000 match=0x558fa9d3cb58 (line=1) Aug 26 18:24:48.277888: | concluding with best_match=002 best=0x558fa9d3cb58 (lineno=1) Aug 26 18:24:48.281797: | #1 spent 3.85 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 18:24:48.281813: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 18:24:48.281817: | rsa signature 76 7e ef dc f8 8b 4f b8 05 f0 00 2b 87 de 36 06 Aug 26 18:24:48.281820: | rsa signature ba 15 d0 7a b5 f6 17 bc a8 92 3c db 00 91 3d 7b Aug 26 18:24:48.281823: | rsa signature 4f 46 e2 00 c2 fb a0 79 2d c0 bd 95 1c 23 42 03 Aug 26 18:24:48.281826: | rsa signature 83 08 d8 01 7e f3 2e e6 49 0d cb 79 ba 88 4c b3 Aug 26 18:24:48.281828: | rsa signature a1 7b 15 46 81 39 a2 01 18 bc 87 06 19 23 e2 2f Aug 26 18:24:48.281831: | rsa signature 38 20 a5 93 25 87 43 39 47 8e 07 26 de 73 69 ac Aug 26 18:24:48.281833: | rsa signature 90 67 74 f2 ba 5e c6 4e 4d dc dd a9 1f 80 aa 46 Aug 26 18:24:48.281836: | rsa signature 48 c6 78 06 7f a5 ab 15 dc 75 74 6e 6c 41 a0 7e Aug 26 18:24:48.281839: | rsa signature 6b b1 ea 08 cd 35 53 91 c9 10 4e 9e 31 21 64 2c Aug 26 18:24:48.281841: | rsa signature e6 31 a2 1e 8f b6 d3 b4 e6 8d 29 31 1b e5 80 1b Aug 26 18:24:48.281844: | rsa signature a6 d1 26 60 d9 dd 05 5c 90 08 25 70 95 97 53 a0 Aug 26 18:24:48.281847: | rsa signature da 30 09 22 81 40 d1 6c 8f e5 5c 0f 41 fb e7 7e Aug 26 18:24:48.281849: | rsa signature 40 97 c6 35 6a 39 44 23 6a 3b 09 2a 86 8d 68 9d Aug 26 18:24:48.281852: | rsa signature b5 f8 25 56 5c 86 46 1a 8f df 30 23 b2 08 ae 4b Aug 26 18:24:48.281854: | rsa signature 26 97 dc f5 37 3f 41 2e 12 22 7e d9 21 4b 80 2d Aug 26 18:24:48.281857: | rsa signature 12 5b bc 87 e5 0c 7c cd 0a 93 91 23 d0 0d fb 5b Aug 26 18:24:48.281859: | rsa signature ed 42 36 88 43 c3 35 db b3 cc 2b 9d 09 0c 77 f6 Aug 26 18:24:48.281862: | rsa signature c6 5b Aug 26 18:24:48.281867: | #1 spent 3.95 milliseconds in ikev2_calculate_rsa_hash() Aug 26 18:24:48.281871: | emitting length of IKEv2 Authentication Payload: 282 Aug 26 18:24:48.281874: | getting first pending from state #1 Aug 26 18:24:48.281897: | netlink_get_spi: allocated 0xcca392a6 for esp.0@192.1.2.45 Aug 26 18:24:48.281903: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ikev2 (IKE SA initiator emitting ESP/AH proposals) Aug 26 18:24:48.281910: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:24:48.281918: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:24:48.281922: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:24:48.281926: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:24:48.281930: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:48.281936: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:48.281939: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:48.281944: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:48.281953: "westnet-eastnet-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ikev2 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:48.283024: | Emitting ikev2_proposals ... Aug 26 18:24:48.283040: | ****emit IKEv2 Security Association Payload: Aug 26 18:24:48.283046: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:48.283050: | flags: none (0x0) Aug 26 18:24:48.283055: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:48.283059: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:48.283062: | discarding INTEG=NONE Aug 26 18:24:48.283065: | discarding DH=NONE Aug 26 18:24:48.283068: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:48.283071: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:48.283074: | prop #: 1 (0x1) Aug 26 18:24:48.283077: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:48.283080: | spi size: 4 (0x4) Aug 26 18:24:48.283082: | # transforms: 2 (0x2) Aug 26 18:24:48.283085: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:48.283089: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:48.283092: | our spi cc a3 92 a6 Aug 26 18:24:48.283095: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.283098: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.283101: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:48.283103: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:48.283106: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.283110: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:48.283113: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:48.283115: | length/value: 256 (0x100) Aug 26 18:24:48.283118: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:48.283121: | discarding INTEG=NONE Aug 26 18:24:48.283123: | discarding DH=NONE Aug 26 18:24:48.283126: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.283128: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:48.283131: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:48.283134: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:48.283137: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.283140: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.283144: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.283146: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:24:48.283150: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:48.283153: | discarding INTEG=NONE Aug 26 18:24:48.283155: | discarding DH=NONE Aug 26 18:24:48.283158: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:48.283160: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:48.283163: | prop #: 2 (0x2) Aug 26 18:24:48.283166: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:48.283168: | spi size: 4 (0x4) Aug 26 18:24:48.283171: | # transforms: 2 (0x2) Aug 26 18:24:48.283174: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:48.283178: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:48.283181: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:48.283184: | our spi cc a3 92 a6 Aug 26 18:24:48.283186: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.283191: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.283194: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:48.283196: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:48.283199: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.283202: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:48.283204: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:48.283207: | length/value: 128 (0x80) Aug 26 18:24:48.283209: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:48.283211: | discarding INTEG=NONE Aug 26 18:24:48.283213: | discarding DH=NONE Aug 26 18:24:48.283216: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.283218: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:48.283221: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:48.283224: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:48.283227: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.283230: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.283233: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.283236: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:24:48.283238: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:48.283241: | discarding DH=NONE Aug 26 18:24:48.283244: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:48.283246: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:48.283249: | prop #: 3 (0x3) Aug 26 18:24:48.283251: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:48.283254: | spi size: 4 (0x4) Aug 26 18:24:48.283257: | # transforms: 4 (0x4) Aug 26 18:24:48.283260: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:48.283263: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:48.283267: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:48.283269: | our spi cc a3 92 a6 Aug 26 18:24:48.283272: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.283275: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.283278: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:48.283281: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:48.283284: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.283295: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:48.283300: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:48.283303: | length/value: 256 (0x100) Aug 26 18:24:48.283306: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:48.283309: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.283312: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.283315: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:48.283318: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:48.283321: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.283325: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.283328: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.283331: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.283336: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.283340: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:48.283343: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:48.283346: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.283350: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.283352: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.283355: | discarding DH=NONE Aug 26 18:24:48.283358: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.283361: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:48.284329: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:48.284336: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:48.284340: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.284343: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.284347: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.284349: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 18:24:48.284353: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:48.284355: | discarding DH=NONE Aug 26 18:24:48.284358: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:48.284361: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:48.284364: | prop #: 4 (0x4) Aug 26 18:24:48.284366: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:48.284369: | spi size: 4 (0x4) Aug 26 18:24:48.284372: | # transforms: 4 (0x4) Aug 26 18:24:48.284375: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:48.284378: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:48.284382: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:48.284385: | our spi cc a3 92 a6 Aug 26 18:24:48.284388: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.284391: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.284393: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:48.284396: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:48.284399: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.284402: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:48.284404: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:48.284407: | length/value: 128 (0x80) Aug 26 18:24:48.284410: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:48.284412: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.284415: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.284418: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:48.284420: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:48.284423: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.284427: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.284429: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.284432: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.284435: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.284440: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:48.284443: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:48.284446: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.284449: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.284452: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.284454: | discarding DH=NONE Aug 26 18:24:48.284457: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:48.284460: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:48.284462: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:48.284464: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:48.284467: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.284469: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:48.284471: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:48.284473: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 18:24:48.284475: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:48.284477: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 18:24:48.284478: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:48.284481: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:48.284483: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:48.284485: | flags: none (0x0) Aug 26 18:24:48.284487: | number of TS: 1 (0x1) Aug 26 18:24:48.284489: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:24:48.284491: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:48.284493: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:48.284495: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:48.284497: | IP Protocol ID: 0 (0x0) Aug 26 18:24:48.284498: | start port: 0 (0x0) Aug 26 18:24:48.284500: | end port: 65535 (0xffff) Aug 26 18:24:48.284502: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:48.284504: | ipv4 start c0 00 01 00 Aug 26 18:24:48.284505: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:48.284507: | ipv4 end c0 00 01 ff Aug 26 18:24:48.284509: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:48.284510: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:24:48.284512: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:48.284514: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:48.284515: | flags: none (0x0) Aug 26 18:24:48.284517: | number of TS: 1 (0x1) Aug 26 18:24:48.284520: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:24:48.284523: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:48.284526: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:48.284528: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:48.284529: | IP Protocol ID: 0 (0x0) Aug 26 18:24:48.284531: | start port: 0 (0x0) Aug 26 18:24:48.284532: | end port: 65535 (0xffff) Aug 26 18:24:48.284534: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:48.284537: | ipv4 start c0 00 02 00 Aug 26 18:24:48.284539: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:48.284542: | ipv4 end c0 00 02 ff Aug 26 18:24:48.284544: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:48.284546: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:24:48.284548: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 18:24:48.284550: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:24:48.284552: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:48.284555: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:48.284558: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:48.284561: | emitting length of IKEv2 Encryption Payload: 547 Aug 26 18:24:48.284562: | emitting length of ISAKMP Message: 575 Aug 26 18:24:48.284567: | **parse ISAKMP Message: Aug 26 18:24:48.284568: | initiator cookie: Aug 26 18:24:48.284570: | 12 52 17 9e ec b0 bb 96 Aug 26 18:24:48.284573: | responder cookie: Aug 26 18:24:48.284575: | a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:48.284577: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:48.284579: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:48.284581: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:48.284583: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:48.284584: | Message ID: 1 (0x1) Aug 26 18:24:48.284586: | length: 575 (0x23f) Aug 26 18:24:48.284589: | **parse IKEv2 Encryption Payload: Aug 26 18:24:48.284592: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 18:24:48.284593: | flags: none (0x0) Aug 26 18:24:48.284595: | length: 547 (0x223) Aug 26 18:24:48.284597: | **emit ISAKMP Message: Aug 26 18:24:48.284598: | initiator cookie: Aug 26 18:24:48.284600: | 12 52 17 9e ec b0 bb 96 Aug 26 18:24:48.284602: | responder cookie: Aug 26 18:24:48.284604: | a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:48.284607: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:48.284609: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:48.284610: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:48.284612: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:48.284613: | Message ID: 1 (0x1) Aug 26 18:24:48.284615: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:48.284617: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:48.284619: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 18:24:48.284621: | flags: none (0x0) Aug 26 18:24:48.284624: | fragment number: 1 (0x1) Aug 26 18:24:48.284626: | total fragments: 2 (0x2) Aug 26 18:24:48.284629: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Aug 26 18:24:48.284633: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:48.284635: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:48.284639: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:48.284649: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:48.284653: | cleartext fragment 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c Aug 26 18:24:48.284655: | cleartext fragment 02 00 00 00 65 61 73 74 21 00 01 1a 01 00 00 00 Aug 26 18:24:48.284657: | cleartext fragment 76 7e ef dc f8 8b 4f b8 05 f0 00 2b 87 de 36 06 Aug 26 18:24:48.284660: | cleartext fragment ba 15 d0 7a b5 f6 17 bc a8 92 3c db 00 91 3d 7b Aug 26 18:24:48.284662: | cleartext fragment 4f 46 e2 00 c2 fb a0 79 2d c0 bd 95 1c 23 42 03 Aug 26 18:24:48.284665: | cleartext fragment 83 08 d8 01 7e f3 2e e6 49 0d cb 79 ba 88 4c b3 Aug 26 18:24:48.284667: | cleartext fragment a1 7b 15 46 81 39 a2 01 18 bc 87 06 19 23 e2 2f Aug 26 18:24:48.284671: | cleartext fragment 38 20 a5 93 25 87 43 39 47 8e 07 26 de 73 69 ac Aug 26 18:24:48.284674: | cleartext fragment 90 67 74 f2 ba 5e c6 4e 4d dc dd a9 1f 80 aa 46 Aug 26 18:24:48.284676: | cleartext fragment 48 c6 78 06 7f a5 ab 15 dc 75 74 6e 6c 41 a0 7e Aug 26 18:24:48.284679: | cleartext fragment 6b b1 ea 08 cd 35 53 91 c9 10 4e 9e 31 21 64 2c Aug 26 18:24:48.284681: | cleartext fragment e6 31 a2 1e 8f b6 d3 b4 e6 8d 29 31 1b e5 80 1b Aug 26 18:24:48.284683: | cleartext fragment a6 d1 26 60 d9 dd 05 5c 90 08 25 70 95 97 53 a0 Aug 26 18:24:48.284686: | cleartext fragment da 30 09 22 81 40 d1 6c 8f e5 5c 0f 41 fb e7 7e Aug 26 18:24:48.284688: | cleartext fragment 40 97 c6 35 6a 39 44 23 6a 3b 09 2a 86 8d 68 9d Aug 26 18:24:48.284691: | cleartext fragment b5 f8 25 56 5c 86 46 1a 8f df 30 23 b2 08 ae 4b Aug 26 18:24:48.284693: | cleartext fragment 26 97 dc f5 37 3f 41 2e 12 22 7e d9 21 4b 80 2d Aug 26 18:24:48.284695: | cleartext fragment 12 5b bc 87 e5 0c 7c cd 0a 93 91 23 d0 0d fb 5b Aug 26 18:24:48.284698: | cleartext fragment ed 42 36 88 43 c3 35 db b3 cc 2b 9d 09 0c 77 f6 Aug 26 18:24:48.284700: | cleartext fragment c6 5b 2c 00 00 a4 02 00 00 20 01 03 04 02 cc a3 Aug 26 18:24:48.284703: | cleartext fragment 92 a6 03 00 00 0c 01 00 00 14 80 0e 01 00 00 00 Aug 26 18:24:48.284705: | cleartext fragment 00 08 05 00 00 00 02 00 00 20 02 03 04 02 cc a3 Aug 26 18:24:48.284708: | cleartext fragment 92 a6 03 00 00 0c 01 00 00 14 80 0e 00 80 00 00 Aug 26 18:24:48.284710: | cleartext fragment 00 08 05 00 00 00 02 00 00 30 03 03 04 04 cc a3 Aug 26 18:24:48.284713: | cleartext fragment 92 a6 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 Aug 26 18:24:48.284715: | cleartext fragment 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 Aug 26 18:24:48.284718: | cleartext fragment 00 08 05 00 00 00 00 00 00 30 04 03 04 04 cc a3 Aug 26 18:24:48.284720: | cleartext fragment 92 a6 03 00 00 0c 01 00 00 0c 80 0e 00 80 03 00 Aug 26 18:24:48.284723: | cleartext fragment 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 Aug 26 18:24:48.284725: | cleartext fragment 00 08 05 00 00 00 2d 00 00 18 01 00 00 00 Aug 26 18:24:48.284728: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:48.284731: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:48.284734: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:48.284736: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 18:24:48.284738: | emitting length of ISAKMP Message: 539 Aug 26 18:24:48.284752: | **emit ISAKMP Message: Aug 26 18:24:48.284754: | initiator cookie: Aug 26 18:24:48.284756: | 12 52 17 9e ec b0 bb 96 Aug 26 18:24:48.284757: | responder cookie: Aug 26 18:24:48.284759: | a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:48.284760: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:48.284762: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:48.284764: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:48.284765: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:48.284767: | Message ID: 1 (0x1) Aug 26 18:24:48.284769: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:48.284771: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:48.284772: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:48.284774: | flags: none (0x0) Aug 26 18:24:48.284776: | fragment number: 2 (0x2) Aug 26 18:24:48.284777: | total fragments: 2 (0x2) Aug 26 18:24:48.284779: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 18:24:48.284781: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:48.284783: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:48.284787: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:48.284792: | emitting 40 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:48.284794: | cleartext fragment 07 00 00 10 00 00 ff ff c0 00 01 00 c0 00 01 ff Aug 26 18:24:48.284796: | cleartext fragment 00 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff Aug 26 18:24:48.284797: | cleartext fragment c0 00 02 00 c0 00 02 ff Aug 26 18:24:48.284799: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:48.284801: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:48.284803: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:48.284804: | emitting length of IKEv2 Encrypted Fragment: 73 Aug 26 18:24:48.284806: | emitting length of ISAKMP Message: 101 Aug 26 18:24:48.284813: | suspend processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:48.284817: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:48.284820: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 18:24:48.284823: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 18:24:48.284825: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 18:24:48.284827: | Message ID: updating counters for #2 to 0 after switching state Aug 26 18:24:48.284831: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 18:24:48.284834: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 18:24:48.284838: "westnet-eastnet-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 18:24:48.284850: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 18:24:48.284853: | sending fragments ... Aug 26 18:24:48.284859: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:48.284862: | 12 52 17 9e ec b0 bb 96 a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:48.284865: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Aug 26 18:24:48.284867: | 00 01 00 02 9b 44 61 21 d4 4f 65 fb d1 42 4c 7d Aug 26 18:24:48.284868: | 88 60 2d 5f c9 bc 5c b9 11 72 1b 41 ca 40 db 27 Aug 26 18:24:48.284870: | 1a 3d f8 6b ff c5 79 c2 c6 c4 b9 ba 32 7d b0 92 Aug 26 18:24:48.284871: | fd 77 8a 03 0b 86 35 1f be 85 63 39 5f c2 56 95 Aug 26 18:24:48.284873: | 2c f6 ad c0 d9 aa 82 67 25 1e 5b 79 17 45 84 e9 Aug 26 18:24:48.284874: | c9 9f d8 00 d6 61 ad f2 80 79 df 7d 79 11 bc 57 Aug 26 18:24:48.284876: | 6d 23 0c 83 2d 4b c4 47 83 ce 59 f3 c9 52 b6 9e Aug 26 18:24:48.284877: | e1 3f 9f 20 97 35 f7 a5 d4 73 9e 66 c1 88 c5 6b Aug 26 18:24:48.284879: | 33 bf 1c 5d 6a 44 3d 3e ef cd 15 3e 49 fb 63 55 Aug 26 18:24:48.284882: | c3 2d 58 b4 92 a8 6b 63 ed 69 25 71 8f db 58 64 Aug 26 18:24:48.284884: | 31 64 f0 4b 3e 6d e8 5a 12 99 d7 69 a5 fc fe 06 Aug 26 18:24:48.284886: | 09 16 dc 13 55 12 10 fb d2 fd 10 dd 79 0c ff 7f Aug 26 18:24:48.284889: | 13 72 aa a3 63 db ee 62 aa 6d b6 4b 40 9f e1 cf Aug 26 18:24:48.284891: | 05 55 08 76 48 ac 1a ee f1 3b 15 17 1d a2 37 6f Aug 26 18:24:48.284893: | 05 88 2b 53 9d 16 2b c7 21 32 fc 08 a4 18 e9 7c Aug 26 18:24:48.284895: | dd 8a ac 30 82 4d 04 ac 6d b0 e8 d0 45 33 f1 49 Aug 26 18:24:48.284898: | 46 5d 7b 07 fe 75 1e 36 3c b5 cb 34 38 bd bc 45 Aug 26 18:24:48.284900: | 86 99 3d 4f ce db b2 0a bf c0 10 14 5d a7 a2 c8 Aug 26 18:24:48.284902: | ff 0b d2 25 8e 6e 23 55 e4 63 58 de 7c 42 9f cd Aug 26 18:24:48.284906: | 06 34 3e c2 c3 7c f7 e3 ef b7 7d 6a 41 6d fc 4a Aug 26 18:24:48.284909: | ed a9 c9 b6 80 53 84 b5 ea 46 9f ad ef 30 c2 4e Aug 26 18:24:48.284911: | fd 08 80 8d 84 9f d8 aa 8a a7 c8 1e 72 d1 b4 21 Aug 26 18:24:48.284914: | 05 4d c2 fd 38 9e ba b7 c6 86 3e e6 09 35 be fc Aug 26 18:24:48.284916: | b6 3a 08 17 f6 5a 18 8f b0 4f ad 71 d8 53 c6 a7 Aug 26 18:24:48.284918: | 67 05 a6 b9 43 28 9b 5b 10 de a7 15 eb d0 84 4d Aug 26 18:24:48.284920: | 12 2d 67 27 14 50 f8 ff 13 ec b3 a6 a1 37 9c ac Aug 26 18:24:48.284923: | a5 6a 52 2b dc 67 5b 4a ea 2c 05 4d 7b 0a 55 3e Aug 26 18:24:48.284925: | 1d 04 de 46 34 46 26 c0 cb 02 3f da 15 ad 6e 78 Aug 26 18:24:48.284927: | 02 e3 c7 2a 5f 56 3e 20 e9 82 c1 9c 10 1a 74 24 Aug 26 18:24:48.284930: | e5 0a 33 21 4d 93 5e 16 50 37 d0 80 f2 c0 92 60 Aug 26 18:24:48.284932: | c3 0c e0 4a d4 e3 f3 fe 96 53 86 d4 b2 b1 1b b3 Aug 26 18:24:48.284934: | b5 41 0f 0d 09 58 a5 be de 4b 7f Aug 26 18:24:48.284955: | sending 101 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:48.284959: | 12 52 17 9e ec b0 bb 96 a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:48.284962: | 35 20 23 08 00 00 00 01 00 00 00 65 00 00 00 49 Aug 26 18:24:48.284964: | 00 02 00 02 6f fa 88 01 8a dd f6 e3 8c ff 58 f7 Aug 26 18:24:48.284966: | 63 43 3b 2a 0f 26 d1 46 94 1e 64 9c 92 93 3c 6d Aug 26 18:24:48.284969: | 4a cf 8a ab f7 8f ab ef 64 73 79 77 b5 ed 84 f4 Aug 26 18:24:48.284971: | c1 fa 0c 2d 0e e7 6c 56 b7 a9 ce 3d aa 9c b9 a9 Aug 26 18:24:48.284973: | 7d 94 2a 7d 45 Aug 26 18:24:48.284981: | sent 2 fragments Aug 26 18:24:48.284986: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:24:48.284990: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fd724002b78 Aug 26 18:24:48.284995: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Aug 26 18:24:48.284999: | libevent_malloc: new ptr-libevent@0x558fa9de8368 size 128 Aug 26 18:24:48.285006: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29174.027456 Aug 26 18:24:48.285011: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:24:48.285019: | #1 spent 1.51 milliseconds Aug 26 18:24:48.285023: | #1 spent 5.71 milliseconds in resume sending helper answer Aug 26 18:24:48.285028: | stop processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:48.285033: | libevent_free: release ptr-libevent@0x7fd71c000f48 Aug 26 18:24:48.324735: | spent 0.0033 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:48.324760: | *received 435 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 18:24:48.324764: | 12 52 17 9e ec b0 bb 96 a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:48.324767: | 2e 20 23 20 00 00 00 01 00 00 01 b3 24 00 01 97 Aug 26 18:24:48.324769: | ca 94 e1 f8 c3 2f dd 0b 8e e1 58 8e 9d 8a 79 2c Aug 26 18:24:48.324772: | 09 7d de 24 cf 81 5f c8 f9 27 e3 da 7f ec d5 cb Aug 26 18:24:48.324774: | d1 f2 5e 3f 18 4c 7d bf 5c 83 ad b6 1e c5 39 f0 Aug 26 18:24:48.324777: | 07 e8 25 b0 d8 3f 0d d0 7b 17 b9 d7 14 53 65 67 Aug 26 18:24:48.324779: | a3 7d 55 ec 95 da 29 c9 01 74 dc 47 41 80 ab e7 Aug 26 18:24:48.324782: | 7d 52 a4 f2 df 6c 82 88 3c c9 57 f6 58 17 9a cc Aug 26 18:24:48.324784: | a2 a7 e9 d8 f7 95 f6 ff 09 70 8d 90 29 7e 9e 2c Aug 26 18:24:48.324787: | f6 49 d8 6c 34 04 64 a9 37 7a 9a ef 90 f5 53 63 Aug 26 18:24:48.324789: | ef f2 97 9c 1e ba d8 bb 96 ff 60 2f 8e b7 2e b8 Aug 26 18:24:48.324792: | 6e 16 f9 e4 48 7c f0 fb 67 05 9b 24 c1 4d 86 0b Aug 26 18:24:48.324794: | 17 e0 4e 02 ea 04 0d 64 f6 7f 74 39 9b a7 7d 05 Aug 26 18:24:48.324796: | 16 60 57 22 75 fa 90 89 0f ca 3a 3c 7a 0d a1 84 Aug 26 18:24:48.324799: | f5 9e de 77 49 20 74 dc 06 1a 94 b5 07 13 5d c5 Aug 26 18:24:48.324804: | bc 61 98 ba cb 9d 24 9f 29 1e d7 00 1b c5 54 ad Aug 26 18:24:48.324807: | 0d 53 51 7c e5 5d 1a 1b 83 19 4d 40 6b db ed 4d Aug 26 18:24:48.324809: | 98 67 18 b1 e6 d8 23 89 39 75 b2 22 f7 e5 c0 75 Aug 26 18:24:48.324812: | 2b 1f c0 c3 2b 5f 21 a3 85 e8 7c a8 0c ca fe 81 Aug 26 18:24:48.324815: | d0 5c 94 24 d8 6a a7 2f 37 88 4d 77 04 d9 7f a2 Aug 26 18:24:48.324817: | c0 f0 eb 9e 33 16 fa c7 c6 d4 db 2b 34 c0 d9 87 Aug 26 18:24:48.324820: | 73 fa 23 1d d5 2b 4a 02 f2 5d 6f 0b c8 af ad 59 Aug 26 18:24:48.324823: | 67 2a 94 d1 85 15 fa 07 60 34 53 66 c2 e9 f1 2c Aug 26 18:24:48.324825: | 5c 72 79 da cc 78 d1 7c 1e 55 67 62 b5 e0 a5 0a Aug 26 18:24:48.324828: | b9 74 cb bb 95 6a ef 01 66 20 d2 ca 57 a6 52 3a Aug 26 18:24:48.324830: | 63 a1 d7 0f 5e 67 ef de 40 77 02 18 be ee cc 38 Aug 26 18:24:48.324833: | 08 6d 16 bd bc a4 38 8c 71 49 c6 4c 9a cb fe 59 Aug 26 18:24:48.324835: | 8e 4c 56 Aug 26 18:24:48.324840: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:48.324845: | **parse ISAKMP Message: Aug 26 18:24:48.324848: | initiator cookie: Aug 26 18:24:48.324850: | 12 52 17 9e ec b0 bb 96 Aug 26 18:24:48.324853: | responder cookie: Aug 26 18:24:48.324855: | a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:48.324858: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:48.324861: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:48.324864: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:48.324867: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:48.324870: | Message ID: 1 (0x1) Aug 26 18:24:48.324872: | length: 435 (0x1b3) Aug 26 18:24:48.324875: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:48.324879: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:24:48.324884: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:24:48.324890: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:48.324893: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:24:48.324898: | suspend processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:48.324902: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:48.324905: | #2 is idle Aug 26 18:24:48.324908: | #2 idle Aug 26 18:24:48.324910: | unpacking clear payload Aug 26 18:24:48.324913: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:48.324916: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:48.324919: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:24:48.324922: | flags: none (0x0) Aug 26 18:24:48.324924: | length: 407 (0x197) Aug 26 18:24:48.324927: | processing payload: ISAKMP_NEXT_v2SK (len=403) Aug 26 18:24:48.324930: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:24:48.324946: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 18:24:48.324949: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 18:24:48.324953: | **parse IKEv2 Identification - Responder - Payload: Aug 26 18:24:48.324955: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:24:48.324958: | flags: none (0x0) Aug 26 18:24:48.324960: | length: 12 (0xc) Aug 26 18:24:48.324963: | ID type: ID_FQDN (0x2) Aug 26 18:24:48.324965: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 18:24:48.324968: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 18:24:48.324971: | **parse IKEv2 Authentication Payload: Aug 26 18:24:48.324974: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:48.324976: | flags: none (0x0) Aug 26 18:24:48.324979: | length: 282 (0x11a) Aug 26 18:24:48.324981: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 18:24:48.324984: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Aug 26 18:24:48.324989: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:48.324992: | **parse IKEv2 Security Association Payload: Aug 26 18:24:48.324995: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:24:48.324998: | flags: none (0x0) Aug 26 18:24:48.325000: | length: 36 (0x24) Aug 26 18:24:48.325003: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 18:24:48.325005: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:24:48.325008: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:48.325011: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:24:48.325013: | flags: none (0x0) Aug 26 18:24:48.325016: | length: 24 (0x18) Aug 26 18:24:48.325018: | number of TS: 1 (0x1) Aug 26 18:24:48.325021: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:24:48.325024: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:24:48.325027: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:48.325029: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:48.325032: | flags: none (0x0) Aug 26 18:24:48.325035: | length: 24 (0x18) Aug 26 18:24:48.325037: | number of TS: 1 (0x1) Aug 26 18:24:48.325040: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:24:48.325043: | selected state microcode Initiator: process IKE_AUTH response Aug 26 18:24:48.325046: | Now let's proceed with state specific processing Aug 26 18:24:48.325049: | calling processor Initiator: process IKE_AUTH response Aug 26 18:24:48.325054: | offered CA: '%none' Aug 26 18:24:48.325059: "westnet-eastnet-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Aug 26 18:24:48.325102: | verifying AUTH payload Aug 26 18:24:48.325120: | required RSA CA is '%any' Aug 26 18:24:48.325125: | checking RSA keyid '@east' for match with '@east' Aug 26 18:24:48.325128: | key issuer CA is '%any' Aug 26 18:24:48.325195: | an RSA Sig check passed with *AQO9bJbr3 [preloaded key] Aug 26 18:24:48.325203: | #1 spent 0.0689 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 18:24:48.325207: "westnet-eastnet-ikev2" #2: Authenticated using RSA Aug 26 18:24:48.325218: | #1 spent 0.108 milliseconds in ikev2_verify_rsa_hash() Aug 26 18:24:48.325222: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 18:24:48.325228: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 18:24:48.325231: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:24:48.325235: | libevent_free: release ptr-libevent@0x7fd724002888 Aug 26 18:24:48.325239: | free_event_entry: release EVENT_SA_REPLACE-pe@0x558fa9de5628 Aug 26 18:24:48.325242: | event_schedule: new EVENT_SA_REKEY-pe@0x558fa9de5628 Aug 26 18:24:48.325246: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 18:24:48.325249: | libevent_malloc: new ptr-libevent@0x7fd71c000f48 size 128 Aug 26 18:24:48.325339: | pstats #1 ikev2.ike established Aug 26 18:24:48.325347: | TSi: parsing 1 traffic selectors Aug 26 18:24:48.325351: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:48.325355: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:48.325357: | IP Protocol ID: 0 (0x0) Aug 26 18:24:48.325360: | length: 16 (0x10) Aug 26 18:24:48.325363: | start port: 0 (0x0) Aug 26 18:24:48.325365: | end port: 65535 (0xffff) Aug 26 18:24:48.325369: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:48.325371: | TS low c0 00 01 00 Aug 26 18:24:48.325374: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:48.325376: | TS high c0 00 01 ff Aug 26 18:24:48.325379: | TSi: parsed 1 traffic selectors Aug 26 18:24:48.325382: | TSr: parsing 1 traffic selectors Aug 26 18:24:48.325384: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:48.325387: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:48.325389: | IP Protocol ID: 0 (0x0) Aug 26 18:24:48.325392: | length: 16 (0x10) Aug 26 18:24:48.325394: | start port: 0 (0x0) Aug 26 18:24:48.325397: | end port: 65535 (0xffff) Aug 26 18:24:48.325401: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:48.325404: | TS low c0 00 02 00 Aug 26 18:24:48.325407: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:48.325409: | TS high c0 00 02 ff Aug 26 18:24:48.325412: | TSr: parsed 1 traffic selectors Aug 26 18:24:48.325418: | evaluating our conn="westnet-eastnet-ikev2" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:24:48.325424: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:48.325431: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 18:24:48.325434: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:48.325437: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:48.325440: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:48.325443: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:48.325448: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:48.325454: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 18:24:48.325457: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:24:48.325459: | TSr[0] port match: YES fitness 65536 Aug 26 18:24:48.325462: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:24:48.325465: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:48.325467: | best fit so far: TSi[0] TSr[0] Aug 26 18:24:48.325470: | found an acceptable TSi/TSr Traffic Selector Aug 26 18:24:48.325472: | printing contents struct traffic_selector Aug 26 18:24:48.325475: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:24:48.325477: | ipprotoid: 0 Aug 26 18:24:48.325480: | port range: 0-65535 Aug 26 18:24:48.325483: | ip range: 192.0.1.0-192.0.1.255 Aug 26 18:24:48.325486: | printing contents struct traffic_selector Aug 26 18:24:48.325489: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:24:48.325491: | ipprotoid: 0 Aug 26 18:24:48.325494: | port range: 0-65535 Aug 26 18:24:48.325499: | ip range: 192.0.2.0-192.0.2.255 Aug 26 18:24:48.325514: | using existing local ESP/AH proposals for westnet-eastnet-ikev2 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:48.325518: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 18:24:48.325522: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:48.325525: | local proposal 1 type PRF has 0 transforms Aug 26 18:24:48.325527: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:48.325530: | local proposal 1 type DH has 1 transforms Aug 26 18:24:48.325532: | local proposal 1 type ESN has 1 transforms Aug 26 18:24:48.325536: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:24:48.325538: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:48.325540: | local proposal 2 type PRF has 0 transforms Aug 26 18:24:48.325542: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:48.325543: | local proposal 2 type DH has 1 transforms Aug 26 18:24:48.325545: | local proposal 2 type ESN has 1 transforms Aug 26 18:24:48.325547: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:24:48.325548: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:48.325550: | local proposal 3 type PRF has 0 transforms Aug 26 18:24:48.325551: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:48.325553: | local proposal 3 type DH has 1 transforms Aug 26 18:24:48.325555: | local proposal 3 type ESN has 1 transforms Aug 26 18:24:48.325557: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:24:48.325560: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:48.325562: | local proposal 4 type PRF has 0 transforms Aug 26 18:24:48.325563: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:48.325565: | local proposal 4 type DH has 1 transforms Aug 26 18:24:48.325566: | local proposal 4 type ESN has 1 transforms Aug 26 18:24:48.325568: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:24:48.325570: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:48.325572: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:48.325574: | length: 32 (0x20) Aug 26 18:24:48.325576: | prop #: 1 (0x1) Aug 26 18:24:48.325577: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:48.325579: | spi size: 4 (0x4) Aug 26 18:24:48.325580: | # transforms: 2 (0x2) Aug 26 18:24:48.325583: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:48.325584: | remote SPI 72 e2 f1 b3 Aug 26 18:24:48.325586: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:24:48.325588: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:48.325590: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:48.325592: | length: 12 (0xc) Aug 26 18:24:48.325593: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:48.325595: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:48.325597: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:48.325599: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:48.325600: | length/value: 256 (0x100) Aug 26 18:24:48.325603: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:48.325605: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:48.325607: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:48.325608: | length: 8 (0x8) Aug 26 18:24:48.325610: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:48.325611: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:48.325614: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:24:48.325616: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 18:24:48.325619: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 18:24:48.325620: | remote proposal 1 matches local proposal 1 Aug 26 18:24:48.325623: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Aug 26 18:24:48.325626: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=72e2f1b3;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 18:24:48.325628: | converting proposal to internal trans attrs Aug 26 18:24:48.325632: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 18:24:48.325754: | install_ipsec_sa() for #2: inbound and outbound Aug 26 18:24:48.325759: | could_route called for westnet-eastnet-ikev2 (kind=CK_PERMANENT) Aug 26 18:24:48.325761: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:48.325763: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:48.325765: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 Aug 26 18:24:48.325768: | route owner of "westnet-eastnet-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 18:24:48.325771: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:48.325773: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:48.325775: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:48.325777: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:48.325780: | setting IPsec SA replay-window to 32 Aug 26 18:24:48.325782: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2' not available on interface eth1 Aug 26 18:24:48.325784: | netlink: enabling tunnel mode Aug 26 18:24:48.325788: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:48.325790: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:48.325852: | netlink response for Add SA esp.72e2f1b3@192.1.2.23 included non-error error Aug 26 18:24:48.325855: | set up outgoing SA, ref=0/0 Aug 26 18:24:48.325857: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:48.325859: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:48.325861: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:48.325863: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:48.325865: | setting IPsec SA replay-window to 32 Aug 26 18:24:48.325867: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2' not available on interface eth1 Aug 26 18:24:48.325869: | netlink: enabling tunnel mode Aug 26 18:24:48.325870: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:48.325872: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:48.325898: | netlink response for Add SA esp.cca392a6@192.1.2.45 included non-error error Aug 26 18:24:48.325903: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Aug 26 18:24:48.325908: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Aug 26 18:24:48.325910: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:48.325930: | raw_eroute result=success Aug 26 18:24:48.325933: | set up incoming SA, ref=0/0 Aug 26 18:24:48.325935: | sr for #2: unrouted Aug 26 18:24:48.325937: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:24:48.325939: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:48.325941: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:48.325942: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 Aug 26 18:24:48.325945: | route owner of "westnet-eastnet-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 18:24:48.325947: | route_and_eroute with c: westnet-eastnet-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 18:24:48.325949: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Aug 26 18:24:48.325954: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 18:24:48.325955: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:48.325965: | raw_eroute result=success Aug 26 18:24:48.325969: | running updown command "ipsec _updown" for verb up Aug 26 18:24:48.325971: | command executing up-client Aug 26 18:24:48.325989: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0 Aug 26 18:24:48.325991: | popen cmd is 1043 chars long Aug 26 18:24:48.325993: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ike: Aug 26 18:24:48.325995: | cmd( 80):v2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLU: Aug 26 18:24:48.325997: | cmd( 160):TO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' : Aug 26 18:24:48.326000: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Aug 26 18:24:48.326002: | cmd( 320):TO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@: Aug 26 18:24:48.326003: | cmd( 400):east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_P: Aug 26 18:24:48.326005: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Aug 26 18:24:48.326007: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN: Aug 26 18:24:48.326008: | cmd( 640):CRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KI: Aug 26 18:24:48.326010: | cmd( 720):ND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISC: Aug 26 18:24:48.326012: | cmd( 800):O='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUT: Aug 26 18:24:48.326013: | cmd( 880):O_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_R: Aug 26 18:24:48.326015: | cmd( 960):OUTING='no' VTI_SHARED='no' SPI_IN=0x72e2f1b3 SPI_OUT=0xcca392a6 ipsec _updown 2: Aug 26 18:24:48.326016: | cmd(1040):>&1: Aug 26 18:24:48.336326: | route_and_eroute: firewall_notified: true Aug 26 18:24:48.336339: | running updown command "ipsec _updown" for verb prepare Aug 26 18:24:48.336342: | command executing prepare-client Aug 26 18:24:48.336366: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no Aug 26 18:24:48.336369: | popen cmd is 1048 chars long Aug 26 18:24:48.336371: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 18:24:48.336385: | cmd( 80):t-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45: Aug 26 18:24:48.336387: | cmd( 160):' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 18:24:48.336389: | cmd( 240):1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Aug 26 18:24:48.336390: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Aug 26 18:24:48.336392: | cmd( 400):ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Aug 26 18:24:48.336394: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 18:24:48.336395: | cmd( 560): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSAS: Aug 26 18:24:48.336397: | cmd( 640):IG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CO: Aug 26 18:24:48.336398: | cmd( 720):NN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER: Aug 26 18:24:48.336400: | cmd( 800):_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='': Aug 26 18:24:48.336402: | cmd( 880): PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' : Aug 26 18:24:48.336404: | cmd( 960):VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x72e2f1b3 SPI_OUT=0xcca392a6 ipsec _upd: Aug 26 18:24:48.336405: | cmd(1040):own 2>&1: Aug 26 18:24:48.347245: | running updown command "ipsec _updown" for verb route Aug 26 18:24:48.347258: | command executing route-client Aug 26 18:24:48.347282: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Aug 26 18:24:48.347285: | popen cmd is 1046 chars long Aug 26 18:24:48.347287: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Aug 26 18:24:48.347302: | cmd( 80):ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' : Aug 26 18:24:48.347306: | cmd( 160):PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.: Aug 26 18:24:48.347308: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Aug 26 18:24:48.347309: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Aug 26 18:24:48.347311: | cmd( 400):='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUT: Aug 26 18:24:48.347313: | cmd( 480):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Aug 26 18:24:48.347314: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG: Aug 26 18:24:48.347316: | cmd( 640):+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Aug 26 18:24:48.347318: | cmd( 720):_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C: Aug 26 18:24:48.347319: | cmd( 800):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P: Aug 26 18:24:48.347321: | cmd( 880):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT: Aug 26 18:24:48.347323: | cmd( 960):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0x72e2f1b3 SPI_OUT=0xcca392a6 ipsec _updow: Aug 26 18:24:48.347324: | cmd(1040):n 2>&1: Aug 26 18:24:48.363064: | route_and_eroute: instance "westnet-eastnet-ikev2", setting eroute_owner {spd=0x558fa9de35d8,sr=0x558fa9de35d8} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 18:24:48.363155: | #1 spent 1.44 milliseconds in install_ipsec_sa() Aug 26 18:24:48.363167: | inR2: instance westnet-eastnet-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 18:24:48.363172: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:24:48.363177: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 18:24:48.363188: | libevent_free: release ptr-libevent@0x558fa9de8368 Aug 26 18:24:48.363195: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fd724002b78 Aug 26 18:24:48.363202: | #2 spent 2.17 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 18:24:48.363212: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:48.363217: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 18:24:48.363221: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 18:24:48.363226: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 18:24:48.363233: | Message ID: updating counters for #2 to 1 after switching state Aug 26 18:24:48.363241: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 18:24:48.363247: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:48.363251: | pstats #2 ikev2.child established Aug 26 18:24:48.363261: "westnet-eastnet-ikev2" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 18:24:48.363274: | NAT-T: encaps is 'auto' Aug 26 18:24:48.363279: "westnet-eastnet-ikev2" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x72e2f1b3 <0xcca392a6 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 18:24:48.363284: | releasing whack for #2 (sock=fd@25) Aug 26 18:24:48.363301: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 18:24:48.363307: | releasing whack and unpending for parent #1 Aug 26 18:24:48.363311: | unpending state #1 connection "westnet-eastnet-ikev2" Aug 26 18:24:48.363331: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-ikev2" Aug 26 18:24:48.363334: | removing pending policy for no connection {0x558fa9d3ca58} Aug 26 18:24:48.363358: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 18:24:48.363364: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 18:24:48.363369: | event_schedule: new EVENT_SA_REKEY-pe@0x7fd724002b78 Aug 26 18:24:48.363373: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 18:24:48.363379: | libevent_malloc: new ptr-libevent@0x558fa9dee648 size 128 Aug 26 18:24:48.363386: | stop processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:48.363393: | #1 spent 2.66 milliseconds in ikev2_process_packet() Aug 26 18:24:48.363398: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:48.363404: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:48.363408: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:48.363413: | spent 2.68 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:48.363427: | processing signal PLUTO_SIGCHLD Aug 26 18:24:48.363434: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:48.363439: | spent 0.00565 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:48.363442: | processing signal PLUTO_SIGCHLD Aug 26 18:24:48.363446: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:48.363450: | spent 0.00411 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:48.363454: | processing signal PLUTO_SIGCHLD Aug 26 18:24:48.363458: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:48.363462: | spent 0.00408 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:51.534675: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:51.534699: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:24:51.534705: | FOR_EACH_STATE_... in sort_states Aug 26 18:24:51.534713: | get_sa_info esp.cca392a6@192.1.2.45 Aug 26 18:24:51.534729: | get_sa_info esp.72e2f1b3@192.1.2.23 Aug 26 18:24:51.534751: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:51.534760: | spent 0.0934 milliseconds in whack Aug 26 18:24:52.904447: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:52.904926: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:52.904934: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:52.905004: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:24:52.905009: | FOR_EACH_STATE_... in sort_states Aug 26 18:24:52.905032: | get_sa_info esp.cca392a6@192.1.2.45 Aug 26 18:24:52.905052: | get_sa_info esp.72e2f1b3@192.1.2.23 Aug 26 18:24:52.905080: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:52.905089: | spent 0.651 milliseconds in whack Aug 26 18:24:53.725162: | spent 0.0034 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:53.725185: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 18:24:53.725191: | 12 52 17 9e ec b0 bb 96 a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:53.725193: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:24:53.725196: | 15 6f 3f 3d 01 ad 9f 91 d5 e2 a4 43 05 a8 a1 b1 Aug 26 18:24:53.725198: | 6d 0c 1e ae f4 69 c2 41 cf 67 72 00 10 93 69 a6 Aug 26 18:24:53.725201: | 55 21 90 cc 8a Aug 26 18:24:53.725205: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:53.725210: | **parse ISAKMP Message: Aug 26 18:24:53.725212: | initiator cookie: Aug 26 18:24:53.725215: | 12 52 17 9e ec b0 bb 96 Aug 26 18:24:53.725217: | responder cookie: Aug 26 18:24:53.725220: | a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:53.725223: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:53.725226: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:53.725232: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:53.725236: | flags: none (0x0) Aug 26 18:24:53.725239: | Message ID: 0 (0x0) Aug 26 18:24:53.725242: | length: 69 (0x45) Aug 26 18:24:53.725245: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:24:53.725248: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:24:53.725253: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:24:53.725259: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:53.725262: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:53.725267: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:53.725270: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 18:24:53.725275: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Aug 26 18:24:53.725277: | unpacking clear payload Aug 26 18:24:53.725280: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:53.725283: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:53.725286: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:24:53.725293: | flags: none (0x0) Aug 26 18:24:53.725297: | length: 41 (0x29) Aug 26 18:24:53.725300: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 18:24:53.725305: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 18:24:53.725308: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:24:53.725334: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:24:53.725337: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:24:53.725340: | **parse IKEv2 Delete Payload: Aug 26 18:24:53.725343: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:53.725345: | flags: none (0x0) Aug 26 18:24:53.725348: | length: 12 (0xc) Aug 26 18:24:53.725351: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:24:53.725353: | SPI size: 4 (0x4) Aug 26 18:24:53.725356: | number of SPIs: 1 (0x1) Aug 26 18:24:53.725358: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 18:24:53.725361: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:24:53.725364: | Now let's proceed with state specific processing Aug 26 18:24:53.725366: | calling processor I3: INFORMATIONAL Request Aug 26 18:24:53.725370: | an informational request should send a response Aug 26 18:24:53.725393: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:24:53.725399: | **emit ISAKMP Message: Aug 26 18:24:53.725402: | initiator cookie: Aug 26 18:24:53.725405: | 12 52 17 9e ec b0 bb 96 Aug 26 18:24:53.725407: | responder cookie: Aug 26 18:24:53.725409: | a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:53.725413: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:53.725415: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:53.725418: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:53.725421: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:24:53.725424: | Message ID: 0 (0x0) Aug 26 18:24:53.725427: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:53.725430: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:53.725432: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:53.725435: | flags: none (0x0) Aug 26 18:24:53.725438: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:53.725441: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:24:53.725445: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:53.725457: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 18:24:53.725460: | SPI 72 e2 f1 b3 Aug 26 18:24:53.725463: | delete PROTO_v2_ESP SA(0x72e2f1b3) Aug 26 18:24:53.725466: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 18:24:53.725469: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 18:24:53.725472: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x72e2f1b3) Aug 26 18:24:53.725475: "westnet-eastnet-ikev2" #1: received Delete SA payload: replace IPsec State #2 now Aug 26 18:24:53.725479: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:53.725483: | libevent_free: release ptr-libevent@0x558fa9dee648 Aug 26 18:24:53.725486: | free_event_entry: release EVENT_SA_REKEY-pe@0x7fd724002b78 Aug 26 18:24:53.725489: | event_schedule: new EVENT_SA_REPLACE-pe@0x7fd724002b78 Aug 26 18:24:53.725493: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 18:24:53.725496: | libevent_malloc: new ptr-libevent@0x558fa9de8368 size 128 Aug 26 18:24:53.725500: | ****emit IKEv2 Delete Payload: Aug 26 18:24:53.725502: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:53.725505: | flags: none (0x0) Aug 26 18:24:53.725508: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:24:53.725510: | SPI size: 4 (0x4) Aug 26 18:24:53.725513: | number of SPIs: 1 (0x1) Aug 26 18:24:53.725516: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:24:53.725519: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:24:53.725523: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 18:24:53.725525: | local SPIs cc a3 92 a6 Aug 26 18:24:53.725528: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:24:53.725531: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:53.725534: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:53.725537: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:53.725539: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:24:53.725542: | emitting length of ISAKMP Message: 69 Aug 26 18:24:53.725560: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:53.725563: | 12 52 17 9e ec b0 bb 96 a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:53.725566: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:24:53.725568: | 30 7f 12 0e 0b 90 5f 73 7d 70 3f 74 e3 66 f0 77 Aug 26 18:24:53.725572: | c3 88 46 d4 84 e7 6b 98 2c 0d 40 cc 9d a4 ae 1d Aug 26 18:24:53.725575: | 0c 64 48 c4 98 Aug 26 18:24:53.725596: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:24:53.725601: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:24:53.725607: | #1 spent 0.229 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 18:24:53.725613: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:53.725616: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 18:24:53.725620: | Message ID: updating counters for #1 to 0 after switching state Aug 26 18:24:53.725624: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 18:24:53.725629: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:53.725632: "westnet-eastnet-ikev2" #1: STATE_PARENT_I3: PARENT SA established Aug 26 18:24:53.725637: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:53.725641: | #1 spent 0.453 milliseconds in ikev2_process_packet() Aug 26 18:24:53.725646: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:53.725650: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:53.725653: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:53.725657: | spent 0.468 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:53.725663: | timer_event_cb: processing event@0x7fd724002b78 Aug 26 18:24:53.725666: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 18:24:53.725671: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:53.725675: | picked newest_ipsec_sa #2 for #2 Aug 26 18:24:53.725678: | replacing stale CHILD SA Aug 26 18:24:53.725682: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:24:53.725684: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:53.725688: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 18:24:53.725693: | creating state object #3 at 0x558fa9dea008 Aug 26 18:24:53.725696: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 18:24:53.725705: | pstats #3 ikev2.child started Aug 26 18:24:53.725708: | duplicating state object #1 "westnet-eastnet-ikev2" as #3 for IPSEC SA Aug 26 18:24:53.725714: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:53.725723: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:53.725728: | suspend processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:24:53.725733: | start processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:24:53.725737: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 18:24:53.725740: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 18:24:53.725744: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-ikev2 (ESP/AH initiator emitting proposals) Aug 26 18:24:53.725749: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:24:53.725759: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:24:53.725762: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:24:53.725766: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:24:53.725770: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:53.725774: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:53.725777: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:53.725782: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:53.725790: "westnet-eastnet-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ikev2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:53.725796: | #3 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 18:24:53.725799: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x558fa9de82f8 Aug 26 18:24:53.725803: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 18:24:53.725806: | libevent_malloc: new ptr-libevent@0x558fa9dee648 size 128 Aug 26 18:24:53.725811: | RESET processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:24:53.725814: | event_schedule: new EVENT_SA_EXPIRE-pe@0x558fa9df2158 Aug 26 18:24:53.725818: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 18:24:53.725820: | libevent_malloc: new ptr-libevent@0x558fa9de5748 size 128 Aug 26 18:24:53.725823: | libevent_free: release ptr-libevent@0x558fa9de8368 Aug 26 18:24:53.725826: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7fd724002b78 Aug 26 18:24:53.725831: | #2 spent 0.167 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:24:53.725834: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:24:53.725838: | timer_event_cb: processing event@0x558fa9de82f8 Aug 26 18:24:53.725841: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 18:24:53.725846: | start processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:53.725852: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Aug 26 18:24:53.725855: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fd724002b78 Aug 26 18:24:53.725859: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:24:53.725862: | libevent_malloc: new ptr-libevent@0x558fa9de8368 size 128 Aug 26 18:24:53.725870: | libevent_free: release ptr-libevent@0x558fa9dee648 Aug 26 18:24:53.725873: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x558fa9de82f8 Aug 26 18:24:53.725878: | #3 spent 0.0383 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 18:24:53.725882: | stop processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:24:53.725891: | timer_event_cb: processing event@0x558fa9df2158 Aug 26 18:24:53.725896: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 18:24:53.725879: | crypto helper 2 resuming Aug 26 18:24:53.725912: | crypto helper 2 starting work-order 3 for state #3 Aug 26 18:24:53.725919: | crypto helper 2 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Aug 26 18:24:53.726899: | crypto helper 2 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.00098 seconds Aug 26 18:24:53.726915: | (#3) spent 0.962 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 18:24:53.726923: | crypto helper 2 sending results from work-order 3 for state #3 to event queue Aug 26 18:24:53.726927: | scheduling resume sending helper answer for #3 Aug 26 18:24:53.726932: | libevent_malloc: new ptr-libevent@0x7fd720002888 size 128 Aug 26 18:24:53.726937: | crypto helper 2 waiting (nothing to do) Aug 26 18:24:53.725900: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:53.726948: | picked newest_ipsec_sa #2 for #2 Aug 26 18:24:53.726952: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:24:53.726955: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 18:24:53.726958: | pstats #2 ikev2.child deleted completed Aug 26 18:24:53.726961: | #2 spent 2.34 milliseconds in total Aug 26 18:24:53.726967: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:24:53.726971: "westnet-eastnet-ikev2" #2: deleting state (STATE_V2_IPSEC_I) aged 5.449s and NOT sending notification Aug 26 18:24:53.726975: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 18:24:53.726980: | get_sa_info esp.72e2f1b3@192.1.2.23 Aug 26 18:24:53.726996: | get_sa_info esp.cca392a6@192.1.2.45 Aug 26 18:24:53.727006: "westnet-eastnet-ikev2" #2: ESP traffic information: in=2KB out=2KB Aug 26 18:24:53.727011: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:24:53.727057: | running updown command "ipsec _updown" for verb down Aug 26 18:24:53.727062: | command executing down-client Aug 26 18:24:53.727091: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843888' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED= Aug 26 18:24:53.727096: | popen cmd is 1054 chars long Aug 26 18:24:53.727099: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Aug 26 18:24:53.727103: | cmd( 80):kev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' P: Aug 26 18:24:53.727106: | cmd( 160):LUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0: Aug 26 18:24:53.727108: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Aug 26 18:24:53.727111: | cmd( 320):LUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Aug 26 18:24:53.727114: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Aug 26 18:24:53.727117: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Aug 26 18:24:53.727119: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843888' PLUTO_CONN_POLICY: Aug 26 18:24:53.727122: | cmd( 640):='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Aug 26 18:24:53.727125: | cmd( 720):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Aug 26 18:24:53.727128: | cmd( 800):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Aug 26 18:24:53.727133: | cmd( 880):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Aug 26 18:24:53.727136: | cmd( 960):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x72e2f1b3 SPI_OUT=0xcca392a6 ipse: Aug 26 18:24:53.727139: | cmd(1040):c _updown 2>&1: Aug 26 18:24:53.751994: | shunt_eroute() called for connection 'westnet-eastnet-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:24:53.752033: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:53.752038: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Aug 26 18:24:53.752044: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:53.752084: | delete esp.72e2f1b3@192.1.2.23 Aug 26 18:24:53.752106: | netlink response for Del SA esp.72e2f1b3@192.1.2.23 included non-error error Aug 26 18:24:53.752111: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Aug 26 18:24:53.752118: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 18:24:53.752141: | raw_eroute result=success Aug 26 18:24:53.752146: | delete esp.cca392a6@192.1.2.45 Aug 26 18:24:53.752159: | netlink response for Del SA esp.cca392a6@192.1.2.45 included non-error error Aug 26 18:24:53.752172: | in connection_discard for connection westnet-eastnet-ikev2 Aug 26 18:24:53.752176: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 18:24:53.752181: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:24:53.752191: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:24:53.752211: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 18:24:53.752215: | can't expire unused IKE SA #1; it has the child #3 Aug 26 18:24:53.752223: | libevent_free: release ptr-libevent@0x558fa9de5748 Aug 26 18:24:53.752229: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x558fa9df2158 Aug 26 18:24:53.752234: | in statetime_stop() and could not find #2 Aug 26 18:24:53.752238: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:24:53.752264: | spent 0.00253 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:53.752283: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 18:24:53.752292: | 12 52 17 9e ec b0 bb 96 a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:53.752298: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 18:24:53.752301: | 01 d4 40 cb b1 78 85 2b 0c 9a 2f 84 2f 05 4d e8 Aug 26 18:24:53.752304: | 42 f7 42 1b 16 20 e5 ed 92 da 1b 04 26 b4 a6 92 Aug 26 18:24:53.752307: | 8a Aug 26 18:24:53.752313: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:53.752317: | **parse ISAKMP Message: Aug 26 18:24:53.752321: | initiator cookie: Aug 26 18:24:53.752323: | 12 52 17 9e ec b0 bb 96 Aug 26 18:24:53.752326: | responder cookie: Aug 26 18:24:53.752328: | a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:53.752332: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:53.752335: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:53.752338: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:53.752342: | flags: none (0x0) Aug 26 18:24:53.752345: | Message ID: 1 (0x1) Aug 26 18:24:53.752348: | length: 65 (0x41) Aug 26 18:24:53.752351: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:24:53.752355: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:24:53.752359: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:24:53.752366: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:53.752370: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:53.752375: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:53.752382: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:24:53.752387: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Aug 26 18:24:53.752390: | unpacking clear payload Aug 26 18:24:53.752393: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:53.752396: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:53.752399: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:24:53.752402: | flags: none (0x0) Aug 26 18:24:53.752404: | length: 37 (0x25) Aug 26 18:24:53.752407: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 18:24:53.752413: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 18:24:53.752416: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:24:53.752448: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:24:53.752453: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:24:53.752456: | **parse IKEv2 Delete Payload: Aug 26 18:24:53.752459: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:53.752462: | flags: none (0x0) Aug 26 18:24:53.752464: | length: 8 (0x8) Aug 26 18:24:53.752467: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 18:24:53.752470: | SPI size: 0 (0x0) Aug 26 18:24:53.752472: | number of SPIs: 0 (0x0) Aug 26 18:24:53.752475: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 18:24:53.752478: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:24:53.752481: | Now let's proceed with state specific processing Aug 26 18:24:53.752484: | calling processor I3: INFORMATIONAL Request Aug 26 18:24:53.752487: | an informational request should send a response Aug 26 18:24:53.752511: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:24:53.752516: | **emit ISAKMP Message: Aug 26 18:24:53.752519: | initiator cookie: Aug 26 18:24:53.752522: | 12 52 17 9e ec b0 bb 96 Aug 26 18:24:53.752524: | responder cookie: Aug 26 18:24:53.752527: | a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:53.752530: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:53.752532: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:53.752535: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:53.752538: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:24:53.752541: | Message ID: 1 (0x1) Aug 26 18:24:53.752544: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:53.752548: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:53.752551: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:53.752554: | flags: none (0x0) Aug 26 18:24:53.752557: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:53.752560: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:24:53.752564: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:53.752584: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:53.752588: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:53.752591: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:53.752594: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 18:24:53.752597: | emitting length of ISAKMP Message: 57 Aug 26 18:24:53.752614: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:53.752617: | 12 52 17 9e ec b0 bb 96 a9 14 6d 85 d8 29 e5 b4 Aug 26 18:24:53.752619: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Aug 26 18:24:53.752621: | 3e 01 01 4a c1 8c fd 01 d8 be 43 03 c6 b8 f7 73 Aug 26 18:24:53.752625: | 5a 93 ac e2 6b 75 88 f2 72 Aug 26 18:24:53.752652: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:24:53.752657: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:24:53.752661: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 18:24:53.752664: | pstats #3 ikev2.child deleted other Aug 26 18:24:53.752667: | #3 spent 0.0383 milliseconds in total Aug 26 18:24:53.752671: | suspend processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:24:53.752675: | start processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:24:53.752679: "westnet-eastnet-ikev2" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.026s and NOT sending notification Aug 26 18:24:53.752682: | child state #3: CHILDSA_DEL(informational) => delete Aug 26 18:24:53.752685: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:53.752688: | libevent_free: release ptr-libevent@0x558fa9de8368 Aug 26 18:24:53.752693: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fd724002b78 Aug 26 18:24:53.752697: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Aug 26 18:24:53.752703: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 18:24:53.752715: | raw_eroute result=success Aug 26 18:24:53.752719: | in connection_discard for connection westnet-eastnet-ikev2 Aug 26 18:24:53.752722: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 18:24:53.752729: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:24:53.752734: | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:24:53.752738: | resume processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:24:53.752742: | State DB: IKEv2 state not found (delete_my_family) Aug 26 18:24:53.752745: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 18:24:53.752747: | pstats #1 ikev2.ike deleted completed Aug 26 18:24:53.752752: | #1 spent 13 milliseconds in total Aug 26 18:24:53.752756: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:24:53.752760: "westnet-eastnet-ikev2" #1: deleting state (STATE_IKESA_DEL) aged 5.482s and NOT sending notification Aug 26 18:24:53.752763: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 18:24:53.753881: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:53.753895: | libevent_free: release ptr-libevent@0x7fd71c000f48 Aug 26 18:24:53.753901: | free_event_entry: release EVENT_SA_REKEY-pe@0x558fa9de5628 Aug 26 18:24:53.753904: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:24:53.753907: | picked newest_isakmp_sa #0 for #1 Aug 26 18:24:53.753911: "westnet-eastnet-ikev2" #1: deleting IKE SA for connection 'westnet-eastnet-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:24:53.753914: | add revival: connection 'westnet-eastnet-ikev2' added to the list and scheduled for 0 seconds Aug 26 18:24:53.753918: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 18:24:53.753922: | in connection_discard for connection westnet-eastnet-ikev2 Aug 26 18:24:53.753924: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 18:24:53.753928: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 18:24:53.753931: | unreference key: 0x558fa9de58b8 @east cnt 2-- Aug 26 18:24:53.753960: | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:24:53.753989: | in statetime_stop() and could not find #1 Aug 26 18:24:53.753995: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:53.753999: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 18:24:53.754002: | STF_OK but no state object remains Aug 26 18:24:53.754005: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:53.754008: | in statetime_stop() and could not find #1 Aug 26 18:24:53.754013: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:53.754016: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:53.754019: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:53.754025: | spent 0.672 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:53.754033: | processing resume sending helper answer for #3 Aug 26 18:24:53.754037: | crypto helper 2 replies to request ID 3 Aug 26 18:24:53.754040: | calling continuation function 0x558fa9b29b50 Aug 26 18:24:53.754042: | work-order 3 state #3 crypto result suppressed Aug 26 18:24:53.754064: | (#3) spent 0.0264 milliseconds in resume sending helper answer Aug 26 18:24:53.754069: | libevent_free: release ptr-libevent@0x7fd720002888 Aug 26 18:24:53.754072: | processing signal PLUTO_SIGCHLD Aug 26 18:24:53.754078: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:53.754082: | spent 0.00557 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:53.754089: | processing global timer EVENT_REVIVE_CONNS Aug 26 18:24:53.754092: Initiating connection westnet-eastnet-ikev2 which received a Delete/Notify but must remain up per local policy Aug 26 18:24:53.754096: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:53.754101: | start processing: connection "westnet-eastnet-ikev2" (in initiate_a_connection() at initiate.c:186) Aug 26 18:24:53.754104: | connection 'westnet-eastnet-ikev2' +POLICY_UP Aug 26 18:24:53.754108: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 18:24:53.754111: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:53.754119: | creating state object #4 at 0x558fa9de5b38 Aug 26 18:24:53.754122: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 18:24:53.754128: | pstats #4 ikev2.ike started Aug 26 18:24:53.754132: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:24:53.754136: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:24:53.754141: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:53.754148: | suspend processing: connection "westnet-eastnet-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:24:53.754153: | start processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:24:53.754157: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:24:53.754162: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ikev2" IKE SA #4 "westnet-eastnet-ikev2" Aug 26 18:24:53.754167: "westnet-eastnet-ikev2" #4: initiating v2 parent SA Aug 26 18:24:53.754185: | using existing local IKE proposals for connection westnet-eastnet-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:53.754194: | adding ikev2_outI1 KE work-order 4 for state #4 Aug 26 18:24:53.754197: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fd71c001f18 Aug 26 18:24:53.754202: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 18:24:53.754206: | libevent_malloc: new ptr-libevent@0x558fa9de5748 size 128 Aug 26 18:24:53.754218: | #4 spent 0.116 milliseconds in ikev2_parent_outI1() Aug 26 18:24:53.754224: | RESET processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:53.754227: | RESET processing: connection "westnet-eastnet-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:53.754231: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:24:53.754235: | spent 0.142 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 18:24:53.754247: | crypto helper 3 resuming Aug 26 18:24:53.754254: | crypto helper 3 starting work-order 4 for state #4 Aug 26 18:24:53.754258: | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Aug 26 18:24:53.755250: | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.00099 seconds Aug 26 18:24:53.755263: | (#4) spent 0.985 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Aug 26 18:24:53.755267: | crypto helper 3 sending results from work-order 4 for state #4 to event queue Aug 26 18:24:53.755270: | scheduling resume sending helper answer for #4 Aug 26 18:24:53.755274: | libevent_malloc: new ptr-libevent@0x7fd714002888 size 128 Aug 26 18:24:53.755281: | crypto helper 3 waiting (nothing to do) Aug 26 18:24:53.755295: | processing resume sending helper answer for #4 Aug 26 18:24:53.755303: | start processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:53.755307: | crypto helper 3 replies to request ID 4 Aug 26 18:24:53.755310: | calling continuation function 0x558fa9b29b50 Aug 26 18:24:53.755313: | ikev2_parent_outI1_continue for #4 Aug 26 18:24:53.755319: | **emit ISAKMP Message: Aug 26 18:24:53.755322: | initiator cookie: Aug 26 18:24:53.755325: | db d0 47 f6 90 15 ff dd Aug 26 18:24:53.755327: | responder cookie: Aug 26 18:24:53.755329: | 00 00 00 00 00 00 00 00 Aug 26 18:24:53.755333: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:53.755335: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:53.755338: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:53.755341: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:53.755344: | Message ID: 0 (0x0) Aug 26 18:24:53.755347: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:53.755364: | using existing local IKE proposals for connection westnet-eastnet-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:53.755367: | Emitting ikev2_proposals ... Aug 26 18:24:53.755370: | ***emit IKEv2 Security Association Payload: Aug 26 18:24:53.755373: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:53.755376: | flags: none (0x0) Aug 26 18:24:53.755379: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:53.755382: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:53.755388: | discarding INTEG=NONE Aug 26 18:24:53.755391: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:53.755394: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:53.755396: | prop #: 1 (0x1) Aug 26 18:24:53.755399: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:53.755402: | spi size: 0 (0x0) Aug 26 18:24:53.755404: | # transforms: 11 (0xb) Aug 26 18:24:53.755407: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:53.755411: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755413: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755416: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:53.755419: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:53.755422: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755425: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:53.755428: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:53.755431: | length/value: 256 (0x100) Aug 26 18:24:53.755434: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:53.755436: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755439: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755441: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:53.755444: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:53.755447: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755451: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755454: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755456: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755459: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755462: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:53.755464: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:53.755468: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755471: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755474: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755476: | discarding INTEG=NONE Aug 26 18:24:53.755479: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755481: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755484: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.755486: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:53.755489: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755492: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755495: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755498: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755500: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755503: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.755506: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:53.755509: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755512: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755516: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755519: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755521: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755524: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.755527: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:53.755530: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755533: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755536: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755538: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755541: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755544: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.755546: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:53.755549: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755552: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755555: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755558: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755561: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755563: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.755566: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:53.755569: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755572: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755575: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755578: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755580: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755583: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.755586: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:53.755589: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755592: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755595: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755597: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755600: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755603: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.755605: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:53.755608: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755611: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755614: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755617: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755620: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:53.755622: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.755625: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:53.755628: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755633: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755636: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755638: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:53.755641: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:53.755644: | discarding INTEG=NONE Aug 26 18:24:53.755647: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:53.755649: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:53.755652: | prop #: 2 (0x2) Aug 26 18:24:53.755654: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:53.755657: | spi size: 0 (0x0) Aug 26 18:24:53.755659: | # transforms: 11 (0xb) Aug 26 18:24:53.755663: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:53.755666: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:53.755669: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755671: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755674: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:53.755677: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:53.755680: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755682: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:53.755685: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:53.755687: | length/value: 128 (0x80) Aug 26 18:24:53.755690: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:53.755693: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755696: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755698: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:53.755701: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:53.755704: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755707: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755710: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755713: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755715: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755718: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:53.755721: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:53.755724: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755726: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755729: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755732: | discarding INTEG=NONE Aug 26 18:24:53.755734: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755737: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755740: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.755742: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:53.755745: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755748: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755752: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755755: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755758: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755760: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.755763: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:53.755766: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755769: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755772: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755775: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755777: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755780: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.755782: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:53.755785: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755788: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755791: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755794: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755796: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755799: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.755801: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:53.755804: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755807: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755810: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755813: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755815: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755818: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.755820: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:53.755824: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755827: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755829: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755832: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755834: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755837: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.755840: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:53.755843: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755846: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755849: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755851: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755854: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755856: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.755859: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:53.755862: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755867: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755870: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755872: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755875: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:53.755877: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.755880: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:53.755883: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755886: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755889: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755891: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:53.755894: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:53.755897: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:53.755900: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:53.755903: | prop #: 3 (0x3) Aug 26 18:24:53.755905: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:53.755908: | spi size: 0 (0x0) Aug 26 18:24:53.755911: | # transforms: 13 (0xd) Aug 26 18:24:53.755914: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:53.755917: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:53.755920: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755923: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755925: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:53.755928: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:53.755931: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755934: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:53.755937: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:53.755940: | length/value: 256 (0x100) Aug 26 18:24:53.755942: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:53.755945: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755948: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755950: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:53.755953: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:53.755956: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755959: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755962: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755965: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755968: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755970: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:53.755973: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:53.755976: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755979: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.755982: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.755986: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.755989: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.755991: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:53.755994: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:53.755997: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756000: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756003: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756006: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756008: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756011: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:53.756014: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:53.756017: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756020: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756022: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756025: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756028: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756030: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.756033: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:53.756036: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756039: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756042: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756044: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756047: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756050: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.756052: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:53.756056: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756059: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756061: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756064: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756067: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756069: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.756072: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:53.756075: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756078: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756081: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756084: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756086: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756089: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.756091: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:53.756095: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756098: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756103: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756106: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756109: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756112: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.756114: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:53.756117: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756120: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756123: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756126: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756128: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756131: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.756134: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:53.756137: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756140: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756143: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756145: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756148: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756150: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.756153: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:53.756156: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756159: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756162: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756165: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756168: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:53.756170: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.756173: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:53.756176: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756179: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756182: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756185: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:53.756188: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:53.756191: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:53.756193: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:53.756196: | prop #: 4 (0x4) Aug 26 18:24:53.756199: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:53.756201: | spi size: 0 (0x0) Aug 26 18:24:53.756204: | # transforms: 13 (0xd) Aug 26 18:24:53.756207: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:53.756211: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:53.756214: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756216: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756222: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:53.756225: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:53.756228: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756231: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:53.756234: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:53.756236: | length/value: 128 (0x80) Aug 26 18:24:53.756239: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:53.756242: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756245: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756247: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:53.756250: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:53.756253: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756256: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756259: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756262: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756264: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756267: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:53.756270: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:53.756273: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756276: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756278: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756281: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756284: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756286: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:53.756294: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:53.756297: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756300: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756302: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756305: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756307: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756310: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:53.756312: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:53.756315: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756318: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756320: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756323: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756325: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756328: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.756330: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:53.756333: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756336: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756339: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756343: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756346: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756348: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.756351: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:53.756354: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756357: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756360: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756362: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756365: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756368: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.756370: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:53.756374: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756377: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756379: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756382: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756385: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756387: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.756390: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:53.756393: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756396: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756399: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756401: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756404: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756407: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.756409: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:53.756413: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756416: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756418: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756421: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756423: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756426: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.756429: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:53.756432: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756435: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756438: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756440: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756443: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756446: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.756448: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:53.756451: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756456: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756459: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756461: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:53.756464: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:53.756467: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:53.756469: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:53.756473: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:53.756476: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:53.756478: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:53.756481: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:53.756484: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:53.756487: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:24:53.756490: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:53.756493: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:24:53.756496: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:53.756499: | flags: none (0x0) Aug 26 18:24:53.756501: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:53.756505: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:24:53.756508: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:24:53.756511: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:24:53.756514: | ikev2 g^x ff a3 fa ef 5d ea 1e f4 1f a3 26 f9 c7 57 70 1b Aug 26 18:24:53.756517: | ikev2 g^x 0c f7 4f af 4d a4 1a 36 4a 84 34 d8 8e 8b 03 0b Aug 26 18:24:53.756519: | ikev2 g^x d2 51 50 13 7d 3a 36 3d 8a c1 2d 7b 97 bd eb 96 Aug 26 18:24:53.756522: | ikev2 g^x 0d ee ec b2 6c 70 f9 19 90 c1 3b 7a ec e0 f7 a9 Aug 26 18:24:53.756524: | ikev2 g^x d1 52 51 3d 7d c8 c7 77 01 17 05 97 59 8f b8 78 Aug 26 18:24:53.756527: | ikev2 g^x 78 2b 3a 73 54 0b 4a 8d b9 af b2 db a8 1f 12 bc Aug 26 18:24:53.756530: | ikev2 g^x 90 17 9b 98 88 44 4d 34 60 8f 0c 15 73 4a ec af Aug 26 18:24:53.756532: | ikev2 g^x ce 8e 55 04 0e fd 84 b3 70 e5 3b 34 c3 60 47 f6 Aug 26 18:24:53.756535: | ikev2 g^x fd 15 4b a0 f9 4d 2e 38 3f 9f a7 f5 c7 f5 14 54 Aug 26 18:24:53.756537: | ikev2 g^x 21 c8 2b 47 61 01 56 47 23 e9 36 2c 1d 82 0a 8a Aug 26 18:24:53.756540: | ikev2 g^x 05 51 05 7d fb 0f 87 30 c4 a6 a2 ec 28 7a 6e 78 Aug 26 18:24:53.756542: | ikev2 g^x ba 96 8c 1b fc 94 0f f9 57 2a 0c 88 d8 6a d9 db Aug 26 18:24:53.756545: | ikev2 g^x ac 1c ab 87 0e 46 30 62 a1 66 03 f7 4a 4e e9 e8 Aug 26 18:24:53.756547: | ikev2 g^x 5d 76 68 e5 54 9e 03 7e 59 5e 8e 38 42 25 bf b1 Aug 26 18:24:53.756550: | ikev2 g^x 13 29 da fe 41 ec 0a d1 7b 9b 1a 33 51 e2 61 04 Aug 26 18:24:53.756552: | ikev2 g^x 44 81 95 a3 31 38 96 4c 49 58 55 fe b2 cb 8a 95 Aug 26 18:24:53.756555: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:24:53.756558: | ***emit IKEv2 Nonce Payload: Aug 26 18:24:53.756561: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:53.756563: | flags: none (0x0) Aug 26 18:24:53.756566: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:24:53.756570: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:24:53.756573: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:24:53.756577: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:24:53.756580: | IKEv2 nonce af c1 fb a1 68 28 8c e3 7b 33 4a e8 fa b8 5e b9 Aug 26 18:24:53.756583: | IKEv2 nonce 5c 68 0b 75 7d 04 9b c7 27 18 cf 67 b0 5d 44 6c Aug 26 18:24:53.756585: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:24:53.756588: | Adding a v2N Payload Aug 26 18:24:53.756591: | ***emit IKEv2 Notify Payload: Aug 26 18:24:53.756594: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:53.756596: | flags: none (0x0) Aug 26 18:24:53.756599: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:53.756602: | SPI size: 0 (0x0) Aug 26 18:24:53.756605: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:53.756608: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:53.756611: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:53.756614: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:24:53.756617: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:24:53.756620: | natd_hash: rcookie is zero Aug 26 18:24:53.756631: | natd_hash: hasher=0x558fa9bfe800(20) Aug 26 18:24:53.756634: | natd_hash: icookie= db d0 47 f6 90 15 ff dd Aug 26 18:24:53.756637: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:53.756639: | natd_hash: ip= c0 01 02 2d Aug 26 18:24:53.756642: | natd_hash: port=500 Aug 26 18:24:53.756644: | natd_hash: hash= fc 61 06 b7 32 9a a2 ad 86 25 f8 ca 9b 60 73 6f Aug 26 18:24:53.756647: | natd_hash: hash= e3 c3 8c eb Aug 26 18:24:53.756649: | Adding a v2N Payload Aug 26 18:24:53.756652: | ***emit IKEv2 Notify Payload: Aug 26 18:24:53.756655: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:53.756657: | flags: none (0x0) Aug 26 18:24:53.756660: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:53.756662: | SPI size: 0 (0x0) Aug 26 18:24:53.756665: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:53.756669: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:53.756671: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:53.756675: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:53.756678: | Notify data fc 61 06 b7 32 9a a2 ad 86 25 f8 ca 9b 60 73 6f Aug 26 18:24:53.756680: | Notify data e3 c3 8c eb Aug 26 18:24:53.756683: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:53.756685: | natd_hash: rcookie is zero Aug 26 18:24:53.756692: | natd_hash: hasher=0x558fa9bfe800(20) Aug 26 18:24:53.756695: | natd_hash: icookie= db d0 47 f6 90 15 ff dd Aug 26 18:24:53.756697: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:53.756699: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:53.756702: | natd_hash: port=500 Aug 26 18:24:53.756705: | natd_hash: hash= b3 a4 72 dc f8 88 e5 1f 58 e2 da f4 c2 95 04 1b Aug 26 18:24:53.756707: | natd_hash: hash= 5b 51 8d 5a Aug 26 18:24:53.756710: | Adding a v2N Payload Aug 26 18:24:53.756712: | ***emit IKEv2 Notify Payload: Aug 26 18:24:53.756715: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:53.756718: | flags: none (0x0) Aug 26 18:24:53.756720: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:53.756723: | SPI size: 0 (0x0) Aug 26 18:24:53.756725: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:53.756729: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:53.756732: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:53.756735: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:53.756739: | Notify data b3 a4 72 dc f8 88 e5 1f 58 e2 da f4 c2 95 04 1b Aug 26 18:24:53.756742: | Notify data 5b 51 8d 5a Aug 26 18:24:53.756745: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:53.756747: | emitting length of ISAKMP Message: 828 Aug 26 18:24:53.756754: | stop processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:24:53.756760: | start processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:53.756764: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:24:53.756767: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:24:53.756771: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:24:53.756774: | Message ID: updating counters for #4 to 4294967295 after switching state Aug 26 18:24:53.756777: | Message ID: IKE #4 skipping update_recv as MD is fake Aug 26 18:24:53.756782: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:24:53.756786: "westnet-eastnet-ikev2" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:24:53.756791: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 18:24:53.756797: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Aug 26 18:24:53.756800: | db d0 47 f6 90 15 ff dd 00 00 00 00 00 00 00 00 Aug 26 18:24:53.756803: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:24:53.756805: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:24:53.756808: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:24:53.756810: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:24:53.756813: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:24:53.756815: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:24:53.756818: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:24:53.756821: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:24:53.756823: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:24:53.756826: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:24:53.756828: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:24:53.756831: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:24:53.756833: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:24:53.756836: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:24:53.756838: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:24:53.756841: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:24:53.756844: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:24:53.756846: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:24:53.756849: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:24:53.756851: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:24:53.756854: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:24:53.756856: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:24:53.756859: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:24:53.756861: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:24:53.756864: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:24:53.756866: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:24:53.756868: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:24:53.756871: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:24:53.756873: | 28 00 01 08 00 0e 00 00 ff a3 fa ef 5d ea 1e f4 Aug 26 18:24:53.756876: | 1f a3 26 f9 c7 57 70 1b 0c f7 4f af 4d a4 1a 36 Aug 26 18:24:53.756878: | 4a 84 34 d8 8e 8b 03 0b d2 51 50 13 7d 3a 36 3d Aug 26 18:24:53.756881: | 8a c1 2d 7b 97 bd eb 96 0d ee ec b2 6c 70 f9 19 Aug 26 18:24:53.756885: | 90 c1 3b 7a ec e0 f7 a9 d1 52 51 3d 7d c8 c7 77 Aug 26 18:24:53.756888: | 01 17 05 97 59 8f b8 78 78 2b 3a 73 54 0b 4a 8d Aug 26 18:24:53.756890: | b9 af b2 db a8 1f 12 bc 90 17 9b 98 88 44 4d 34 Aug 26 18:24:53.756893: | 60 8f 0c 15 73 4a ec af ce 8e 55 04 0e fd 84 b3 Aug 26 18:24:53.756895: | 70 e5 3b 34 c3 60 47 f6 fd 15 4b a0 f9 4d 2e 38 Aug 26 18:24:53.756898: | 3f 9f a7 f5 c7 f5 14 54 21 c8 2b 47 61 01 56 47 Aug 26 18:24:53.756901: | 23 e9 36 2c 1d 82 0a 8a 05 51 05 7d fb 0f 87 30 Aug 26 18:24:53.756903: | c4 a6 a2 ec 28 7a 6e 78 ba 96 8c 1b fc 94 0f f9 Aug 26 18:24:53.756906: | 57 2a 0c 88 d8 6a d9 db ac 1c ab 87 0e 46 30 62 Aug 26 18:24:53.756908: | a1 66 03 f7 4a 4e e9 e8 5d 76 68 e5 54 9e 03 7e Aug 26 18:24:53.756911: | 59 5e 8e 38 42 25 bf b1 13 29 da fe 41 ec 0a d1 Aug 26 18:24:53.756913: | 7b 9b 1a 33 51 e2 61 04 44 81 95 a3 31 38 96 4c Aug 26 18:24:53.756916: | 49 58 55 fe b2 cb 8a 95 29 00 00 24 af c1 fb a1 Aug 26 18:24:53.756918: | 68 28 8c e3 7b 33 4a e8 fa b8 5e b9 5c 68 0b 75 Aug 26 18:24:53.756921: | 7d 04 9b c7 27 18 cf 67 b0 5d 44 6c 29 00 00 08 Aug 26 18:24:53.756923: | 00 00 40 2e 29 00 00 1c 00 00 40 04 fc 61 06 b7 Aug 26 18:24:53.756926: | 32 9a a2 ad 86 25 f8 ca 9b 60 73 6f e3 c3 8c eb Aug 26 18:24:53.756928: | 00 00 00 1c 00 00 40 05 b3 a4 72 dc f8 88 e5 1f Aug 26 18:24:53.756931: | 58 e2 da f4 c2 95 04 1b 5b 51 8d 5a Aug 26 18:24:53.756959: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:53.756964: | libevent_free: release ptr-libevent@0x558fa9de5748 Aug 26 18:24:53.756967: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fd71c001f18 Aug 26 18:24:53.756970: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:24:53.756974: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fd71c001f18 Aug 26 18:24:53.756978: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Aug 26 18:24:53.756981: | libevent_malloc: new ptr-libevent@0x558fa9de8368 size 128 Aug 26 18:24:53.756986: | #4 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29179.49944 Aug 26 18:24:53.756990: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Aug 26 18:24:53.756995: | #4 spent 1.67 milliseconds in resume sending helper answer Aug 26 18:24:53.757001: | stop processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:53.757004: | libevent_free: release ptr-libevent@0x7fd714002888 Aug 26 18:24:54.156427: | kernel_process_msg_cb process netlink message Aug 26 18:24:54.156453: | netlink_get: XFRM_MSG_ACQUIRE message Aug 26 18:24:54.156457: | xfrm netlink msg len 376 Aug 26 18:24:54.156459: | xfrm acquire rtattribute type 5 Aug 26 18:24:54.156461: | xfrm acquire rtattribute type 16 Aug 26 18:24:54.156473: | add bare shunt 0x558fa9de45f8 192.0.1.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Aug 26 18:24:54.156479: initiate on demand from 192.0.1.254:8 to 192.0.2.254:0 proto=1 because: acquire Aug 26 18:24:54.156485: | find_connection: looking for policy for connection: 192.0.1.254:1/8 -> 192.0.2.254:1/0 Aug 26 18:24:54.156487: | FOR_EACH_CONNECTION_... in find_connection_for_clients Aug 26 18:24:54.156492: | find_connection: conn "westnet-eastnet-ikev2" has compatible peers: 192.0.1.0/24 -> 192.0.2.0/24 [pri: 25214986] Aug 26 18:24:54.156495: | find_connection: first OK "westnet-eastnet-ikev2" [pri:25214986]{0x558fa9de3488} (child none) Aug 26 18:24:54.156498: | find_connection: concluding with "westnet-eastnet-ikev2" [pri:25214986]{0x558fa9de3488} kind=CK_PERMANENT Aug 26 18:24:54.156501: | assign hold, routing was prospective erouted, needs to be erouted HOLD Aug 26 18:24:54.156503: | assign_holdpass() need broad(er) shunt Aug 26 18:24:54.156505: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Aug 26 18:24:54.156515: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => %hold>%hold (raw_eroute) Aug 26 18:24:54.156518: | netlink_raw_eroute: SPI_HOLD implemented as no-op Aug 26 18:24:54.156521: | raw_eroute result=success Aug 26 18:24:54.156523: | assign_holdpass() eroute_connection() done Aug 26 18:24:54.156525: | fiddle_bare_shunt called Aug 26 18:24:54.156527: | fiddle_bare_shunt with transport_proto 1 Aug 26 18:24:54.156530: | removing specific host-to-host bare shunt Aug 26 18:24:54.156534: | delete narrow %hold eroute 192.0.1.254/32:8 --1-> 192.0.2.254/32:0 => %hold (raw_eroute) Aug 26 18:24:54.156536: | netlink_raw_eroute: SPI_PASS Aug 26 18:24:54.156553: | raw_eroute result=success Aug 26 18:24:54.156556: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Aug 26 18:24:54.156561: | delete bare shunt 0x558fa9de45f8 192.0.1.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Aug 26 18:24:54.156564: assign_holdpass() delete_bare_shunt() failed Aug 26 18:24:54.156566: initiate_ondemand_body() failed to install negotiation_shunt, Aug 26 18:24:54.156569: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:54.156573: | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "westnet-eastnet-ikev2" Aug 26 18:24:54.156577: | initiate on demand using RSASIG from 192.0.1.254 to 192.0.2.254 Aug 26 18:24:54.156585: | spent 0.132 milliseconds in kernel message Aug 26 18:24:54.260478: | timer_event_cb: processing event@0x7fd71c001f18 Aug 26 18:24:54.260497: | handling event EVENT_RETRANSMIT for parent state #4 Aug 26 18:24:54.260507: | start processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:54.260511: | IKEv2 retransmit event Aug 26 18:24:54.260517: | [RE]START processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:144) Aug 26 18:24:54.260522: | handling event EVENT_RETRANSMIT for 192.1.2.23 "westnet-eastnet-ikev2" #4 attempt 2 of 0 Aug 26 18:24:54.260527: | and parent for 192.1.2.23 "westnet-eastnet-ikev2" #4 keying attempt 1 of 0; retransmit 1 Aug 26 18:24:54.260534: | retransmits: current time 29180.002997; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.503557 exceeds limit? NO Aug 26 18:24:54.260539: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fd714002b78 Aug 26 18:24:54.260543: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Aug 26 18:24:54.260547: | libevent_malloc: new ptr-libevent@0x7fd714002888 size 128 Aug 26 18:24:54.260553: "westnet-eastnet-ikev2" #4: STATE_PARENT_I1: retransmission; will wait 0.5 seconds for response Aug 26 18:24:54.260561: | sending 828 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Aug 26 18:24:54.260564: | db d0 47 f6 90 15 ff dd 00 00 00 00 00 00 00 00 Aug 26 18:24:54.260567: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:24:54.260570: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:24:54.260572: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:24:54.260575: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:24:54.260577: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:24:54.260580: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:24:54.260583: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:24:54.260585: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:24:54.260588: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:24:54.260590: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:24:54.260593: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:24:54.260596: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:24:54.260598: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:24:54.260601: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:24:54.260608: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:24:54.260611: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:24:54.260613: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:24:54.260616: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:24:54.260619: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:24:54.260621: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:24:54.260624: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:24:54.260627: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:24:54.260629: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:24:54.260632: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:24:54.260634: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:24:54.260637: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:24:54.260639: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:24:54.260642: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:24:54.260644: | 28 00 01 08 00 0e 00 00 ff a3 fa ef 5d ea 1e f4 Aug 26 18:24:54.260647: | 1f a3 26 f9 c7 57 70 1b 0c f7 4f af 4d a4 1a 36 Aug 26 18:24:54.260649: | 4a 84 34 d8 8e 8b 03 0b d2 51 50 13 7d 3a 36 3d Aug 26 18:24:54.260652: | 8a c1 2d 7b 97 bd eb 96 0d ee ec b2 6c 70 f9 19 Aug 26 18:24:54.260654: | 90 c1 3b 7a ec e0 f7 a9 d1 52 51 3d 7d c8 c7 77 Aug 26 18:24:54.260657: | 01 17 05 97 59 8f b8 78 78 2b 3a 73 54 0b 4a 8d Aug 26 18:24:54.260660: | b9 af b2 db a8 1f 12 bc 90 17 9b 98 88 44 4d 34 Aug 26 18:24:54.260662: | 60 8f 0c 15 73 4a ec af ce 8e 55 04 0e fd 84 b3 Aug 26 18:24:54.260665: | 70 e5 3b 34 c3 60 47 f6 fd 15 4b a0 f9 4d 2e 38 Aug 26 18:24:54.260667: | 3f 9f a7 f5 c7 f5 14 54 21 c8 2b 47 61 01 56 47 Aug 26 18:24:54.260670: | 23 e9 36 2c 1d 82 0a 8a 05 51 05 7d fb 0f 87 30 Aug 26 18:24:54.260673: | c4 a6 a2 ec 28 7a 6e 78 ba 96 8c 1b fc 94 0f f9 Aug 26 18:24:54.260675: | 57 2a 0c 88 d8 6a d9 db ac 1c ab 87 0e 46 30 62 Aug 26 18:24:54.260678: | a1 66 03 f7 4a 4e e9 e8 5d 76 68 e5 54 9e 03 7e Aug 26 18:24:54.260680: | 59 5e 8e 38 42 25 bf b1 13 29 da fe 41 ec 0a d1 Aug 26 18:24:54.260683: | 7b 9b 1a 33 51 e2 61 04 44 81 95 a3 31 38 96 4c Aug 26 18:24:54.260685: | 49 58 55 fe b2 cb 8a 95 29 00 00 24 af c1 fb a1 Aug 26 18:24:54.260688: | 68 28 8c e3 7b 33 4a e8 fa b8 5e b9 5c 68 0b 75 Aug 26 18:24:54.260690: | 7d 04 9b c7 27 18 cf 67 b0 5d 44 6c 29 00 00 08 Aug 26 18:24:54.260693: | 00 00 40 2e 29 00 00 1c 00 00 40 04 fc 61 06 b7 Aug 26 18:24:54.260696: | 32 9a a2 ad 86 25 f8 ca 9b 60 73 6f e3 c3 8c eb Aug 26 18:24:54.260698: | 00 00 00 1c 00 00 40 05 b3 a4 72 dc f8 88 e5 1f Aug 26 18:24:54.260701: | 58 e2 da f4 c2 95 04 1b 5b 51 8d 5a Aug 26 18:24:54.261104: | libevent_free: release ptr-libevent@0x558fa9de8368 Aug 26 18:24:54.261112: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fd71c001f18 Aug 26 18:24:54.261120: | #4 spent 0.621 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:24:54.261126: | stop processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:24:54.261138: recvmsg: received truncated IKE packet (MSG_TRUNC) Aug 26 18:24:54.261144: | **parse ISAKMP Message (raw): Aug 26 18:24:54.261148: | initiator cookie: Aug 26 18:24:54.261150: | db d0 47 f6 90 15 ff dd Aug 26 18:24:54.261153: | responder cookie: Aug 26 18:24:54.261155: | 00 00 00 00 00 00 00 00 Aug 26 18:24:54.261158: | next payload type: 33 (0x21) Aug 26 18:24:54.261161: | ISAKMP version: 32 (0x20) Aug 26 18:24:54.261163: | exchange type: 34 (0x22) Aug 26 18:24:54.261166: | flags: 8 (0x8) Aug 26 18:24:54.261169: | Message ID: 0 (0x0) Aug 26 18:24:54.261171: | length: 828 (0x33c) Aug 26 18:24:54.261175: | State DB: found IKEv2 state #4 in PARENT_I1 (find_likely_sender) Aug 26 18:24:54.261178: | MSG_ERRQUEUE packet matches IKEv2 SA #4 Aug 26 18:24:54.261186: | rejected packet: Aug 26 18:24:54.261189: | db d0 47 f6 90 15 ff dd 00 00 00 00 00 00 00 00 Aug 26 18:24:54.261191: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:24:54.261194: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:24:54.261196: | 80 0e 01 00 03 00 00 08 Aug 26 18:24:54.261199: | control: Aug 26 18:24:54.261201: | 1c 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 Aug 26 18:24:54.261204: | f7 5a 00 00 00 00 00 00 c0 01 02 2d 00 00 00 00 Aug 26 18:24:54.261206: | 30 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 Aug 26 18:24:54.261209: | 6f 00 00 00 02 03 03 00 00 00 00 00 00 00 00 00 Aug 26 18:24:54.261211: | 02 00 00 00 c0 01 02 17 00 00 00 00 00 00 00 00 Aug 26 18:24:54.261214: | name: Aug 26 18:24:54.261217: | 02 00 01 f4 c0 01 02 17 00 00 00 00 00 00 00 00 Aug 26 18:24:54.261226: "westnet-eastnet-ikev2" #4: ERROR: asynchronous network error report on eth1 (192.1.2.45:500) for message to 192.1.2.23 port 500, complainant 192.1.2.23: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Aug 26 18:24:54.261233: | spent 0.0967 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:54.761674: | timer_event_cb: processing event@0x7fd714002b78 Aug 26 18:24:54.761692: | handling event EVENT_RETRANSMIT for parent state #4 Aug 26 18:24:54.761701: | start processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:54.761705: | IKEv2 retransmit event Aug 26 18:24:54.761710: | [RE]START processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:144) Aug 26 18:24:54.761714: | handling event EVENT_RETRANSMIT for 192.1.2.23 "westnet-eastnet-ikev2" #4 attempt 2 of 0 Aug 26 18:24:54.761718: | and parent for 192.1.2.23 "westnet-eastnet-ikev2" #4 keying attempt 1 of 0; retransmit 2 Aug 26 18:24:54.761724: | retransmits: current time 29180.504188; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.004748 exceeds limit? NO Aug 26 18:24:54.761728: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fd71c001f18 Aug 26 18:24:54.761732: | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #4 Aug 26 18:24:54.761736: | libevent_malloc: new ptr-libevent@0x558fa9de8368 size 128 Aug 26 18:24:54.761741: "westnet-eastnet-ikev2" #4: STATE_PARENT_I1: retransmission; will wait 1 seconds for response Aug 26 18:24:54.761748: | sending 828 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Aug 26 18:24:54.761752: | db d0 47 f6 90 15 ff dd 00 00 00 00 00 00 00 00 Aug 26 18:24:54.761754: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:24:54.761756: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:24:54.761758: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:24:54.761761: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:24:54.761763: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:24:54.761765: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:24:54.761767: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:24:54.761770: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:24:54.761772: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:24:54.761774: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:24:54.761776: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:24:54.761779: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:24:54.761781: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:24:54.761783: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:24:54.761785: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:24:54.761788: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:24:54.761790: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:24:54.761792: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:24:54.761798: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:24:54.761801: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:24:54.761804: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:24:54.761806: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:24:54.761809: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:24:54.761811: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:24:54.761814: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:24:54.761817: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:24:54.761819: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:24:54.761822: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:24:54.761824: | 28 00 01 08 00 0e 00 00 ff a3 fa ef 5d ea 1e f4 Aug 26 18:24:54.761827: | 1f a3 26 f9 c7 57 70 1b 0c f7 4f af 4d a4 1a 36 Aug 26 18:24:54.761830: | 4a 84 34 d8 8e 8b 03 0b d2 51 50 13 7d 3a 36 3d Aug 26 18:24:54.761832: | 8a c1 2d 7b 97 bd eb 96 0d ee ec b2 6c 70 f9 19 Aug 26 18:24:54.761834: | 90 c1 3b 7a ec e0 f7 a9 d1 52 51 3d 7d c8 c7 77 Aug 26 18:24:54.761837: | 01 17 05 97 59 8f b8 78 78 2b 3a 73 54 0b 4a 8d Aug 26 18:24:54.761840: | b9 af b2 db a8 1f 12 bc 90 17 9b 98 88 44 4d 34 Aug 26 18:24:54.761842: | 60 8f 0c 15 73 4a ec af ce 8e 55 04 0e fd 84 b3 Aug 26 18:24:54.761845: | 70 e5 3b 34 c3 60 47 f6 fd 15 4b a0 f9 4d 2e 38 Aug 26 18:24:54.761847: | 3f 9f a7 f5 c7 f5 14 54 21 c8 2b 47 61 01 56 47 Aug 26 18:24:54.761849: | 23 e9 36 2c 1d 82 0a 8a 05 51 05 7d fb 0f 87 30 Aug 26 18:24:54.761852: | c4 a6 a2 ec 28 7a 6e 78 ba 96 8c 1b fc 94 0f f9 Aug 26 18:24:54.761854: | 57 2a 0c 88 d8 6a d9 db ac 1c ab 87 0e 46 30 62 Aug 26 18:24:54.761857: | a1 66 03 f7 4a 4e e9 e8 5d 76 68 e5 54 9e 03 7e Aug 26 18:24:54.761859: | 59 5e 8e 38 42 25 bf b1 13 29 da fe 41 ec 0a d1 Aug 26 18:24:54.761862: | 7b 9b 1a 33 51 e2 61 04 44 81 95 a3 31 38 96 4c Aug 26 18:24:54.761865: | 49 58 55 fe b2 cb 8a 95 29 00 00 24 af c1 fb a1 Aug 26 18:24:54.761867: | 68 28 8c e3 7b 33 4a e8 fa b8 5e b9 5c 68 0b 75 Aug 26 18:24:54.761870: | 7d 04 9b c7 27 18 cf 67 b0 5d 44 6c 29 00 00 08 Aug 26 18:24:54.761872: | 00 00 40 2e 29 00 00 1c 00 00 40 04 fc 61 06 b7 Aug 26 18:24:54.761875: | 32 9a a2 ad 86 25 f8 ca 9b 60 73 6f e3 c3 8c eb Aug 26 18:24:54.761877: | 00 00 00 1c 00 00 40 05 b3 a4 72 dc f8 88 e5 1f Aug 26 18:24:54.761880: | 58 e2 da f4 c2 95 04 1b 5b 51 8d 5a Aug 26 18:24:54.762256: | libevent_free: release ptr-libevent@0x7fd714002888 Aug 26 18:24:54.762265: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fd714002b78 Aug 26 18:24:54.762273: | #4 spent 0.6 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:24:54.762279: | stop processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:24:55.539277: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:55.539315: shutting down Aug 26 18:24:55.539328: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 18:24:55.539333: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:55.539336: forgetting secrets Aug 26 18:24:55.539348: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:55.539354: | unreference key: 0x558fa9de58b8 @east cnt 1-- Aug 26 18:24:55.539359: | unreference key: 0x558fa9d3cc48 @west cnt 1-- Aug 26 18:24:55.539365: | start processing: connection "westnet-eastnet-ikev2" (in delete_connection() at connections.c:189) Aug 26 18:24:55.539369: | removing pending policy for no connection {0x558fa9d3ca58} Aug 26 18:24:55.539373: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:24:55.539376: | pass 0 Aug 26 18:24:55.539379: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:55.539386: | state #4 Aug 26 18:24:55.539391: | suspend processing: connection "westnet-eastnet-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:24:55.539397: | start processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:24:55.539401: | pstats #4 ikev2.ike deleted other Aug 26 18:24:55.539407: | #4 spent 4 milliseconds in total Aug 26 18:24:55.539412: | [RE]START processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:24:55.539418: "westnet-eastnet-ikev2" #4: deleting state (STATE_PARENT_I1) aged 1.785s and NOT sending notification Aug 26 18:24:55.539421: | parent state #4: PARENT_I1(half-open IKE SA) => delete Aug 26 18:24:55.539425: | state #4 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:24:55.539429: | #4 STATE_PARENT_I1: retransmits: cleared Aug 26 18:24:55.539435: | libevent_free: release ptr-libevent@0x558fa9de8368 Aug 26 18:24:55.539438: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fd71c001f18 Aug 26 18:24:55.539443: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:24:55.539446: | picked newest_isakmp_sa #0 for #4 Aug 26 18:24:55.539450: "westnet-eastnet-ikev2" #4: deleting IKE SA for connection 'westnet-eastnet-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:24:55.539454: | add revival: connection 'westnet-eastnet-ikev2' added to the list and scheduled for 5 seconds Aug 26 18:24:55.539458: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 18:24:55.539465: | stop processing: connection "westnet-eastnet-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 18:24:55.539469: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 18:24:55.539472: | in connection_discard for connection westnet-eastnet-ikev2 Aug 26 18:24:55.539475: | State DB: deleting IKEv2 state #4 in PARENT_I1 Aug 26 18:24:55.539480: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 18:24:55.539500: | stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:24:55.539506: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:24:55.539509: | pass 1 Aug 26 18:24:55.539512: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:55.539517: | shunt_eroute() called for connection 'westnet-eastnet-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:24:55.539521: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:55.539524: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Aug 26 18:24:55.539558: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Aug 26 18:24:55.539569: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:55.539573: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:55.539577: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 Aug 26 18:24:55.539581: | route owner of "westnet-eastnet-ikev2" unrouted: NULL Aug 26 18:24:55.539584: | running updown command "ipsec _updown" for verb unroute Aug 26 18:24:55.539587: | command executing unroute-client Aug 26 18:24:55.539617: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='n Aug 26 18:24:55.539624: | popen cmd is 1035 chars long Aug 26 18:24:55.539628: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 18:24:55.539631: | cmd( 80):t-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45: Aug 26 18:24:55.539635: | cmd( 160):' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 18:24:55.539637: | cmd( 240):1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Aug 26 18:24:55.539640: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER: Aug 26 18:24:55.539643: | cmd( 400):_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' P: Aug 26 18:24:55.539645: | cmd( 480):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0: Aug 26 18:24:55.539648: | cmd( 560):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSA: Aug 26 18:24:55.539651: | cmd( 640):SIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: Aug 26 18:24:55.539653: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Aug 26 18:24:55.539656: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Aug 26 18:24:55.539659: | cmd( 880):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Aug 26 18:24:55.539662: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 18:24:55.552767: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.552796: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.552800: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.552803: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.552816: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.552831: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.552847: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.552861: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.552875: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.552890: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.552905: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.552923: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.552937: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.552951: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.552966: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.552981: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.552998: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.553012: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.553027: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.553042: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.553057: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.553469: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.553480: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.553484: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.553486: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.553492: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.553496: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.553509: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:55.570141: | free hp@0x558fa9de5548 Aug 26 18:24:55.570158: | flush revival: connection 'westnet-eastnet-ikev2' revival flushed Aug 26 18:24:55.570166: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 18:24:55.570186: | crl fetch request list locked by 'free_crl_fetch' Aug 26 18:24:55.570190: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 18:24:55.570203: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 18:24:55.570208: shutting down interface lo/lo 127.0.0.1:500 Aug 26 18:24:55.570212: shutting down interface eth0/eth0 192.0.1.254:4500 Aug 26 18:24:55.570215: shutting down interface eth0/eth0 192.0.1.254:500 Aug 26 18:24:55.570219: shutting down interface eth1/eth1 192.1.2.45:4500 Aug 26 18:24:55.570222: shutting down interface eth1/eth1 192.1.2.45:500 Aug 26 18:24:55.570226: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 18:24:55.570240: | libevent_free: release ptr-libevent@0x558fa9dd6d68 Aug 26 18:24:55.570243: | free_event_entry: release EVENT_NULL-pe@0x558fa9de2af8 Aug 26 18:24:55.570256: | libevent_free: release ptr-libevent@0x558fa9d6b3a8 Aug 26 18:24:55.570260: | free_event_entry: release EVENT_NULL-pe@0x558fa9de2ba8 Aug 26 18:24:55.570269: | libevent_free: release ptr-libevent@0x558fa9d6c498 Aug 26 18:24:55.570272: | free_event_entry: release EVENT_NULL-pe@0x558fa9de2c58 Aug 26 18:24:55.570280: | libevent_free: release ptr-libevent@0x558fa9d6d3c8 Aug 26 18:24:55.570283: | free_event_entry: release EVENT_NULL-pe@0x558fa9de2d08 Aug 26 18:24:55.570326: | libevent_free: release ptr-libevent@0x558fa9d414e8 Aug 26 18:24:55.570333: | free_event_entry: release EVENT_NULL-pe@0x558fa9de2db8 Aug 26 18:24:55.570340: | libevent_free: release ptr-libevent@0x558fa9d411d8 Aug 26 18:24:55.570343: | free_event_entry: release EVENT_NULL-pe@0x558fa9de2e68 Aug 26 18:24:55.570349: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:24:55.571335: | libevent_free: release ptr-libevent@0x558fa9dd6e18 Aug 26 18:24:55.571347: | free_event_entry: release EVENT_NULL-pe@0x558fa9dcac88 Aug 26 18:24:55.571355: | libevent_free: release ptr-libevent@0x558fa9d6ce78 Aug 26 18:24:55.571359: | free_event_entry: release EVENT_NULL-pe@0x558fa9dcac18 Aug 26 18:24:55.571364: | libevent_free: release ptr-libevent@0x558fa9dae498 Aug 26 18:24:55.571368: | free_event_entry: release EVENT_NULL-pe@0x558fa9dca0d8 Aug 26 18:24:55.571373: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 18:24:55.571376: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 18:24:55.571379: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 18:24:55.571381: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 18:24:55.571384: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 18:24:55.571387: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 18:24:55.571390: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 18:24:55.571393: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 18:24:55.571395: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 18:24:55.571400: | libevent_free: release ptr-libevent@0x558fa9d75608 Aug 26 18:24:55.571404: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 18:24:55.571407: | libevent_free: release ptr-libevent@0x558fa9d6d498 Aug 26 18:24:55.571410: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 18:24:55.571414: | libevent_free: release ptr-libevent@0x558fa9de22d8 Aug 26 18:24:55.571416: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 18:24:55.571420: | libevent_free: release ptr-libevent@0x558fa9de2518 Aug 26 18:24:55.571423: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 18:24:55.571425: | releasing event base Aug 26 18:24:55.571439: | libevent_free: release ptr-libevent@0x558fa9de23e8 Aug 26 18:24:55.571443: | libevent_free: release ptr-libevent@0x558fa9dc54c8 Aug 26 18:24:55.571451: | libevent_free: release ptr-libevent@0x558fa9dc5478 Aug 26 18:24:55.571454: | libevent_free: release ptr-libevent@0x558fa9dc5408 Aug 26 18:24:55.571457: | libevent_free: release ptr-libevent@0x558fa9dc53c8 Aug 26 18:24:55.571460: | libevent_free: release ptr-libevent@0x558fa9de2068 Aug 26 18:24:55.571463: | libevent_free: release ptr-libevent@0x558fa9de2218 Aug 26 18:24:55.571466: | libevent_free: release ptr-libevent@0x558fa9dc5678 Aug 26 18:24:55.571469: | libevent_free: release ptr-libevent@0x558fa9dca1e8 Aug 26 18:24:55.571472: | libevent_free: release ptr-libevent@0x558fa9dcabd8 Aug 26 18:24:55.571474: | libevent_free: release ptr-libevent@0x558fa9de2ed8 Aug 26 18:24:55.571477: | libevent_free: release ptr-libevent@0x558fa9de2e28 Aug 26 18:24:55.571480: | libevent_free: release ptr-libevent@0x558fa9de2d78 Aug 26 18:24:55.571482: | libevent_free: release ptr-libevent@0x558fa9de2cc8 Aug 26 18:24:55.571485: | libevent_free: release ptr-libevent@0x558fa9de2c18 Aug 26 18:24:55.571488: | libevent_free: release ptr-libevent@0x558fa9de2b68 Aug 26 18:24:55.571491: | libevent_free: release ptr-libevent@0x558fa9d698f8 Aug 26 18:24:55.571494: | libevent_free: release ptr-libevent@0x558fa9de2298 Aug 26 18:24:55.571496: | libevent_free: release ptr-libevent@0x558fa9de2258 Aug 26 18:24:55.571499: | libevent_free: release ptr-libevent@0x558fa9de21d8 Aug 26 18:24:55.571502: | libevent_free: release ptr-libevent@0x558fa9de23a8 Aug 26 18:24:55.571505: | libevent_free: release ptr-libevent@0x558fa9de20a8 Aug 26 18:24:55.571508: | libevent_free: release ptr-libevent@0x558fa9d40908 Aug 26 18:24:55.571511: | libevent_free: release ptr-libevent@0x558fa9d40d38 Aug 26 18:24:55.571514: | libevent_free: release ptr-libevent@0x558fa9d69c68 Aug 26 18:24:55.571516: | releasing global libevent data Aug 26 18:24:55.571520: | libevent_free: release ptr-libevent@0x558fa9d40ba8 Aug 26 18:24:55.571523: | libevent_free: release ptr-libevent@0x558fa9d40cd8 Aug 26 18:24:55.571526: | libevent_free: release ptr-libevent@0x558fa9d40dd8 Aug 26 18:24:55.571568: leak detective found no leaks