Aug 26 18:24:49.785086: FIPS Product: YES Aug 26 18:24:49.785181: FIPS Kernel: NO Aug 26 18:24:49.785184: FIPS Mode: NO Aug 26 18:24:49.785186: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:24:49.785340: Initializing NSS Aug 26 18:24:49.785352: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:24:49.813078: NSS initialized Aug 26 18:24:49.813093: NSS crypto library initialized Aug 26 18:24:49.813096: FIPS HMAC integrity support [enabled] Aug 26 18:24:49.813099: FIPS mode disabled for pluto daemon Aug 26 18:24:49.844498: FIPS HMAC integrity verification self-test FAILED Aug 26 18:24:49.844610: libcap-ng support [enabled] Aug 26 18:24:49.844616: Linux audit support [enabled] Aug 26 18:24:49.844645: Linux audit activated Aug 26 18:24:49.844654: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:30085 Aug 26 18:24:49.844656: core dump dir: /tmp Aug 26 18:24:49.844658: secrets file: /etc/ipsec.secrets Aug 26 18:24:49.844659: leak-detective enabled Aug 26 18:24:49.844660: NSS crypto [enabled] Aug 26 18:24:49.844662: XAUTH PAM support [enabled] Aug 26 18:24:49.844717: | libevent is using pluto's memory allocator Aug 26 18:24:49.844722: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:24:49.844735: | libevent_malloc: new ptr-libevent@0x557cde66c0c8 size 40 Aug 26 18:24:49.844741: | libevent_malloc: new ptr-libevent@0x557cde670cd8 size 40 Aug 26 18:24:49.844743: | libevent_malloc: new ptr-libevent@0x557cde670dd8 size 40 Aug 26 18:24:49.844745: | creating event base Aug 26 18:24:49.844747: | libevent_malloc: new ptr-libevent@0x557cde6f56f8 size 56 Aug 26 18:24:49.844750: | libevent_malloc: new ptr-libevent@0x557cde699748 size 664 Aug 26 18:24:49.844759: | libevent_malloc: new ptr-libevent@0x557cde6f5768 size 24 Aug 26 18:24:49.844760: | libevent_malloc: new ptr-libevent@0x557cde6f57b8 size 384 Aug 26 18:24:49.844768: | libevent_malloc: new ptr-libevent@0x557cde6f56b8 size 16 Aug 26 18:24:49.844770: | libevent_malloc: new ptr-libevent@0x557cde670908 size 40 Aug 26 18:24:49.844771: | libevent_malloc: new ptr-libevent@0x557cde670d38 size 48 Aug 26 18:24:49.844775: | libevent_realloc: new ptr-libevent@0x557cde6993d8 size 256 Aug 26 18:24:49.844777: | libevent_malloc: new ptr-libevent@0x557cde6f5968 size 16 Aug 26 18:24:49.844781: | libevent_free: release ptr-libevent@0x557cde6f56f8 Aug 26 18:24:49.844784: | libevent initialized Aug 26 18:24:49.844786: | libevent_realloc: new ptr-libevent@0x557cde6f56f8 size 64 Aug 26 18:24:49.844790: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:24:49.844800: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:24:49.844802: NAT-Traversal support [enabled] Aug 26 18:24:49.844804: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:24:49.844808: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:24:49.844810: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:24:49.844838: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:24:49.844840: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:24:49.844842: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:24:49.844874: Encryption algorithms: Aug 26 18:24:49.844880: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:24:49.844882: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:24:49.844885: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:24:49.844887: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:24:49.844889: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:24:49.844896: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:24:49.844898: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:24:49.844900: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:24:49.844903: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:24:49.844905: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:24:49.844907: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:24:49.844909: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:24:49.844911: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:24:49.844913: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:24:49.844916: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:24:49.844917: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:24:49.844919: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:24:49.844924: Hash algorithms: Aug 26 18:24:49.844926: MD5 IKEv1: IKE IKEv2: Aug 26 18:24:49.844928: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:24:49.844930: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:24:49.844932: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:24:49.844934: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:24:49.844942: PRF algorithms: Aug 26 18:24:49.844944: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:24:49.844946: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:24:49.844948: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:24:49.844950: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:24:49.844952: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:24:49.844954: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:24:49.844970: Integrity algorithms: Aug 26 18:24:49.844972: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:24:49.844974: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:24:49.844976: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:24:49.844979: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:24:49.844981: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:24:49.844983: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:24:49.844985: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:24:49.844987: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:24:49.844989: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:24:49.844996: DH algorithms: Aug 26 18:24:49.844998: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:24:49.845000: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:24:49.845002: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:24:49.845005: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:24:49.845007: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:24:49.845009: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:24:49.845011: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:24:49.845013: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:24:49.845015: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:24:49.845016: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:24:49.845018: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:24:49.845020: testing CAMELLIA_CBC: Aug 26 18:24:49.845022: Camellia: 16 bytes with 128-bit key Aug 26 18:24:49.845110: Camellia: 16 bytes with 128-bit key Aug 26 18:24:49.845129: Camellia: 16 bytes with 256-bit key Aug 26 18:24:49.845147: Camellia: 16 bytes with 256-bit key Aug 26 18:24:49.845164: testing AES_GCM_16: Aug 26 18:24:49.845166: empty string Aug 26 18:24:49.845186: one block Aug 26 18:24:49.845201: two blocks Aug 26 18:24:49.845217: two blocks with associated data Aug 26 18:24:49.845232: testing AES_CTR: Aug 26 18:24:49.845234: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:24:49.845250: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:24:49.845267: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:24:49.845283: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:24:49.845304: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:24:49.845341: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:24:49.845373: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:24:49.845390: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:24:49.845407: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:24:49.845423: testing AES_CBC: Aug 26 18:24:49.845425: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:24:49.845441: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:24:49.845458: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:24:49.845475: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:24:49.845495: testing AES_XCBC: Aug 26 18:24:49.845496: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:24:49.845569: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:24:49.845647: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:24:49.845719: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:24:49.845793: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:24:49.845867: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:24:49.845942: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:24:49.846107: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:24:49.846182: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:24:49.846262: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:24:49.846447: testing HMAC_MD5: Aug 26 18:24:49.846451: RFC 2104: MD5_HMAC test 1 Aug 26 18:24:49.846553: RFC 2104: MD5_HMAC test 2 Aug 26 18:24:49.846646: RFC 2104: MD5_HMAC test 3 Aug 26 18:24:49.846763: 8 CPU cores online Aug 26 18:24:49.846766: starting up 7 crypto helpers Aug 26 18:24:49.846793: started thread for crypto helper 0 Aug 26 18:24:49.846810: started thread for crypto helper 1 Aug 26 18:24:49.846824: started thread for crypto helper 2 Aug 26 18:24:49.846819: | starting up helper thread 0 Aug 26 18:24:49.846842: | starting up helper thread 1 Aug 26 18:24:49.846864: | starting up helper thread 2 Aug 26 18:24:49.846890: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:24:49.846893: | crypto helper 2 waiting (nothing to do) Aug 26 18:24:49.846867: started thread for crypto helper 3 Aug 26 18:24:49.846868: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:24:49.846868: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:24:49.846878: | starting up helper thread 3 Aug 26 18:24:49.846923: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:49.846938: started thread for crypto helper 4 Aug 26 18:24:49.846935: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:24:49.846943: | crypto helper 1 waiting (nothing to do) Aug 26 18:24:49.846958: started thread for crypto helper 5 Aug 26 18:24:49.846962: | starting up helper thread 5 Aug 26 18:24:49.846970: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:24:49.846973: | crypto helper 5 waiting (nothing to do) Aug 26 18:24:49.846984: | starting up helper thread 4 Aug 26 18:24:49.846994: | starting up helper thread 6 Aug 26 18:24:49.847016: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:24:49.846973: started thread for crypto helper 6 Aug 26 18:24:49.846990: | crypto helper 3 waiting (nothing to do) Aug 26 18:24:49.847019: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:24:49.847030: | checking IKEv1 state table Aug 26 18:24:49.847036: | crypto helper 4 waiting (nothing to do) Aug 26 18:24:49.847057: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:49.847072: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:24:49.847074: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:49.847076: | crypto helper 6 waiting (nothing to do) Aug 26 18:24:49.847076: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:24:49.847090: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:24:49.847092: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:24:49.847094: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:49.847095: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:49.847097: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:24:49.847098: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:24:49.847100: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:49.847101: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:49.847103: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:24:49.847105: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:49.847106: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:49.847120: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:49.847122: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:24:49.847124: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:49.847125: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:49.847127: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:49.847128: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:24:49.847130: | -> UNDEFINED EVENT_NULL Aug 26 18:24:49.847131: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:24:49.847133: | -> UNDEFINED EVENT_NULL Aug 26 18:24:49.847135: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:49.847136: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:24:49.847138: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:49.847139: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:49.847141: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:49.847142: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:24:49.847144: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:49.847145: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:49.847147: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:24:49.847148: | -> UNDEFINED EVENT_NULL Aug 26 18:24:49.847150: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:24:49.847152: | -> UNDEFINED EVENT_NULL Aug 26 18:24:49.847153: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:24:49.847155: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:24:49.847160: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:24:49.847162: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:24:49.847163: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:24:49.847165: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:24:49.847167: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:24:49.847168: | -> UNDEFINED EVENT_NULL Aug 26 18:24:49.847170: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:24:49.847171: | -> UNDEFINED EVENT_NULL Aug 26 18:24:49.847173: | INFO: category: informational flags: 0: Aug 26 18:24:49.847174: | -> UNDEFINED EVENT_NULL Aug 26 18:24:49.847176: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:24:49.847177: | -> UNDEFINED EVENT_NULL Aug 26 18:24:49.847179: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:24:49.847181: | -> XAUTH_R1 EVENT_NULL Aug 26 18:24:49.847182: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:24:49.847184: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:49.847185: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:24:49.847187: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:24:49.847189: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:24:49.847190: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:24:49.847192: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:24:49.847193: | -> UNDEFINED EVENT_NULL Aug 26 18:24:49.847195: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:24:49.847196: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:49.847198: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:24:49.847200: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:24:49.847201: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:24:49.847203: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:24:49.847207: | checking IKEv2 state table Aug 26 18:24:49.847211: | PARENT_I0: category: ignore flags: 0: Aug 26 18:24:49.847213: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:24:49.847215: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:49.847217: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:24:49.847219: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:24:49.847221: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:24:49.847222: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:24:49.847224: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:24:49.847226: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:24:49.847228: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:24:49.847229: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:24:49.847231: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:24:49.847233: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:24:49.847234: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:24:49.847236: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:24:49.847238: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:24:49.847239: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:49.847241: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:24:49.847243: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:24:49.847245: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:24:49.847246: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:24:49.847248: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:24:49.847250: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:24:49.847253: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:24:49.847254: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:24:49.847256: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:24:49.847258: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:24:49.847260: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:24:49.847261: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:24:49.847263: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:24:49.847265: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:24:49.847267: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:49.847269: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:24:49.847270: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:24:49.847272: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:24:49.847274: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:24:49.847276: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:24:49.847278: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:24:49.847279: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:24:49.847281: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:24:49.847283: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:49.847285: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:24:49.847287: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:24:49.847313: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:24:49.847317: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:24:49.847319: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:24:49.847322: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:24:49.847333: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:24:49.847393: | Hard-wiring algorithms Aug 26 18:24:49.847395: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:24:49.847398: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:24:49.847400: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:24:49.847401: | adding 3DES_CBC to kernel algorithm db Aug 26 18:24:49.847403: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:24:49.847404: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:24:49.847406: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:24:49.847407: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:24:49.847409: | adding AES_CTR to kernel algorithm db Aug 26 18:24:49.847411: | adding AES_CBC to kernel algorithm db Aug 26 18:24:49.847412: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:24:49.847414: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:24:49.847415: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:24:49.847417: | adding NULL to kernel algorithm db Aug 26 18:24:49.847419: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:24:49.847420: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:24:49.847422: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:24:49.847424: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:24:49.847425: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:24:49.847427: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:24:49.847428: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:24:49.847430: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:24:49.847431: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:24:49.847433: | adding NONE to kernel algorithm db Aug 26 18:24:49.847449: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:24:49.847453: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:24:49.847454: | setup kernel fd callback Aug 26 18:24:49.847456: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x557cde6fa338 Aug 26 18:24:49.847460: | libevent_malloc: new ptr-libevent@0x557cde6de7f8 size 128 Aug 26 18:24:49.847462: | libevent_malloc: new ptr-libevent@0x557cde6fa448 size 16 Aug 26 18:24:49.847466: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x557cde6fae78 Aug 26 18:24:49.847470: | libevent_malloc: new ptr-libevent@0x557cde69bfd8 size 128 Aug 26 18:24:49.847471: | libevent_malloc: new ptr-libevent@0x557cde6fae38 size 16 Aug 26 18:24:49.847615: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:24:49.847621: selinux support is enabled. Aug 26 18:24:49.848101: | unbound context created - setting debug level to 5 Aug 26 18:24:49.848121: | /etc/hosts lookups activated Aug 26 18:24:49.848132: | /etc/resolv.conf usage activated Aug 26 18:24:49.848167: | outgoing-port-avoid set 0-65535 Aug 26 18:24:49.848184: | outgoing-port-permit set 32768-60999 Aug 26 18:24:49.848186: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:24:49.848188: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:24:49.848190: | Setting up events, loop start Aug 26 18:24:49.848193: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x557cde6faee8 Aug 26 18:24:49.848195: | libevent_malloc: new ptr-libevent@0x557cde7070f8 size 128 Aug 26 18:24:49.848197: | libevent_malloc: new ptr-libevent@0x557cde7123c8 size 16 Aug 26 18:24:49.848202: | libevent_realloc: new ptr-libevent@0x557cde712408 size 256 Aug 26 18:24:49.848204: | libevent_malloc: new ptr-libevent@0x557cde712538 size 8 Aug 26 18:24:49.848206: | libevent_realloc: new ptr-libevent@0x557cde69c898 size 144 Aug 26 18:24:49.848207: | libevent_malloc: new ptr-libevent@0x557cde69dd18 size 152 Aug 26 18:24:49.848210: | libevent_malloc: new ptr-libevent@0x557cde712578 size 16 Aug 26 18:24:49.848213: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:24:49.848215: | libevent_malloc: new ptr-libevent@0x557cde7125b8 size 8 Aug 26 18:24:49.848216: | libevent_malloc: new ptr-libevent@0x557cde7125f8 size 152 Aug 26 18:24:49.848218: | signal event handler PLUTO_SIGTERM installed Aug 26 18:24:49.848220: | libevent_malloc: new ptr-libevent@0x557cde7126c8 size 8 Aug 26 18:24:49.848222: | libevent_malloc: new ptr-libevent@0x557cde712708 size 152 Aug 26 18:24:49.848224: | signal event handler PLUTO_SIGHUP installed Aug 26 18:24:49.848226: | libevent_malloc: new ptr-libevent@0x557cde7127d8 size 8 Aug 26 18:24:49.848227: | libevent_realloc: release ptr-libevent@0x557cde69c898 Aug 26 18:24:49.848229: | libevent_realloc: new ptr-libevent@0x557cde712818 size 256 Aug 26 18:24:49.848231: | libevent_malloc: new ptr-libevent@0x557cde712948 size 152 Aug 26 18:24:49.848233: | signal event handler PLUTO_SIGSYS installed Aug 26 18:24:49.848576: | created addconn helper (pid:30134) using fork+execve Aug 26 18:24:49.848593: | forked child 30134 Aug 26 18:24:49.848644: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:49.848884: listening for IKE messages Aug 26 18:24:49.848948: | Inspecting interface lo Aug 26 18:24:49.848954: | found lo with address 127.0.0.1 Aug 26 18:24:49.848956: | Inspecting interface eth0 Aug 26 18:24:49.848959: | found eth0 with address 192.0.3.254 Aug 26 18:24:49.848962: | Inspecting interface eth1 Aug 26 18:24:49.848964: | found eth1 with address 192.1.3.33 Aug 26 18:24:49.849084: Kernel supports NIC esp-hw-offload Aug 26 18:24:49.849093: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Aug 26 18:24:49.849140: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:49.849144: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:49.849147: adding interface eth1/eth1 192.1.3.33:4500 Aug 26 18:24:49.849169: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Aug 26 18:24:49.849185: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:49.849188: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:49.849190: adding interface eth0/eth0 192.0.3.254:4500 Aug 26 18:24:49.849207: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:24:49.849223: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:49.849226: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:49.849228: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:24:49.849301: | no interfaces to sort Aug 26 18:24:49.849308: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:24:49.849314: | add_fd_read_event_handler: new ethX-pe@0x557cde712e98 Aug 26 18:24:49.849316: | libevent_malloc: new ptr-libevent@0x557cde707048 size 128 Aug 26 18:24:49.849319: | libevent_malloc: new ptr-libevent@0x557cde712f08 size 16 Aug 26 18:24:49.849324: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:49.849325: | add_fd_read_event_handler: new ethX-pe@0x557cde712f48 Aug 26 18:24:49.849327: | libevent_malloc: new ptr-libevent@0x557cde69c088 size 128 Aug 26 18:24:49.849329: | libevent_malloc: new ptr-libevent@0x557cde712fb8 size 16 Aug 26 18:24:49.849332: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:49.849334: | add_fd_read_event_handler: new ethX-pe@0x557cde712ff8 Aug 26 18:24:49.849337: | libevent_malloc: new ptr-libevent@0x557cde69bf28 size 128 Aug 26 18:24:49.849339: | libevent_malloc: new ptr-libevent@0x557cde713068 size 16 Aug 26 18:24:49.849342: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 18:24:49.849343: | add_fd_read_event_handler: new ethX-pe@0x557cde7130a8 Aug 26 18:24:49.849346: | libevent_malloc: new ptr-libevent@0x557cde69d888 size 128 Aug 26 18:24:49.849348: | libevent_malloc: new ptr-libevent@0x557cde713118 size 16 Aug 26 18:24:49.849351: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 18:24:49.849353: | add_fd_read_event_handler: new ethX-pe@0x557cde713158 Aug 26 18:24:49.849355: | libevent_malloc: new ptr-libevent@0x557cde6714e8 size 128 Aug 26 18:24:49.849357: | libevent_malloc: new ptr-libevent@0x557cde7131c8 size 16 Aug 26 18:24:49.849360: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 18:24:49.849362: | add_fd_read_event_handler: new ethX-pe@0x557cde713208 Aug 26 18:24:49.849363: | libevent_malloc: new ptr-libevent@0x557cde6711d8 size 128 Aug 26 18:24:49.849365: | libevent_malloc: new ptr-libevent@0x557cde713278 size 16 Aug 26 18:24:49.849368: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 18:24:49.849371: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:49.849373: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:49.849385: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:49.849399: | saving Modulus Aug 26 18:24:49.849402: | saving PublicExponent Aug 26 18:24:49.849405: | ignoring PrivateExponent Aug 26 18:24:49.849407: | ignoring Prime1 Aug 26 18:24:49.849409: | ignoring Prime2 Aug 26 18:24:49.849411: | ignoring Exponent1 Aug 26 18:24:49.849413: | ignoring Exponent2 Aug 26 18:24:49.849415: | ignoring Coefficient Aug 26 18:24:49.849417: | ignoring CKAIDNSS Aug 26 18:24:49.849444: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 18:24:49.849447: | computed rsa CKAID 88 aa 7c 5d Aug 26 18:24:49.849449: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 18:24:49.849467: | certs and keys locked by 'process_secret' Aug 26 18:24:49.849469: | certs and keys unlocked by 'process_secret' Aug 26 18:24:49.849477: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:49.849483: | spent 0.849 milliseconds in whack Aug 26 18:24:49.866679: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:49.866698: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:49.866705: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:49.866707: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:49.866708: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:49.866712: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:49.866719: | Added new connection north-east with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:49.866722: | No AUTH policy was set - defaulting to RSASIG Aug 26 18:24:49.866779: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:24:49.866783: | from whack: got --esp= Aug 26 18:24:49.866817: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 18:24:49.866823: | counting wild cards for @north is 0 Aug 26 18:24:49.866827: | counting wild cards for @east is 0 Aug 26 18:24:49.866837: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Aug 26 18:24:49.866840: | new hp@0x557cde715758 Aug 26 18:24:49.866845: added connection description "north-east" Aug 26 18:24:49.866855: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:49.866865: | 192.0.3.254/32===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Aug 26 18:24:49.866871: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:49.866876: | spent 0.205 milliseconds in whack Aug 26 18:24:49.866919: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:49.866927: add keyid @north Aug 26 18:24:49.866930: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Aug 26 18:24:49.866931: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Aug 26 18:24:49.866933: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Aug 26 18:24:49.866935: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Aug 26 18:24:49.866936: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Aug 26 18:24:49.866938: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Aug 26 18:24:49.866939: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Aug 26 18:24:49.866941: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Aug 26 18:24:49.866942: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Aug 26 18:24:49.866944: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Aug 26 18:24:49.866945: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Aug 26 18:24:49.866947: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Aug 26 18:24:49.866948: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Aug 26 18:24:49.866950: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Aug 26 18:24:49.866951: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Aug 26 18:24:49.866953: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Aug 26 18:24:49.866954: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Aug 26 18:24:49.866956: | add pubkey c7 5e a5 99 Aug 26 18:24:49.866974: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 18:24:49.866976: | computed rsa CKAID 88 aa 7c 5d Aug 26 18:24:49.866984: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:49.866987: | spent 0.0713 milliseconds in whack Aug 26 18:24:49.867036: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:49.867046: add keyid @east Aug 26 18:24:49.867050: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 18:24:49.867052: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 18:24:49.867053: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 18:24:49.867055: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 18:24:49.867056: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 18:24:49.867058: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 18:24:49.867059: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 18:24:49.867061: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 18:24:49.867062: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 18:24:49.867064: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 18:24:49.867066: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 18:24:49.867067: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 18:24:49.867069: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 18:24:49.867070: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 18:24:49.867072: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 18:24:49.867073: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 18:24:49.867075: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 18:24:49.867078: | add pubkey 51 51 48 ef Aug 26 18:24:49.867088: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 18:24:49.867091: | computed rsa CKAID 8a 82 25 f1 Aug 26 18:24:49.867099: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:49.867104: | spent 0.0726 milliseconds in whack Aug 26 18:24:49.867119: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:49.867128: listening for IKE messages Aug 26 18:24:49.867164: | Inspecting interface lo Aug 26 18:24:49.867171: | found lo with address 127.0.0.1 Aug 26 18:24:49.867174: | Inspecting interface eth0 Aug 26 18:24:49.867178: | found eth0 with address 192.0.3.254 Aug 26 18:24:49.867180: | Inspecting interface eth1 Aug 26 18:24:49.867184: | found eth1 with address 192.1.3.33 Aug 26 18:24:49.867254: | no interfaces to sort Aug 26 18:24:49.867264: | libevent_free: release ptr-libevent@0x557cde707048 Aug 26 18:24:49.867268: | free_event_entry: release EVENT_NULL-pe@0x557cde712e98 Aug 26 18:24:49.867271: | add_fd_read_event_handler: new ethX-pe@0x557cde712e98 Aug 26 18:24:49.867275: | libevent_malloc: new ptr-libevent@0x557cde707048 size 128 Aug 26 18:24:49.867283: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:49.867301: | libevent_free: release ptr-libevent@0x557cde69c088 Aug 26 18:24:49.867307: | free_event_entry: release EVENT_NULL-pe@0x557cde712f48 Aug 26 18:24:49.867310: | add_fd_read_event_handler: new ethX-pe@0x557cde712f48 Aug 26 18:24:49.867313: | libevent_malloc: new ptr-libevent@0x557cde69c088 size 128 Aug 26 18:24:49.867319: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:49.867323: | libevent_free: release ptr-libevent@0x557cde69bf28 Aug 26 18:24:49.867326: | free_event_entry: release EVENT_NULL-pe@0x557cde712ff8 Aug 26 18:24:49.867329: | add_fd_read_event_handler: new ethX-pe@0x557cde712ff8 Aug 26 18:24:49.867332: | libevent_malloc: new ptr-libevent@0x557cde69bf28 size 128 Aug 26 18:24:49.867337: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 18:24:49.867342: | libevent_free: release ptr-libevent@0x557cde69d888 Aug 26 18:24:49.867345: | free_event_entry: release EVENT_NULL-pe@0x557cde7130a8 Aug 26 18:24:49.867347: | add_fd_read_event_handler: new ethX-pe@0x557cde7130a8 Aug 26 18:24:49.867351: | libevent_malloc: new ptr-libevent@0x557cde69d888 size 128 Aug 26 18:24:49.867359: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 18:24:49.867364: | libevent_free: release ptr-libevent@0x557cde6714e8 Aug 26 18:24:49.867366: | free_event_entry: release EVENT_NULL-pe@0x557cde713158 Aug 26 18:24:49.867368: | add_fd_read_event_handler: new ethX-pe@0x557cde713158 Aug 26 18:24:49.867369: | libevent_malloc: new ptr-libevent@0x557cde6714e8 size 128 Aug 26 18:24:49.867373: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 18:24:49.867375: | libevent_free: release ptr-libevent@0x557cde6711d8 Aug 26 18:24:49.867377: | free_event_entry: release EVENT_NULL-pe@0x557cde713208 Aug 26 18:24:49.867379: | add_fd_read_event_handler: new ethX-pe@0x557cde713208 Aug 26 18:24:49.867380: | libevent_malloc: new ptr-libevent@0x557cde6711d8 size 128 Aug 26 18:24:49.867383: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 18:24:49.867386: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:49.867387: forgetting secrets Aug 26 18:24:49.867394: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:49.867406: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:49.867417: | saving Modulus Aug 26 18:24:49.867419: | saving PublicExponent Aug 26 18:24:49.867421: | ignoring PrivateExponent Aug 26 18:24:49.867423: | ignoring Prime1 Aug 26 18:24:49.867425: | ignoring Prime2 Aug 26 18:24:49.867427: | ignoring Exponent1 Aug 26 18:24:49.867429: | ignoring Exponent2 Aug 26 18:24:49.867431: | ignoring Coefficient Aug 26 18:24:49.867433: | ignoring CKAIDNSS Aug 26 18:24:49.867441: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 18:24:49.867443: | computed rsa CKAID 88 aa 7c 5d Aug 26 18:24:49.867445: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 18:24:49.867450: | certs and keys locked by 'process_secret' Aug 26 18:24:49.867451: | certs and keys unlocked by 'process_secret' Aug 26 18:24:49.867458: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:49.867462: | spent 0.334 milliseconds in whack Aug 26 18:24:49.867478: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:49.867486: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:49.867489: | start processing: connection "north-east" (in whack_route_connection() at rcv_whack.c:106) Aug 26 18:24:49.867491: | could_route called for north-east (kind=CK_PERMANENT) Aug 26 18:24:49.867493: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:49.867495: | conn north-east mark 0/00000000, 0/00000000 vs Aug 26 18:24:49.867497: | conn north-east mark 0/00000000, 0/00000000 Aug 26 18:24:49.867500: | route owner of "north-east" unrouted: NULL; eroute owner: NULL Aug 26 18:24:49.867502: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:24:49.867504: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:49.867505: | conn north-east mark 0/00000000, 0/00000000 vs Aug 26 18:24:49.867507: | conn north-east mark 0/00000000, 0/00000000 Aug 26 18:24:49.867510: | route owner of "north-east" unrouted: NULL; eroute owner: NULL Aug 26 18:24:49.867514: | route_and_eroute with c: north-east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0 Aug 26 18:24:49.867518: | shunt_eroute() called for connection 'north-east' to 'add' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:24:49.867521: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:49.867524: | priority calculation of connection "north-east" is 0xfdfe7 Aug 26 18:24:49.867530: | IPsec Sa SPD priority set to 1040359 Aug 26 18:24:49.867571: | priority calculation of connection "north-east" is 0xfdfe7 Aug 26 18:24:49.867575: | route_and_eroute: firewall_notified: true Aug 26 18:24:49.867579: | running updown command "ipsec _updown" for verb prepare Aug 26 18:24:49.867582: | command executing prepare-client Aug 26 18:24:49.867609: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_ Aug 26 18:24:49.867617: | popen cmd is 1028 chars long Aug 26 18:24:49.867621: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL: Aug 26 18:24:49.867624: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_: Aug 26 18:24:49.867627: | cmd( 160):ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' P: Aug 26 18:24:49.867630: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Aug 26 18:24:49.867633: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Aug 26 18:24:49.867635: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Aug 26 18:24:49.867638: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Aug 26 18:24:49.867641: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: Aug 26 18:24:49.867644: | cmd( 640):ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIN: Aug 26 18:24:49.867647: | cmd( 720):D='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO: Aug 26 18:24:49.867650: | cmd( 800):='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO: Aug 26 18:24:49.867653: | cmd( 880):_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_RO: Aug 26 18:24:49.867655: | cmd( 960):UTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 18:24:49.874722: | running updown command "ipsec _updown" for verb route Aug 26 18:24:49.874738: | command executing route-client Aug 26 18:24:49.874761: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0 Aug 26 18:24:49.874764: | popen cmd is 1026 chars long Aug 26 18:24:49.874766: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUT: Aug 26 18:24:49.874768: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID: Aug 26 18:24:49.874769: | cmd( 160):='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLU: Aug 26 18:24:49.874775: | cmd( 240):TO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUT: Aug 26 18:24:49.874777: | cmd( 320):O_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@: Aug 26 18:24:49.874778: | cmd( 400):east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_P: Aug 26 18:24:49.874780: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Aug 26 18:24:49.874782: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN: Aug 26 18:24:49.874783: | cmd( 640):CRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND=: Aug 26 18:24:49.874785: | cmd( 720):'CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=': Aug 26 18:24:49.874787: | cmd( 800):0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_C: Aug 26 18:24:49.874788: | cmd( 880):FG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUT: Aug 26 18:24:49.874790: | cmd( 960):ING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 18:24:49.883997: | stop processing: connection "north-east" (in whack_route_connection() at rcv_whack.c:116) Aug 26 18:24:49.884020: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:49.884028: | spent 0.903 milliseconds in whack Aug 26 18:24:49.884042: | processing signal PLUTO_SIGCHLD Aug 26 18:24:49.884047: | waitpid returned nothing left to do (all child processes are busy) Aug 26 18:24:49.884050: | spent 0.00488 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:49.884052: | processing signal PLUTO_SIGCHLD Aug 26 18:24:49.884054: | waitpid returned nothing left to do (all child processes are busy) Aug 26 18:24:49.884057: | spent 0.00257 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:49.884506: | processing signal PLUTO_SIGCHLD Aug 26 18:24:49.884523: | waitpid returned pid 30134 (exited with status 0) Aug 26 18:24:49.884529: | reaped addconn helper child (status 0) Aug 26 18:24:49.884540: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:49.884545: | spent 0.0264 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:50.145353: | kernel_process_msg_cb process netlink message Aug 26 18:24:50.145378: | netlink_get: XFRM_MSG_ACQUIRE message Aug 26 18:24:50.145382: | xfrm netlink msg len 376 Aug 26 18:24:50.145385: | xfrm acquire rtattribute type 5 Aug 26 18:24:50.145388: | xfrm acquire rtattribute type 16 Aug 26 18:24:50.145403: | add bare shunt 0x557cde7149c8 192.0.3.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Aug 26 18:24:50.145411: initiate on demand from 192.0.3.254:8 to 192.0.2.254:0 proto=1 because: acquire Aug 26 18:24:50.145417: | find_connection: looking for policy for connection: 192.0.3.254:1/8 -> 192.0.2.254:1/0 Aug 26 18:24:50.145420: | FOR_EACH_CONNECTION_... in find_connection_for_clients Aug 26 18:24:50.145426: | find_connection: conn "north-east" has compatible peers: 192.0.3.254/32 -> 192.0.2.0/24 [pri: 33603594] Aug 26 18:24:50.145429: | find_connection: first OK "north-east" [pri:33603594]{0x557cde7137e8} (child none) Aug 26 18:24:50.145433: | find_connection: concluding with "north-east" [pri:33603594]{0x557cde7137e8} kind=CK_PERMANENT Aug 26 18:24:50.145436: | assign hold, routing was prospective erouted, needs to be erouted HOLD Aug 26 18:24:50.145439: | assign_holdpass() need broad(er) shunt Aug 26 18:24:50.145442: | priority calculation of connection "north-east" is 0xfdfe7 Aug 26 18:24:50.145448: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.3.254/32:0 --0-> 192.0.2.0/24:0 => %hold>%hold (raw_eroute) Aug 26 18:24:50.145454: | netlink_raw_eroute: SPI_HOLD implemented as no-op Aug 26 18:24:50.145457: | raw_eroute result=success Aug 26 18:24:50.145460: | assign_holdpass() eroute_connection() done Aug 26 18:24:50.145462: | fiddle_bare_shunt called Aug 26 18:24:50.145465: | fiddle_bare_shunt with transport_proto 1 Aug 26 18:24:50.145473: | removing specific host-to-host bare shunt Aug 26 18:24:50.145479: | delete narrow %hold eroute 192.0.3.254/32:8 --1-> 192.0.2.254/32:0 => %hold (raw_eroute) Aug 26 18:24:50.145481: | netlink_raw_eroute: SPI_PASS Aug 26 18:24:50.145500: | raw_eroute result=success Aug 26 18:24:50.145505: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Aug 26 18:24:50.145510: | delete bare shunt 0x557cde7149c8 192.0.3.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Aug 26 18:24:50.145513: assign_holdpass() delete_bare_shunt() failed Aug 26 18:24:50.145516: initiate_ondemand_body() failed to install negotiation_shunt, Aug 26 18:24:50.145519: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:50.145542: | creating state object #1 at 0x557cde715d48 Aug 26 18:24:50.145545: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 18:24:50.145555: | pstats #1 ikev2.ike started Aug 26 18:24:50.145560: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:24:50.145563: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:24:50.145569: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:50.145579: | start processing: state #1 connection "north-east" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:24:50.145582: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:24:50.145587: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-east" IKE SA #1 "north-east" Aug 26 18:24:50.145593: "north-east" #1: initiating v2 parent SA Aug 26 18:24:50.145596: | constructing local IKE proposals for north-east (IKE SA initiator selecting KE) Aug 26 18:24:50.145606: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:50.145615: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:50.145620: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:50.145625: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:50.145629: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:50.145635: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:50.145639: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:50.145644: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:50.145654: "north-east": constructed local IKE proposals for north-east (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:50.145661: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 18:24:50.145668: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557cde715838 Aug 26 18:24:50.145673: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:24:50.145677: | libevent_malloc: new ptr-libevent@0x557cde716d58 size 128 Aug 26 18:24:50.145692: | #1 spent 0.28 milliseconds in ikev2_parent_outI1() Aug 26 18:24:50.145698: | RESET processing: state #1 connection "north-east" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:50.145703: | initiate on demand using RSASIG from 192.0.3.254 to 192.0.2.254 Aug 26 18:24:50.145709: | spent 0.336 milliseconds in kernel message Aug 26 18:24:50.145729: | crypto helper 2 resuming Aug 26 18:24:50.145746: | crypto helper 2 starting work-order 1 for state #1 Aug 26 18:24:50.145752: | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 18:24:50.146712: | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.00096 seconds Aug 26 18:24:50.146728: | (#1) spent 0.968 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 18:24:50.146732: | crypto helper 2 sending results from work-order 1 for state #1 to event queue Aug 26 18:24:50.146735: | scheduling resume sending helper answer for #1 Aug 26 18:24:50.146739: | libevent_malloc: new ptr-libevent@0x7f4554002888 size 128 Aug 26 18:24:50.146749: | crypto helper 2 waiting (nothing to do) Aug 26 18:24:50.146791: | processing resume sending helper answer for #1 Aug 26 18:24:50.146806: | start processing: state #1 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:50.146812: | crypto helper 2 replies to request ID 1 Aug 26 18:24:50.146815: | calling continuation function 0x557cde4b2b50 Aug 26 18:24:50.146818: | ikev2_parent_outI1_continue for #1 Aug 26 18:24:50.146860: | **emit ISAKMP Message: Aug 26 18:24:50.146864: | initiator cookie: Aug 26 18:24:50.146867: | 95 9c 0b 68 d1 11 81 2d Aug 26 18:24:50.146869: | responder cookie: Aug 26 18:24:50.146872: | 00 00 00 00 00 00 00 00 Aug 26 18:24:50.146875: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:50.146878: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:50.146881: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:50.146886: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:50.146889: | Message ID: 0 (0x0) Aug 26 18:24:50.146892: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:50.146908: | using existing local IKE proposals for connection north-east (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:50.146911: | Emitting ikev2_proposals ... Aug 26 18:24:50.146914: | ***emit IKEv2 Security Association Payload: Aug 26 18:24:50.146917: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:50.146920: | flags: none (0x0) Aug 26 18:24:50.146924: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:50.146927: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:50.146930: | discarding INTEG=NONE Aug 26 18:24:50.146933: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:50.146936: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:50.146939: | prop #: 1 (0x1) Aug 26 18:24:50.146946: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:50.146949: | spi size: 0 (0x0) Aug 26 18:24:50.146952: | # transforms: 11 (0xb) Aug 26 18:24:50.146955: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:50.146958: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.146962: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.146964: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:50.146967: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:50.146970: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.146974: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:50.146977: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:50.146980: | length/value: 256 (0x100) Aug 26 18:24:50.146983: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:50.146986: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.146988: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.146991: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:50.146994: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:50.146997: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147000: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147003: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147006: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147009: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147011: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:50.147014: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:50.147017: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147020: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147023: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147025: | discarding INTEG=NONE Aug 26 18:24:50.147028: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147031: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147033: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147036: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:50.147039: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147042: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147045: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147048: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147050: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147053: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147056: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:50.147059: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147062: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147065: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147067: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147070: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147077: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147080: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:50.147083: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147086: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147089: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147091: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147094: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147097: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147099: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:50.147103: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147106: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147108: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147111: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147114: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147116: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147119: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:50.147122: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147125: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147128: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147130: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147133: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147136: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147138: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:50.147142: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147145: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147147: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147150: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147153: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147155: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147158: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:50.147161: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147164: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147167: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147170: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147172: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:50.147175: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147178: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:50.147181: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147184: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147187: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147191: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:50.147194: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:50.147197: | discarding INTEG=NONE Aug 26 18:24:50.147200: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:50.147202: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:50.147205: | prop #: 2 (0x2) Aug 26 18:24:50.147208: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:50.147210: | spi size: 0 (0x0) Aug 26 18:24:50.147213: | # transforms: 11 (0xb) Aug 26 18:24:50.147216: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:50.147220: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:50.147222: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147225: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147228: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:50.147231: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:50.147234: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147236: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:50.147239: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:50.147242: | length/value: 128 (0x80) Aug 26 18:24:50.147245: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:50.147247: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147250: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147253: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:50.147255: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:50.147259: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147262: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147264: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147267: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147270: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147272: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:50.147275: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:50.147278: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147281: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147284: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147286: | discarding INTEG=NONE Aug 26 18:24:50.147297: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147300: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147303: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147306: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:50.147309: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147312: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147315: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147317: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147320: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147323: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147330: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:50.147334: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147337: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147340: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147342: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147345: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147347: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147350: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:50.147353: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147356: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147359: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147361: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147364: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147366: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147369: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:50.147372: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147375: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147378: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147381: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147383: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147386: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147388: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:50.147391: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147394: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147397: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147400: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147402: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147405: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147407: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:50.147411: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147414: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147416: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147419: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147421: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147424: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147427: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:50.147430: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147433: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147435: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147441: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147444: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:50.147447: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147449: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:50.147452: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147455: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147458: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147461: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:50.147464: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:50.147467: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:50.147469: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:50.147472: | prop #: 3 (0x3) Aug 26 18:24:50.147475: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:50.147477: | spi size: 0 (0x0) Aug 26 18:24:50.147480: | # transforms: 13 (0xd) Aug 26 18:24:50.147483: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:50.147486: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:50.147489: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147492: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147494: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:50.147497: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:50.147500: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147503: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:50.147505: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:50.147508: | length/value: 256 (0x100) Aug 26 18:24:50.147511: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:50.147514: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147516: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147519: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:50.147521: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:50.147524: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147527: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147530: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147533: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147535: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147538: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:50.147541: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:50.147544: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147547: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147549: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147552: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147555: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147557: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:50.147560: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:50.147564: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147568: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147570: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147573: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147576: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147578: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:50.147581: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:50.147584: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147587: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147590: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147592: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147595: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147598: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147600: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:50.147603: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147606: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147609: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147612: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147614: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147617: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147620: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:50.147623: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147626: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147628: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147631: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147634: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147636: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147639: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:50.147642: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147645: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147648: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147650: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147653: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147656: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147658: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:50.147661: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147664: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147667: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147670: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147672: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147676: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147679: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:50.147682: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147685: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147688: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147691: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147693: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147696: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147698: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:50.147701: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147704: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147707: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147710: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147712: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147715: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147717: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:50.147721: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147724: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147726: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147729: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147731: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:50.147734: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147737: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:50.147740: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147743: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147745: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147748: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:50.147751: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:50.147754: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:50.147757: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:50.147759: | prop #: 4 (0x4) Aug 26 18:24:50.147762: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:50.147764: | spi size: 0 (0x0) Aug 26 18:24:50.147767: | # transforms: 13 (0xd) Aug 26 18:24:50.147770: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:50.147773: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:50.147775: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147778: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147781: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:50.147783: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:50.147786: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147790: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:50.147793: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:50.147796: | length/value: 128 (0x80) Aug 26 18:24:50.147798: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:50.147801: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147804: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147806: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:50.147809: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:50.147812: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147815: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147818: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147820: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147823: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147825: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:50.147828: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:50.147831: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147834: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147837: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147839: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147842: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147845: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:50.147847: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:50.147850: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147853: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147856: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147859: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147861: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147864: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:50.147866: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:50.147869: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147872: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147875: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147878: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147880: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147883: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147886: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:50.147889: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147892: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147894: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147897: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147900: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147902: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147905: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:50.147909: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147912: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147915: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147918: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147920: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147923: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147926: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:50.147929: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147932: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147934: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147937: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147940: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147942: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147945: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:50.147948: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147951: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147954: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147956: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147959: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147961: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147964: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:50.147967: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147970: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147973: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147975: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147978: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147980: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.147983: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:50.147986: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.147989: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.147992: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.147994: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.147997: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.148000: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.148002: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:50.148005: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.148008: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.148011: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.148014: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.148018: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:50.148020: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.148023: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:50.148026: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.148029: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.148032: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.148035: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:50.148037: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:50.148040: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:24:50.148043: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:50.148046: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:24:50.148049: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:50.148052: | flags: none (0x0) Aug 26 18:24:50.148054: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:50.148058: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:24:50.148061: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:24:50.148065: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:24:50.148068: | ikev2 g^x 9b 7e 87 62 64 64 dd 72 3a f3 cf 0f f1 b7 c7 63 Aug 26 18:24:50.148070: | ikev2 g^x 75 29 69 bb 1f ce 08 f9 49 ba b7 22 b4 27 61 9f Aug 26 18:24:50.148073: | ikev2 g^x f0 cf 96 ff 0c 23 04 26 26 56 15 e3 98 41 93 ff Aug 26 18:24:50.148075: | ikev2 g^x ca 84 e3 8e 3e da 64 96 2b a5 1e 2e ec ae 12 f2 Aug 26 18:24:50.148078: | ikev2 g^x dd 79 a0 b1 59 9b e2 2b f4 c5 88 7f d8 94 bb 8b Aug 26 18:24:50.148080: | ikev2 g^x dd 1c b8 9d e5 3f 27 80 c4 6b b1 0f 02 e8 4e e8 Aug 26 18:24:50.148083: | ikev2 g^x bd 93 59 96 f4 13 aa a6 af 08 30 5c 96 b9 74 6d Aug 26 18:24:50.148085: | ikev2 g^x 9f 57 3d 35 9f e5 87 15 b9 9b 3f df b0 b4 3b ef Aug 26 18:24:50.148088: | ikev2 g^x fc 7c b7 79 4c 2d 03 3b 94 ce c9 c5 16 e7 f6 7d Aug 26 18:24:50.148090: | ikev2 g^x ff 49 2c 24 bb 1f 29 ea ba ac ef 75 5e c7 45 2f Aug 26 18:24:50.148093: | ikev2 g^x 7a ac 27 4a d4 5a c6 e9 11 99 f0 47 ee a3 28 de Aug 26 18:24:50.148095: | ikev2 g^x c4 f6 f4 d4 16 d5 37 21 b7 a0 1b ac e2 3c f8 65 Aug 26 18:24:50.148098: | ikev2 g^x 21 5d 64 db af d4 b1 76 e8 fc 9f 83 8a 42 ab d7 Aug 26 18:24:50.148100: | ikev2 g^x 06 bf c0 55 87 2d 42 18 7d 24 46 85 f1 56 24 b3 Aug 26 18:24:50.148103: | ikev2 g^x 0c 78 ab ce 96 03 39 32 dc ca 82 c7 5e 51 ec 4c Aug 26 18:24:50.148105: | ikev2 g^x 98 b4 7b 38 10 e7 53 96 0f 52 d7 0f f5 b3 0f 7f Aug 26 18:24:50.148108: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:24:50.148111: | ***emit IKEv2 Nonce Payload: Aug 26 18:24:50.148113: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:50.148116: | flags: none (0x0) Aug 26 18:24:50.148119: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:24:50.148122: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:24:50.148125: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:24:50.148128: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:24:50.148131: | IKEv2 nonce c2 6a 45 c0 53 61 55 20 55 19 a6 7b e8 48 b3 81 Aug 26 18:24:50.148134: | IKEv2 nonce 17 54 6c f7 8e f8 7b 24 ac 6e 16 67 b2 d6 0a 90 Aug 26 18:24:50.148138: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:24:50.148141: | Adding a v2N Payload Aug 26 18:24:50.148143: | ***emit IKEv2 Notify Payload: Aug 26 18:24:50.148146: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:50.148149: | flags: none (0x0) Aug 26 18:24:50.148151: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:50.148154: | SPI size: 0 (0x0) Aug 26 18:24:50.148157: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:50.148160: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:50.148163: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:50.148166: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:24:50.148169: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:24:50.148172: | natd_hash: rcookie is zero Aug 26 18:24:50.148185: | natd_hash: hasher=0x557cde587800(20) Aug 26 18:24:50.148188: | natd_hash: icookie= 95 9c 0b 68 d1 11 81 2d Aug 26 18:24:50.148191: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:50.148194: | natd_hash: ip= c0 01 03 21 Aug 26 18:24:50.148196: | natd_hash: port=500 Aug 26 18:24:50.148199: | natd_hash: hash= 01 8e 4e c1 4b b6 a2 26 65 b6 05 20 42 82 dc d1 Aug 26 18:24:50.148201: | natd_hash: hash= 22 f8 85 9f Aug 26 18:24:50.148204: | Adding a v2N Payload Aug 26 18:24:50.148206: | ***emit IKEv2 Notify Payload: Aug 26 18:24:50.148209: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:50.148212: | flags: none (0x0) Aug 26 18:24:50.148214: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:50.148217: | SPI size: 0 (0x0) Aug 26 18:24:50.148220: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:50.148223: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:50.148226: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:50.148229: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:50.148232: | Notify data 01 8e 4e c1 4b b6 a2 26 65 b6 05 20 42 82 dc d1 Aug 26 18:24:50.148234: | Notify data 22 f8 85 9f Aug 26 18:24:50.148237: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:50.148239: | natd_hash: rcookie is zero Aug 26 18:24:50.148246: | natd_hash: hasher=0x557cde587800(20) Aug 26 18:24:50.148249: | natd_hash: icookie= 95 9c 0b 68 d1 11 81 2d Aug 26 18:24:50.148251: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:50.148254: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:50.148256: | natd_hash: port=500 Aug 26 18:24:50.148259: | natd_hash: hash= 24 f4 42 82 2c 71 93 91 20 c3 4b 57 32 72 25 6e Aug 26 18:24:50.148261: | natd_hash: hash= 0e 56 c0 41 Aug 26 18:24:50.148264: | Adding a v2N Payload Aug 26 18:24:50.148266: | ***emit IKEv2 Notify Payload: Aug 26 18:24:50.148269: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:50.148271: | flags: none (0x0) Aug 26 18:24:50.148274: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:50.148276: | SPI size: 0 (0x0) Aug 26 18:24:50.148279: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:50.148282: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:50.148285: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:50.148302: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:50.148306: | Notify data 24 f4 42 82 2c 71 93 91 20 c3 4b 57 32 72 25 6e Aug 26 18:24:50.148308: | Notify data 0e 56 c0 41 Aug 26 18:24:50.148311: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:50.148314: | emitting length of ISAKMP Message: 828 Aug 26 18:24:50.148325: | stop processing: state #1 connection "north-east" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:24:50.148340: | start processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:50.148345: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:24:50.148348: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:24:50.148352: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:24:50.148355: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 18:24:50.148358: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 18:24:50.148364: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:24:50.148367: "north-east" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:24:50.148372: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:24:50.148383: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:50.148386: | 95 9c 0b 68 d1 11 81 2d 00 00 00 00 00 00 00 00 Aug 26 18:24:50.148388: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:24:50.148391: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:24:50.148393: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:24:50.148396: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:24:50.148398: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:24:50.148401: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:24:50.148403: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:24:50.148406: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:24:50.148408: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:24:50.148411: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:24:50.148413: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:24:50.148416: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:24:50.148418: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:24:50.148421: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:24:50.148423: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:24:50.148425: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:24:50.148428: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:24:50.148430: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:24:50.148433: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:24:50.148435: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:24:50.148438: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:24:50.148440: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:24:50.148443: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:24:50.148445: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:24:50.148448: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:24:50.148450: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:24:50.148453: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:24:50.148455: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:24:50.148458: | 28 00 01 08 00 0e 00 00 9b 7e 87 62 64 64 dd 72 Aug 26 18:24:50.148460: | 3a f3 cf 0f f1 b7 c7 63 75 29 69 bb 1f ce 08 f9 Aug 26 18:24:50.148463: | 49 ba b7 22 b4 27 61 9f f0 cf 96 ff 0c 23 04 26 Aug 26 18:24:50.148465: | 26 56 15 e3 98 41 93 ff ca 84 e3 8e 3e da 64 96 Aug 26 18:24:50.148467: | 2b a5 1e 2e ec ae 12 f2 dd 79 a0 b1 59 9b e2 2b Aug 26 18:24:50.148470: | f4 c5 88 7f d8 94 bb 8b dd 1c b8 9d e5 3f 27 80 Aug 26 18:24:50.148472: | c4 6b b1 0f 02 e8 4e e8 bd 93 59 96 f4 13 aa a6 Aug 26 18:24:50.148475: | af 08 30 5c 96 b9 74 6d 9f 57 3d 35 9f e5 87 15 Aug 26 18:24:50.148479: | b9 9b 3f df b0 b4 3b ef fc 7c b7 79 4c 2d 03 3b Aug 26 18:24:50.148482: | 94 ce c9 c5 16 e7 f6 7d ff 49 2c 24 bb 1f 29 ea Aug 26 18:24:50.148484: | ba ac ef 75 5e c7 45 2f 7a ac 27 4a d4 5a c6 e9 Aug 26 18:24:50.148486: | 11 99 f0 47 ee a3 28 de c4 f6 f4 d4 16 d5 37 21 Aug 26 18:24:50.148489: | b7 a0 1b ac e2 3c f8 65 21 5d 64 db af d4 b1 76 Aug 26 18:24:50.148491: | e8 fc 9f 83 8a 42 ab d7 06 bf c0 55 87 2d 42 18 Aug 26 18:24:50.148494: | 7d 24 46 85 f1 56 24 b3 0c 78 ab ce 96 03 39 32 Aug 26 18:24:50.148496: | dc ca 82 c7 5e 51 ec 4c 98 b4 7b 38 10 e7 53 96 Aug 26 18:24:50.148499: | 0f 52 d7 0f f5 b3 0f 7f 29 00 00 24 c2 6a 45 c0 Aug 26 18:24:50.148501: | 53 61 55 20 55 19 a6 7b e8 48 b3 81 17 54 6c f7 Aug 26 18:24:50.148504: | 8e f8 7b 24 ac 6e 16 67 b2 d6 0a 90 29 00 00 08 Aug 26 18:24:50.148506: | 00 00 40 2e 29 00 00 1c 00 00 40 04 01 8e 4e c1 Aug 26 18:24:50.148509: | 4b b6 a2 26 65 b6 05 20 42 82 dc d1 22 f8 85 9f Aug 26 18:24:50.148511: | 00 00 00 1c 00 00 40 05 24 f4 42 82 2c 71 93 91 Aug 26 18:24:50.148514: | 20 c3 4b 57 32 72 25 6e 0e 56 c0 41 Aug 26 18:24:50.148602: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:50.148609: | libevent_free: release ptr-libevent@0x557cde716d58 Aug 26 18:24:50.148613: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557cde715838 Aug 26 18:24:50.148616: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:24:50.148620: | event_schedule: new EVENT_RETRANSMIT-pe@0x557cde715838 Aug 26 18:24:50.148624: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 18:24:50.148628: | libevent_malloc: new ptr-libevent@0x557cde716988 size 128 Aug 26 18:24:50.148633: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29175.891086 Aug 26 18:24:50.148637: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 18:24:50.148644: | #1 spent 1.75 milliseconds in resume sending helper answer Aug 26 18:24:50.148649: | stop processing: state #1 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:50.148652: | libevent_free: release ptr-libevent@0x7f4554002888 Aug 26 18:24:50.152228: | spent 0.00321 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:50.152258: | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:50.152263: | 95 9c 0b 68 d1 11 81 2d 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:50.152267: | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 Aug 26 18:24:50.152270: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 18:24:50.152273: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 18:24:50.152276: | 04 00 00 0e 28 00 01 08 00 0e 00 00 c9 de 99 f7 Aug 26 18:24:50.152278: | 09 c8 9c ec 17 cf 54 75 56 d1 d1 f8 10 b6 b6 7b Aug 26 18:24:50.152281: | 7b f0 cf d8 03 5f b1 f9 45 f7 65 96 da fb ba 10 Aug 26 18:24:50.152284: | c4 2f 5b d2 a9 e2 c2 f3 cf 6c 0d f9 d5 8c 54 0e Aug 26 18:24:50.152287: | fa f5 3c c8 ee 80 5b f0 ba eb 72 9d 6c 72 19 a3 Aug 26 18:24:50.152305: | d5 8f 6f b0 96 6a ce 45 0f 30 d6 c0 1a 3d aa e0 Aug 26 18:24:50.152309: | 7c 72 28 06 e7 7b 9b 7a bc dd c1 6c b8 41 47 5c Aug 26 18:24:50.152312: | 76 51 00 86 6b b1 88 f7 1a d8 9b cc 95 32 98 fa Aug 26 18:24:50.152315: | 32 63 e9 a2 0e 55 1f 18 87 9c 49 ec a4 23 64 41 Aug 26 18:24:50.152318: | d1 80 7e c7 88 1d dd f4 93 1f bf 00 d2 35 1a 5a Aug 26 18:24:50.152321: | d9 ea 36 c9 df 59 9e f9 d5 25 bf be 2d 85 b9 3f Aug 26 18:24:50.152324: | 65 14 f1 89 2d 66 69 f1 f8 0e 5b 2a 70 95 5e f7 Aug 26 18:24:50.152326: | 13 55 1e 13 40 08 1e 7a 71 da 20 2d 83 94 e6 d4 Aug 26 18:24:50.152329: | 2e a8 70 41 96 7b 4a 54 cd 0c 73 d0 11 21 5f 13 Aug 26 18:24:50.152332: | 60 e3 3c ea d2 12 4b cb cb 09 f8 55 7f ed 5c 6d Aug 26 18:24:50.152338: | 5a df 8e 91 cb 4d ee be 0c 90 33 4b 66 a7 4b 15 Aug 26 18:24:50.152342: | bd 59 86 72 83 91 96 39 23 f6 42 98 29 00 00 24 Aug 26 18:24:50.152345: | 11 bd 5e d1 f8 ee 4c 32 76 9a 8a a9 27 1d 78 3e Aug 26 18:24:50.152348: | c4 22 83 f5 47 a2 ff 44 a5 7d ac 05 c5 84 b9 ea Aug 26 18:24:50.152350: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 18:24:50.152353: | 19 09 47 e1 44 13 f3 12 15 f9 85 79 f8 5d 0b 22 Aug 26 18:24:50.152356: | f6 4e 94 c7 26 00 00 1c 00 00 40 05 07 93 f7 04 Aug 26 18:24:50.152359: | 4e 95 a8 40 e4 0b 8d 51 9d e9 6c b3 0e 77 3e 6c Aug 26 18:24:50.152362: | 00 00 00 05 04 Aug 26 18:24:50.152368: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:50.152373: | **parse ISAKMP Message: Aug 26 18:24:50.152377: | initiator cookie: Aug 26 18:24:50.152380: | 95 9c 0b 68 d1 11 81 2d Aug 26 18:24:50.152383: | responder cookie: Aug 26 18:24:50.152385: | 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:50.152389: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:50.152393: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:50.152396: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:50.152399: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:50.152402: | Message ID: 0 (0x0) Aug 26 18:24:50.152406: | length: 437 (0x1b5) Aug 26 18:24:50.152410: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 18:24:50.152415: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 18:24:50.152420: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 18:24:50.152429: | start processing: state #1 connection "north-east" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:50.152435: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:50.152440: | #1 is idle Aug 26 18:24:50.152443: | #1 idle Aug 26 18:24:50.152447: | unpacking clear payload Aug 26 18:24:50.152450: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:50.152454: | ***parse IKEv2 Security Association Payload: Aug 26 18:24:50.152458: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:24:50.152461: | flags: none (0x0) Aug 26 18:24:50.152465: | length: 40 (0x28) Aug 26 18:24:50.152468: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 18:24:50.152472: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:24:50.152476: | ***parse IKEv2 Key Exchange Payload: Aug 26 18:24:50.152479: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:24:50.152481: | flags: none (0x0) Aug 26 18:24:50.152483: | length: 264 (0x108) Aug 26 18:24:50.152486: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:50.152488: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:24:50.152490: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:24:50.152492: | ***parse IKEv2 Nonce Payload: Aug 26 18:24:50.152495: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:50.152497: | flags: none (0x0) Aug 26 18:24:50.152499: | length: 36 (0x24) Aug 26 18:24:50.152501: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:24:50.152503: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:50.152506: | ***parse IKEv2 Notify Payload: Aug 26 18:24:50.152508: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:50.152510: | flags: none (0x0) Aug 26 18:24:50.152512: | length: 8 (0x8) Aug 26 18:24:50.152515: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:50.152517: | SPI size: 0 (0x0) Aug 26 18:24:50.152520: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:50.152522: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:24:50.152524: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:50.152526: | ***parse IKEv2 Notify Payload: Aug 26 18:24:50.152529: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:50.152533: | flags: none (0x0) Aug 26 18:24:50.152535: | length: 28 (0x1c) Aug 26 18:24:50.152537: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:50.152540: | SPI size: 0 (0x0) Aug 26 18:24:50.152542: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:50.152544: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:50.152546: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:50.152549: | ***parse IKEv2 Notify Payload: Aug 26 18:24:50.152551: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Aug 26 18:24:50.152553: | flags: none (0x0) Aug 26 18:24:50.152555: | length: 28 (0x1c) Aug 26 18:24:50.152557: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:50.152559: | SPI size: 0 (0x0) Aug 26 18:24:50.152562: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:50.152565: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:50.152569: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Aug 26 18:24:50.152573: | ***parse IKEv2 Certificate Request Payload: Aug 26 18:24:50.152576: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:50.152579: | flags: none (0x0) Aug 26 18:24:50.152583: | length: 5 (0x5) Aug 26 18:24:50.152587: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:24:50.152591: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) Aug 26 18:24:50.152594: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 18:24:50.152600: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:24:50.152603: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:24:50.152605: | Now let's proceed with state specific processing Aug 26 18:24:50.152608: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:24:50.152611: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 18:24:50.152626: | using existing local IKE proposals for connection north-east (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:50.152630: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 18:24:50.152633: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:50.152636: | local proposal 1 type PRF has 2 transforms Aug 26 18:24:50.152638: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:50.152641: | local proposal 1 type DH has 8 transforms Aug 26 18:24:50.152643: | local proposal 1 type ESN has 0 transforms Aug 26 18:24:50.152646: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:50.152648: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:50.152651: | local proposal 2 type PRF has 2 transforms Aug 26 18:24:50.152653: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:50.152655: | local proposal 2 type DH has 8 transforms Aug 26 18:24:50.152657: | local proposal 2 type ESN has 0 transforms Aug 26 18:24:50.152660: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:50.152662: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:50.152664: | local proposal 3 type PRF has 2 transforms Aug 26 18:24:50.152666: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:50.152669: | local proposal 3 type DH has 8 transforms Aug 26 18:24:50.152671: | local proposal 3 type ESN has 0 transforms Aug 26 18:24:50.152674: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:50.152678: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:50.152680: | local proposal 4 type PRF has 2 transforms Aug 26 18:24:50.152682: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:50.152685: | local proposal 4 type DH has 8 transforms Aug 26 18:24:50.152687: | local proposal 4 type ESN has 0 transforms Aug 26 18:24:50.152690: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:50.152692: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:50.152695: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:50.152697: | length: 36 (0x24) Aug 26 18:24:50.152699: | prop #: 1 (0x1) Aug 26 18:24:50.152702: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:50.152704: | spi size: 0 (0x0) Aug 26 18:24:50.152706: | # transforms: 3 (0x3) Aug 26 18:24:50.152709: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:24:50.152712: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:50.152714: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.152716: | length: 12 (0xc) Aug 26 18:24:50.152719: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:50.152721: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:50.152723: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:50.152726: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:50.152728: | length/value: 256 (0x100) Aug 26 18:24:50.152732: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:50.152735: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:50.152737: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.152739: | length: 8 (0x8) Aug 26 18:24:50.152741: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:50.152744: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:50.152747: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 18:24:50.152749: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:50.152751: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:50.152754: | length: 8 (0x8) Aug 26 18:24:50.152756: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:50.152758: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:50.152761: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:24:50.152765: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 18:24:50.152769: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 18:24:50.152771: | remote proposal 1 matches local proposal 1 Aug 26 18:24:50.152774: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 18:24:50.152776: | converting proposal to internal trans attrs Aug 26 18:24:50.152791: | natd_hash: hasher=0x557cde587800(20) Aug 26 18:24:50.152794: | natd_hash: icookie= 95 9c 0b 68 d1 11 81 2d Aug 26 18:24:50.152797: | natd_hash: rcookie= 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:50.152799: | natd_hash: ip= c0 01 03 21 Aug 26 18:24:50.152801: | natd_hash: port=500 Aug 26 18:24:50.152803: | natd_hash: hash= 07 93 f7 04 4e 95 a8 40 e4 0b 8d 51 9d e9 6c b3 Aug 26 18:24:50.152806: | natd_hash: hash= 0e 77 3e 6c Aug 26 18:24:50.152811: | natd_hash: hasher=0x557cde587800(20) Aug 26 18:24:50.152813: | natd_hash: icookie= 95 9c 0b 68 d1 11 81 2d Aug 26 18:24:50.152815: | natd_hash: rcookie= 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:50.152817: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:50.152819: | natd_hash: port=500 Aug 26 18:24:50.152822: | natd_hash: hash= 19 09 47 e1 44 13 f3 12 15 f9 85 79 f8 5d 0b 22 Aug 26 18:24:50.152824: | natd_hash: hash= f6 4e 94 c7 Aug 26 18:24:50.152826: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:24:50.152830: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 18:24:50.152832: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:24:50.152835: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 18:24:50.152841: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 18:24:50.152844: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 18:24:50.152847: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:24:50.152850: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 18:24:50.152853: | libevent_free: release ptr-libevent@0x557cde716988 Aug 26 18:24:50.152856: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557cde715838 Aug 26 18:24:50.152859: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557cde715838 Aug 26 18:24:50.152863: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:24:50.152865: | libevent_malloc: new ptr-libevent@0x7f4554002888 size 128 Aug 26 18:24:50.152876: | #1 spent 0.262 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 18:24:50.152881: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:50.152884: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 18:24:50.152886: | suspending state #1 and saving MD Aug 26 18:24:50.152889: | #1 is busy; has a suspended MD Aug 26 18:24:50.152892: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:50.152896: | "north-east" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:50.152899: | stop processing: state #1 connection "north-east" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:50.152903: | #1 spent 0.649 milliseconds in ikev2_process_packet() Aug 26 18:24:50.152907: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:50.152910: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:50.152912: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:50.152914: | crypto helper 0 resuming Aug 26 18:24:50.152916: | spent 0.662 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:50.152933: | crypto helper 0 starting work-order 2 for state #1 Aug 26 18:24:50.152945: | crypto helper 0 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 18:24:50.153690: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 18:24:50.154066: | crypto helper 0 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001121 seconds Aug 26 18:24:50.154074: | (#1) spent 1.12 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 18:24:50.154077: | crypto helper 0 sending results from work-order 2 for state #1 to event queue Aug 26 18:24:50.154080: | scheduling resume sending helper answer for #1 Aug 26 18:24:50.154083: | libevent_malloc: new ptr-libevent@0x7f454c000f48 size 128 Aug 26 18:24:50.154091: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:50.154103: | processing resume sending helper answer for #1 Aug 26 18:24:50.154118: | start processing: state #1 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:50.154125: | crypto helper 0 replies to request ID 2 Aug 26 18:24:50.154129: | calling continuation function 0x557cde4b2b50 Aug 26 18:24:50.154133: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 18:24:50.154141: | creating state object #2 at 0x557cde71b0f8 Aug 26 18:24:50.154146: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 18:24:50.154152: | pstats #2 ikev2.child started Aug 26 18:24:50.154156: | duplicating state object #1 "north-east" as #2 for IPSEC SA Aug 26 18:24:50.154163: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:50.154180: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:50.154188: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 18:24:50.154194: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 18:24:50.154199: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:50.154204: | libevent_free: release ptr-libevent@0x7f4554002888 Aug 26 18:24:50.154209: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557cde715838 Aug 26 18:24:50.154214: | event_schedule: new EVENT_SA_REPLACE-pe@0x557cde715838 Aug 26 18:24:50.154220: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 18:24:50.154224: | libevent_malloc: new ptr-libevent@0x7f4554002888 size 128 Aug 26 18:24:50.154230: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 18:24:50.154240: | **emit ISAKMP Message: Aug 26 18:24:50.154245: | initiator cookie: Aug 26 18:24:50.154248: | 95 9c 0b 68 d1 11 81 2d Aug 26 18:24:50.154251: | responder cookie: Aug 26 18:24:50.154255: | 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:50.154259: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:50.154264: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:50.154269: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:50.154273: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:50.154277: | Message ID: 1 (0x1) Aug 26 18:24:50.154281: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:50.154286: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:50.154297: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:50.154301: | flags: none (0x0) Aug 26 18:24:50.154306: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:50.154310: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:24:50.154315: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:50.154327: | IKEv2 CERT: send a certificate? Aug 26 18:24:50.154335: | IKEv2 CERT: no certificate to send Aug 26 18:24:50.154339: | IDr payload will be sent Aug 26 18:24:50.154363: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 18:24:50.154369: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:50.154372: | flags: none (0x0) Aug 26 18:24:50.154376: | ID type: ID_FQDN (0x2) Aug 26 18:24:50.154382: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 18:24:50.154387: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:50.154392: | emitting 5 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 18:24:50.154396: | my identity 6e 6f 72 74 68 Aug 26 18:24:50.154400: | emitting length of IKEv2 Identification - Initiator - Payload: 13 Aug 26 18:24:50.154415: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 18:24:50.154420: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:24:50.154424: | flags: none (0x0) Aug 26 18:24:50.154427: | ID type: ID_FQDN (0x2) Aug 26 18:24:50.154432: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 18:24:50.154437: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 18:24:50.154441: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:50.154449: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 18:24:50.154452: | IDr 65 61 73 74 Aug 26 18:24:50.154456: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 18:24:50.154460: | not sending INITIAL_CONTACT Aug 26 18:24:50.154464: | ****emit IKEv2 Authentication Payload: Aug 26 18:24:50.154468: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:50.154472: | flags: none (0x0) Aug 26 18:24:50.154476: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 18:24:50.154481: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 18:24:50.154486: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 18:24:50.154493: | started looking for secret for @north->@east of kind PKK_RSA Aug 26 18:24:50.154498: | actually looking for secret for @north->@east of kind PKK_RSA Aug 26 18:24:50.154503: | line 1: key type PKK_RSA(@north) to type PKK_RSA Aug 26 18:24:50.154508: | 1: compared key (none) to @north / @east -> 002 Aug 26 18:24:50.154512: | 2: compared key (none) to @north / @east -> 002 Aug 26 18:24:50.154516: | line 1: match=002 Aug 26 18:24:50.154520: | match 002 beats previous best_match 000 match=0x557cde66b378 (line=1) Aug 26 18:24:50.154525: | concluding with best_match=002 best=0x557cde66b378 (lineno=1) Aug 26 18:24:50.161588: | #1 spent 7.01 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 18:24:50.161602: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 18:24:50.161607: | rsa signature 26 ba 82 4f 9d 4f 60 cd 9d be 64 6d 92 11 f0 bd Aug 26 18:24:50.161610: | rsa signature f5 8c 6b ed 10 c8 97 d0 c1 5d 25 06 3b 47 59 16 Aug 26 18:24:50.161614: | rsa signature 6b d4 60 74 3d f1 a9 a6 46 1b c4 a6 27 ab a1 13 Aug 26 18:24:50.161617: | rsa signature 5a 53 60 b7 69 7c bc dc 51 3c d5 9a 97 59 fc 49 Aug 26 18:24:50.161621: | rsa signature 25 a8 87 7b b1 67 4e 2c e8 8c 8e b7 3a 3d 44 55 Aug 26 18:24:50.161624: | rsa signature b4 c0 52 8a c0 07 4b 51 8c 43 54 cc d0 c6 05 f9 Aug 26 18:24:50.161628: | rsa signature fc bc 9b 6c 74 c1 f5 a5 43 d8 ec 52 f9 a1 37 3e Aug 26 18:24:50.161631: | rsa signature 43 a4 b5 2d a1 66 9e 42 b1 39 bb f5 e4 2e 23 a7 Aug 26 18:24:50.161634: | rsa signature 76 b8 6d 3e 13 c8 d6 d2 e9 85 15 20 79 5c 92 85 Aug 26 18:24:50.161638: | rsa signature 68 15 11 fd 38 de c0 65 ac 70 fc a3 72 fe a9 0d Aug 26 18:24:50.161641: | rsa signature 31 6e bf 26 0e 6e 20 24 8e 17 fe c0 e4 72 a4 1a Aug 26 18:24:50.161645: | rsa signature dc 07 96 e8 f6 a3 4c c0 0e f7 53 15 2f 53 4e b5 Aug 26 18:24:50.161648: | rsa signature 69 de 8e 7a ab 06 2d a5 a6 ac 33 30 b8 41 23 85 Aug 26 18:24:50.161652: | rsa signature 2f 07 06 1b d0 2b e8 3b ce c3 5f b0 29 e4 50 d9 Aug 26 18:24:50.161655: | rsa signature 1b c4 d0 ff 38 a0 89 d8 87 9f a1 af b3 df 01 3d Aug 26 18:24:50.161658: | rsa signature a6 89 32 2a 48 c9 19 83 ad 3a 95 5e ea 95 7e 69 Aug 26 18:24:50.161662: | rsa signature fd 0f 42 45 4c 32 91 3a a7 ea fd 19 42 cb 22 cc Aug 26 18:24:50.161665: | rsa signature 28 74 Aug 26 18:24:50.161671: | #1 spent 7.15 milliseconds in ikev2_calculate_rsa_hash() Aug 26 18:24:50.161675: | emitting length of IKEv2 Authentication Payload: 282 Aug 26 18:24:50.161679: | getting first pending from state #1 Aug 26 18:24:50.161704: | netlink_get_spi: allocated 0x64ffb8b for esp.0@192.1.3.33 Aug 26 18:24:50.161710: | constructing ESP/AH proposals with all DH removed for north-east (IKE SA initiator emitting ESP/AH proposals) Aug 26 18:24:50.161717: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:24:50.161725: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:24:50.161729: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:24:50.161739: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:24:50.161744: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:50.161750: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:50.161754: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:50.161760: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:50.161771: "north-east": constructed local ESP/AH proposals for north-east (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:50.161776: | Emitting ikev2_proposals ... Aug 26 18:24:50.161780: | ****emit IKEv2 Security Association Payload: Aug 26 18:24:50.161784: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:50.161787: | flags: none (0x0) Aug 26 18:24:50.161792: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:50.161796: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:50.161800: | discarding INTEG=NONE Aug 26 18:24:50.161804: | discarding DH=NONE Aug 26 18:24:50.161807: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:50.161811: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:50.161815: | prop #: 1 (0x1) Aug 26 18:24:50.161819: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:50.161822: | spi size: 4 (0x4) Aug 26 18:24:50.161826: | # transforms: 2 (0x2) Aug 26 18:24:50.161830: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:50.161834: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:50.161838: | our spi 06 4f fb 8b Aug 26 18:24:50.161842: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.161846: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.161849: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:50.161853: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:50.161857: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.161861: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:50.161865: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:50.161869: | length/value: 256 (0x100) Aug 26 18:24:50.161873: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:50.161876: | discarding INTEG=NONE Aug 26 18:24:50.161880: | discarding DH=NONE Aug 26 18:24:50.161883: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.161887: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:50.161891: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:50.161894: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:50.161898: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.161903: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.161907: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.161910: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:24:50.161914: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:50.161920: | discarding INTEG=NONE Aug 26 18:24:50.161923: | discarding DH=NONE Aug 26 18:24:50.161927: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:50.161930: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:50.161934: | prop #: 2 (0x2) Aug 26 18:24:50.161937: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:50.161941: | spi size: 4 (0x4) Aug 26 18:24:50.161944: | # transforms: 2 (0x2) Aug 26 18:24:50.161948: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:50.161952: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:50.161957: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:50.161960: | our spi 06 4f fb 8b Aug 26 18:24:50.161964: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.161968: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.161971: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:50.161974: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:50.161979: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.161982: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:50.161986: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:50.161990: | length/value: 128 (0x80) Aug 26 18:24:50.161994: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:50.161997: | discarding INTEG=NONE Aug 26 18:24:50.162000: | discarding DH=NONE Aug 26 18:24:50.162004: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.162007: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:50.162011: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:50.162014: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:50.162019: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.162023: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.162026: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.162030: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:24:50.162034: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:50.162037: | discarding DH=NONE Aug 26 18:24:50.162041: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:50.162044: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:50.162048: | prop #: 3 (0x3) Aug 26 18:24:50.162051: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:50.162055: | spi size: 4 (0x4) Aug 26 18:24:50.162058: | # transforms: 4 (0x4) Aug 26 18:24:50.162062: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:50.162066: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:50.162070: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:50.162074: | our spi 06 4f fb 8b Aug 26 18:24:50.162077: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.162081: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.162085: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:50.162088: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:50.162092: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.162096: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:50.162104: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:50.162107: | length/value: 256 (0x100) Aug 26 18:24:50.162111: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:50.162115: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.162118: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.162122: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:50.162126: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:50.162130: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.162135: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.162139: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.162143: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.162146: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.162150: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:50.162154: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:50.162158: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.162162: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.162166: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.162169: | discarding DH=NONE Aug 26 18:24:50.162173: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.162176: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:50.162180: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:50.162183: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:50.162187: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.162191: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.162195: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.162199: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 18:24:50.162203: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:50.162206: | discarding DH=NONE Aug 26 18:24:50.162210: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:50.162214: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:50.162217: | prop #: 4 (0x4) Aug 26 18:24:50.162221: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:50.162224: | spi size: 4 (0x4) Aug 26 18:24:50.162227: | # transforms: 4 (0x4) Aug 26 18:24:50.162232: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:50.162236: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:50.162240: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:50.162244: | our spi 06 4f fb 8b Aug 26 18:24:50.162247: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.162251: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.162255: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:50.162258: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:50.162262: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.162266: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:50.162269: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:50.162273: | length/value: 128 (0x80) Aug 26 18:24:50.162278: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:50.162282: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.162286: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.162295: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:50.162298: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:50.162303: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.162307: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.162311: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.162314: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.162318: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.162321: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:50.162325: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:50.162329: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.162335: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.162339: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.162343: | discarding DH=NONE Aug 26 18:24:50.162346: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:50.162350: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:50.162353: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:50.162357: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:50.162361: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.162365: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:50.162369: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:50.162373: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 18:24:50.162377: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:50.162380: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 18:24:50.162385: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:50.162389: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:50.162393: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:50.162396: | flags: none (0x0) Aug 26 18:24:50.162400: | number of TS: 1 (0x1) Aug 26 18:24:50.162405: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:24:50.162409: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:50.162413: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:50.162416: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:50.162420: | IP Protocol ID: 0 (0x0) Aug 26 18:24:50.162423: | start port: 0 (0x0) Aug 26 18:24:50.162427: | end port: 65535 (0xffff) Aug 26 18:24:50.162432: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:50.162435: | ipv4 start c0 00 03 fe Aug 26 18:24:50.162439: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:50.162442: | ipv4 end c0 00 03 fe Aug 26 18:24:50.162446: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:50.162450: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:24:50.162455: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:50.162459: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:50.162463: | flags: none (0x0) Aug 26 18:24:50.162466: | number of TS: 1 (0x1) Aug 26 18:24:50.162471: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:24:50.162475: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:50.162479: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:50.162482: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:50.162486: | IP Protocol ID: 0 (0x0) Aug 26 18:24:50.162489: | start port: 0 (0x0) Aug 26 18:24:50.162492: | end port: 65535 (0xffff) Aug 26 18:24:50.162496: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:50.162500: | ipv4 start c0 00 02 00 Aug 26 18:24:50.162503: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:50.162507: | ipv4 end c0 00 02 ff Aug 26 18:24:50.162510: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:50.162514: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:24:50.162518: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 18:24:50.162522: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:24:50.162526: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:50.162531: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:50.162535: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:50.162539: | emitting length of IKEv2 Encryption Payload: 548 Aug 26 18:24:50.162543: | emitting length of ISAKMP Message: 576 Aug 26 18:24:50.162549: | **parse ISAKMP Message: Aug 26 18:24:50.162552: | initiator cookie: Aug 26 18:24:50.162556: | 95 9c 0b 68 d1 11 81 2d Aug 26 18:24:50.162559: | responder cookie: Aug 26 18:24:50.162562: | 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:50.162566: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:50.162570: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:50.162574: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:50.162577: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:50.162581: | Message ID: 1 (0x1) Aug 26 18:24:50.162584: | length: 576 (0x240) Aug 26 18:24:50.162588: | **parse IKEv2 Encryption Payload: Aug 26 18:24:50.162592: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 18:24:50.162595: | flags: none (0x0) Aug 26 18:24:50.162598: | length: 548 (0x224) Aug 26 18:24:50.162602: | **emit ISAKMP Message: Aug 26 18:24:50.162606: | initiator cookie: Aug 26 18:24:50.162609: | 95 9c 0b 68 d1 11 81 2d Aug 26 18:24:50.162612: | responder cookie: Aug 26 18:24:50.162616: | 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:50.162619: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:50.162623: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:50.162627: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:50.162630: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:50.162634: | Message ID: 1 (0x1) Aug 26 18:24:50.162638: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:50.162642: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:50.162645: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 18:24:50.162649: | flags: none (0x0) Aug 26 18:24:50.162652: | fragment number: 1 (0x1) Aug 26 18:24:50.162656: | total fragments: 2 (0x2) Aug 26 18:24:50.162660: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Aug 26 18:24:50.162664: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:50.162670: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:50.162675: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:50.162681: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:50.162685: | cleartext fragment 24 00 00 0d 02 00 00 00 6e 6f 72 74 68 27 00 00 Aug 26 18:24:50.162689: | cleartext fragment 0c 02 00 00 00 65 61 73 74 21 00 01 1a 01 00 00 Aug 26 18:24:50.162693: | cleartext fragment 00 26 ba 82 4f 9d 4f 60 cd 9d be 64 6d 92 11 f0 Aug 26 18:24:50.162696: | cleartext fragment bd f5 8c 6b ed 10 c8 97 d0 c1 5d 25 06 3b 47 59 Aug 26 18:24:50.162700: | cleartext fragment 16 6b d4 60 74 3d f1 a9 a6 46 1b c4 a6 27 ab a1 Aug 26 18:24:50.162704: | cleartext fragment 13 5a 53 60 b7 69 7c bc dc 51 3c d5 9a 97 59 fc Aug 26 18:24:50.162707: | cleartext fragment 49 25 a8 87 7b b1 67 4e 2c e8 8c 8e b7 3a 3d 44 Aug 26 18:24:50.162710: | cleartext fragment 55 b4 c0 52 8a c0 07 4b 51 8c 43 54 cc d0 c6 05 Aug 26 18:24:50.162714: | cleartext fragment f9 fc bc 9b 6c 74 c1 f5 a5 43 d8 ec 52 f9 a1 37 Aug 26 18:24:50.162717: | cleartext fragment 3e 43 a4 b5 2d a1 66 9e 42 b1 39 bb f5 e4 2e 23 Aug 26 18:24:50.162721: | cleartext fragment a7 76 b8 6d 3e 13 c8 d6 d2 e9 85 15 20 79 5c 92 Aug 26 18:24:50.162724: | cleartext fragment 85 68 15 11 fd 38 de c0 65 ac 70 fc a3 72 fe a9 Aug 26 18:24:50.162728: | cleartext fragment 0d 31 6e bf 26 0e 6e 20 24 8e 17 fe c0 e4 72 a4 Aug 26 18:24:50.162731: | cleartext fragment 1a dc 07 96 e8 f6 a3 4c c0 0e f7 53 15 2f 53 4e Aug 26 18:24:50.162735: | cleartext fragment b5 69 de 8e 7a ab 06 2d a5 a6 ac 33 30 b8 41 23 Aug 26 18:24:50.162738: | cleartext fragment 85 2f 07 06 1b d0 2b e8 3b ce c3 5f b0 29 e4 50 Aug 26 18:24:50.162742: | cleartext fragment d9 1b c4 d0 ff 38 a0 89 d8 87 9f a1 af b3 df 01 Aug 26 18:24:50.162745: | cleartext fragment 3d a6 89 32 2a 48 c9 19 83 ad 3a 95 5e ea 95 7e Aug 26 18:24:50.162749: | cleartext fragment 69 fd 0f 42 45 4c 32 91 3a a7 ea fd 19 42 cb 22 Aug 26 18:24:50.162752: | cleartext fragment cc 28 74 2c 00 00 a4 02 00 00 20 01 03 04 02 06 Aug 26 18:24:50.162756: | cleartext fragment 4f fb 8b 03 00 00 0c 01 00 00 14 80 0e 01 00 00 Aug 26 18:24:50.162759: | cleartext fragment 00 00 08 05 00 00 00 02 00 00 20 02 03 04 02 06 Aug 26 18:24:50.162763: | cleartext fragment 4f fb 8b 03 00 00 0c 01 00 00 14 80 0e 00 80 00 Aug 26 18:24:50.162766: | cleartext fragment 00 00 08 05 00 00 00 02 00 00 30 03 03 04 04 06 Aug 26 18:24:50.162770: | cleartext fragment 4f fb 8b 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 Aug 26 18:24:50.162773: | cleartext fragment 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 Aug 26 18:24:50.162777: | cleartext fragment 00 00 08 05 00 00 00 00 00 00 30 04 03 04 04 06 Aug 26 18:24:50.162780: | cleartext fragment 4f fb 8b 03 00 00 0c 01 00 00 0c 80 0e 00 80 03 Aug 26 18:24:50.162784: | cleartext fragment 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 Aug 26 18:24:50.162787: | cleartext fragment 00 00 08 05 00 00 00 2d 00 00 18 01 00 00 Aug 26 18:24:50.162791: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:50.162795: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:50.162799: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:50.162803: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 18:24:50.162806: | emitting length of ISAKMP Message: 539 Aug 26 18:24:50.162820: | **emit ISAKMP Message: Aug 26 18:24:50.162824: | initiator cookie: Aug 26 18:24:50.162827: | 95 9c 0b 68 d1 11 81 2d Aug 26 18:24:50.162831: | responder cookie: Aug 26 18:24:50.162834: | 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:50.162838: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:50.162842: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:50.162847: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:50.162851: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:50.162854: | Message ID: 1 (0x1) Aug 26 18:24:50.162858: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:50.162862: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:24:50.162866: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:50.162869: | flags: none (0x0) Aug 26 18:24:50.162872: | fragment number: 2 (0x2) Aug 26 18:24:50.162876: | total fragments: 2 (0x2) Aug 26 18:24:50.162880: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 18:24:50.162884: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:24:50.162888: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:24:50.162892: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:24:50.162900: | emitting 41 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:24:50.162904: | cleartext fragment 00 07 00 00 10 00 00 ff ff c0 00 03 fe c0 00 03 Aug 26 18:24:50.162907: | cleartext fragment fe 00 00 00 18 01 00 00 00 07 00 00 10 00 00 ff Aug 26 18:24:50.162911: | cleartext fragment ff c0 00 02 00 c0 00 02 ff Aug 26 18:24:50.162914: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:50.162918: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:24:50.162922: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:24:50.162927: | emitting length of IKEv2 Encrypted Fragment: 74 Aug 26 18:24:50.162931: | emitting length of ISAKMP Message: 102 Aug 26 18:24:50.162943: | suspend processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:50.162949: | start processing: state #2 connection "north-east" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:50.162955: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 18:24:50.162959: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 18:24:50.162964: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 18:24:50.162968: | Message ID: updating counters for #2 to 0 after switching state Aug 26 18:24:50.162975: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 18:24:50.162982: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 18:24:50.162988: "north-east" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 18:24:50.162994: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:24:50.162998: | sending fragments ... Aug 26 18:24:50.163006: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:50.163010: | 95 9c 0b 68 d1 11 81 2d 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:50.163013: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Aug 26 18:24:50.163017: | 00 01 00 02 20 90 14 02 9c 36 e2 68 46 44 1c e8 Aug 26 18:24:50.163020: | f1 15 fb 00 f7 9e 25 6f 8f e4 cc 9b ce 79 91 71 Aug 26 18:24:50.163023: | 86 a5 e8 b5 07 93 73 6c 15 b6 9c e4 31 20 bf ce Aug 26 18:24:50.163027: | 61 70 fd 2a da 91 b2 b8 d0 6f 65 fe c4 2b 62 6b Aug 26 18:24:50.163030: | 37 d5 51 fa c5 dd e3 bd 6e d4 bf 80 4f 1c e1 4b Aug 26 18:24:50.163034: | 09 0d 42 4a cf fa e8 b3 54 12 35 72 2b bb 9b dc Aug 26 18:24:50.163037: | 76 21 77 d5 f3 4d 23 4b 84 1e 0b a1 8a 78 aa ae Aug 26 18:24:50.163042: | c6 6e f6 9e f2 ee 2d 56 df d1 94 35 f2 b0 0c fe Aug 26 18:24:50.163046: | dc 93 7b 7c ec ad 80 53 4e 8a 58 c0 74 25 70 ec Aug 26 18:24:50.163049: | 1c cf eb 75 e8 b1 1c 70 29 21 55 29 ef ac e6 21 Aug 26 18:24:50.163053: | 08 f6 6a d4 6d b4 32 ca c1 09 5b 3e 66 2a 06 eb Aug 26 18:24:50.163056: | 2e 46 c9 cb fd 66 63 56 bd ca 2c c8 fd 5a 90 bb Aug 26 18:24:50.163060: | b9 42 b1 94 a1 7b a9 db 20 62 3f ca fd 52 63 1c Aug 26 18:24:50.163063: | d0 7d 12 63 67 e5 37 62 f1 8b 9f 32 01 9a 38 fa Aug 26 18:24:50.163067: | 72 76 04 5c d2 e2 38 48 cb 98 76 11 5e 75 b7 a2 Aug 26 18:24:50.163070: | 16 11 7b f2 91 bf 04 fc 5c d4 03 09 4d 19 67 45 Aug 26 18:24:50.163073: | 6b 24 0f 3c 02 f3 25 89 2b 91 80 e8 b2 95 62 ba Aug 26 18:24:50.163077: | 20 03 8f 71 54 10 50 df 54 ab ce 12 5a 89 3d 55 Aug 26 18:24:50.163080: | 6b 51 8b 59 4f 8d 6b 80 57 30 f2 61 1c 3a 0d 7b Aug 26 18:24:50.163084: | c6 d7 93 ee be 57 96 fa 0b 84 23 87 d3 b1 58 fa Aug 26 18:24:50.163087: | 83 72 5c 49 e4 c5 af e7 9d ea 55 84 69 2a fa 1e Aug 26 18:24:50.163091: | 66 5a db 1d b5 0c f2 9f f8 1f ea 09 1e 42 8f e3 Aug 26 18:24:50.163094: | ba be 22 a9 1e 02 bc a5 fd cb 23 e7 2e 73 50 0f Aug 26 18:24:50.163097: | ac a6 a6 b8 ee e1 52 4a 8d 0b df 6c 03 be dd 4b Aug 26 18:24:50.163101: | e4 98 cb ac ac af 56 2b 8d 15 45 3c 47 44 50 68 Aug 26 18:24:50.163104: | 77 28 14 f7 b5 22 b4 fa f3 a2 8e 69 83 94 fc 43 Aug 26 18:24:50.163108: | 0d 9f d6 34 e9 42 62 f2 00 e5 f3 ab 9f 91 ba bb Aug 26 18:24:50.163111: | 3a 45 9f 07 9b b8 44 ef 68 77 b8 e6 32 af 90 ce Aug 26 18:24:50.163115: | dc 48 63 5b 22 5b eb 5e 9a 9f c2 d6 a2 7f a9 af Aug 26 18:24:50.163118: | 7d 20 fa 9a 85 94 0b c3 c6 74 83 a3 4c 47 1a a7 Aug 26 18:24:50.163121: | 77 bf 10 4f 60 1f 88 6e ea 3e be 6f ad a6 07 22 Aug 26 18:24:50.163125: | d2 ef 5c b3 7f 89 ac 25 47 9f e2 Aug 26 18:24:50.163173: | sending 102 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:50.163178: | 95 9c 0b 68 d1 11 81 2d 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:50.163182: | 35 20 23 08 00 00 00 01 00 00 00 66 00 00 00 4a Aug 26 18:24:50.163185: | 00 02 00 02 74 0d cc 69 0a 19 fb a1 87 b5 08 f5 Aug 26 18:24:50.163189: | 7f ec 47 03 b7 84 f2 93 94 6d 54 f9 0e fd c2 68 Aug 26 18:24:50.163192: | 5f 23 87 3f bc 8b 52 a1 18 b2 5a d7 e7 57 0d 3e Aug 26 18:24:50.163195: | ae fd 23 34 fa 5c 88 3f 5f d6 e3 d9 28 aa 2d ae Aug 26 18:24:50.163199: | a1 35 51 25 d3 da Aug 26 18:24:50.163215: | sent 2 fragments Aug 26 18:24:50.163221: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:24:50.163226: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f4554002b78 Aug 26 18:24:50.163232: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Aug 26 18:24:50.163236: | libevent_malloc: new ptr-libevent@0x557cde718918 size 128 Aug 26 18:24:50.163244: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29175.905692 Aug 26 18:24:50.163249: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:24:50.163256: | #1 spent 1.55 milliseconds Aug 26 18:24:50.163261: | #1 spent 9.06 milliseconds in resume sending helper answer Aug 26 18:24:50.163268: | stop processing: state #2 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:50.163273: | libevent_free: release ptr-libevent@0x7f454c000f48 Aug 26 18:24:50.183927: | spent 0.004 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:50.183958: | *received 435 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:50.183964: | 95 9c 0b 68 d1 11 81 2d 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:50.183968: | 2e 20 23 20 00 00 00 01 00 00 01 b3 24 00 01 97 Aug 26 18:24:50.183971: | 6d 0b 8b 4a a4 64 83 2e 61 a8 1e 30 c2 8c b1 3e Aug 26 18:24:50.183979: | e1 ba 34 53 ee 41 ec 40 ed cb 7c 47 38 6e e0 e3 Aug 26 18:24:50.183983: | 0a 4b aa 05 78 33 5e 31 dd 88 de 73 99 f7 90 a4 Aug 26 18:24:50.183986: | 49 6e ea f5 9d 6f 94 75 1f ac ac d1 82 07 f0 05 Aug 26 18:24:50.183989: | 0b 95 bc 95 de 96 60 02 a3 89 5d 0d 6c 3c 18 f6 Aug 26 18:24:50.183992: | de d6 db db 13 14 f3 bb 02 ad 22 d8 a2 ba b6 4c Aug 26 18:24:50.183995: | 5b b8 f5 2c c7 6e e9 70 c8 65 52 95 13 84 17 30 Aug 26 18:24:50.183998: | ea 0b 10 61 65 ea ee 85 4b 15 c4 5f 40 c1 55 dd Aug 26 18:24:50.184002: | 93 e6 a6 40 fd dc 68 88 b2 d2 f2 c3 ef 16 1c be Aug 26 18:24:50.184005: | 0b d9 d2 67 e2 f5 8a ac b2 13 09 33 5b 90 f9 61 Aug 26 18:24:50.184008: | d4 9b ae 72 53 86 60 b9 85 cd 3e b9 86 d3 a2 58 Aug 26 18:24:50.184011: | 27 97 be 40 d5 b7 9a b7 cd 49 03 3a d8 0d ef c9 Aug 26 18:24:50.184014: | 21 cf 46 86 68 66 bd b7 1a 29 b4 68 24 46 a3 3f Aug 26 18:24:50.184018: | 21 07 3b c2 60 68 be 52 9f 34 10 e3 59 49 ee cb Aug 26 18:24:50.184021: | 8a 89 b5 fd 8c 36 82 11 10 2c e6 98 17 b1 d1 4c Aug 26 18:24:50.184025: | 3c 70 a4 3c 09 bf 2b 15 ca 6b ae 47 79 22 2f 9f Aug 26 18:24:50.184028: | 60 36 7a b9 84 85 fa 44 c6 95 b4 de fb 52 a5 15 Aug 26 18:24:50.184031: | 24 70 48 6b 3f 17 56 a1 1a c0 83 3a 21 df 0d 42 Aug 26 18:24:50.184034: | 73 2c 62 c9 98 a8 3f 79 5f 38 f6 da 03 0b 3e 33 Aug 26 18:24:50.184037: | 58 7b d4 ae 03 29 49 2c 87 81 13 1b 47 3f 80 c4 Aug 26 18:24:50.184041: | f4 1c af 6b e5 19 7f 0f 0c 3f 74 62 2a 17 7e b1 Aug 26 18:24:50.184044: | 1b 38 4c ba a9 a5 55 70 0b 44 a2 69 c1 fa 7b e9 Aug 26 18:24:50.184047: | 46 7e a2 38 46 39 6d b4 c0 15 cc a4 ee ec f8 19 Aug 26 18:24:50.184050: | 43 d5 65 c8 ba bc 90 f7 83 1f b6 5e 95 7c b2 bd Aug 26 18:24:50.184054: | 96 1e 57 40 68 2c f8 f2 8e 68 ca 8e c4 24 71 03 Aug 26 18:24:50.184057: | 60 6c f3 Aug 26 18:24:50.184064: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:50.184069: | **parse ISAKMP Message: Aug 26 18:24:50.184072: | initiator cookie: Aug 26 18:24:50.184075: | 95 9c 0b 68 d1 11 81 2d Aug 26 18:24:50.184077: | responder cookie: Aug 26 18:24:50.184079: | 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:50.184081: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:50.184084: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:50.184087: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:50.184089: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:50.184092: | Message ID: 1 (0x1) Aug 26 18:24:50.184094: | length: 435 (0x1b3) Aug 26 18:24:50.184097: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:50.184100: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:24:50.184104: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:24:50.184110: | start processing: state #1 connection "north-east" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:50.184113: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:24:50.184117: | suspend processing: state #1 connection "north-east" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:50.184121: | start processing: state #2 connection "north-east" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:50.184123: | #2 is idle Aug 26 18:24:50.184125: | #2 idle Aug 26 18:24:50.184127: | unpacking clear payload Aug 26 18:24:50.184130: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:50.184133: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:50.184135: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:24:50.184138: | flags: none (0x0) Aug 26 18:24:50.184140: | length: 407 (0x197) Aug 26 18:24:50.184143: | processing payload: ISAKMP_NEXT_v2SK (len=403) Aug 26 18:24:50.184145: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:24:50.184161: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 18:24:50.184167: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 18:24:50.184170: | **parse IKEv2 Identification - Responder - Payload: Aug 26 18:24:50.184173: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:24:50.184175: | flags: none (0x0) Aug 26 18:24:50.184177: | length: 12 (0xc) Aug 26 18:24:50.184180: | ID type: ID_FQDN (0x2) Aug 26 18:24:50.184182: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 18:24:50.184184: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 18:24:50.184187: | **parse IKEv2 Authentication Payload: Aug 26 18:24:50.184189: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:50.184191: | flags: none (0x0) Aug 26 18:24:50.184194: | length: 282 (0x11a) Aug 26 18:24:50.184196: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 18:24:50.184198: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Aug 26 18:24:50.184201: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:50.184203: | **parse IKEv2 Security Association Payload: Aug 26 18:24:50.184205: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:24:50.184207: | flags: none (0x0) Aug 26 18:24:50.184210: | length: 36 (0x24) Aug 26 18:24:50.184212: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 18:24:50.184214: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:24:50.184217: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:50.184219: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:24:50.184221: | flags: none (0x0) Aug 26 18:24:50.184223: | length: 24 (0x18) Aug 26 18:24:50.184226: | number of TS: 1 (0x1) Aug 26 18:24:50.184228: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:24:50.184230: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:24:50.184232: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:50.184235: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:50.184237: | flags: none (0x0) Aug 26 18:24:50.184239: | length: 24 (0x18) Aug 26 18:24:50.184241: | number of TS: 1 (0x1) Aug 26 18:24:50.184243: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:24:50.184246: | selected state microcode Initiator: process IKE_AUTH response Aug 26 18:24:50.184248: | Now let's proceed with state specific processing Aug 26 18:24:50.184251: | calling processor Initiator: process IKE_AUTH response Aug 26 18:24:50.184256: | offered CA: '%none' Aug 26 18:24:50.184260: "north-east" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Aug 26 18:24:50.184287: | verifying AUTH payload Aug 26 18:24:50.184329: | required RSA CA is '%any' Aug 26 18:24:50.184335: | checking RSA keyid '@east' for match with '@east' Aug 26 18:24:50.184340: | key issuer CA is '%any' Aug 26 18:24:50.184406: | an RSA Sig check passed with *AQO9bJbr3 [preloaded key] Aug 26 18:24:50.184414: | #1 spent 0.0682 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 18:24:50.184417: "north-east" #2: Authenticated using RSA Aug 26 18:24:50.184421: | #1 spent 0.106 milliseconds in ikev2_verify_rsa_hash() Aug 26 18:24:50.184425: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 18:24:50.184429: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 18:24:50.184432: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:24:50.184436: | libevent_free: release ptr-libevent@0x7f4554002888 Aug 26 18:24:50.184439: | free_event_entry: release EVENT_SA_REPLACE-pe@0x557cde715838 Aug 26 18:24:50.184442: | event_schedule: new EVENT_SA_REKEY-pe@0x557cde715838 Aug 26 18:24:50.184445: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 18:24:50.184448: | libevent_malloc: new ptr-libevent@0x7f454c000f48 size 128 Aug 26 18:24:50.184564: | pstats #1 ikev2.ike established Aug 26 18:24:50.184578: | TSi: parsing 1 traffic selectors Aug 26 18:24:50.184585: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:50.184589: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:50.184597: | IP Protocol ID: 0 (0x0) Aug 26 18:24:50.184601: | length: 16 (0x10) Aug 26 18:24:50.184606: | start port: 0 (0x0) Aug 26 18:24:50.184610: | end port: 65535 (0xffff) Aug 26 18:24:50.184615: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:50.184620: | TS low c0 00 03 fe Aug 26 18:24:50.184625: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:50.184629: | TS high c0 00 03 fe Aug 26 18:24:50.184634: | TSi: parsed 1 traffic selectors Aug 26 18:24:50.184638: | TSr: parsing 1 traffic selectors Aug 26 18:24:50.184642: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:50.184647: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:50.184651: | IP Protocol ID: 0 (0x0) Aug 26 18:24:50.184655: | length: 16 (0x10) Aug 26 18:24:50.184659: | start port: 0 (0x0) Aug 26 18:24:50.184663: | end port: 65535 (0xffff) Aug 26 18:24:50.184667: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:50.184671: | TS low c0 00 02 00 Aug 26 18:24:50.184675: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:50.184679: | TS high c0 00 02 ff Aug 26 18:24:50.184683: | TSr: parsed 1 traffic selectors Aug 26 18:24:50.184693: | evaluating our conn="north-east" I=192.0.3.254/32:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:24:50.184701: | TSi[0] .net=192.0.3.254-192.0.3.254 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:50.184712: | match address end->client=192.0.3.254/32 == TSi[0]net=192.0.3.254-192.0.3.254: YES fitness 32 Aug 26 18:24:50.184717: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:50.184719: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:50.184722: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:50.184725: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:50.184729: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:50.184734: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 18:24:50.184737: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:24:50.184739: | TSr[0] port match: YES fitness 65536 Aug 26 18:24:50.184742: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:24:50.184744: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:50.184747: | best fit so far: TSi[0] TSr[0] Aug 26 18:24:50.184749: | found an acceptable TSi/TSr Traffic Selector Aug 26 18:24:50.184751: | printing contents struct traffic_selector Aug 26 18:24:50.184753: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:24:50.184755: | ipprotoid: 0 Aug 26 18:24:50.184758: | port range: 0-65535 Aug 26 18:24:50.184761: | ip range: 192.0.3.254-192.0.3.254 Aug 26 18:24:50.184763: | printing contents struct traffic_selector Aug 26 18:24:50.184765: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:24:50.184767: | ipprotoid: 0 Aug 26 18:24:50.184769: | port range: 0-65535 Aug 26 18:24:50.184772: | ip range: 192.0.2.0-192.0.2.255 Aug 26 18:24:50.184784: | using existing local ESP/AH proposals for north-east (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:50.184787: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 18:24:50.184792: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:50.184794: | local proposal 1 type PRF has 0 transforms Aug 26 18:24:50.184797: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:50.184799: | local proposal 1 type DH has 1 transforms Aug 26 18:24:50.184801: | local proposal 1 type ESN has 1 transforms Aug 26 18:24:50.184804: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:24:50.184809: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:50.184812: | local proposal 2 type PRF has 0 transforms Aug 26 18:24:50.184814: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:50.184816: | local proposal 2 type DH has 1 transforms Aug 26 18:24:50.184818: | local proposal 2 type ESN has 1 transforms Aug 26 18:24:50.184821: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:24:50.184823: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:50.184825: | local proposal 3 type PRF has 0 transforms Aug 26 18:24:50.184828: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:50.184830: | local proposal 3 type DH has 1 transforms Aug 26 18:24:50.184832: | local proposal 3 type ESN has 1 transforms Aug 26 18:24:50.184835: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:24:50.184837: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:50.184839: | local proposal 4 type PRF has 0 transforms Aug 26 18:24:50.184841: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:50.184844: | local proposal 4 type DH has 1 transforms Aug 26 18:24:50.184846: | local proposal 4 type ESN has 1 transforms Aug 26 18:24:50.184848: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:24:50.184851: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:50.184854: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:50.184856: | length: 32 (0x20) Aug 26 18:24:50.184859: | prop #: 1 (0x1) Aug 26 18:24:50.184861: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:50.184863: | spi size: 4 (0x4) Aug 26 18:24:50.184865: | # transforms: 2 (0x2) Aug 26 18:24:50.184868: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:50.184871: | remote SPI 32 22 c8 da Aug 26 18:24:50.184876: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:24:50.184885: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:50.184890: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:50.184894: | length: 12 (0xc) Aug 26 18:24:50.184898: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:50.184902: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:50.184907: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:50.184911: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:50.184915: | length/value: 256 (0x100) Aug 26 18:24:50.184921: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:50.184926: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:50.184930: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:50.184934: | length: 8 (0x8) Aug 26 18:24:50.184939: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:50.184943: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:50.184948: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:24:50.184955: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 18:24:50.184962: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 18:24:50.184966: | remote proposal 1 matches local proposal 1 Aug 26 18:24:50.184971: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Aug 26 18:24:50.184979: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=3222c8da;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 18:24:50.184983: | converting proposal to internal trans attrs Aug 26 18:24:50.184991: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 18:24:50.185213: | install_ipsec_sa() for #2: inbound and outbound Aug 26 18:24:50.185222: | could_route called for north-east (kind=CK_PERMANENT) Aug 26 18:24:50.185226: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:50.185235: | conn north-east mark 0/00000000, 0/00000000 vs Aug 26 18:24:50.185239: | conn north-east mark 0/00000000, 0/00000000 Aug 26 18:24:50.185245: | route owner of "north-east" prospective erouted: self; eroute owner: self Aug 26 18:24:50.185252: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:50.185257: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:50.185262: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:50.185266: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:50.185272: | setting IPsec SA replay-window to 32 Aug 26 18:24:50.185275: | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1 Aug 26 18:24:50.185279: | netlink: enabling tunnel mode Aug 26 18:24:50.185282: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:50.185284: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:50.185763: | netlink response for Add SA esp.3222c8da@192.1.2.23 included non-error error Aug 26 18:24:50.185779: | set up outgoing SA, ref=0/0 Aug 26 18:24:50.185786: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:50.185792: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:50.185796: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:50.185801: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:50.185808: | setting IPsec SA replay-window to 32 Aug 26 18:24:50.185813: | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1 Aug 26 18:24:50.185818: | netlink: enabling tunnel mode Aug 26 18:24:50.185823: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:50.185828: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:50.185883: | netlink response for Add SA esp.64ffb8b@192.1.3.33 included non-error error Aug 26 18:24:50.185891: | priority calculation of connection "north-east" is 0xfdfe7 Aug 26 18:24:50.185903: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.254/32:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 18:24:50.185909: | IPsec Sa SPD priority set to 1040359 Aug 26 18:24:50.185945: | raw_eroute result=success Aug 26 18:24:50.185952: | set up incoming SA, ref=0/0 Aug 26 18:24:50.185957: | sr for #2: prospective erouted Aug 26 18:24:50.185962: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:24:50.185967: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:50.185972: | conn north-east mark 0/00000000, 0/00000000 vs Aug 26 18:24:50.185977: | conn north-east mark 0/00000000, 0/00000000 Aug 26 18:24:50.185983: | route owner of "north-east" prospective erouted: self; eroute owner: self Aug 26 18:24:50.185990: | route_and_eroute with c: north-east (next: none) ero:north-east esr:{(nil)} ro:north-east rosr:{(nil)} and state: #2 Aug 26 18:24:50.185996: | priority calculation of connection "north-east" is 0xfdfe7 Aug 26 18:24:50.186009: | eroute_connection replace eroute 192.0.3.254/32:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Aug 26 18:24:50.186014: | IPsec Sa SPD priority set to 1040359 Aug 26 18:24:50.186036: | raw_eroute result=success Aug 26 18:24:50.186042: | running updown command "ipsec _updown" for verb up Aug 26 18:24:50.186047: | command executing up-client Aug 26 18:24:50.186098: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x3222c8 Aug 26 18:24:50.186109: | popen cmd is 1035 chars long Aug 26 18:24:50.186115: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_I: Aug 26 18:24:50.186121: | cmd( 80):NTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@: Aug 26 18:24:50.186126: | cmd( 160):north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_: Aug 26 18:24:50.186131: | cmd( 240):MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_S: Aug 26 18:24:50.186136: | cmd( 320):A_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east: Aug 26 18:24:50.186141: | cmd( 400):' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_: Aug 26 18:24:50.186144: | cmd( 480):CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PE: Aug 26 18:24:50.186147: | cmd( 560):ER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYP: Aug 26 18:24:50.186149: | cmd( 640):T+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_: Aug 26 18:24:50.186151: | cmd( 720):PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' P: Aug 26 18:24:50.186154: | cmd( 800):LUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_S: Aug 26 18:24:50.186156: | cmd( 880):ERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING=: Aug 26 18:24:50.186158: | cmd( 960):'no' VTI_SHARED='no' SPI_IN=0x3222c8da SPI_OUT=0x64ffb8b ipsec _updown 2>&1: Aug 26 18:24:50.198256: | route_and_eroute: firewall_notified: true Aug 26 18:24:50.198276: | route_and_eroute: instance "north-east", setting eroute_owner {spd=0x557cde713938,sr=0x557cde713938} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 18:24:50.198356: | #1 spent 1.76 milliseconds in install_ipsec_sa() Aug 26 18:24:50.198367: | inR2: instance north-east[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 18:24:50.198370: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:24:50.198374: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 18:24:50.198389: | libevent_free: release ptr-libevent@0x557cde718918 Aug 26 18:24:50.198401: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f4554002b78 Aug 26 18:24:50.198412: | #2 spent 2.75 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 18:24:50.198424: | [RE]START processing: state #2 connection "north-east" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:50.198431: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 18:24:50.198436: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 18:24:50.198442: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 18:24:50.198448: | Message ID: updating counters for #2 to 1 after switching state Aug 26 18:24:50.198457: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 18:24:50.198466: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:50.198471: | pstats #2 ikev2.child established Aug 26 18:24:50.198485: "north-east" #2: negotiated connection [192.0.3.254-192.0.3.254:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 18:24:50.198491: | NAT-T: encaps is 'auto' Aug 26 18:24:50.198499: "north-east" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x3222c8da <0x064ffb8b xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 18:24:50.198510: | releasing whack for #2 (sock=fd@-1) Aug 26 18:24:50.198515: | releasing whack and unpending for parent #1 Aug 26 18:24:50.198519: | unpending state #1 connection "north-east" Aug 26 18:24:50.198526: | delete from pending Child SA with 192.1.2.23 "north-east" Aug 26 18:24:50.198531: | removing pending policy for no connection {0x557cde7064d8} Aug 26 18:24:50.198538: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 18:24:50.198543: | event_schedule: new EVENT_SA_REKEY-pe@0x7f4554002b78 Aug 26 18:24:50.198549: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 18:24:50.198554: | libevent_malloc: new ptr-libevent@0x557cde71e8f8 size 128 Aug 26 18:24:50.198564: | stop processing: state #2 connection "north-east" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:50.198573: | #1 spent 3.22 milliseconds in ikev2_process_packet() Aug 26 18:24:50.198581: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:50.198586: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:50.198589: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:50.198594: | spent 3.24 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:50.198607: | processing signal PLUTO_SIGCHLD Aug 26 18:24:50.198612: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:50.198617: | spent 0.00537 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:51.214927: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:51.215313: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:24:51.215323: | FOR_EACH_STATE_... in sort_states Aug 26 18:24:51.215332: | get_sa_info esp.64ffb8b@192.1.3.33 Aug 26 18:24:51.215349: | get_sa_info esp.3222c8da@192.1.2.23 Aug 26 18:24:51.215368: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:51.215376: | spent 0.455 milliseconds in whack Aug 26 18:24:54.483875: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:54.483900: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:24:54.483906: | FOR_EACH_STATE_... in sort_states Aug 26 18:24:54.483914: | get_sa_info esp.64ffb8b@192.1.3.33 Aug 26 18:24:54.484313: | get_sa_info esp.3222c8da@192.1.2.23 Aug 26 18:24:54.484341: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:54.484350: | spent 0.48 milliseconds in whack Aug 26 18:24:56.256141: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:56.256357: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:56.256365: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:56.256432: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:24:56.256437: | FOR_EACH_STATE_... in sort_states Aug 26 18:24:56.256451: | get_sa_info esp.64ffb8b@192.1.3.33 Aug 26 18:24:56.256466: | get_sa_info esp.3222c8da@192.1.2.23 Aug 26 18:24:56.256488: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:56.256494: | spent 0.351 milliseconds in whack Aug 26 18:24:56.871151: | spent 0.00305 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:56.871182: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:56.871186: | 95 9c 0b 68 d1 11 81 2d 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:56.871189: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:24:56.871192: | 37 21 cc c6 a6 b0 a4 ad 13 5c 81 3a 5f a1 55 ce Aug 26 18:24:56.871194: | 34 bc 09 81 78 c2 2b fe fb 66 8b 02 74 7a 1f 21 Aug 26 18:24:56.871197: | f0 61 e3 95 b8 Aug 26 18:24:56.871202: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:56.871209: | **parse ISAKMP Message: Aug 26 18:24:56.871212: | initiator cookie: Aug 26 18:24:56.871215: | 95 9c 0b 68 d1 11 81 2d Aug 26 18:24:56.871218: | responder cookie: Aug 26 18:24:56.871220: | 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:56.871224: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:56.871227: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:56.871230: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:56.871236: | flags: none (0x0) Aug 26 18:24:56.871238: | Message ID: 0 (0x0) Aug 26 18:24:56.871241: | length: 69 (0x45) Aug 26 18:24:56.871244: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:24:56.871248: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:24:56.871253: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:24:56.871260: | start processing: state #1 connection "north-east" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:56.871264: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:56.871269: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:56.871273: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 18:24:56.871277: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Aug 26 18:24:56.871280: | unpacking clear payload Aug 26 18:24:56.871283: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:56.871287: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:56.871297: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:24:56.871301: | flags: none (0x0) Aug 26 18:24:56.871304: | length: 41 (0x29) Aug 26 18:24:56.871307: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 18:24:56.871312: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 18:24:56.871316: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:24:56.871339: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:24:56.871344: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:24:56.871347: | **parse IKEv2 Delete Payload: Aug 26 18:24:56.871350: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:56.871352: | flags: none (0x0) Aug 26 18:24:56.871355: | length: 12 (0xc) Aug 26 18:24:56.871357: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:24:56.871360: | SPI size: 4 (0x4) Aug 26 18:24:56.871363: | number of SPIs: 1 (0x1) Aug 26 18:24:56.871365: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 18:24:56.871368: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:24:56.871370: | Now let's proceed with state specific processing Aug 26 18:24:56.871373: | calling processor I3: INFORMATIONAL Request Aug 26 18:24:56.871377: | an informational request should send a response Aug 26 18:24:56.871400: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:24:56.871404: | **emit ISAKMP Message: Aug 26 18:24:56.871407: | initiator cookie: Aug 26 18:24:56.871409: | 95 9c 0b 68 d1 11 81 2d Aug 26 18:24:56.871412: | responder cookie: Aug 26 18:24:56.871414: | 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:56.871417: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:56.871420: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:56.871423: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:56.871426: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:24:56.871428: | Message ID: 0 (0x0) Aug 26 18:24:56.871431: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:56.871435: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:56.871438: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:56.871440: | flags: none (0x0) Aug 26 18:24:56.871449: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:56.871452: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:24:56.871456: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:56.871470: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 18:24:56.871473: | SPI 32 22 c8 da Aug 26 18:24:56.871476: | delete PROTO_v2_ESP SA(0x3222c8da) Aug 26 18:24:56.871479: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 18:24:56.871483: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 18:24:56.871486: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x3222c8da) Aug 26 18:24:56.871489: "north-east" #1: received Delete SA payload: delete IPsec State #2 now Aug 26 18:24:56.871492: | pstats #2 ikev2.child deleted completed Aug 26 18:24:56.871497: | #2 spent 2.75 milliseconds in total Aug 26 18:24:56.871502: | suspend processing: state #1 connection "north-east" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:24:56.871507: | start processing: state #2 connection "north-east" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:24:56.871511: "north-east" #2: deleting other state #2 (STATE_V2_IPSEC_I) aged 6.717s and NOT sending notification Aug 26 18:24:56.871515: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 18:24:56.871520: | get_sa_info esp.3222c8da@192.1.2.23 Aug 26 18:24:56.871534: | get_sa_info esp.64ffb8b@192.1.3.33 Aug 26 18:24:56.871542: "north-east" #2: ESP traffic information: in=336B out=336B Aug 26 18:24:56.871548: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:24:56.871551: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:56.871557: | libevent_free: release ptr-libevent@0x557cde71e8f8 Aug 26 18:24:56.871560: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f4554002b78 Aug 26 18:24:56.871601: | running updown command "ipsec _updown" for verb down Aug 26 18:24:56.871606: | command executing down-client Aug 26 18:24:56.871634: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843890' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Aug 26 18:24:56.871639: | popen cmd is 1046 chars long Aug 26 18:24:56.871642: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO: Aug 26 18:24:56.871645: | cmd( 80):_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID=: Aug 26 18:24:56.871648: | cmd( 160):'@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUT: Aug 26 18:24:56.871651: | cmd( 240):O_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO: Aug 26 18:24:56.871654: | cmd( 320):_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@ea: Aug 26 18:24:56.871657: | cmd( 400):st' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEE: Aug 26 18:24:56.871660: | cmd( 480):R_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_: Aug 26 18:24:56.871665: | cmd( 560):PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843890' PLUTO_CONN_POLICY='RS: Aug 26 18:24:56.871668: | cmd( 640):ASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CON: Aug 26 18:24:56.871671: | cmd( 720):N_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_: Aug 26 18:24:56.871674: | cmd( 800):CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' : Aug 26 18:24:56.871677: | cmd( 880):PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' V: Aug 26 18:24:56.871680: | cmd( 960):TI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x3222c8da SPI_OUT=0x64ffb8b ipsec _updow: Aug 26 18:24:56.871683: | cmd(1040):n 2>&1: Aug 26 18:24:56.881463: | shunt_eroute() called for connection 'north-east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:24:56.881479: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:56.881484: | priority calculation of connection "north-east" is 0xfdfe7 Aug 26 18:24:56.881490: | IPsec Sa SPD priority set to 1040359 Aug 26 18:24:56.881521: | delete esp.3222c8da@192.1.2.23 Aug 26 18:24:56.881541: | netlink response for Del SA esp.3222c8da@192.1.2.23 included non-error error Aug 26 18:24:56.881546: | priority calculation of connection "north-east" is 0xfdfe7 Aug 26 18:24:56.881554: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.254/32:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:24:56.881578: | raw_eroute result=success Aug 26 18:24:56.881584: | delete esp.64ffb8b@192.1.3.33 Aug 26 18:24:56.881597: | netlink response for Del SA esp.64ffb8b@192.1.3.33 included non-error error Aug 26 18:24:56.881609: | in connection_discard for connection north-east Aug 26 18:24:56.881613: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 18:24:56.881622: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:24:56.881632: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:24:56.881638: | resume processing: state #1 connection "north-east" from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:24:56.881657: | ****emit IKEv2 Delete Payload: Aug 26 18:24:56.881662: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:56.881666: | flags: none (0x0) Aug 26 18:24:56.881670: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:24:56.881673: | SPI size: 4 (0x4) Aug 26 18:24:56.881676: | number of SPIs: 1 (0x1) Aug 26 18:24:56.881681: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:24:56.881685: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:24:56.881690: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 18:24:56.881693: | local SPIs 06 4f fb 8b Aug 26 18:24:56.881696: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:24:56.881700: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:56.881703: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:56.881707: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:56.881710: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:24:56.881714: | emitting length of ISAKMP Message: 69 Aug 26 18:24:56.881754: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:56.881760: | 95 9c 0b 68 d1 11 81 2d 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:56.881763: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:24:56.881766: | 39 fe 94 9b 8b e3 23 5c d2 69 1c 95 62 70 06 77 Aug 26 18:24:56.881769: | d9 f0 8c 7c 5e 38 3d f3 1c 99 81 d2 61 3b c5 b4 Aug 26 18:24:56.881773: | 5d 78 d3 3d 2d Aug 26 18:24:56.881833: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:24:56.881841: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:24:56.881849: | #1 spent 1.1 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 18:24:56.881856: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:56.881860: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 18:24:56.881863: | Message ID: updating counters for #1 to 0 after switching state Aug 26 18:24:56.881868: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 18:24:56.881873: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:56.881876: "north-east" #1: STATE_PARENT_I3: PARENT SA established Aug 26 18:24:56.881882: | stop processing: state #1 connection "north-east" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:56.881887: | #1 spent 1.35 milliseconds in ikev2_process_packet() Aug 26 18:24:56.881893: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:56.881898: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:56.881901: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:56.881906: | spent 1.37 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:56.881925: | processing signal PLUTO_SIGCHLD Aug 26 18:24:56.881931: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:56.881935: | spent 0.00538 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:56.882021: | spent 0.00242 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:56.882040: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:56.882044: | 95 9c 0b 68 d1 11 81 2d 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:56.882047: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 18:24:56.882050: | d9 33 08 21 d0 a2 bc 36 66 61 46 bc 6c 77 dc 2e Aug 26 18:24:56.882052: | 03 5b ed 5d 88 8d bc a1 0c 76 04 b1 bf 2e 11 23 Aug 26 18:24:56.882054: | 08 Aug 26 18:24:56.882059: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:56.882063: | **parse ISAKMP Message: Aug 26 18:24:56.882066: | initiator cookie: Aug 26 18:24:56.882069: | 95 9c 0b 68 d1 11 81 2d Aug 26 18:24:56.882071: | responder cookie: Aug 26 18:24:56.882074: | 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:56.882077: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:56.882080: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:56.882083: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:56.882086: | flags: none (0x0) Aug 26 18:24:56.882088: | Message ID: 1 (0x1) Aug 26 18:24:56.882091: | length: 65 (0x41) Aug 26 18:24:56.882094: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:24:56.882098: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:24:56.882102: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:24:56.882109: | start processing: state #1 connection "north-east" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:56.882112: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:24:56.882116: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:24:56.882122: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:24:56.882126: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Aug 26 18:24:56.882128: | unpacking clear payload Aug 26 18:24:56.882131: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:56.882134: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:56.882137: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:24:56.882139: | flags: none (0x0) Aug 26 18:24:56.882142: | length: 37 (0x25) Aug 26 18:24:56.882145: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 18:24:56.882150: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 18:24:56.882153: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:24:56.882169: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:24:56.882173: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:24:56.882176: | **parse IKEv2 Delete Payload: Aug 26 18:24:56.882179: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:56.882181: | flags: none (0x0) Aug 26 18:24:56.882184: | length: 8 (0x8) Aug 26 18:24:56.882187: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 18:24:56.882189: | SPI size: 0 (0x0) Aug 26 18:24:56.882192: | number of SPIs: 0 (0x0) Aug 26 18:24:56.882195: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 18:24:56.882198: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:24:56.882200: | Now let's proceed with state specific processing Aug 26 18:24:56.882203: | calling processor I3: INFORMATIONAL Request Aug 26 18:24:56.882207: | an informational request should send a response Aug 26 18:24:56.882230: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:24:56.882234: | **emit ISAKMP Message: Aug 26 18:24:56.882237: | initiator cookie: Aug 26 18:24:56.882240: | 95 9c 0b 68 d1 11 81 2d Aug 26 18:24:56.882242: | responder cookie: Aug 26 18:24:56.882244: | 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:56.882247: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:56.882250: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:56.882253: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:24:56.882256: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:24:56.882258: | Message ID: 1 (0x1) Aug 26 18:24:56.882261: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:56.882264: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:56.882266: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:56.882268: | flags: none (0x0) Aug 26 18:24:56.882271: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:56.882273: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:24:56.882276: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:56.882305: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:56.882313: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:56.882315: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:56.882318: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 18:24:56.882320: | emitting length of ISAKMP Message: 57 Aug 26 18:24:56.882334: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:56.882337: | 95 9c 0b 68 d1 11 81 2d 30 de 6d 29 9b 36 ee 89 Aug 26 18:24:56.882339: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Aug 26 18:24:56.882341: | 8d fa 52 20 0a 08 21 ce d8 72 bf 99 5d 5c 98 75 Aug 26 18:24:56.882343: | 5f 77 f8 01 09 56 c9 03 a8 Aug 26 18:24:56.882374: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:24:56.882380: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:24:56.882383: | State DB: IKEv2 state not found (delete_my_family) Aug 26 18:24:56.882385: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 18:24:56.882388: | pstats #1 ikev2.ike deleted completed Aug 26 18:24:56.882392: | #1 spent 18.4 milliseconds in total Aug 26 18:24:56.882396: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:24:56.882399: "north-east" #1: deleting state (STATE_IKESA_DEL) aged 6.736s and NOT sending notification Aug 26 18:24:56.882402: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 18:24:56.882445: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 18:24:56.882452: | libevent_free: release ptr-libevent@0x7f454c000f48 Aug 26 18:24:56.882456: | free_event_entry: release EVENT_SA_REKEY-pe@0x557cde715838 Aug 26 18:24:56.882459: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:24:56.882462: | in connection_discard for connection north-east Aug 26 18:24:56.882464: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 18:24:56.882467: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 18:24:56.882471: | unreference key: 0x557cde66cc48 @east cnt 2-- Aug 26 18:24:56.882498: | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:24:56.882539: | in statetime_stop() and could not find #1 Aug 26 18:24:56.882544: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:56.882548: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 18:24:56.882551: | STF_OK but no state object remains Aug 26 18:24:56.882555: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:56.882558: | in statetime_stop() and could not find #1 Aug 26 18:24:56.882563: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:56.882566: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:56.882569: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:56.882575: | spent 0.5 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:57.488797: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:57.488828: shutting down Aug 26 18:24:57.488839: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 18:24:57.488844: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:57.488846: forgetting secrets Aug 26 18:24:57.488855: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:57.488860: | unreference key: 0x557cde66cc48 @east cnt 1-- Aug 26 18:24:57.488866: | unreference key: 0x557cde66cb58 @north cnt 1-- Aug 26 18:24:57.488872: | start processing: connection "north-east" (in delete_connection() at connections.c:189) Aug 26 18:24:57.488876: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:24:57.488879: | pass 0 Aug 26 18:24:57.488881: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:57.488884: | pass 1 Aug 26 18:24:57.488886: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:24:57.488890: | shunt_eroute() called for connection 'north-east' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:24:57.488894: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:24:57.488900: | priority calculation of connection "north-east" is 0xfdfe7 Aug 26 18:24:57.488940: | priority calculation of connection "north-east" is 0xfdfe7 Aug 26 18:24:57.488952: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:57.488957: | conn north-east mark 0/00000000, 0/00000000 vs Aug 26 18:24:57.488960: | conn north-east mark 0/00000000, 0/00000000 Aug 26 18:24:57.488963: | route owner of "north-east" unrouted: NULL Aug 26 18:24:57.488967: | running updown command "ipsec _updown" for verb unroute Aug 26 18:24:57.488971: | command executing unroute-client Aug 26 18:24:57.488994: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_ Aug 26 18:24:57.488997: | popen cmd is 1028 chars long Aug 26 18:24:57.488999: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL: Aug 26 18:24:57.489001: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_: Aug 26 18:24:57.489003: | cmd( 160):ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' P: Aug 26 18:24:57.489005: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Aug 26 18:24:57.489006: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Aug 26 18:24:57.489008: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Aug 26 18:24:57.489010: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Aug 26 18:24:57.489011: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: Aug 26 18:24:57.489013: | cmd( 640):ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIN: Aug 26 18:24:57.489015: | cmd( 720):D='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO: Aug 26 18:24:57.489016: | cmd( 800):='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO: Aug 26 18:24:57.489018: | cmd( 880):_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_RO: Aug 26 18:24:57.489020: | cmd( 960):UTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 18:24:57.499128: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499153: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499157: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499162: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499176: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499189: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499205: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499218: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499230: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499243: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499255: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499270: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499283: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499335: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499349: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499362: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499392: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499416: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499451: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499483: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499806: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.499817: "north-east": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:24:57.508487: | free hp@0x557cde715758 Aug 26 18:24:57.508513: | flush revival: connection 'north-east' wasn't on the list Aug 26 18:24:57.508520: | stop processing: connection "north-east" (in discard_connection() at connections.c:249) Aug 26 18:24:57.508541: | crl fetch request list locked by 'free_crl_fetch' Aug 26 18:24:57.508545: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 18:24:57.508560: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 18:24:57.508565: shutting down interface lo/lo 127.0.0.1:500 Aug 26 18:24:57.508569: shutting down interface eth0/eth0 192.0.3.254:4500 Aug 26 18:24:57.508572: shutting down interface eth0/eth0 192.0.3.254:500 Aug 26 18:24:57.508576: shutting down interface eth1/eth1 192.1.3.33:4500 Aug 26 18:24:57.508579: shutting down interface eth1/eth1 192.1.3.33:500 Aug 26 18:24:57.508584: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 18:24:57.508600: | libevent_free: release ptr-libevent@0x557cde707048 Aug 26 18:24:57.508605: | free_event_entry: release EVENT_NULL-pe@0x557cde712e98 Aug 26 18:24:57.508618: | libevent_free: release ptr-libevent@0x557cde69c088 Aug 26 18:24:57.508622: | free_event_entry: release EVENT_NULL-pe@0x557cde712f48 Aug 26 18:24:57.508630: | libevent_free: release ptr-libevent@0x557cde69bf28 Aug 26 18:24:57.508634: | free_event_entry: release EVENT_NULL-pe@0x557cde712ff8 Aug 26 18:24:57.508642: | libevent_free: release ptr-libevent@0x557cde69d888 Aug 26 18:24:57.508645: | free_event_entry: release EVENT_NULL-pe@0x557cde7130a8 Aug 26 18:24:57.508654: | libevent_free: release ptr-libevent@0x557cde6714e8 Aug 26 18:24:57.508658: | free_event_entry: release EVENT_NULL-pe@0x557cde713158 Aug 26 18:24:57.508665: | libevent_free: release ptr-libevent@0x557cde6711d8 Aug 26 18:24:57.508668: | free_event_entry: release EVENT_NULL-pe@0x557cde713208 Aug 26 18:24:57.508674: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:24:57.509159: | libevent_free: release ptr-libevent@0x557cde7070f8 Aug 26 18:24:57.509168: | free_event_entry: release EVENT_NULL-pe@0x557cde6faee8 Aug 26 18:24:57.509175: | libevent_free: release ptr-libevent@0x557cde69bfd8 Aug 26 18:24:57.509178: | free_event_entry: release EVENT_NULL-pe@0x557cde6fae78 Aug 26 18:24:57.509184: | libevent_free: release ptr-libevent@0x557cde6de7f8 Aug 26 18:24:57.509187: | free_event_entry: release EVENT_NULL-pe@0x557cde6fa338 Aug 26 18:24:57.509192: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 18:24:57.509195: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 18:24:57.509199: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 18:24:57.509201: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 18:24:57.509204: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 18:24:57.509210: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 18:24:57.509213: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 18:24:57.509216: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 18:24:57.509219: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 18:24:57.509224: | libevent_free: release ptr-libevent@0x557cde69dd18 Aug 26 18:24:57.509227: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 18:24:57.509231: | libevent_free: release ptr-libevent@0x557cde7125f8 Aug 26 18:24:57.509234: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 18:24:57.509237: | libevent_free: release ptr-libevent@0x557cde712708 Aug 26 18:24:57.509240: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 18:24:57.509243: | libevent_free: release ptr-libevent@0x557cde712948 Aug 26 18:24:57.509246: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 18:24:57.509248: | releasing event base Aug 26 18:24:57.509264: | libevent_free: release ptr-libevent@0x557cde712818 Aug 26 18:24:57.509268: | libevent_free: release ptr-libevent@0x557cde6f57b8 Aug 26 18:24:57.509273: | libevent_free: release ptr-libevent@0x557cde6f5768 Aug 26 18:24:57.509276: | libevent_free: release ptr-libevent@0x557cde6f56f8 Aug 26 18:24:57.509278: | libevent_free: release ptr-libevent@0x557cde6f56b8 Aug 26 18:24:57.509282: | libevent_free: release ptr-libevent@0x557cde7123c8 Aug 26 18:24:57.509284: | libevent_free: release ptr-libevent@0x557cde712578 Aug 26 18:24:57.509287: | libevent_free: release ptr-libevent@0x557cde6f5968 Aug 26 18:24:57.509311: | libevent_free: release ptr-libevent@0x557cde6fa448 Aug 26 18:24:57.509314: | libevent_free: release ptr-libevent@0x557cde6fae38 Aug 26 18:24:57.509317: | libevent_free: release ptr-libevent@0x557cde713278 Aug 26 18:24:57.509319: | libevent_free: release ptr-libevent@0x557cde7131c8 Aug 26 18:24:57.509322: | libevent_free: release ptr-libevent@0x557cde713118 Aug 26 18:24:57.509324: | libevent_free: release ptr-libevent@0x557cde713068 Aug 26 18:24:57.509327: | libevent_free: release ptr-libevent@0x557cde712fb8 Aug 26 18:24:57.509330: | libevent_free: release ptr-libevent@0x557cde712f08 Aug 26 18:24:57.509332: | libevent_free: release ptr-libevent@0x557cde6993d8 Aug 26 18:24:57.509335: | libevent_free: release ptr-libevent@0x557cde7126c8 Aug 26 18:24:57.509337: | libevent_free: release ptr-libevent@0x557cde7125b8 Aug 26 18:24:57.509340: | libevent_free: release ptr-libevent@0x557cde712538 Aug 26 18:24:57.509342: | libevent_free: release ptr-libevent@0x557cde7127d8 Aug 26 18:24:57.509345: | libevent_free: release ptr-libevent@0x557cde712408 Aug 26 18:24:57.509347: | libevent_free: release ptr-libevent@0x557cde670908 Aug 26 18:24:57.509350: | libevent_free: release ptr-libevent@0x557cde670d38 Aug 26 18:24:57.509353: | libevent_free: release ptr-libevent@0x557cde699748 Aug 26 18:24:57.509355: | releasing global libevent data Aug 26 18:24:57.509358: | libevent_free: release ptr-libevent@0x557cde66c0c8 Aug 26 18:24:57.509361: | libevent_free: release ptr-libevent@0x557cde670cd8 Aug 26 18:24:57.509363: | libevent_free: release ptr-libevent@0x557cde670dd8 Aug 26 18:24:57.509399: leak detective found no leaks