Aug 26 18:24:56.697410: FIPS Product: YES Aug 26 18:24:56.697529: FIPS Kernel: NO Aug 26 18:24:56.697533: FIPS Mode: NO Aug 26 18:24:56.697536: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:24:56.697716: Initializing NSS Aug 26 18:24:56.697726: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:24:56.733507: NSS initialized Aug 26 18:24:56.733521: NSS crypto library initialized Aug 26 18:24:56.733525: FIPS HMAC integrity support [enabled] Aug 26 18:24:56.733527: FIPS mode disabled for pluto daemon Aug 26 18:24:56.784628: FIPS HMAC integrity verification self-test FAILED Aug 26 18:24:56.785130: libcap-ng support [enabled] Aug 26 18:24:56.785141: Linux audit support [enabled] Aug 26 18:24:56.785170: Linux audit activated Aug 26 18:24:56.785175: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:4590 Aug 26 18:24:56.785178: core dump dir: /tmp Aug 26 18:24:56.785180: secrets file: /etc/ipsec.secrets Aug 26 18:24:56.785181: leak-detective enabled Aug 26 18:24:56.785183: NSS crypto [enabled] Aug 26 18:24:56.785184: XAUTH PAM support [enabled] Aug 26 18:24:56.785243: | libevent is using pluto's memory allocator Aug 26 18:24:56.785248: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:24:56.785263: | libevent_malloc: new ptr-libevent@0x563b6f8c4588 size 40 Aug 26 18:24:56.785266: | libevent_malloc: new ptr-libevent@0x563b6f893cd8 size 40 Aug 26 18:24:56.785268: | libevent_malloc: new ptr-libevent@0x563b6f893dd8 size 40 Aug 26 18:24:56.785270: | creating event base Aug 26 18:24:56.785272: | libevent_malloc: new ptr-libevent@0x563b6f916888 size 56 Aug 26 18:24:56.785276: | libevent_malloc: new ptr-libevent@0x563b6f8c2d78 size 664 Aug 26 18:24:56.785286: | libevent_malloc: new ptr-libevent@0x563b6f9168f8 size 24 Aug 26 18:24:56.785310: | libevent_malloc: new ptr-libevent@0x563b6f916948 size 384 Aug 26 18:24:56.785322: | libevent_malloc: new ptr-libevent@0x563b6f916848 size 16 Aug 26 18:24:56.785325: | libevent_malloc: new ptr-libevent@0x563b6f893908 size 40 Aug 26 18:24:56.785328: | libevent_malloc: new ptr-libevent@0x563b6f893d38 size 48 Aug 26 18:24:56.785333: | libevent_realloc: new ptr-libevent@0x563b6f8c2a08 size 256 Aug 26 18:24:56.785337: | libevent_malloc: new ptr-libevent@0x563b6f916af8 size 16 Aug 26 18:24:56.785340: | libevent_free: release ptr-libevent@0x563b6f916888 Aug 26 18:24:56.785343: | libevent initialized Aug 26 18:24:56.785346: | libevent_realloc: new ptr-libevent@0x563b6f916888 size 64 Aug 26 18:24:56.785349: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:24:56.785363: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:24:56.785365: NAT-Traversal support [enabled] Aug 26 18:24:56.785367: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:24:56.785372: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:24:56.785374: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:24:56.785412: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:24:56.785420: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:24:56.785424: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:24:56.785465: Encryption algorithms: Aug 26 18:24:56.785473: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:24:56.785475: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:24:56.785478: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:24:56.785480: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:24:56.785482: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:24:56.785491: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:24:56.785494: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:24:56.785496: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:24:56.785498: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:24:56.785500: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:24:56.785503: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:24:56.785506: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:24:56.785511: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:24:56.785516: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:24:56.785520: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:24:56.785524: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:24:56.785527: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:24:56.785537: Hash algorithms: Aug 26 18:24:56.785541: MD5 IKEv1: IKE IKEv2: Aug 26 18:24:56.785544: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:24:56.785546: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:24:56.785548: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:24:56.785550: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:24:56.785558: PRF algorithms: Aug 26 18:24:56.785560: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:24:56.785562: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:24:56.785565: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:24:56.785567: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:24:56.785569: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:24:56.785570: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:24:56.785586: Integrity algorithms: Aug 26 18:24:56.785589: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:24:56.785591: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:24:56.785594: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:24:56.785597: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:24:56.785603: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:24:56.785607: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:24:56.785611: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:24:56.785615: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:24:56.785619: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:24:56.785636: DH algorithms: Aug 26 18:24:56.785640: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:24:56.785644: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:24:56.785647: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:24:56.785653: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:24:56.785657: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:24:56.785660: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:24:56.785663: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:24:56.785666: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:24:56.785670: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:24:56.785673: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:24:56.785676: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:24:56.785679: testing CAMELLIA_CBC: Aug 26 18:24:56.785682: Camellia: 16 bytes with 128-bit key Aug 26 18:24:56.785795: Camellia: 16 bytes with 128-bit key Aug 26 18:24:56.785829: Camellia: 16 bytes with 256-bit key Aug 26 18:24:56.785872: Camellia: 16 bytes with 256-bit key Aug 26 18:24:56.785908: testing AES_GCM_16: Aug 26 18:24:56.785913: empty string Aug 26 18:24:56.785945: one block Aug 26 18:24:56.785977: two blocks Aug 26 18:24:56.786008: two blocks with associated data Aug 26 18:24:56.786037: testing AES_CTR: Aug 26 18:24:56.786042: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:24:56.786070: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:24:56.786104: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:24:56.786140: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:24:56.786175: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:24:56.786204: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:24:56.786235: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:24:56.786265: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:24:56.786302: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:24:56.786334: testing AES_CBC: Aug 26 18:24:56.786338: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:24:56.786365: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:24:56.786406: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:24:56.786446: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:24:56.786489: testing AES_XCBC: Aug 26 18:24:56.786495: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:24:56.786626: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:24:56.786766: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:24:56.786883: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:24:56.787001: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:24:56.787108: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:24:56.787188: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:24:56.787415: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:24:56.787509: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:24:56.787595: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:24:56.787739: testing HMAC_MD5: Aug 26 18:24:56.787742: RFC 2104: MD5_HMAC test 1 Aug 26 18:24:56.787850: RFC 2104: MD5_HMAC test 2 Aug 26 18:24:56.787944: RFC 2104: MD5_HMAC test 3 Aug 26 18:24:56.788101: 8 CPU cores online Aug 26 18:24:56.788104: starting up 7 crypto helpers Aug 26 18:24:56.788133: started thread for crypto helper 0 Aug 26 18:24:56.788139: | starting up helper thread 0 Aug 26 18:24:56.788151: started thread for crypto helper 1 Aug 26 18:24:56.788153: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:24:56.788171: started thread for crypto helper 2 Aug 26 18:24:56.788155: | starting up helper thread 1 Aug 26 18:24:56.788157: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:56.788188: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:24:56.788175: | starting up helper thread 2 Aug 26 18:24:56.788192: | crypto helper 1 waiting (nothing to do) Aug 26 18:24:56.788195: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:24:56.788198: | crypto helper 2 waiting (nothing to do) Aug 26 18:24:56.788199: started thread for crypto helper 3 Aug 26 18:24:56.788216: started thread for crypto helper 4 Aug 26 18:24:56.788219: | starting up helper thread 4 Aug 26 18:24:56.788226: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:24:56.788229: | crypto helper 4 waiting (nothing to do) Aug 26 18:24:56.788231: started thread for crypto helper 5 Aug 26 18:24:56.788233: | starting up helper thread 5 Aug 26 18:24:56.788242: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:24:56.788245: | crypto helper 5 waiting (nothing to do) Aug 26 18:24:56.788254: started thread for crypto helper 6 Aug 26 18:24:56.788257: | checking IKEv1 state table Aug 26 18:24:56.788263: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:56.788265: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:24:56.788267: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:56.788268: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:24:56.788270: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:24:56.788272: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:24:56.788273: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:56.788275: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:56.788276: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:24:56.788278: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:24:56.788279: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:56.788281: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:24:56.788283: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:24:56.788284: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:56.788286: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:56.788287: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:56.788304: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:24:56.788306: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:56.788307: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:56.788309: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:24:56.788310: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:24:56.788312: | -> UNDEFINED EVENT_NULL Aug 26 18:24:56.788314: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:24:56.788315: | -> UNDEFINED EVENT_NULL Aug 26 18:24:56.788317: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:56.788318: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:24:56.788320: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:56.788322: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:56.788323: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:24:56.788325: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:24:56.788326: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:56.788328: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:24:56.788329: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:24:56.788331: | -> UNDEFINED EVENT_NULL Aug 26 18:24:56.788333: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:24:56.788334: | -> UNDEFINED EVENT_NULL Aug 26 18:24:56.788336: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:24:56.788337: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:24:56.788339: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:24:56.788341: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:24:56.788342: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:24:56.788344: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:24:56.788346: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:24:56.788347: | -> UNDEFINED EVENT_NULL Aug 26 18:24:56.788351: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:24:56.788353: | -> UNDEFINED EVENT_NULL Aug 26 18:24:56.788354: | INFO: category: informational flags: 0: Aug 26 18:24:56.788356: | -> UNDEFINED EVENT_NULL Aug 26 18:24:56.788358: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:24:56.788359: | -> UNDEFINED EVENT_NULL Aug 26 18:24:56.788361: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:24:56.788362: | -> XAUTH_R1 EVENT_NULL Aug 26 18:24:56.788364: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:24:56.788365: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:24:56.788367: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:24:56.788369: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:24:56.788370: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:24:56.788372: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:24:56.788374: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:24:56.788375: | -> UNDEFINED EVENT_NULL Aug 26 18:24:56.788377: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:24:56.788378: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:24:56.788380: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:24:56.788381: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:24:56.788383: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:24:56.788385: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:24:56.788389: | checking IKEv2 state table Aug 26 18:24:56.788394: | PARENT_I0: category: ignore flags: 0: Aug 26 18:24:56.788396: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:24:56.788398: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:24:56.788400: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:24:56.788401: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:24:56.788403: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:24:56.788405: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:24:56.788407: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:24:56.788409: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:24:56.788410: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:24:56.788412: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:24:56.788414: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:24:56.788416: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:24:56.788417: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:24:56.788419: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:24:56.788420: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:24:56.788422: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:24:56.788424: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:24:56.788426: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:24:56.788428: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:24:56.788429: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:24:56.788431: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:24:56.788433: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:24:56.788435: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:24:56.788436: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:24:56.788438: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:24:56.788440: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:24:56.788441: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:24:56.788445: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:24:56.788447: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:24:56.788448: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:24:56.788450: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:56.788452: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:24:56.788454: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:24:56.788456: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:24:56.788457: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:24:56.788459: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:24:56.788461: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:24:56.788463: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:24:56.788465: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:24:56.788466: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:24:56.788468: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:24:56.788470: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:24:56.788472: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:24:56.788474: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:24:56.788475: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:24:56.788477: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:24:56.788486: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:24:56.788839: | Hard-wiring algorithms Aug 26 18:24:56.788844: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:24:56.788848: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:24:56.788849: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:24:56.788852: | adding 3DES_CBC to kernel algorithm db Aug 26 18:24:56.788854: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:24:56.788857: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:24:56.788860: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:24:56.788862: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:24:56.788865: | adding AES_CTR to kernel algorithm db Aug 26 18:24:56.788867: | adding AES_CBC to kernel algorithm db Aug 26 18:24:56.788869: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:24:56.788871: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:24:56.788874: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:24:56.788877: | adding NULL to kernel algorithm db Aug 26 18:24:56.788879: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:24:56.788882: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:24:56.788885: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:24:56.788887: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:24:56.788890: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:24:56.788892: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:24:56.788895: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:24:56.788897: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:24:56.788899: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:24:56.788902: | adding NONE to kernel algorithm db Aug 26 18:24:56.788922: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:24:56.788930: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:24:56.788932: | setup kernel fd callback Aug 26 18:24:56.788936: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x563b6f91c108 Aug 26 18:24:56.788941: | libevent_malloc: new ptr-libevent@0x563b6f8ffb08 size 128 Aug 26 18:24:56.788944: | libevent_malloc: new ptr-libevent@0x563b6f91b668 size 16 Aug 26 18:24:56.788954: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x563b6f91b558 Aug 26 18:24:56.788957: | libevent_malloc: new ptr-libevent@0x563b6f8c5f68 size 128 Aug 26 18:24:56.788960: | libevent_malloc: new ptr-libevent@0x563b6f91c058 size 16 Aug 26 18:24:56.789202: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:24:56.789213: selinux support is enabled. Aug 26 18:24:56.789298: | starting up helper thread 3 Aug 26 18:24:56.789315: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:24:56.789319: | crypto helper 3 waiting (nothing to do) Aug 26 18:24:56.789894: | unbound context created - setting debug level to 5 Aug 26 18:24:56.789972: | /etc/hosts lookups activated Aug 26 18:24:56.789989: | /etc/resolv.conf usage activated Aug 26 18:24:56.790059: | outgoing-port-avoid set 0-65535 Aug 26 18:24:56.790090: | outgoing-port-permit set 32768-60999 Aug 26 18:24:56.790094: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:24:56.790097: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:24:56.790101: | Setting up events, loop start Aug 26 18:24:56.790104: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x563b6f91c098 Aug 26 18:24:56.790108: | libevent_malloc: new ptr-libevent@0x563b6f928358 size 128 Aug 26 18:24:56.790112: | libevent_malloc: new ptr-libevent@0x563b6f933668 size 16 Aug 26 18:24:56.790119: | libevent_realloc: new ptr-libevent@0x563b6f9336a8 size 256 Aug 26 18:24:56.790122: | libevent_malloc: new ptr-libevent@0x563b6f9337d8 size 8 Aug 26 18:24:56.790126: | libevent_realloc: new ptr-libevent@0x563b6f8c32b8 size 144 Aug 26 18:24:56.790129: | libevent_malloc: new ptr-libevent@0x563b6f8c73e8 size 152 Aug 26 18:24:56.790133: | libevent_malloc: new ptr-libevent@0x563b6f933818 size 16 Aug 26 18:24:56.790138: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:24:56.790141: | libevent_malloc: new ptr-libevent@0x563b6f933858 size 8 Aug 26 18:24:56.790145: | libevent_malloc: new ptr-libevent@0x563b6f933898 size 152 Aug 26 18:24:56.790148: | signal event handler PLUTO_SIGTERM installed Aug 26 18:24:56.790150: | libevent_malloc: new ptr-libevent@0x563b6f933968 size 8 Aug 26 18:24:56.790152: | libevent_malloc: new ptr-libevent@0x563b6f9339a8 size 152 Aug 26 18:24:56.790154: | signal event handler PLUTO_SIGHUP installed Aug 26 18:24:56.790155: | libevent_malloc: new ptr-libevent@0x563b6f933a78 size 8 Aug 26 18:24:56.790157: | libevent_realloc: release ptr-libevent@0x563b6f8c32b8 Aug 26 18:24:56.790159: | libevent_realloc: new ptr-libevent@0x563b6f933ab8 size 256 Aug 26 18:24:56.790161: | libevent_malloc: new ptr-libevent@0x563b6f933be8 size 152 Aug 26 18:24:56.790163: | signal event handler PLUTO_SIGSYS installed Aug 26 18:24:56.790492: | created addconn helper (pid:4704) using fork+execve Aug 26 18:24:56.790522: | forked child 4704 Aug 26 18:24:56.790562: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:56.790903: listening for IKE messages Aug 26 18:24:56.791003: | Inspecting interface lo Aug 26 18:24:56.791012: | found lo with address 127.0.0.1 Aug 26 18:24:56.791018: | Inspecting interface eth0 Aug 26 18:24:56.791023: | found eth0 with address 192.0.3.254 Aug 26 18:24:56.791028: | Inspecting interface eth1 Aug 26 18:24:56.791033: | found eth1 with address 192.1.3.33 Aug 26 18:24:56.791152: Kernel supports NIC esp-hw-offload Aug 26 18:24:56.791166: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Aug 26 18:24:56.791222: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:56.791229: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:56.791233: adding interface eth1/eth1 192.1.3.33:4500 Aug 26 18:24:56.791262: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Aug 26 18:24:56.791286: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:56.791298: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:56.791307: adding interface eth0/eth0 192.0.3.254:4500 Aug 26 18:24:56.791336: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:24:56.791360: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:24:56.791365: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:24:56.791369: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:24:56.791458: | no interfaces to sort Aug 26 18:24:56.791463: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:24:56.791473: | add_fd_read_event_handler: new ethX-pe@0x563b6f934138 Aug 26 18:24:56.791478: | libevent_malloc: new ptr-libevent@0x563b6f9282a8 size 128 Aug 26 18:24:56.791482: | libevent_malloc: new ptr-libevent@0x563b6f9341a8 size 16 Aug 26 18:24:56.791490: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:56.791493: | add_fd_read_event_handler: new ethX-pe@0x563b6f9341e8 Aug 26 18:24:56.791501: | libevent_malloc: new ptr-libevent@0x563b6f8c41c8 size 128 Aug 26 18:24:56.791505: | libevent_malloc: new ptr-libevent@0x563b6f934258 size 16 Aug 26 18:24:56.791511: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:56.791514: | add_fd_read_event_handler: new ethX-pe@0x563b6f934298 Aug 26 18:24:56.791517: | libevent_malloc: new ptr-libevent@0x563b6f8c6068 size 128 Aug 26 18:24:56.791520: | libevent_malloc: new ptr-libevent@0x563b6f934308 size 16 Aug 26 18:24:56.791526: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 18:24:56.791529: | add_fd_read_event_handler: new ethX-pe@0x563b6f934348 Aug 26 18:24:56.791534: | libevent_malloc: new ptr-libevent@0x563b6f8c31b8 size 128 Aug 26 18:24:56.791538: | libevent_malloc: new ptr-libevent@0x563b6f9343b8 size 16 Aug 26 18:24:56.791543: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 18:24:56.791546: | add_fd_read_event_handler: new ethX-pe@0x563b6f9343f8 Aug 26 18:24:56.791551: | libevent_malloc: new ptr-libevent@0x563b6f8944e8 size 128 Aug 26 18:24:56.791554: | libevent_malloc: new ptr-libevent@0x563b6f934468 size 16 Aug 26 18:24:56.791559: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 18:24:56.791562: | add_fd_read_event_handler: new ethX-pe@0x563b6f9344a8 Aug 26 18:24:56.791566: | libevent_malloc: new ptr-libevent@0x563b6f8941d8 size 128 Aug 26 18:24:56.791569: | libevent_malloc: new ptr-libevent@0x563b6f934518 size 16 Aug 26 18:24:56.791574: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 18:24:56.791580: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:56.791584: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:56.791600: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:56.791617: | id type added to secret(0x563b6f88fc48) PKK_PSK: @east Aug 26 18:24:56.791622: | id type added to secret(0x563b6f88fc48) PKK_PSK: @north Aug 26 18:24:56.791626: | Processing PSK at line 1: passed Aug 26 18:24:56.791629: | certs and keys locked by 'process_secret' Aug 26 18:24:56.791634: | certs and keys unlocked by 'process_secret' Aug 26 18:24:56.791646: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:56.791653: | spent 1.1 milliseconds in whack Aug 26 18:24:56.791669: | starting up helper thread 6 Aug 26 18:24:56.791676: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:24:56.791682: | crypto helper 6 waiting (nothing to do) Aug 26 18:24:56.816352: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:56.816378: listening for IKE messages Aug 26 18:24:56.823186: | Inspecting interface lo Aug 26 18:24:56.823209: | found lo with address 127.0.0.1 Aug 26 18:24:56.823214: | Inspecting interface eth0 Aug 26 18:24:56.823218: | found eth0 with address 192.0.3.254 Aug 26 18:24:56.823221: | Inspecting interface eth1 Aug 26 18:24:56.823225: | found eth1 with address 192.1.3.33 Aug 26 18:24:56.823285: | no interfaces to sort Aug 26 18:24:56.823309: | libevent_free: release ptr-libevent@0x563b6f9282a8 Aug 26 18:24:56.823315: | free_event_entry: release EVENT_NULL-pe@0x563b6f934138 Aug 26 18:24:56.823319: | add_fd_read_event_handler: new ethX-pe@0x563b6f934138 Aug 26 18:24:56.823323: | libevent_malloc: new ptr-libevent@0x563b6f9282a8 size 128 Aug 26 18:24:56.823331: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:24:56.823335: | libevent_free: release ptr-libevent@0x563b6f8c41c8 Aug 26 18:24:56.823338: | free_event_entry: release EVENT_NULL-pe@0x563b6f9341e8 Aug 26 18:24:56.823342: | add_fd_read_event_handler: new ethX-pe@0x563b6f9341e8 Aug 26 18:24:56.823345: | libevent_malloc: new ptr-libevent@0x563b6f8c41c8 size 128 Aug 26 18:24:56.823350: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:24:56.823354: | libevent_free: release ptr-libevent@0x563b6f8c6068 Aug 26 18:24:56.823357: | free_event_entry: release EVENT_NULL-pe@0x563b6f934298 Aug 26 18:24:56.823360: | add_fd_read_event_handler: new ethX-pe@0x563b6f934298 Aug 26 18:24:56.823363: | libevent_malloc: new ptr-libevent@0x563b6f8c6068 size 128 Aug 26 18:24:56.823369: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 18:24:56.823373: | libevent_free: release ptr-libevent@0x563b6f8c31b8 Aug 26 18:24:56.823376: | free_event_entry: release EVENT_NULL-pe@0x563b6f934348 Aug 26 18:24:56.823379: | add_fd_read_event_handler: new ethX-pe@0x563b6f934348 Aug 26 18:24:56.823382: | libevent_malloc: new ptr-libevent@0x563b6f8c31b8 size 128 Aug 26 18:24:56.823387: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 18:24:56.823391: | libevent_free: release ptr-libevent@0x563b6f8944e8 Aug 26 18:24:56.823394: | free_event_entry: release EVENT_NULL-pe@0x563b6f9343f8 Aug 26 18:24:56.823397: | add_fd_read_event_handler: new ethX-pe@0x563b6f9343f8 Aug 26 18:24:56.823400: | libevent_malloc: new ptr-libevent@0x563b6f8944e8 size 128 Aug 26 18:24:56.823405: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 18:24:56.823409: | libevent_free: release ptr-libevent@0x563b6f8941d8 Aug 26 18:24:56.823412: | free_event_entry: release EVENT_NULL-pe@0x563b6f9344a8 Aug 26 18:24:56.823416: | add_fd_read_event_handler: new ethX-pe@0x563b6f9344a8 Aug 26 18:24:56.823419: | libevent_malloc: new ptr-libevent@0x563b6f8941d8 size 128 Aug 26 18:24:56.823424: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 18:24:56.823428: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:24:56.823430: forgetting secrets Aug 26 18:24:56.823443: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:24:56.823458: loading secrets from "/etc/ipsec.secrets" Aug 26 18:24:56.823467: | id type added to secret(0x563b6f88fc48) PKK_PSK: @east Aug 26 18:24:56.823471: | id type added to secret(0x563b6f88fc48) PKK_PSK: @north Aug 26 18:24:56.823475: | Processing PSK at line 1: passed Aug 26 18:24:56.823478: | certs and keys locked by 'process_secret' Aug 26 18:24:56.823481: | certs and keys unlocked by 'process_secret' Aug 26 18:24:56.823490: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:56.823499: | spent 0.402 milliseconds in whack Aug 26 18:24:56.824051: | processing signal PLUTO_SIGCHLD Aug 26 18:24:56.824073: | waitpid returned pid 4704 (exited with status 0) Aug 26 18:24:56.824079: | reaped addconn helper child (status 0) Aug 26 18:24:56.824085: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:56.824092: | spent 0.0281 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:56.871524: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:56.871542: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:56.871546: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:56.871548: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:56.871549: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:56.871552: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:56.871558: | Added new connection northnet-eastnet/0x1 with policy PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:56.871629: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:24:56.871637: | from whack: got --esp= Aug 26 18:24:56.871696: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 18:24:56.871702: | counting wild cards for @north is 0 Aug 26 18:24:56.871704: | counting wild cards for @east is 0 Aug 26 18:24:56.871711: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Aug 26 18:24:56.871713: | new hp@0x563b6f936888 Aug 26 18:24:56.871717: added connection description "northnet-eastnet/0x1" Aug 26 18:24:56.871728: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:56.871742: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Aug 26 18:24:56.871750: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:56.871756: | spent 0.239 milliseconds in whack Aug 26 18:24:56.871786: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:56.871795: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:56.871798: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:56.871800: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:56.871802: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:56.871804: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:56.871808: | Added new connection northnet-eastnet/0x2 with policy PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:56.871839: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:24:56.871842: | from whack: got --esp= Aug 26 18:24:56.871863: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 18:24:56.871865: | counting wild cards for @north is 0 Aug 26 18:24:56.871867: | counting wild cards for @east is 0 Aug 26 18:24:56.871871: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Aug 26 18:24:56.871875: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x563b6f936888: northnet-eastnet/0x1 Aug 26 18:24:56.871876: added connection description "northnet-eastnet/0x2" Aug 26 18:24:56.871884: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:24:56.871893: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Aug 26 18:24:56.871899: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:56.871904: | spent 0.121 milliseconds in whack Aug 26 18:24:56.934943: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:56.934975: | old debugging base+cpu-usage + none Aug 26 18:24:56.934980: | base debugging = base+cpu-usage Aug 26 18:24:56.934988: | old impairing none + suppress-retransmits Aug 26 18:24:56.934991: | base impairing = suppress-retransmits Aug 26 18:24:56.935000: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:56.935009: | spent 0.0758 milliseconds in whack Aug 26 18:24:57.053794: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:57.054527: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:57.054541: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:24:57.054659: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:24:57.054675: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:57.054683: | spent 0.878 milliseconds in whack Aug 26 18:24:57.118411: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:57.118438: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 18:24:57.118442: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:24:57.118446: initiating all conns with alias='northnet-eastnet' Aug 26 18:24:57.118455: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:24:57.118461: | start processing: connection "northnet-eastnet/0x2" (in initiate_a_connection() at initiate.c:186) Aug 26 18:24:57.118464: | connection 'northnet-eastnet/0x2' +POLICY_UP Aug 26 18:24:57.118468: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 18:24:57.118471: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:57.118495: | creating state object #1 at 0x563b6f9387f8 Aug 26 18:24:57.118499: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 18:24:57.118507: | pstats #1 ikev2.ike started Aug 26 18:24:57.118511: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:24:57.118515: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:24:57.118521: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:57.118528: | suspend processing: connection "northnet-eastnet/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:24:57.118534: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:24:57.118537: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:24:57.118542: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet/0x2" IKE SA #1 "northnet-eastnet/0x2" Aug 26 18:24:57.118547: "northnet-eastnet/0x2" #1: initiating v2 parent SA Aug 26 18:24:57.118557: | constructing local IKE proposals for northnet-eastnet/0x2 (IKE SA initiator selecting KE) Aug 26 18:24:57.118567: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:57.118577: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:57.118581: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:57.118587: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:57.118591: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:57.118597: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:57.118601: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:24:57.118613: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:57.118626: "northnet-eastnet/0x2": constructed local IKE proposals for northnet-eastnet/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:57.118636: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 18:24:57.118640: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563b6f93af28 Aug 26 18:24:57.118644: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:24:57.118650: | libevent_malloc: new ptr-libevent@0x563b6f93af98 size 128 Aug 26 18:24:57.118667: | #1 spent 0.204 milliseconds in ikev2_parent_outI1() Aug 26 18:24:57.118671: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:57.118672: | crypto helper 0 resuming Aug 26 18:24:57.118687: | crypto helper 0 starting work-order 1 for state #1 Aug 26 18:24:57.118693: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 18:24:57.119689: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000993 seconds Aug 26 18:24:57.119708: | (#1) spent 1.01 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 18:24:57.119713: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 18:24:57.119717: | scheduling resume sending helper answer for #1 Aug 26 18:24:57.119721: | libevent_malloc: new ptr-libevent@0x7f9748002888 size 128 Aug 26 18:24:57.119728: | crypto helper 0 waiting (nothing to do) Aug 26 18:24:57.118676: | RESET processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:57.119743: | RESET processing: connection "northnet-eastnet/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:24:57.119748: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:24:57.119754: | start processing: connection "northnet-eastnet/0x1" (in initiate_a_connection() at initiate.c:186) Aug 26 18:24:57.119759: | connection 'northnet-eastnet/0x1' +POLICY_UP Aug 26 18:24:57.119763: | dup_any(fd@23) -> fd@26 (in initiate_a_connection() at initiate.c:342) Aug 26 18:24:57.119766: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:24:57.119774: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet/0x1" IKE SA #1 "northnet-eastnet/0x2" Aug 26 18:24:57.119779: | stop processing: connection "northnet-eastnet/0x1" (in initiate_a_connection() at initiate.c:349) Aug 26 18:24:57.119784: | close_any(fd@23) (in initiate_connection() at initiate.c:384) Aug 26 18:24:57.119788: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:57.119793: | spent 0.339 milliseconds in whack Aug 26 18:24:57.119806: | processing resume sending helper answer for #1 Aug 26 18:24:57.119813: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:57.119817: | crypto helper 0 replies to request ID 1 Aug 26 18:24:57.119820: | calling continuation function 0x563b6df78b50 Aug 26 18:24:57.119823: | ikev2_parent_outI1_continue for #1 Aug 26 18:24:57.119857: | **emit ISAKMP Message: Aug 26 18:24:57.119862: | initiator cookie: Aug 26 18:24:57.119869: | 50 73 f3 5a 4c 9e 76 49 Aug 26 18:24:57.119872: | responder cookie: Aug 26 18:24:57.119875: | 00 00 00 00 00 00 00 00 Aug 26 18:24:57.119878: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:57.119881: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:57.119884: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:57.119887: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:57.119889: | Message ID: 0 (0x0) Aug 26 18:24:57.119892: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:57.119909: | using existing local IKE proposals for connection northnet-eastnet/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:57.119913: | Emitting ikev2_proposals ... Aug 26 18:24:57.119917: | ***emit IKEv2 Security Association Payload: Aug 26 18:24:57.119920: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.119922: | flags: none (0x0) Aug 26 18:24:57.119926: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:57.119929: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:57.119932: | discarding INTEG=NONE Aug 26 18:24:57.119935: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:57.119938: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:57.119941: | prop #: 1 (0x1) Aug 26 18:24:57.119943: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:57.119946: | spi size: 0 (0x0) Aug 26 18:24:57.119949: | # transforms: 11 (0xb) Aug 26 18:24:57.119952: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:57.119955: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.119958: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.119961: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:57.119964: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:57.119967: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.119970: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:57.119973: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:57.119976: | length/value: 256 (0x100) Aug 26 18:24:57.119979: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:57.119982: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.119985: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.119988: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:57.119991: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:57.119994: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.119997: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120000: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120003: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120005: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120008: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:57.120014: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:57.120017: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120021: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120024: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120026: | discarding INTEG=NONE Aug 26 18:24:57.120029: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120031: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120034: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120037: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:57.120040: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120043: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120046: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120049: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120052: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120054: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120057: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:57.120060: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120063: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120066: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120069: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120071: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120074: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120076: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:57.120079: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120082: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120085: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120088: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120090: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120093: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120095: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:57.120098: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120101: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120104: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120107: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120109: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120112: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120114: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:57.120117: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120120: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120123: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120128: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120131: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120133: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120136: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:57.120139: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120141: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120144: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120146: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120149: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120151: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120153: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:57.120156: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120159: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120161: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120164: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120167: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:57.120169: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120171: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:57.120175: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120178: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120180: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120183: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:57.120186: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:57.120189: | discarding INTEG=NONE Aug 26 18:24:57.120191: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:57.120194: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:57.120197: | prop #: 2 (0x2) Aug 26 18:24:57.120200: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:57.120202: | spi size: 0 (0x0) Aug 26 18:24:57.120204: | # transforms: 11 (0xb) Aug 26 18:24:57.120207: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:57.120210: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:57.120213: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120216: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120218: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:57.120221: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:57.120224: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120227: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:57.120229: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:57.120232: | length/value: 128 (0x80) Aug 26 18:24:57.120234: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:57.120237: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120240: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120243: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:57.120248: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:57.120252: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120255: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120258: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120260: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120263: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120266: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:57.120269: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:57.120272: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120275: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120278: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120281: | discarding INTEG=NONE Aug 26 18:24:57.120283: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120286: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120293: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120302: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:57.120306: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120308: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120311: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120314: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120316: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120319: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120322: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:57.120325: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120328: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120331: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120334: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120337: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120340: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120343: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:57.120346: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120349: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120352: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120355: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120358: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120361: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120363: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:57.120366: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120369: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120372: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120379: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120382: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120384: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120387: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:57.120390: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120393: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120396: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120399: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120401: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120404: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120406: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:57.120409: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120413: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120416: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120419: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120421: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120423: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120425: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:57.120429: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120432: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120435: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120438: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120440: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:57.120443: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120445: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:57.120449: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120452: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120454: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120457: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:24:57.120460: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:57.120463: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:57.120466: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:57.120468: | prop #: 3 (0x3) Aug 26 18:24:57.120471: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:57.120473: | spi size: 0 (0x0) Aug 26 18:24:57.120476: | # transforms: 13 (0xd) Aug 26 18:24:57.120479: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:57.120483: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:57.120486: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120488: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120491: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:57.120494: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:57.120497: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120502: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:57.120505: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:57.120507: | length/value: 256 (0x100) Aug 26 18:24:57.120510: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:57.120513: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120516: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120518: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:57.120521: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:57.120524: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120527: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120530: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120533: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120536: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120538: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:57.120541: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:57.120545: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120548: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120551: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120553: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120556: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120559: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:57.120562: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:57.120565: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120568: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120572: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120575: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120578: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120580: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:57.120583: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:57.120587: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120590: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120593: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120596: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120599: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120602: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120605: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:57.120608: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120611: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120614: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120617: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120620: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120625: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120628: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:57.120631: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120635: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120638: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120641: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120644: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120647: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120650: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:57.120653: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120656: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120659: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120662: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120665: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120667: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120670: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:57.120673: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120677: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120680: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120682: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120686: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120688: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120691: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:57.120694: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120697: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120701: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120703: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120707: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120709: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120712: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:57.120716: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120719: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120722: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120724: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120727: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120729: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120732: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:57.120735: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120738: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120744: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120747: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120750: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:57.120752: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120755: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:57.120758: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120761: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120764: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120766: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:57.120769: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:57.120772: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:57.120775: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:57.120778: | prop #: 4 (0x4) Aug 26 18:24:57.120781: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:57.120783: | spi size: 0 (0x0) Aug 26 18:24:57.120786: | # transforms: 13 (0xd) Aug 26 18:24:57.120789: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:57.120792: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:57.120795: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120797: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120800: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:57.120803: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:57.120806: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120809: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:57.120811: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:57.120814: | length/value: 128 (0x80) Aug 26 18:24:57.120817: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:57.120819: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120822: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120825: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:57.120827: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:57.120830: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120833: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120835: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120838: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120841: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120844: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:57.120847: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:24:57.120850: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120853: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120856: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120859: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120861: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120864: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:57.120867: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:57.120872: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120875: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120878: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120881: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120883: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120886: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:57.120889: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:57.120892: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120896: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120899: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120902: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120904: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120907: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120910: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:57.120913: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120916: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120919: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120921: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120924: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120926: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120929: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:24:57.120932: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120934: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120937: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120940: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120942: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120945: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120948: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:24:57.120951: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120954: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120957: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120959: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120962: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120964: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120967: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:24:57.120971: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120973: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120976: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.120979: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.120983: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120986: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.120989: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:24:57.120992: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.120995: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.120998: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.121000: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.121003: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.121005: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.121008: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:24:57.121011: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.121013: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.121016: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.121018: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.121021: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.121023: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.121025: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:24:57.121028: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.121031: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.121034: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.121036: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.121039: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:57.121042: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.121044: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:24:57.121048: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.121051: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.121054: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.121057: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:24:57.121059: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:57.121062: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:24:57.121065: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:57.121068: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:24:57.121070: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.121073: | flags: none (0x0) Aug 26 18:24:57.121076: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:57.121080: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:24:57.121082: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:24:57.121086: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:24:57.121090: | ikev2 g^x b8 b1 1c c4 39 b1 62 bc a0 eb dd a9 cb f1 3f 74 Aug 26 18:24:57.121092: | ikev2 g^x 3d cd a5 b7 7a cc ae b8 b2 68 6e e0 f0 f8 da d7 Aug 26 18:24:57.121096: | ikev2 g^x 6b a6 7b 57 93 7a 17 e3 68 1e aa 32 2a 8d 6c f3 Aug 26 18:24:57.121099: | ikev2 g^x 0d 8b a4 e3 87 83 97 a5 d8 96 44 1d 89 34 b0 3c Aug 26 18:24:57.121101: | ikev2 g^x 03 4a ae a1 de b1 1e 3c 7d 04 05 c9 3d 5b e5 12 Aug 26 18:24:57.121103: | ikev2 g^x e2 49 99 3e 26 e8 8a d9 f2 44 f0 64 a9 28 8c 3d Aug 26 18:24:57.121106: | ikev2 g^x 49 cd 13 33 c0 a0 e1 a9 e9 74 8b 13 de 6e 9d cd Aug 26 18:24:57.121108: | ikev2 g^x de a2 43 11 e4 3d 74 c9 9c d0 c6 4b 15 2f b7 6a Aug 26 18:24:57.121110: | ikev2 g^x 54 1d 1a cb a9 50 ae ca 74 3e bc 3a 78 62 ec 86 Aug 26 18:24:57.121113: | ikev2 g^x 1e b8 a7 68 2b 08 42 01 1f 6c cb c3 4d a2 4b a6 Aug 26 18:24:57.121116: | ikev2 g^x 63 ad 39 ed 5f 2b b2 a9 77 6b d5 96 40 c9 33 43 Aug 26 18:24:57.121118: | ikev2 g^x c3 40 4c 3a 47 d0 69 4d 8b c0 dc 2a 2c 6c ca 85 Aug 26 18:24:57.121121: | ikev2 g^x cf 20 8c 8f 25 ee 4e a6 e5 a6 f5 a4 71 c1 e3 2a Aug 26 18:24:57.121123: | ikev2 g^x c2 13 df f8 b5 d5 ca e9 e8 ad 1e 0c 31 67 b2 f0 Aug 26 18:24:57.121125: | ikev2 g^x 94 8a 70 92 f7 2f 4e ce 44 e0 c7 4e ed 8b b1 49 Aug 26 18:24:57.121127: | ikev2 g^x d1 90 bb 05 03 c1 d5 29 d1 95 99 5c 18 51 92 47 Aug 26 18:24:57.121130: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:24:57.121133: | ***emit IKEv2 Nonce Payload: Aug 26 18:24:57.121136: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:57.121138: | flags: none (0x0) Aug 26 18:24:57.121141: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:24:57.121144: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:24:57.121147: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:24:57.121150: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:24:57.121153: | IKEv2 nonce 05 23 8d 81 42 b1 6b 5a 86 2b bd 62 ab f7 67 2e Aug 26 18:24:57.121157: | IKEv2 nonce 96 51 92 a2 d7 84 18 86 07 58 3d ec 37 c6 10 42 Aug 26 18:24:57.121160: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:24:57.121163: | Adding a v2N Payload Aug 26 18:24:57.121165: | ***emit IKEv2 Notify Payload: Aug 26 18:24:57.121168: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.121170: | flags: none (0x0) Aug 26 18:24:57.121174: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:57.121176: | SPI size: 0 (0x0) Aug 26 18:24:57.121179: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:57.121183: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:57.121186: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:57.121189: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:24:57.121193: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:24:57.121196: | natd_hash: rcookie is zero Aug 26 18:24:57.121218: | natd_hash: hasher=0x563b6e04d800(20) Aug 26 18:24:57.121222: | natd_hash: icookie= 50 73 f3 5a 4c 9e 76 49 Aug 26 18:24:57.121225: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:57.121228: | natd_hash: ip= c0 01 03 21 Aug 26 18:24:57.121230: | natd_hash: port=500 Aug 26 18:24:57.121233: | natd_hash: hash= ab 22 7e 88 f0 68 96 71 6c 8e ba a0 3c fc 3a 7f Aug 26 18:24:57.121235: | natd_hash: hash= 1c 1d 36 d4 Aug 26 18:24:57.121238: | Adding a v2N Payload Aug 26 18:24:57.121240: | ***emit IKEv2 Notify Payload: Aug 26 18:24:57.121243: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.121246: | flags: none (0x0) Aug 26 18:24:57.121249: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:57.121251: | SPI size: 0 (0x0) Aug 26 18:24:57.121254: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:57.121257: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:57.121262: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:57.121266: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:57.121269: | Notify data ab 22 7e 88 f0 68 96 71 6c 8e ba a0 3c fc 3a 7f Aug 26 18:24:57.121271: | Notify data 1c 1d 36 d4 Aug 26 18:24:57.121274: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:57.121276: | natd_hash: rcookie is zero Aug 26 18:24:57.121298: | natd_hash: hasher=0x563b6e04d800(20) Aug 26 18:24:57.121307: | natd_hash: icookie= 50 73 f3 5a 4c 9e 76 49 Aug 26 18:24:57.121310: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:24:57.121312: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:57.121315: | natd_hash: port=500 Aug 26 18:24:57.121318: | natd_hash: hash= 4e 4a bf 1a 03 de 07 c9 7c 9f c8 13 ef c4 26 0c Aug 26 18:24:57.121322: | natd_hash: hash= 9a 51 46 8c Aug 26 18:24:57.121324: | Adding a v2N Payload Aug 26 18:24:57.121327: | ***emit IKEv2 Notify Payload: Aug 26 18:24:57.121329: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.121332: | flags: none (0x0) Aug 26 18:24:57.121335: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:57.121341: | SPI size: 0 (0x0) Aug 26 18:24:57.121344: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:57.121348: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:24:57.121351: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:24:57.121354: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:24:57.121357: | Notify data 4e 4a bf 1a 03 de 07 c9 7c 9f c8 13 ef c4 26 0c Aug 26 18:24:57.121360: | Notify data 9a 51 46 8c Aug 26 18:24:57.121362: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:24:57.121365: | emitting length of ISAKMP Message: 828 Aug 26 18:24:57.121374: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:24:57.121387: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:57.121392: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:24:57.121395: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:24:57.121399: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:24:57.121403: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 18:24:57.121406: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 18:24:57.121411: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:24:57.121415: "northnet-eastnet/0x2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:24:57.121430: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:24:57.121442: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:57.121445: | 50 73 f3 5a 4c 9e 76 49 00 00 00 00 00 00 00 00 Aug 26 18:24:57.121448: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:24:57.121450: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:24:57.121453: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:24:57.121455: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:24:57.121458: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:24:57.121460: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:24:57.121463: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:24:57.121465: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:24:57.121470: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:24:57.121472: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:24:57.121475: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:24:57.121477: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:24:57.121479: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:24:57.121482: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:24:57.121484: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:24:57.121487: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:24:57.121489: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:24:57.121492: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:24:57.121494: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:24:57.121496: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:24:57.121499: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:24:57.121501: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:24:57.121503: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:24:57.121505: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:24:57.121508: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:24:57.121510: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:24:57.121512: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:24:57.121514: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:24:57.121517: | 28 00 01 08 00 0e 00 00 b8 b1 1c c4 39 b1 62 bc Aug 26 18:24:57.121519: | a0 eb dd a9 cb f1 3f 74 3d cd a5 b7 7a cc ae b8 Aug 26 18:24:57.121522: | b2 68 6e e0 f0 f8 da d7 6b a6 7b 57 93 7a 17 e3 Aug 26 18:24:57.121524: | 68 1e aa 32 2a 8d 6c f3 0d 8b a4 e3 87 83 97 a5 Aug 26 18:24:57.121526: | d8 96 44 1d 89 34 b0 3c 03 4a ae a1 de b1 1e 3c Aug 26 18:24:57.121529: | 7d 04 05 c9 3d 5b e5 12 e2 49 99 3e 26 e8 8a d9 Aug 26 18:24:57.121531: | f2 44 f0 64 a9 28 8c 3d 49 cd 13 33 c0 a0 e1 a9 Aug 26 18:24:57.121533: | e9 74 8b 13 de 6e 9d cd de a2 43 11 e4 3d 74 c9 Aug 26 18:24:57.121535: | 9c d0 c6 4b 15 2f b7 6a 54 1d 1a cb a9 50 ae ca Aug 26 18:24:57.121538: | 74 3e bc 3a 78 62 ec 86 1e b8 a7 68 2b 08 42 01 Aug 26 18:24:57.121540: | 1f 6c cb c3 4d a2 4b a6 63 ad 39 ed 5f 2b b2 a9 Aug 26 18:24:57.121542: | 77 6b d5 96 40 c9 33 43 c3 40 4c 3a 47 d0 69 4d Aug 26 18:24:57.121545: | 8b c0 dc 2a 2c 6c ca 85 cf 20 8c 8f 25 ee 4e a6 Aug 26 18:24:57.121547: | e5 a6 f5 a4 71 c1 e3 2a c2 13 df f8 b5 d5 ca e9 Aug 26 18:24:57.121549: | e8 ad 1e 0c 31 67 b2 f0 94 8a 70 92 f7 2f 4e ce Aug 26 18:24:57.121554: | 44 e0 c7 4e ed 8b b1 49 d1 90 bb 05 03 c1 d5 29 Aug 26 18:24:57.121559: | d1 95 99 5c 18 51 92 47 29 00 00 24 05 23 8d 81 Aug 26 18:24:57.121562: | 42 b1 6b 5a 86 2b bd 62 ab f7 67 2e 96 51 92 a2 Aug 26 18:24:57.121565: | d7 84 18 86 07 58 3d ec 37 c6 10 42 29 00 00 08 Aug 26 18:24:57.121568: | 00 00 40 2e 29 00 00 1c 00 00 40 04 ab 22 7e 88 Aug 26 18:24:57.121571: | f0 68 96 71 6c 8e ba a0 3c fc 3a 7f 1c 1d 36 d4 Aug 26 18:24:57.121574: | 00 00 00 1c 00 00 40 05 4e 4a bf 1a 03 de 07 c9 Aug 26 18:24:57.121577: | 7c 9f c8 13 ef c4 26 0c 9a 51 46 8c Aug 26 18:24:57.121675: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:57.121685: | libevent_free: release ptr-libevent@0x563b6f93af98 Aug 26 18:24:57.121690: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563b6f93af28 Aug 26 18:24:57.121694: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:24:57.121698: "northnet-eastnet/0x2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:24:57.121707: | event_schedule: new EVENT_RETRANSMIT-pe@0x563b6f93af28 Aug 26 18:24:57.121712: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Aug 26 18:24:57.121715: | libevent_malloc: new ptr-libevent@0x563b6f93af98 size 128 Aug 26 18:24:57.121723: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29182.864173 Aug 26 18:24:57.121728: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 18:24:57.121735: | #1 spent 1.84 milliseconds in resume sending helper answer Aug 26 18:24:57.121740: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:57.121744: | libevent_free: release ptr-libevent@0x7f9748002888 Aug 26 18:24:57.125016: | spent 0.00249 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:57.125045: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:57.125049: | 50 73 f3 5a 4c 9e 76 49 c6 0a 30 9b f3 39 58 13 Aug 26 18:24:57.125052: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 18:24:57.125054: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 18:24:57.125057: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 18:24:57.125060: | 04 00 00 0e 28 00 01 08 00 0e 00 00 92 70 ea 80 Aug 26 18:24:57.125062: | 9e 38 a4 5a 9b 70 e6 a3 47 80 ed 9e 7d 34 23 ca Aug 26 18:24:57.125065: | c3 f2 53 90 3c 07 93 4e 8f aa 25 8b 4e 6f b9 7c Aug 26 18:24:57.125068: | 6e 30 79 38 8b bd a6 f5 f3 d8 a1 01 cd 62 19 64 Aug 26 18:24:57.125070: | 78 f5 8e 3b 28 e5 bb e3 51 9f 19 88 47 0f 3d 39 Aug 26 18:24:57.125073: | b6 93 32 de 4c 4a 44 ad 72 ea 5a 0a 09 e1 2a 51 Aug 26 18:24:57.125075: | 09 32 ab 8f d3 44 d5 77 e2 cb f1 f4 72 54 17 c5 Aug 26 18:24:57.125078: | 0d 14 78 67 01 87 7b 01 44 05 7e f7 bb 8f 99 b1 Aug 26 18:24:57.125080: | 67 c6 ed 26 98 c2 3d b4 13 bb 37 fa 1a 19 45 ef Aug 26 18:24:57.125083: | 47 96 2d 60 1a 00 e2 d4 95 99 9b f1 40 9f 15 83 Aug 26 18:24:57.125085: | 00 20 53 fe e4 71 04 a6 7e a8 13 52 dd 80 29 63 Aug 26 18:24:57.125088: | 7e 2b e0 f5 2a aa aa 49 bc e3 f7 d6 69 39 0c 0a Aug 26 18:24:57.125090: | 6a fa 7d 92 54 33 de 15 0a 23 bf 35 f5 9d e9 bd Aug 26 18:24:57.125092: | 1a 43 02 3e 34 0f dd 2b 77 73 42 b8 9c 92 12 b1 Aug 26 18:24:57.125095: | 4a 1f fc 32 51 63 53 68 e9 d2 f6 18 13 53 25 81 Aug 26 18:24:57.125098: | a7 c3 78 d8 39 85 24 b7 d5 58 3b 87 da 45 56 49 Aug 26 18:24:57.125100: | 0d 54 0d 83 58 81 a9 c4 47 67 4e 76 29 00 00 24 Aug 26 18:24:57.125103: | a7 2a 2b 9c 7d 25 24 35 72 c4 a9 62 60 ee 49 99 Aug 26 18:24:57.125105: | 55 44 33 0d 2b f5 dd cd 52 d0 fd cb 24 91 56 04 Aug 26 18:24:57.125107: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 18:24:57.125110: | 12 de 0c ba aa d6 67 64 17 10 22 f1 00 ff 41 0a Aug 26 18:24:57.125113: | 39 ec 09 e8 00 00 00 1c 00 00 40 05 92 f7 cc 5c Aug 26 18:24:57.125115: | b2 fd 14 83 ab c6 69 98 87 00 0e b0 61 40 11 3a Aug 26 18:24:57.125120: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:57.125124: | **parse ISAKMP Message: Aug 26 18:24:57.125128: | initiator cookie: Aug 26 18:24:57.125130: | 50 73 f3 5a 4c 9e 76 49 Aug 26 18:24:57.125133: | responder cookie: Aug 26 18:24:57.125135: | c6 0a 30 9b f3 39 58 13 Aug 26 18:24:57.125138: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:57.125141: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:57.125144: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:24:57.125147: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:57.125149: | Message ID: 0 (0x0) Aug 26 18:24:57.125152: | length: 432 (0x1b0) Aug 26 18:24:57.125155: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 18:24:57.125159: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 18:24:57.125163: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 18:24:57.125169: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:57.125176: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:57.125179: | #1 is idle Aug 26 18:24:57.125181: | #1 idle Aug 26 18:24:57.125184: | unpacking clear payload Aug 26 18:24:57.125187: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:57.125190: | ***parse IKEv2 Security Association Payload: Aug 26 18:24:57.125193: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:24:57.125196: | flags: none (0x0) Aug 26 18:24:57.125198: | length: 40 (0x28) Aug 26 18:24:57.125201: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 18:24:57.125204: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:24:57.125207: | ***parse IKEv2 Key Exchange Payload: Aug 26 18:24:57.125209: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:24:57.125212: | flags: none (0x0) Aug 26 18:24:57.125214: | length: 264 (0x108) Aug 26 18:24:57.125217: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:57.125220: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:24:57.125222: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:24:57.125225: | ***parse IKEv2 Nonce Payload: Aug 26 18:24:57.125228: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:57.125230: | flags: none (0x0) Aug 26 18:24:57.125233: | length: 36 (0x24) Aug 26 18:24:57.125235: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:24:57.125238: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:57.125241: | ***parse IKEv2 Notify Payload: Aug 26 18:24:57.125243: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:57.125246: | flags: none (0x0) Aug 26 18:24:57.125248: | length: 8 (0x8) Aug 26 18:24:57.125251: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:57.125254: | SPI size: 0 (0x0) Aug 26 18:24:57.125257: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:24:57.125259: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:24:57.125262: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:57.125265: | ***parse IKEv2 Notify Payload: Aug 26 18:24:57.125267: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:24:57.125270: | flags: none (0x0) Aug 26 18:24:57.125272: | length: 28 (0x1c) Aug 26 18:24:57.125275: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:57.125277: | SPI size: 0 (0x0) Aug 26 18:24:57.125280: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:24:57.125283: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:57.125285: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:24:57.125330: | ***parse IKEv2 Notify Payload: Aug 26 18:24:57.125335: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.125338: | flags: none (0x0) Aug 26 18:24:57.125340: | length: 28 (0x1c) Aug 26 18:24:57.125343: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:24:57.125345: | SPI size: 0 (0x0) Aug 26 18:24:57.125348: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:24:57.125351: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:24:57.125354: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 18:24:57.125358: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:24:57.125362: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:24:57.125364: | Now let's proceed with state specific processing Aug 26 18:24:57.125367: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:24:57.125371: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 18:24:57.125389: | using existing local IKE proposals for connection northnet-eastnet/0x2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:24:57.125395: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 18:24:57.125399: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:57.125402: | local proposal 1 type PRF has 2 transforms Aug 26 18:24:57.125404: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:57.125407: | local proposal 1 type DH has 8 transforms Aug 26 18:24:57.125410: | local proposal 1 type ESN has 0 transforms Aug 26 18:24:57.125413: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:57.125416: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:57.125418: | local proposal 2 type PRF has 2 transforms Aug 26 18:24:57.125421: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:57.125424: | local proposal 2 type DH has 8 transforms Aug 26 18:24:57.125426: | local proposal 2 type ESN has 0 transforms Aug 26 18:24:57.125430: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:24:57.125432: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:57.125435: | local proposal 3 type PRF has 2 transforms Aug 26 18:24:57.125437: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:57.125440: | local proposal 3 type DH has 8 transforms Aug 26 18:24:57.125443: | local proposal 3 type ESN has 0 transforms Aug 26 18:24:57.125446: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:57.125449: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:57.125451: | local proposal 4 type PRF has 2 transforms Aug 26 18:24:57.125454: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:57.125456: | local proposal 4 type DH has 8 transforms Aug 26 18:24:57.125459: | local proposal 4 type ESN has 0 transforms Aug 26 18:24:57.125462: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:24:57.125465: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:57.125468: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:57.125471: | length: 36 (0x24) Aug 26 18:24:57.125473: | prop #: 1 (0x1) Aug 26 18:24:57.125476: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:24:57.125478: | spi size: 0 (0x0) Aug 26 18:24:57.125481: | # transforms: 3 (0x3) Aug 26 18:24:57.125485: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:24:57.125488: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:57.125490: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.125493: | length: 12 (0xc) Aug 26 18:24:57.125496: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:57.125498: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:57.125501: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:57.125504: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:57.125506: | length/value: 256 (0x100) Aug 26 18:24:57.125511: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:57.125514: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:57.125516: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.125519: | length: 8 (0x8) Aug 26 18:24:57.125522: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:24:57.125524: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:24:57.125528: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 18:24:57.125531: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:57.125533: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:57.125536: | length: 8 (0x8) Aug 26 18:24:57.125540: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.125543: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:57.125546: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:24:57.125550: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 18:24:57.125555: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 18:24:57.125558: | remote proposal 1 matches local proposal 1 Aug 26 18:24:57.125561: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 18:24:57.125564: | converting proposal to internal trans attrs Aug 26 18:24:57.125585: | natd_hash: hasher=0x563b6e04d800(20) Aug 26 18:24:57.125588: | natd_hash: icookie= 50 73 f3 5a 4c 9e 76 49 Aug 26 18:24:57.125591: | natd_hash: rcookie= c6 0a 30 9b f3 39 58 13 Aug 26 18:24:57.125593: | natd_hash: ip= c0 01 03 21 Aug 26 18:24:57.125596: | natd_hash: port=500 Aug 26 18:24:57.125598: | natd_hash: hash= 92 f7 cc 5c b2 fd 14 83 ab c6 69 98 87 00 0e b0 Aug 26 18:24:57.125601: | natd_hash: hash= 61 40 11 3a Aug 26 18:24:57.125611: | natd_hash: hasher=0x563b6e04d800(20) Aug 26 18:24:57.125614: | natd_hash: icookie= 50 73 f3 5a 4c 9e 76 49 Aug 26 18:24:57.125617: | natd_hash: rcookie= c6 0a 30 9b f3 39 58 13 Aug 26 18:24:57.125619: | natd_hash: ip= c0 01 02 17 Aug 26 18:24:57.125621: | natd_hash: port=500 Aug 26 18:24:57.125624: | natd_hash: hash= 12 de 0c ba aa d6 67 64 17 10 22 f1 00 ff 41 0a Aug 26 18:24:57.125627: | natd_hash: hash= 39 ec 09 e8 Aug 26 18:24:57.125629: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:24:57.125632: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 18:24:57.125634: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:24:57.125638: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 18:24:57.125641: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 18:24:57.125645: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 18:24:57.125648: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:24:57.125651: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 18:24:57.125655: | libevent_free: release ptr-libevent@0x563b6f93af98 Aug 26 18:24:57.125658: | free_event_entry: release EVENT_RETRANSMIT-pe@0x563b6f93af28 Aug 26 18:24:57.125662: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563b6f93af28 Aug 26 18:24:57.125665: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:24:57.125668: | libevent_malloc: new ptr-libevent@0x563b6f93ad08 size 128 Aug 26 18:24:57.125681: | #1 spent 0.308 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 18:24:57.125686: | crypto helper 1 resuming Aug 26 18:24:57.125687: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:57.125705: | crypto helper 1 starting work-order 2 for state #1 Aug 26 18:24:57.125709: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 18:24:57.125711: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 18:24:57.125712: | suspending state #1 and saving MD Aug 26 18:24:57.125728: | #1 is busy; has a suspended MD Aug 26 18:24:57.125738: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:57.125743: | "northnet-eastnet/0x2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:57.125750: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:57.125757: | #1 spent 0.674 milliseconds in ikev2_process_packet() Aug 26 18:24:57.125765: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:57.125769: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:57.125772: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:57.125777: | spent 0.695 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:57.126536: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 18:24:57.126973: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.00126 seconds Aug 26 18:24:57.126983: | (#1) spent 1.24 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 18:24:57.126987: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 18:24:57.126990: | scheduling resume sending helper answer for #1 Aug 26 18:24:57.126994: | libevent_malloc: new ptr-libevent@0x7f9740000f48 size 128 Aug 26 18:24:57.127003: | crypto helper 1 waiting (nothing to do) Aug 26 18:24:57.127014: | processing resume sending helper answer for #1 Aug 26 18:24:57.127026: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:57.127031: | crypto helper 1 replies to request ID 2 Aug 26 18:24:57.127034: | calling continuation function 0x563b6df78b50 Aug 26 18:24:57.127037: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 18:24:57.127046: | creating state object #2 at 0x563b6f93dba8 Aug 26 18:24:57.127050: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 18:24:57.127054: | pstats #2 ikev2.child started Aug 26 18:24:57.127057: | duplicating state object #1 "northnet-eastnet/0x2" as #2 for IPSEC SA Aug 26 18:24:57.127063: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:57.127070: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:57.127075: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 18:24:57.127080: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 18:24:57.127083: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:57.127087: | libevent_free: release ptr-libevent@0x563b6f93ad08 Aug 26 18:24:57.127090: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563b6f93af28 Aug 26 18:24:57.127093: | event_schedule: new EVENT_SA_REPLACE-pe@0x563b6f93af28 Aug 26 18:24:57.127097: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 18:24:57.127100: | libevent_malloc: new ptr-libevent@0x563b6f93ad08 size 128 Aug 26 18:24:57.127104: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 18:24:57.127110: | **emit ISAKMP Message: Aug 26 18:24:57.127113: | initiator cookie: Aug 26 18:24:57.127116: | 50 73 f3 5a 4c 9e 76 49 Aug 26 18:24:57.127118: | responder cookie: Aug 26 18:24:57.127121: | c6 0a 30 9b f3 39 58 13 Aug 26 18:24:57.127124: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:57.127127: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:57.127130: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:57.127133: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:57.127136: | Message ID: 1 (0x1) Aug 26 18:24:57.127139: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:57.127143: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:57.127146: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.127148: | flags: none (0x0) Aug 26 18:24:57.127152: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:57.127157: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:24:57.127161: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:57.127171: | IKEv2 CERT: send a certificate? Aug 26 18:24:57.127175: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 18:24:57.127178: | IDr payload will be sent Aug 26 18:24:57.127193: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 18:24:57.127196: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.127199: | flags: none (0x0) Aug 26 18:24:57.127202: | ID type: ID_FQDN (0x2) Aug 26 18:24:57.127205: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 18:24:57.127208: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:57.127212: | emitting 5 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 18:24:57.127215: | my identity 6e 6f 72 74 68 Aug 26 18:24:57.127217: | emitting length of IKEv2 Identification - Initiator - Payload: 13 Aug 26 18:24:57.127226: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 18:24:57.127229: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:24:57.127232: | flags: none (0x0) Aug 26 18:24:57.127235: | ID type: ID_FQDN (0x2) Aug 26 18:24:57.127238: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 18:24:57.127241: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 18:24:57.127244: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:57.127248: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 18:24:57.127250: | IDr 65 61 73 74 Aug 26 18:24:57.127253: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 18:24:57.127255: | not sending INITIAL_CONTACT Aug 26 18:24:57.127259: | ****emit IKEv2 Authentication Payload: Aug 26 18:24:57.127261: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.127264: | flags: none (0x0) Aug 26 18:24:57.127267: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:24:57.127270: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 18:24:57.127273: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 18:24:57.127277: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Aug 26 18:24:57.127281: | started looking for secret for @north->@east of kind PKK_PSK Aug 26 18:24:57.127284: | actually looking for secret for @north->@east of kind PKK_PSK Aug 26 18:24:57.127303: | line 1: key type PKK_PSK(@north) to type PKK_PSK Aug 26 18:24:57.127311: | 1: compared key @north to @north / @east -> 010 Aug 26 18:24:57.127314: | 2: compared key @east to @north / @east -> 014 Aug 26 18:24:57.127317: | line 1: match=014 Aug 26 18:24:57.127320: | match 014 beats previous best_match 000 match=0x563b6f88fc48 (line=1) Aug 26 18:24:57.127323: | concluding with best_match=014 best=0x563b6f88fc48 (lineno=1) Aug 26 18:24:57.127388: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 18:24:57.127392: | PSK auth c7 f9 7b 0d 8e b4 63 4c 09 ff ee 86 c1 d9 51 48 Aug 26 18:24:57.127395: | PSK auth f5 9a aa 67 2e ad c9 75 e1 51 72 9f 64 bb d1 b9 Aug 26 18:24:57.127397: | PSK auth d2 1d 1c 7e 17 76 9c 2c a5 3e 77 fd 79 e2 86 cf Aug 26 18:24:57.127400: | PSK auth 24 81 cd cd 2a 52 75 17 0c 90 eb 46 7a 19 b4 69 Aug 26 18:24:57.127403: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 18:24:57.127408: | getting first pending from state #1 Aug 26 18:24:57.127412: | Switching Child connection for #2 to "northnet-eastnet/0x1" from "northnet-eastnet/0x2" Aug 26 18:24:57.127417: | in connection_discard for connection northnet-eastnet/0x2 Aug 26 18:24:57.127439: | netlink_get_spi: allocated 0x3f2791d7 for esp.0@192.1.3.33 Aug 26 18:24:57.127443: | constructing ESP/AH proposals with all DH removed for northnet-eastnet/0x1 (IKE SA initiator emitting ESP/AH proposals) Aug 26 18:24:57.127448: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:24:57.127455: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:24:57.127458: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:24:57.127462: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:24:57.127466: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:57.127471: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:57.127474: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:57.127479: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:57.127488: "northnet-eastnet/0x1": constructed local ESP/AH proposals for northnet-eastnet/0x1 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:57.127503: | Emitting ikev2_proposals ... Aug 26 18:24:57.127506: | ****emit IKEv2 Security Association Payload: Aug 26 18:24:57.127509: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.127512: | flags: none (0x0) Aug 26 18:24:57.127516: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:57.127519: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:57.127522: | discarding INTEG=NONE Aug 26 18:24:57.127524: | discarding DH=NONE Aug 26 18:24:57.127527: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:57.127530: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:57.127533: | prop #: 1 (0x1) Aug 26 18:24:57.127536: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:57.127539: | spi size: 4 (0x4) Aug 26 18:24:57.127541: | # transforms: 2 (0x2) Aug 26 18:24:57.127544: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:57.127548: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:57.127550: | our spi 3f 27 91 d7 Aug 26 18:24:57.127553: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.127556: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.127558: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:57.127561: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:57.127564: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.127567: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:57.127570: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:57.127573: | length/value: 256 (0x100) Aug 26 18:24:57.127576: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:57.127579: | discarding INTEG=NONE Aug 26 18:24:57.127581: | discarding DH=NONE Aug 26 18:24:57.127584: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.127587: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:57.127591: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:57.127594: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:57.127597: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.127600: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.127603: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.127606: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:24:57.127609: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:57.127612: | discarding INTEG=NONE Aug 26 18:24:57.127614: | discarding DH=NONE Aug 26 18:24:57.127617: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:57.127619: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:57.127622: | prop #: 2 (0x2) Aug 26 18:24:57.127625: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:57.127627: | spi size: 4 (0x4) Aug 26 18:24:57.127630: | # transforms: 2 (0x2) Aug 26 18:24:57.127633: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:57.127636: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:57.127639: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:57.127642: | our spi 3f 27 91 d7 Aug 26 18:24:57.127644: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.127647: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.127650: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:57.127652: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:57.127655: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.127658: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:57.127661: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:57.127664: | length/value: 128 (0x80) Aug 26 18:24:57.127666: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:57.127669: | discarding INTEG=NONE Aug 26 18:24:57.127671: | discarding DH=NONE Aug 26 18:24:57.127674: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.127677: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:57.127680: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:57.127682: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:57.127685: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.127688: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.127691: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.127694: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:24:57.127697: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:57.127699: | discarding DH=NONE Aug 26 18:24:57.127702: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:57.127705: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:57.127707: | prop #: 3 (0x3) Aug 26 18:24:57.127710: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:57.127712: | spi size: 4 (0x4) Aug 26 18:24:57.127715: | # transforms: 4 (0x4) Aug 26 18:24:57.127718: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:57.127721: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:57.127726: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:57.127728: | our spi 3f 27 91 d7 Aug 26 18:24:57.127731: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.127734: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.127736: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:57.127739: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:57.127742: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.127745: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:57.127748: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:57.127750: | length/value: 256 (0x100) Aug 26 18:24:57.127753: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:57.127756: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.127758: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.127761: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:57.127764: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:57.127767: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.127770: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.127773: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.127775: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.127778: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.127781: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:57.127783: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:57.127786: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.127789: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.127792: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.127795: | discarding DH=NONE Aug 26 18:24:57.127797: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.127800: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:57.127803: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:57.127805: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:57.127808: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.127811: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.127814: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.127817: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 18:24:57.127820: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:57.127822: | discarding DH=NONE Aug 26 18:24:57.127825: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:57.127828: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:57.127830: | prop #: 4 (0x4) Aug 26 18:24:57.127833: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:57.127835: | spi size: 4 (0x4) Aug 26 18:24:57.127838: | # transforms: 4 (0x4) Aug 26 18:24:57.127841: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:57.127844: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:57.127848: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:57.127851: | our spi 3f 27 91 d7 Aug 26 18:24:57.127854: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.127856: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.127859: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:57.127862: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:57.127865: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.127867: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:57.127870: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:57.127873: | length/value: 128 (0x80) Aug 26 18:24:57.127876: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:57.127878: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.127881: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.127884: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:57.127886: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:57.127889: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.127892: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.127895: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.127898: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.127900: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.127903: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:57.127906: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:57.127909: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.127912: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.127915: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.127917: | discarding DH=NONE Aug 26 18:24:57.127920: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.127923: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:57.127925: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:57.127928: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:57.127931: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.127934: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.127937: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.127940: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 18:24:57.127943: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:57.127946: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 18:24:57.127949: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:57.127952: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:57.127955: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.127958: | flags: none (0x0) Aug 26 18:24:57.127961: | number of TS: 1 (0x1) Aug 26 18:24:57.127964: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:24:57.127967: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:57.127974: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:57.127977: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:57.127979: | IP Protocol ID: 0 (0x0) Aug 26 18:24:57.127982: | start port: 0 (0x0) Aug 26 18:24:57.127985: | end port: 65535 (0xffff) Aug 26 18:24:57.127988: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:57.127990: | ipv4 start c0 00 03 00 Aug 26 18:24:57.127993: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:57.127996: | ipv4 end c0 00 03 ff Aug 26 18:24:57.127999: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:57.128001: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:24:57.128004: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:57.128007: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.128009: | flags: none (0x0) Aug 26 18:24:57.128012: | number of TS: 1 (0x1) Aug 26 18:24:57.128015: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:24:57.128018: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:57.128021: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:57.128024: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:57.128026: | IP Protocol ID: 0 (0x0) Aug 26 18:24:57.128029: | start port: 0 (0x0) Aug 26 18:24:57.128031: | end port: 65535 (0xffff) Aug 26 18:24:57.128034: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:57.128037: | ipv4 start c0 00 02 00 Aug 26 18:24:57.128040: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:57.128042: | ipv4 end c0 00 02 ff Aug 26 18:24:57.128045: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:57.128047: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:24:57.128051: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 18:24:57.128054: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:24:57.128057: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:57.128060: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:57.128064: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:57.128066: | emitting length of IKEv2 Encryption Payload: 338 Aug 26 18:24:57.128069: | emitting length of ISAKMP Message: 366 Aug 26 18:24:57.128089: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:57.128095: | start processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:57.128100: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 18:24:57.128104: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 18:24:57.128107: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 18:24:57.128111: | Message ID: updating counters for #2 to 0 after switching state Aug 26 18:24:57.128116: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 18:24:57.128121: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 18:24:57.128126: "northnet-eastnet/0x1" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 18:24:57.128137: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:24:57.128146: | sending 366 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:57.128150: | 50 73 f3 5a 4c 9e 76 49 c6 0a 30 9b f3 39 58 13 Aug 26 18:24:57.128152: | 2e 20 23 08 00 00 00 01 00 00 01 6e 23 00 01 52 Aug 26 18:24:57.128155: | 82 e8 62 e0 91 88 52 97 de f7 09 13 e0 92 ce 97 Aug 26 18:24:57.128157: | 0a 92 ac 8f 20 44 0e 64 a6 99 b1 e0 9c fd d9 89 Aug 26 18:24:57.128160: | f2 51 fa 06 c1 be 9c 5c 21 8c 83 06 e9 72 e0 a7 Aug 26 18:24:57.128162: | 85 fb b9 65 3b 4e df ac 4e b3 41 14 ee e3 de 8c Aug 26 18:24:57.128164: | 26 ae 03 1d 70 c6 f9 f5 64 08 3d 37 d9 52 b7 23 Aug 26 18:24:57.128167: | 09 3d 06 c3 81 a0 1b 51 29 8f a1 fc 56 55 8c 93 Aug 26 18:24:57.128169: | 8a db 18 52 0b c4 70 ea 7c 43 6b 25 64 da 93 f2 Aug 26 18:24:57.128172: | e8 c7 34 a0 dd b8 b2 5b 5b fe f4 e0 16 19 ca e8 Aug 26 18:24:57.128174: | ef e3 5b 78 18 08 f6 1e a2 ec a7 9b ca 5e 35 4f Aug 26 18:24:57.128177: | ec b1 91 d6 8b 9b 03 38 4e 07 96 cf 40 dd a1 62 Aug 26 18:24:57.128179: | 87 54 32 3d 62 c1 75 c8 77 f7 5e 44 b0 6e a1 d3 Aug 26 18:24:57.128182: | cc c5 e3 51 bc 8d ce f0 e2 32 ab 20 70 da 17 51 Aug 26 18:24:57.128184: | 41 b7 51 90 af 02 13 8d 91 41 20 9a ef a6 62 a9 Aug 26 18:24:57.128187: | 44 fc d1 f6 70 bf bb a1 5a 82 c4 08 33 67 02 39 Aug 26 18:24:57.128189: | 0a 42 d2 60 ab 47 15 2d 1f af 1a 0c 91 e1 ae d6 Aug 26 18:24:57.128192: | 1e 6b 6f c1 54 53 2d c2 2a 1d 6f 22 cf 66 f2 ed Aug 26 18:24:57.128194: | 4f 4d 3b af c0 dd 62 39 3f f7 1b cc e4 53 26 9c Aug 26 18:24:57.128197: | dd f1 70 20 e9 e1 e4 dc 47 0d 76 8b 10 49 2d 1c Aug 26 18:24:57.128199: | 3a b9 b5 4e d4 70 f7 35 47 97 8d a7 11 ce fc 36 Aug 26 18:24:57.128202: | 76 05 74 cb 87 5f a4 c2 4a 07 96 a5 c5 c6 9f ae Aug 26 18:24:57.128204: | fd 94 da 05 0a 2d 80 ba ba 3b 80 89 60 19 Aug 26 18:24:57.128260: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:24:57.128265: "northnet-eastnet/0x1" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:24:57.128273: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f9748002b78 Aug 26 18:24:57.128277: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Aug 26 18:24:57.128281: | libevent_malloc: new ptr-libevent@0x563b6f93e878 size 128 Aug 26 18:24:57.128287: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29182.870739 Aug 26 18:24:57.128300: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:24:57.128307: | #1 spent 1.23 milliseconds in resume sending helper answer Aug 26 18:24:57.128312: | stop processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:57.128316: | libevent_free: release ptr-libevent@0x7f9740000f48 Aug 26 18:24:57.175636: | spent 0.00322 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:57.175662: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:57.175666: | 50 73 f3 5a 4c 9e 76 49 c6 0a 30 9b f3 39 58 13 Aug 26 18:24:57.175668: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Aug 26 18:24:57.175670: | 3b a7 37 43 ac b6 af c8 cc 5f a1 b1 ad 5d 1b 32 Aug 26 18:24:57.175671: | b1 9c 15 f0 e0 33 30 41 b5 38 e4 1a 40 0d d7 a0 Aug 26 18:24:57.175672: | f2 47 27 75 16 b7 d6 5d b4 e1 aa 21 88 8d 62 19 Aug 26 18:24:57.175674: | 75 63 66 a9 0b a2 cf 65 01 db 0d b4 20 e8 71 48 Aug 26 18:24:57.175675: | dc af 39 6b 52 c2 04 7a e3 8e 45 e0 70 ca de 28 Aug 26 18:24:57.175677: | 7a 69 af 41 67 9f 7d cf 73 e2 fa 5b d0 46 54 65 Aug 26 18:24:57.175678: | aa 46 2a 1a 6b 28 f7 f2 b5 89 a7 51 98 7c 45 62 Aug 26 18:24:57.175680: | e2 43 4c 44 7d c3 05 c6 d4 0b e1 cb 63 ef a8 d1 Aug 26 18:24:57.175681: | b0 4a 3d ba a4 95 2a 30 d3 1b e8 1e 1e ef ab b9 Aug 26 18:24:57.175683: | 4e 0d 1b 0d 42 ab c8 64 0c 67 b5 8c d2 e0 e5 b8 Aug 26 18:24:57.175687: | 23 dc 6e e5 c5 67 b1 d1 ca 6c ef 66 32 ba 76 7a Aug 26 18:24:57.175688: | cb 47 67 c8 e9 81 df 02 cb 7d 30 cd 08 01 74 94 Aug 26 18:24:57.175690: | 82 Aug 26 18:24:57.175693: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:57.175696: | **parse ISAKMP Message: Aug 26 18:24:57.175698: | initiator cookie: Aug 26 18:24:57.175700: | 50 73 f3 5a 4c 9e 76 49 Aug 26 18:24:57.175702: | responder cookie: Aug 26 18:24:57.175704: | c6 0a 30 9b f3 39 58 13 Aug 26 18:24:57.175706: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:57.175709: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:57.175712: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:24:57.175714: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:57.175717: | Message ID: 1 (0x1) Aug 26 18:24:57.175719: | length: 225 (0xe1) Aug 26 18:24:57.175722: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:24:57.175726: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:24:57.175731: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:24:57.175737: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:57.175741: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:24:57.175745: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:57.175750: | start processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:57.175753: | #2 is idle Aug 26 18:24:57.175755: | #2 idle Aug 26 18:24:57.175758: | unpacking clear payload Aug 26 18:24:57.175760: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:57.175763: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:57.175766: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:24:57.175768: | flags: none (0x0) Aug 26 18:24:57.175771: | length: 197 (0xc5) Aug 26 18:24:57.175774: | processing payload: ISAKMP_NEXT_v2SK (len=193) Aug 26 18:24:57.175776: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:24:57.175794: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 18:24:57.175797: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 18:24:57.175800: | **parse IKEv2 Identification - Responder - Payload: Aug 26 18:24:57.175803: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:24:57.175805: | flags: none (0x0) Aug 26 18:24:57.175807: | length: 12 (0xc) Aug 26 18:24:57.175810: | ID type: ID_FQDN (0x2) Aug 26 18:24:57.175812: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 18:24:57.175814: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 18:24:57.175817: | **parse IKEv2 Authentication Payload: Aug 26 18:24:57.175819: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:57.175821: | flags: none (0x0) Aug 26 18:24:57.175823: | length: 72 (0x48) Aug 26 18:24:57.175825: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:24:57.175828: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 18:24:57.175830: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:57.175832: | **parse IKEv2 Security Association Payload: Aug 26 18:24:57.175834: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:24:57.175836: | flags: none (0x0) Aug 26 18:24:57.175838: | length: 36 (0x24) Aug 26 18:24:57.175841: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 18:24:57.175843: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:24:57.175846: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:57.175848: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:24:57.175851: | flags: none (0x0) Aug 26 18:24:57.175853: | length: 24 (0x18) Aug 26 18:24:57.175856: | number of TS: 1 (0x1) Aug 26 18:24:57.175860: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:24:57.175863: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:24:57.175865: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:57.175868: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.175870: | flags: none (0x0) Aug 26 18:24:57.175872: | length: 24 (0x18) Aug 26 18:24:57.175874: | number of TS: 1 (0x1) Aug 26 18:24:57.175877: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:24:57.175880: | selected state microcode Initiator: process IKE_AUTH response Aug 26 18:24:57.175882: | Now let's proceed with state specific processing Aug 26 18:24:57.175885: | calling processor Initiator: process IKE_AUTH response Aug 26 18:24:57.175890: | offered CA: '%none' Aug 26 18:24:57.175895: "northnet-eastnet/0x1" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Aug 26 18:24:57.175936: | verifying AUTH payload Aug 26 18:24:57.175941: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Aug 26 18:24:57.175946: | started looking for secret for @north->@east of kind PKK_PSK Aug 26 18:24:57.175949: | actually looking for secret for @north->@east of kind PKK_PSK Aug 26 18:24:57.175952: | line 1: key type PKK_PSK(@north) to type PKK_PSK Aug 26 18:24:57.175955: | 1: compared key @north to @north / @east -> 010 Aug 26 18:24:57.175958: | 2: compared key @east to @north / @east -> 014 Aug 26 18:24:57.175960: | line 1: match=014 Aug 26 18:24:57.175964: | match 014 beats previous best_match 000 match=0x563b6f88fc48 (line=1) Aug 26 18:24:57.175966: | concluding with best_match=014 best=0x563b6f88fc48 (lineno=1) Aug 26 18:24:57.176023: "northnet-eastnet/0x1" #2: Authenticated using authby=secret Aug 26 18:24:57.176032: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 18:24:57.176036: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 18:24:57.176039: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:24:57.176044: | libevent_free: release ptr-libevent@0x563b6f93ad08 Aug 26 18:24:57.176047: | free_event_entry: release EVENT_SA_REPLACE-pe@0x563b6f93af28 Aug 26 18:24:57.176050: | event_schedule: new EVENT_SA_REKEY-pe@0x563b6f93af28 Aug 26 18:24:57.176053: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 18:24:57.176056: | libevent_malloc: new ptr-libevent@0x7f9740000f48 size 128 Aug 26 18:24:57.177069: | pstats #1 ikev2.ike established Aug 26 18:24:57.177083: | TSi: parsing 1 traffic selectors Aug 26 18:24:57.177088: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:57.177092: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:57.177096: | IP Protocol ID: 0 (0x0) Aug 26 18:24:57.177099: | length: 16 (0x10) Aug 26 18:24:57.177102: | start port: 0 (0x0) Aug 26 18:24:57.177104: | end port: 65535 (0xffff) Aug 26 18:24:57.177108: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:57.177111: | TS low c0 00 03 00 Aug 26 18:24:57.177115: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:57.177118: | TS high c0 00 03 ff Aug 26 18:24:57.177121: | TSi: parsed 1 traffic selectors Aug 26 18:24:57.177124: | TSr: parsing 1 traffic selectors Aug 26 18:24:57.177128: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:57.177131: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:57.177134: | IP Protocol ID: 0 (0x0) Aug 26 18:24:57.177137: | length: 16 (0x10) Aug 26 18:24:57.177139: | start port: 0 (0x0) Aug 26 18:24:57.177142: | end port: 65535 (0xffff) Aug 26 18:24:57.177145: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:57.177148: | TS low c0 00 02 00 Aug 26 18:24:57.177151: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:57.177154: | TS high c0 00 02 ff Aug 26 18:24:57.177156: | TSr: parsed 1 traffic selectors Aug 26 18:24:57.177163: | evaluating our conn="northnet-eastnet/0x1" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:24:57.177173: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:57.177182: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:24:57.177186: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:57.177189: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:57.177193: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:57.177197: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:57.177203: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:57.177210: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 18:24:57.177214: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:24:57.177217: | TSr[0] port match: YES fitness 65536 Aug 26 18:24:57.177220: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:24:57.177222: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:57.177224: | best fit so far: TSi[0] TSr[0] Aug 26 18:24:57.177226: | found an acceptable TSi/TSr Traffic Selector Aug 26 18:24:57.177228: | printing contents struct traffic_selector Aug 26 18:24:57.177229: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:24:57.177231: | ipprotoid: 0 Aug 26 18:24:57.177232: | port range: 0-65535 Aug 26 18:24:57.177235: | ip range: 192.0.3.0-192.0.3.255 Aug 26 18:24:57.177236: | printing contents struct traffic_selector Aug 26 18:24:57.177238: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:24:57.177239: | ipprotoid: 0 Aug 26 18:24:57.177241: | port range: 0-65535 Aug 26 18:24:57.177243: | ip range: 192.0.2.0-192.0.2.255 Aug 26 18:24:57.177253: | using existing local ESP/AH proposals for northnet-eastnet/0x1 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:24:57.177255: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 18:24:57.177259: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:57.177261: | local proposal 1 type PRF has 0 transforms Aug 26 18:24:57.177262: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:57.177264: | local proposal 1 type DH has 1 transforms Aug 26 18:24:57.177266: | local proposal 1 type ESN has 1 transforms Aug 26 18:24:57.177268: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:24:57.177270: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:57.177271: | local proposal 2 type PRF has 0 transforms Aug 26 18:24:57.177273: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:57.177274: | local proposal 2 type DH has 1 transforms Aug 26 18:24:57.177276: | local proposal 2 type ESN has 1 transforms Aug 26 18:24:57.177278: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:24:57.177280: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:57.177281: | local proposal 3 type PRF has 0 transforms Aug 26 18:24:57.177283: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:57.177284: | local proposal 3 type DH has 1 transforms Aug 26 18:24:57.177286: | local proposal 3 type ESN has 1 transforms Aug 26 18:24:57.177293: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:24:57.177298: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:57.177301: | local proposal 4 type PRF has 0 transforms Aug 26 18:24:57.177303: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:57.177305: | local proposal 4 type DH has 1 transforms Aug 26 18:24:57.177308: | local proposal 4 type ESN has 1 transforms Aug 26 18:24:57.177311: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:24:57.177316: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:57.177319: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:57.177321: | length: 32 (0x20) Aug 26 18:24:57.177322: | prop #: 1 (0x1) Aug 26 18:24:57.177324: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:57.177326: | spi size: 4 (0x4) Aug 26 18:24:57.177327: | # transforms: 2 (0x2) Aug 26 18:24:57.177330: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:57.177332: | remote SPI b0 ac 32 ae Aug 26 18:24:57.177334: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:24:57.177336: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:57.177338: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.177339: | length: 12 (0xc) Aug 26 18:24:57.177341: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:57.177343: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:57.177345: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:57.177346: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:57.177348: | length/value: 256 (0x100) Aug 26 18:24:57.177351: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:57.177353: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:57.177355: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:57.177356: | length: 8 (0x8) Aug 26 18:24:57.177358: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:57.177360: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:57.177362: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:24:57.177364: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 18:24:57.177367: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 18:24:57.177369: | remote proposal 1 matches local proposal 1 Aug 26 18:24:57.177371: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Aug 26 18:24:57.177374: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=b0ac32ae;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 18:24:57.177376: | converting proposal to internal trans attrs Aug 26 18:24:57.177380: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 18:24:57.177525: | install_ipsec_sa() for #2: inbound and outbound Aug 26 18:24:57.177531: | could_route called for northnet-eastnet/0x1 (kind=CK_PERMANENT) Aug 26 18:24:57.177533: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:57.177536: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:57.177538: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:57.177540: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:57.177542: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:57.177544: | route owner of "northnet-eastnet/0x1" unrouted: NULL; eroute owner: NULL Aug 26 18:24:57.177547: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:57.177550: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:57.177552: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:57.177554: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:57.177557: | setting IPsec SA replay-window to 32 Aug 26 18:24:57.177559: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x1' not available on interface eth1 Aug 26 18:24:57.177562: | netlink: enabling tunnel mode Aug 26 18:24:57.177564: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:57.177566: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:57.177645: | netlink response for Add SA esp.b0ac32ae@192.1.2.23 included non-error error Aug 26 18:24:57.177652: | set up outgoing SA, ref=0/0 Aug 26 18:24:57.177658: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:57.177661: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:57.177664: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:57.177667: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:57.177671: | setting IPsec SA replay-window to 32 Aug 26 18:24:57.177675: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x1' not available on interface eth1 Aug 26 18:24:57.177677: | netlink: enabling tunnel mode Aug 26 18:24:57.177680: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:57.177683: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:57.177722: | netlink response for Add SA esp.3f2791d7@192.1.3.33 included non-error error Aug 26 18:24:57.177727: | priority calculation of connection "northnet-eastnet/0x1" is 0xfe7e7 Aug 26 18:24:57.177734: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 18:24:57.177742: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:57.177774: | raw_eroute result=success Aug 26 18:24:57.177779: | set up incoming SA, ref=0/0 Aug 26 18:24:57.177782: | sr for #2: unrouted Aug 26 18:24:57.177786: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:24:57.177789: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:57.177793: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:57.177796: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:57.177800: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:24:57.177803: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:57.177808: | route owner of "northnet-eastnet/0x1" unrouted: NULL; eroute owner: NULL Aug 26 18:24:57.177812: | route_and_eroute with c: northnet-eastnet/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 18:24:57.177816: | priority calculation of connection "northnet-eastnet/0x1" is 0xfe7e7 Aug 26 18:24:57.177825: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 18:24:57.177829: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:57.177843: | raw_eroute result=success Aug 26 18:24:57.177848: | running updown command "ipsec _updown" for verb up Aug 26 18:24:57.177851: | command executing up-client Aug 26 18:24:57.177879: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' S Aug 26 18:24:57.177882: | popen cmd is 1050 chars long Aug 26 18:24:57.177884: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x: Aug 26 18:24:57.177886: | cmd( 80):1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUT: Aug 26 18:24:57.177888: | cmd( 160):O_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' : Aug 26 18:24:57.177889: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Aug 26 18:24:57.177891: | cmd( 320):TO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@: Aug 26 18:24:57.177895: | cmd( 400):east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_P: Aug 26 18:24:57.177897: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Aug 26 18:24:57.177911: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRY: Aug 26 18:24:57.177916: | cmd( 640):PT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_: Aug 26 18:24:57.177919: | cmd( 720):CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PE: Aug 26 18:24:57.177923: | cmd( 800):ER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=: Aug 26 18:24:57.177926: | cmd( 880):'' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=': Aug 26 18:24:57.177930: | cmd( 960):' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xb0ac32ae SPI_OUT=0x3f2791d7 ipsec _u: Aug 26 18:24:57.177933: | cmd(1040):pdown 2>&1: Aug 26 18:24:57.192012: | route_and_eroute: firewall_notified: true Aug 26 18:24:57.192033: | running updown command "ipsec _updown" for verb prepare Aug 26 18:24:57.192037: | command executing prepare-client Aug 26 18:24:57.192070: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA Aug 26 18:24:57.192075: | popen cmd is 1055 chars long Aug 26 18:24:57.192078: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:24:57.192081: | cmd( 80):et/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33': Aug 26 18:24:57.192084: | cmd( 160): PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 18:24:57.192086: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Aug 26 18:24:57.192089: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Aug 26 18:24:57.192092: | cmd( 400):ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Aug 26 18:24:57.192094: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 18:24:57.192097: | cmd( 560): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+: Aug 26 18:24:57.192100: | cmd( 640):ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' P: Aug 26 18:24:57.192103: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Aug 26 18:24:57.192105: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Aug 26 18:24:57.192108: | cmd( 880):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Aug 26 18:24:57.192111: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xb0ac32ae SPI_OUT=0x3f2791d7 ips: Aug 26 18:24:57.192113: | cmd(1040):ec _updown 2>&1: Aug 26 18:24:57.203794: | running updown command "ipsec _updown" for verb route Aug 26 18:24:57.203810: | command executing route-client Aug 26 18:24:57.203847: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED= Aug 26 18:24:57.203853: | popen cmd is 1053 chars long Aug 26 18:24:57.203856: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 18:24:57.203859: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' P: Aug 26 18:24:57.203862: | cmd( 160):LUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Aug 26 18:24:57.203865: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Aug 26 18:24:57.203867: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Aug 26 18:24:57.203870: | cmd( 400):='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUT: Aug 26 18:24:57.203873: | cmd( 480):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Aug 26 18:24:57.203875: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+EN: Aug 26 18:24:57.203878: | cmd( 640):CRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLU: Aug 26 18:24:57.203881: | cmd( 720):TO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS: Aug 26 18:24:57.203883: | cmd( 800):_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANN: Aug 26 18:24:57.203886: | cmd( 880):ER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFAC: Aug 26 18:24:57.203889: | cmd( 960):E='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xb0ac32ae SPI_OUT=0x3f2791d7 ipsec: Aug 26 18:24:57.203891: | cmd(1040): _updown 2>&1: Aug 26 18:24:57.222658: | route_and_eroute: instance "northnet-eastnet/0x1", setting eroute_owner {spd=0x563b6f934bd8,sr=0x563b6f934bd8} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 18:24:57.222747: | #1 spent 2.01 milliseconds in install_ipsec_sa() Aug 26 18:24:57.222757: | inR2: instance northnet-eastnet/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 18:24:57.222761: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:24:57.222765: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 18:24:57.222776: | libevent_free: release ptr-libevent@0x563b6f93e878 Aug 26 18:24:57.222784: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f9748002b78 Aug 26 18:24:57.222791: | #2 spent 2.76 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 18:24:57.222800: | [RE]START processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:57.222805: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 18:24:57.222808: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 18:24:57.222813: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 18:24:57.222816: | Message ID: updating counters for #2 to 1 after switching state Aug 26 18:24:57.222822: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 18:24:57.222831: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:57.222834: | pstats #2 ikev2.child established Aug 26 18:24:57.222845: "northnet-eastnet/0x1" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 18:24:57.222858: | NAT-T: encaps is 'auto' Aug 26 18:24:57.222864: "northnet-eastnet/0x1" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xb0ac32ae <0x3f2791d7 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 18:24:57.222869: | releasing whack for #2 (sock=fd@26) Aug 26 18:24:57.222873: | close_any(fd@26) (in release_whack() at state.c:654) Aug 26 18:24:57.222876: | releasing whack and unpending for parent #1 Aug 26 18:24:57.222879: | unpending state #1 connection "northnet-eastnet/0x1" Aug 26 18:24:57.222886: | delete from pending Child SA with 192.1.2.23 "northnet-eastnet/0x1" Aug 26 18:24:57.222890: | removing pending policy for no connection {0x563b6f91c218} Aug 26 18:24:57.222896: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 18:24:57.222902: | creating state object #3 at 0x563b6f943068 Aug 26 18:24:57.222906: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 18:24:57.222915: | pstats #3 ikev2.child started Aug 26 18:24:57.222919: | duplicating state object #1 "northnet-eastnet/0x2" as #3 for IPSEC SA Aug 26 18:24:57.222926: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:24:57.222939: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:24:57.222944: | suspend processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:24:57.222949: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:24:57.222953: | child state #3: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA) Aug 26 18:24:57.222957: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 18:24:57.222961: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnet/0x2 (ESP/AH initiator emitting proposals) Aug 26 18:24:57.222966: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:24:57.222972: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:24:57.222976: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:24:57.222980: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:24:57.222984: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:57.222989: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:57.222992: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:24:57.222996: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:57.223005: "northnet-eastnet/0x2": constructed local ESP/AH proposals for northnet-eastnet/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:57.223018: | #3 schedule initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=MODP2048 Aug 26 18:24:57.223023: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7f9748002b78 Aug 26 18:24:57.223029: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 18:24:57.223034: | libevent_malloc: new ptr-libevent@0x563b6f93cfd8 size 128 Aug 26 18:24:57.223040: | RESET processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:24:57.223045: | RESET processing: from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:24:57.223049: | delete from pending Child SA with 192.1.2.23 "northnet-eastnet/0x2" Aug 26 18:24:57.223052: | removing pending policy for no connection {0x563b6f927738} Aug 26 18:24:57.223055: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 18:24:57.223060: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 18:24:57.223063: | event_schedule: new EVENT_SA_REKEY-pe@0x563b6f93b098 Aug 26 18:24:57.223066: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 18:24:57.223070: | libevent_malloc: new ptr-libevent@0x563b6f93ac58 size 128 Aug 26 18:24:57.223074: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:57.223079: | #1 spent 3.29 milliseconds in ikev2_process_packet() Aug 26 18:24:57.223085: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:57.223088: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:57.223092: | spent 3.3 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:57.223107: | timer_event_cb: processing event@0x7f9748002b78 Aug 26 18:24:57.223111: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 18:24:57.223116: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:24:57.223124: | adding Child Initiator KE and nonce ni work-order 3 for state #3 Aug 26 18:24:57.223128: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563b6f93d988 Aug 26 18:24:57.223131: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:24:57.223135: | libevent_malloc: new ptr-libevent@0x7f9748002888 size 128 Aug 26 18:24:57.223143: | libevent_free: release ptr-libevent@0x563b6f93cfd8 Aug 26 18:24:57.223146: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7f9748002b78 Aug 26 18:24:57.223150: | crypto helper 2 resuming Aug 26 18:24:57.223165: | crypto helper 2 starting work-order 3 for state #3 Aug 26 18:24:57.223171: | crypto helper 2 doing build KE and nonce (Child Initiator KE and nonce ni); request ID 3 Aug 26 18:24:57.224202: | crypto helper 2 finished build KE and nonce (Child Initiator KE and nonce ni); request ID 3 time elapsed 0.00103 seconds Aug 26 18:24:57.224216: | (#3) spent 1.03 milliseconds in crypto helper computing work-order 3: Child Initiator KE and nonce ni (pcr) Aug 26 18:24:57.224221: | crypto helper 2 sending results from work-order 3 for state #3 to event queue Aug 26 18:24:57.224224: | scheduling resume sending helper answer for #3 Aug 26 18:24:57.224228: | libevent_malloc: new ptr-libevent@0x7f9744002888 size 128 Aug 26 18:24:57.224232: | libevent_realloc: release ptr-libevent@0x563b6f916888 Aug 26 18:24:57.224236: | libevent_realloc: new ptr-libevent@0x7f97440027d8 size 128 Aug 26 18:24:57.224242: | crypto helper 2 waiting (nothing to do) Aug 26 18:24:57.223152: | #3 spent 0.0439 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 18:24:57.224256: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:24:57.224260: | processing signal PLUTO_SIGCHLD Aug 26 18:24:57.224266: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:57.224271: | spent 0.00578 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:57.224274: | processing signal PLUTO_SIGCHLD Aug 26 18:24:57.224278: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:57.224283: | spent 0.00408 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:57.224291: | processing signal PLUTO_SIGCHLD Aug 26 18:24:57.224298: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:57.224302: | spent 0.00465 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:57.224311: | processing resume sending helper answer for #3 Aug 26 18:24:57.224317: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:57.224322: | crypto helper 2 replies to request ID 3 Aug 26 18:24:57.224325: | calling continuation function 0x563b6df78b50 Aug 26 18:24:57.224329: | ikev2_child_outI_continue for #3 STATE_V2_CREATE_I0 Aug 26 18:24:57.224333: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:57.224338: | libevent_free: release ptr-libevent@0x7f9748002888 Aug 26 18:24:57.224342: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563b6f93d988 Aug 26 18:24:57.224345: | event_schedule: new EVENT_SA_REPLACE-pe@0x563b6f93d988 Aug 26 18:24:57.224350: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Aug 26 18:24:57.224353: | libevent_malloc: new ptr-libevent@0x7f9748002888 size 128 Aug 26 18:24:57.224360: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:57.224363: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 18:24:57.224367: | libevent_malloc: new ptr-libevent@0x563b6f93cfd8 size 128 Aug 26 18:24:57.224373: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:57.224378: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND Aug 26 18:24:57.224381: | suspending state #3 and saving MD Aug 26 18:24:57.224384: | #3 is busy; has a suspended MD Aug 26 18:24:57.224390: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:57.224395: | "northnet-eastnet/0x2" #3 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:57.224400: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Aug 26 18:24:57.224406: | #3 spent 0.0831 milliseconds in resume sending helper answer Aug 26 18:24:57.224412: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:57.224416: | libevent_free: release ptr-libevent@0x7f9744002888 Aug 26 18:24:57.224421: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 18:24:57.224427: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in callback_handler() at server.c:904) Aug 26 18:24:57.224435: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:57.224440: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 18:24:57.224446: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 18:24:57.224472: | **emit ISAKMP Message: Aug 26 18:24:57.224476: | initiator cookie: Aug 26 18:24:57.224480: | 50 73 f3 5a 4c 9e 76 49 Aug 26 18:24:57.224482: | responder cookie: Aug 26 18:24:57.224485: | c6 0a 30 9b f3 39 58 13 Aug 26 18:24:57.224489: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:24:57.224493: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:57.224496: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 18:24:57.224501: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:24:57.224504: | Message ID: 2 (0x2) Aug 26 18:24:57.224508: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:24:57.224511: | ***emit IKEv2 Encryption Payload: Aug 26 18:24:57.224515: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.224519: | flags: none (0x0) Aug 26 18:24:57.224523: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:24:57.224527: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:24:57.224531: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:24:57.224890: | netlink_get_spi: allocated 0x919dd137 for esp.0@192.1.3.33 Aug 26 18:24:57.224896: | Emitting ikev2_proposals ... Aug 26 18:24:57.224900: | ****emit IKEv2 Security Association Payload: Aug 26 18:24:57.224904: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.224907: | flags: none (0x0) Aug 26 18:24:57.224912: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:24:57.224916: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:24:57.224920: | discarding INTEG=NONE Aug 26 18:24:57.224923: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:57.224927: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:57.224930: | prop #: 1 (0x1) Aug 26 18:24:57.224934: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:57.224937: | spi size: 4 (0x4) Aug 26 18:24:57.224940: | # transforms: 3 (0x3) Aug 26 18:24:57.224944: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:57.224948: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:57.224951: | our spi 91 9d d1 37 Aug 26 18:24:57.224954: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.224957: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.224960: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:57.224963: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:57.224967: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.224970: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:57.224973: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:57.224976: | length/value: 256 (0x100) Aug 26 18:24:57.224979: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:57.224982: | discarding INTEG=NONE Aug 26 18:24:57.224985: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.224987: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.224990: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.224993: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:57.224997: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.225001: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.225004: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.225007: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.225010: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:57.225013: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:57.225015: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:57.225019: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.225023: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.225026: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.225029: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:24:57.225037: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:57.225040: | discarding INTEG=NONE Aug 26 18:24:57.225042: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:57.225045: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:57.225048: | prop #: 2 (0x2) Aug 26 18:24:57.225051: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:57.225053: | spi size: 4 (0x4) Aug 26 18:24:57.225055: | # transforms: 3 (0x3) Aug 26 18:24:57.225060: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:57.225063: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:57.225067: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:57.225069: | our spi 91 9d d1 37 Aug 26 18:24:57.225072: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.225075: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.225078: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:57.225080: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:57.225084: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.225087: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:57.225090: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:57.225092: | length/value: 128 (0x80) Aug 26 18:24:57.225096: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:57.225098: | discarding INTEG=NONE Aug 26 18:24:57.225101: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.225104: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.225106: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.225109: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:57.225113: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.225116: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.225120: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.225122: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.225125: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:57.225128: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:57.225131: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:57.225135: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.225138: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.225141: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.225144: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:24:57.225148: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:57.225151: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:57.225154: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:57.225156: | prop #: 3 (0x3) Aug 26 18:24:57.225159: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:57.225161: | spi size: 4 (0x4) Aug 26 18:24:57.225164: | # transforms: 5 (0x5) Aug 26 18:24:57.225167: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:57.225171: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:57.225176: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:57.225179: | our spi 91 9d d1 37 Aug 26 18:24:57.225182: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.225185: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.225188: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:57.225190: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:57.225194: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.225197: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:57.225200: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:57.225203: | length/value: 256 (0x100) Aug 26 18:24:57.225205: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:57.225208: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.225211: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.225214: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:57.225217: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:57.225222: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.225225: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.225229: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.225232: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.225235: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.225238: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:57.225241: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:57.225246: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.225249: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.225253: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.225255: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.225258: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.225261: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.225264: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:57.225268: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.225271: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.225275: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.225277: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.225280: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:57.225283: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:57.225286: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:57.225971: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.225982: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.225986: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.227448: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 18:24:57.227458: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:57.227463: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:24:57.227467: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:57.227474: | prop #: 4 (0x4) Aug 26 18:24:57.227477: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:57.227480: | spi size: 4 (0x4) Aug 26 18:24:57.227483: | # transforms: 5 (0x5) Aug 26 18:24:57.227487: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:24:57.227492: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:24:57.227496: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:24:57.227499: | our spi 91 9d d1 37 Aug 26 18:24:57.227503: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.227506: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.227510: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:57.227513: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:24:57.227517: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.227521: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:24:57.227524: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:57.227527: | length/value: 128 (0x80) Aug 26 18:24:57.227530: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:24:57.227534: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.227537: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.227540: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:57.227543: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:24:57.227546: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.227550: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.227553: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.227556: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.227559: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.227562: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:24:57.227565: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:24:57.227569: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.227573: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.227576: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.227579: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.227582: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.227585: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.227589: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:57.227592: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.227596: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.227599: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.227602: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:24:57.227606: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:57.227609: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:57.227612: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:57.227615: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.227618: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:24:57.227624: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:24:57.227627: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 18:24:57.227630: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:24:57.227634: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 18:24:57.227637: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:24:57.227641: | ****emit IKEv2 Nonce Payload: Aug 26 18:24:57.227644: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.227647: | flags: none (0x0) Aug 26 18:24:57.227652: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:24:57.227655: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:24:57.227659: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:24:57.227663: | IKEv2 nonce d9 69 11 e0 3a 2a 50 94 78 7e 59 e7 38 f2 6b 65 Aug 26 18:24:57.227666: | IKEv2 nonce fc 95 a5 2c 84 25 ab b4 f8 83 4e c7 ee 77 9a f8 Aug 26 18:24:57.227669: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:24:57.227672: | ****emit IKEv2 Key Exchange Payload: Aug 26 18:24:57.227676: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.227679: | flags: none (0x0) Aug 26 18:24:57.227682: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:57.227686: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:24:57.227689: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:24:57.227693: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:24:57.227696: | ikev2 g^x a0 87 b0 2d 68 82 32 78 ff 6c 25 3c 58 0f cc 18 Aug 26 18:24:57.227699: | ikev2 g^x c1 64 cd 89 5a 7e a9 98 b4 a9 51 c6 3f 5d 68 fc Aug 26 18:24:57.227702: | ikev2 g^x 21 d4 23 4a b1 d9 26 4a d8 01 e6 bb 0b 6e 75 1e Aug 26 18:24:57.227705: | ikev2 g^x e8 8d 35 8f fe 8d 43 96 d3 76 f5 3c 29 e4 8e 87 Aug 26 18:24:57.227708: | ikev2 g^x 8b ed bb c2 24 7f e1 ef d6 54 a1 a1 da 9a 6d 39 Aug 26 18:24:57.227711: | ikev2 g^x 4e ea 6f c9 b4 52 c7 76 2f fa a8 f7 4d c0 4a 62 Aug 26 18:24:57.227714: | ikev2 g^x 57 68 ed 4c 01 ba bb 63 d7 0c e6 c4 83 05 46 57 Aug 26 18:24:57.227717: | ikev2 g^x 38 e0 20 d5 c5 c2 a6 cf 8c 6f ac d5 73 82 a5 a2 Aug 26 18:24:57.227720: | ikev2 g^x 50 1c 4e 56 e7 08 3d c8 4b 19 ee 0e 8f 68 b1 31 Aug 26 18:24:57.227723: | ikev2 g^x fe 63 c8 a5 97 5e be 89 99 31 ed 40 c8 df a0 0a Aug 26 18:24:57.227726: | ikev2 g^x db 56 c6 6b c5 ba 56 4a ce 92 ee ab 45 5a 7e 60 Aug 26 18:24:57.227728: | ikev2 g^x fb 90 1a eb 1c 36 45 a7 29 34 a3 5f 78 7b a8 9f Aug 26 18:24:57.227731: | ikev2 g^x 55 25 3f ab 88 19 9a 9e e7 da 35 14 d4 3c f2 69 Aug 26 18:24:57.227734: | ikev2 g^x 49 0b 5d 8b 37 b8 24 25 29 3f c6 19 d1 07 22 84 Aug 26 18:24:57.227737: | ikev2 g^x ef 0c 34 c1 58 55 24 3a 46 00 06 0c af 2c af c0 Aug 26 18:24:57.227740: | ikev2 g^x 52 30 91 ba c1 0a ce 2a 7f 0b 27 c3 cd 05 63 bc Aug 26 18:24:57.227743: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:24:57.227747: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:57.227750: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.227753: | flags: none (0x0) Aug 26 18:24:57.227756: | number of TS: 1 (0x1) Aug 26 18:24:57.227760: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:24:57.227764: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:57.227768: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:57.227772: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:57.227775: | IP Protocol ID: 0 (0x0) Aug 26 18:24:57.227778: | start port: 0 (0x0) Aug 26 18:24:57.227781: | end port: 65535 (0xffff) Aug 26 18:24:57.227784: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:57.227787: | ipv4 start c0 00 03 00 Aug 26 18:24:57.227791: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:57.227794: | ipv4 end c0 00 03 ff Aug 26 18:24:57.227797: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:57.227800: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:24:57.227803: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:57.227806: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.227809: | flags: none (0x0) Aug 26 18:24:57.227812: | number of TS: 1 (0x1) Aug 26 18:24:57.227816: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:24:57.227820: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:24:57.227823: | *****emit IKEv2 Traffic Selector: Aug 26 18:24:57.227826: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:57.227829: | IP Protocol ID: 0 (0x0) Aug 26 18:24:57.227832: | start port: 0 (0x0) Aug 26 18:24:57.227835: | end port: 65535 (0xffff) Aug 26 18:24:57.227838: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:24:57.227841: | ipv4 start c0 00 02 00 Aug 26 18:24:57.227845: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:24:57.227848: | ipv4 end c0 00 02 ff Aug 26 18:24:57.227850: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:24:57.227853: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:24:57.227857: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 18:24:57.227860: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:24:57.227865: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:24:57.227869: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:24:57.227872: | emitting length of IKEv2 Encryption Payload: 573 Aug 26 18:24:57.227875: | emitting length of ISAKMP Message: 601 Aug 26 18:24:57.227910: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:57.227917: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_OK Aug 26 18:24:57.227921: | IKEv2: transition from state STATE_V2_CREATE_I0 to state STATE_V2_CREATE_I Aug 26 18:24:57.227926: | child state #3: V2_CREATE_I0(established IKE SA) => V2_CREATE_I(established IKE SA) Aug 26 18:24:57.227930: | Message ID: updating counters for #3 to 4294967295 after switching state Aug 26 18:24:57.227933: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 18:24:57.227940: | Message ID: sent #1.#3 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1 Aug 26 18:24:57.227944: "northnet-eastnet/0x2" #3: STATE_V2_CREATE_I: sent IPsec Child req wait response Aug 26 18:24:57.228226: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:24:57.228242: | sending 601 bytes for STATE_V2_CREATE_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:24:57.228247: | 50 73 f3 5a 4c 9e 76 49 c6 0a 30 9b f3 39 58 13 Aug 26 18:24:57.228249: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Aug 26 18:24:57.228252: | e0 6c 77 d2 07 69 e6 5e 6e f7 f8 32 28 95 da 09 Aug 26 18:24:57.228258: | a1 38 e0 c5 11 a9 30 63 44 e3 36 e3 57 81 16 72 Aug 26 18:24:57.228261: | f4 40 70 98 0b 3f 41 16 61 4b 4d c7 f4 9a 54 97 Aug 26 18:24:57.228264: | 0b fb d3 0c 92 29 f5 eb ef cf 27 50 4e e0 9c e5 Aug 26 18:24:57.228267: | 1d a6 ec 90 9e d4 bc 16 4f c9 7b 24 32 f5 28 aa Aug 26 18:24:57.228270: | 6a e6 a9 69 fe f3 bf 54 50 82 f3 57 4f 2d be c7 Aug 26 18:24:57.228273: | 02 96 f8 b6 69 41 25 fb 97 88 47 66 2f d3 3d bb Aug 26 18:24:57.228276: | 17 7a 5e 21 c5 ed 2c d1 40 4b e8 61 cc a6 76 bd Aug 26 18:24:57.228279: | 33 22 0e 29 53 09 1d c6 84 88 05 f4 0a 86 6e e4 Aug 26 18:24:57.228282: | 19 a4 0e d7 70 fe 10 42 14 59 20 7d b0 f1 fd 34 Aug 26 18:24:57.228285: | e8 48 32 ac 47 fd 7c 4c 36 30 d0 f7 33 90 86 a5 Aug 26 18:24:57.228670: | 7f ed 9d f4 db 91 23 11 fb e7 f6 42 d9 fd 99 22 Aug 26 18:24:57.228683: | 6a da 99 62 07 d7 59 0f 57 b6 c3 83 55 0b 5d d0 Aug 26 18:24:57.228687: | bf 71 78 6c 89 81 8d 89 74 19 97 63 fb 9a ac ea Aug 26 18:24:57.228690: | 60 b8 9b da 67 6d b1 09 2b c0 51 37 d3 da a3 65 Aug 26 18:24:57.228693: | ff 81 24 54 e3 0e a3 4e 94 4f ad 23 d6 c2 09 68 Aug 26 18:24:57.228696: | f7 6c 37 37 db 85 36 1f e3 cf 4d ce bd fa 4e 37 Aug 26 18:24:57.228699: | a0 45 22 69 44 99 ed a2 3a 5f 74 3d 4d 05 83 9d Aug 26 18:24:57.228701: | f3 c5 97 81 2a 4e 8e db 36 0a c7 a6 4a 1b 91 d9 Aug 26 18:24:57.228704: | c6 86 46 15 68 87 1f f7 56 c6 6b 40 3b 11 e2 02 Aug 26 18:24:57.228707: | 4a 71 c7 bb ee 79 85 59 d4 8e 51 32 11 b3 8d b6 Aug 26 18:24:57.228710: | bd 4a d5 6f 7c 78 a3 7b b7 a9 af 36 25 2c 7d 36 Aug 26 18:24:57.228713: | 65 4b fd d4 91 2d 75 f7 8a a1 2b b3 28 22 a5 1b Aug 26 18:24:57.228716: | 92 35 fc 64 f6 d4 c3 50 06 5f 4f a1 4f cd 3a dc Aug 26 18:24:57.228719: | 18 e7 db b8 29 58 47 bb 77 3b 96 e1 59 c1 2b d4 Aug 26 18:24:57.228722: | 92 47 d5 2e 74 52 59 41 e8 c0 f8 f1 51 d2 16 35 Aug 26 18:24:57.228725: | ca 2f c0 74 4b 49 6b 85 d2 8f 9a 4d 67 00 81 27 Aug 26 18:24:57.228727: | 1a 9f bc de e3 ce 63 d3 a3 ba 30 75 93 b2 9f aa Aug 26 18:24:57.228730: | 90 7f fd ac 9b 8c 69 bf 57 4a 0d c5 99 06 eb ac Aug 26 18:24:57.228733: | 1c a9 23 e5 1f d2 04 c7 62 d3 e5 ae fe f4 a7 19 Aug 26 18:24:57.228736: | 0d ef 9d 83 5d e1 fc 63 bc b4 1f aa 00 50 ee c7 Aug 26 18:24:57.228739: | 0e 5a 0d 3b b5 40 60 94 47 03 b1 21 e2 49 e7 63 Aug 26 18:24:57.229024: | 20 ef 36 95 1b 8c de 62 4f c4 29 a5 8b aa 42 a3 Aug 26 18:24:57.229029: | d2 65 df 69 f2 46 ae e6 b1 3f b6 67 c6 0a 0d ca Aug 26 18:24:57.229031: | e3 86 7e 33 f2 9b e2 73 26 cf dd b6 68 b4 9d c2 Aug 26 18:24:57.229034: | 04 70 6e 12 2d 04 cc 7b 2f Aug 26 18:24:57.230319: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:24:57.230334: | libevent_free: release ptr-libevent@0x7f9748002888 Aug 26 18:24:57.230338: | free_event_entry: release EVENT_SA_REPLACE-pe@0x563b6f93d988 Aug 26 18:24:57.230342: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:24:57.230346: "northnet-eastnet/0x2" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:24:57.230358: | event_schedule: new EVENT_RETRANSMIT-pe@0x563b6f93d988 Aug 26 18:24:57.230363: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #3 Aug 26 18:24:57.230366: | libevent_malloc: new ptr-libevent@0x7f9748002888 size 128 Aug 26 18:24:57.230372: | #3 STATE_V2_CREATE_I: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29182.972824 Aug 26 18:24:57.230379: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 18:24:57.230385: | resume processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 18:24:57.230392: | #1 spent 1.68 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 18:24:57.230398: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in callback_handler() at server.c:908) Aug 26 18:24:57.230404: | libevent_free: release ptr-libevent@0x563b6f93cfd8 Aug 26 18:24:57.234451: | spent 0.00295 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:24:57.234478: | *received 449 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:24:57.234483: | 50 73 f3 5a 4c 9e 76 49 c6 0a 30 9b f3 39 58 13 Aug 26 18:24:57.234486: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Aug 26 18:24:57.234489: | e4 f5 55 5b 29 58 51 f7 20 2d a6 97 b6 92 1c 83 Aug 26 18:24:57.234491: | 1c b3 0a 6f 28 50 dd d5 29 ec b5 d2 0a 00 ff fb Aug 26 18:24:57.234493: | a7 60 17 72 85 b6 75 b1 ef 49 a9 7b 9f 7a 9e 54 Aug 26 18:24:57.234496: | 8e 0e ba 8b 4b ba b1 bf 7c 26 e0 b2 e6 30 71 01 Aug 26 18:24:57.234499: | 3c 7a 85 e8 2f 26 14 e2 60 0a c1 cd 93 ed 16 ae Aug 26 18:24:57.234501: | a2 fd f4 1f 73 f4 cd 8d 62 ba 74 8e df e6 d8 63 Aug 26 18:24:57.234504: | af 82 54 6a fe 17 d1 bc e5 38 b7 8a 09 a1 3b cc Aug 26 18:24:57.234507: | 91 04 a0 d7 49 23 88 ec 40 7e 86 25 dd 7b 16 f2 Aug 26 18:24:57.234509: | 33 24 d5 2c f7 c5 46 f6 ed ab be 8e ca 96 cd 28 Aug 26 18:24:57.234512: | da 9f 28 a6 70 78 cb c1 5b ed 77 8e db f2 52 e0 Aug 26 18:24:57.234514: | 51 c1 b3 93 25 30 b3 0a e2 2d cf 92 18 9d 64 37 Aug 26 18:24:57.234517: | 62 64 b0 d1 ef e4 b5 03 28 f3 04 ad 9c 77 5d 6e Aug 26 18:24:57.234519: | 67 c9 ea 93 49 35 37 b9 65 2b 57 ad 84 ca d0 34 Aug 26 18:24:57.234521: | 26 0e 5c 7b 1b ca 49 a3 29 9f 92 c9 59 95 f6 76 Aug 26 18:24:57.234524: | 92 d4 3c 2a 07 14 2d 0f 5b 98 8f 4c 03 6e 78 7f Aug 26 18:24:57.234526: | 6b a3 55 d3 dc 8b 5c ae 04 9d be 0b 93 77 af d8 Aug 26 18:24:57.234528: | c3 94 71 20 05 5f 13 94 5c 1d e5 8b d9 7b 85 ba Aug 26 18:24:57.234531: | 55 d7 58 66 d3 1c 68 63 c3 e7 f7 e4 98 13 c9 37 Aug 26 18:24:57.234533: | 9a 2e fa 18 8c e2 35 12 cd 3f 0c 30 1c 32 37 ef Aug 26 18:24:57.234535: | 7b 80 89 53 0d cb 04 29 96 8a 1c 29 52 e0 10 c2 Aug 26 18:24:57.234537: | d8 7c d1 52 b2 9d 50 0d dd eb db ec 95 08 79 c2 Aug 26 18:24:57.234540: | 77 5f 04 0c 4e 32 a4 74 ab 54 dd c7 99 04 87 74 Aug 26 18:24:57.234542: | c8 7d 5d 03 57 0f 93 a9 20 a1 e1 6f d5 f0 ad e8 Aug 26 18:24:57.234544: | 5b f3 6a cc ef 50 46 16 22 3f 07 1c d1 31 f6 10 Aug 26 18:24:57.234547: | d2 44 d0 a9 a2 27 c9 85 05 fd 79 31 df a9 fd 96 Aug 26 18:24:57.234549: | ff 65 d0 13 71 4c 49 ae d3 f6 0d 6e 84 1d 0b 78 Aug 26 18:24:57.234552: | 95 Aug 26 18:24:57.234557: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:24:57.234562: | **parse ISAKMP Message: Aug 26 18:24:57.234565: | initiator cookie: Aug 26 18:24:57.234567: | 50 73 f3 5a 4c 9e 76 49 Aug 26 18:24:57.234570: | responder cookie: Aug 26 18:24:57.234572: | c6 0a 30 9b f3 39 58 13 Aug 26 18:24:57.234575: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:24:57.234578: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:24:57.234581: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 18:24:57.234584: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:24:57.234587: | Message ID: 2 (0x2) Aug 26 18:24:57.234589: | length: 449 (0x1c1) Aug 26 18:24:57.234593: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 18:24:57.234596: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Aug 26 18:24:57.234601: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:24:57.234608: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:24:57.234612: | State DB: found IKEv2 state #3 in V2_CREATE_I (find_v2_sa_by_initiator_wip) Aug 26 18:24:57.234617: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:57.234622: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:24:57.234628: | #3 is idle Aug 26 18:24:57.234631: | #3 idle Aug 26 18:24:57.234634: | unpacking clear payload Aug 26 18:24:57.234637: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:24:57.234640: | ***parse IKEv2 Encryption Payload: Aug 26 18:24:57.234643: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:24:57.234646: | flags: none (0x0) Aug 26 18:24:57.234648: | length: 421 (0x1a5) Aug 26 18:24:57.234651: | processing payload: ISAKMP_NEXT_v2SK (len=417) Aug 26 18:24:57.234654: | #3 in state V2_CREATE_I: sent IPsec Child req wait response Aug 26 18:24:57.234675: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 18:24:57.234678: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:24:57.234682: | **parse IKEv2 Security Association Payload: Aug 26 18:24:57.234684: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:24:57.234687: | flags: none (0x0) Aug 26 18:24:57.234690: | length: 44 (0x2c) Aug 26 18:24:57.234693: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 18:24:57.234695: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:24:57.234698: | **parse IKEv2 Nonce Payload: Aug 26 18:24:57.234701: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:24:57.234703: | flags: none (0x0) Aug 26 18:24:57.234706: | length: 36 (0x24) Aug 26 18:24:57.234709: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:24:57.234712: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:24:57.234715: | **parse IKEv2 Key Exchange Payload: Aug 26 18:24:57.234718: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:24:57.234721: | flags: none (0x0) Aug 26 18:24:57.234723: | length: 264 (0x108) Aug 26 18:24:57.234726: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:57.234729: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:24:57.234731: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:24:57.234734: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:24:57.234737: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:24:57.234739: | flags: none (0x0) Aug 26 18:24:57.234742: | length: 24 (0x18) Aug 26 18:24:57.234744: | number of TS: 1 (0x1) Aug 26 18:24:57.234747: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:24:57.234749: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:24:57.234752: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:24:57.234754: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:24:57.234757: | flags: none (0x0) Aug 26 18:24:57.234759: | length: 24 (0x18) Aug 26 18:24:57.234762: | number of TS: 1 (0x1) Aug 26 18:24:57.234764: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:24:57.234767: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Aug 26 18:24:57.234773: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:24:57.234776: | forcing ST #3 to CHILD #1.#3 in FSM processor Aug 26 18:24:57.234778: | Now let's proceed with state specific processing Aug 26 18:24:57.234781: | calling processor Process CREATE_CHILD_SA IPsec SA Response Aug 26 18:24:57.234795: | using existing local ESP/AH proposals for northnet-eastnet/0x2 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:24:57.234800: | Comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 18:24:57.234804: | local proposal 1 type ENCR has 1 transforms Aug 26 18:24:57.234807: | local proposal 1 type PRF has 0 transforms Aug 26 18:24:57.234810: | local proposal 1 type INTEG has 1 transforms Aug 26 18:24:57.234815: | local proposal 1 type DH has 1 transforms Aug 26 18:24:57.234817: | local proposal 1 type ESN has 1 transforms Aug 26 18:24:57.234821: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 18:24:57.234824: | local proposal 2 type ENCR has 1 transforms Aug 26 18:24:57.234827: | local proposal 2 type PRF has 0 transforms Aug 26 18:24:57.234829: | local proposal 2 type INTEG has 1 transforms Aug 26 18:24:57.234832: | local proposal 2 type DH has 1 transforms Aug 26 18:24:57.234835: | local proposal 2 type ESN has 1 transforms Aug 26 18:24:57.234838: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 18:24:57.234840: | local proposal 3 type ENCR has 1 transforms Aug 26 18:24:57.234843: | local proposal 3 type PRF has 0 transforms Aug 26 18:24:57.234846: | local proposal 3 type INTEG has 2 transforms Aug 26 18:24:57.234848: | local proposal 3 type DH has 1 transforms Aug 26 18:24:57.234851: | local proposal 3 type ESN has 1 transforms Aug 26 18:24:57.234854: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 18:24:57.234857: | local proposal 4 type ENCR has 1 transforms Aug 26 18:24:57.234859: | local proposal 4 type PRF has 0 transforms Aug 26 18:24:57.234862: | local proposal 4 type INTEG has 2 transforms Aug 26 18:24:57.234865: | local proposal 4 type DH has 1 transforms Aug 26 18:24:57.234867: | local proposal 4 type ESN has 1 transforms Aug 26 18:24:57.234870: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 18:24:57.234873: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:24:57.234876: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:24:57.234879: | length: 40 (0x28) Aug 26 18:24:57.234882: | prop #: 1 (0x1) Aug 26 18:24:57.234884: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:24:57.234887: | spi size: 4 (0x4) Aug 26 18:24:57.234889: | # transforms: 3 (0x3) Aug 26 18:24:57.234893: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:24:57.234896: | remote SPI ac 2e c9 ec Aug 26 18:24:57.234899: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:24:57.234902: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:57.234905: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.234908: | length: 12 (0xc) Aug 26 18:24:57.234911: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:24:57.234914: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:24:57.234916: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:24:57.234919: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:24:57.234922: | length/value: 256 (0x100) Aug 26 18:24:57.234927: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:24:57.234930: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:57.234933: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:24:57.234936: | length: 8 (0x8) Aug 26 18:24:57.234938: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:24:57.234941: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:24:57.234945: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:24:57.234948: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:24:57.234951: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:24:57.234954: | length: 8 (0x8) Aug 26 18:24:57.234957: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:24:57.234960: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:24:57.234963: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:24:57.234967: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Aug 26 18:24:57.234972: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Aug 26 18:24:57.234981: | remote proposal 1 matches local proposal 1 Aug 26 18:24:57.234984: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Aug 26 18:24:57.234990: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=ac2ec9ec;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Aug 26 18:24:57.234993: | converting proposal to internal trans attrs Aug 26 18:24:57.234998: | updating #3's .st_oakley with preserved PRF, but why update? Aug 26 18:24:57.235006: | adding ikev2 Child SA initiator pfs=yes work-order 4 for state #3 Aug 26 18:24:57.235010: | state #3 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:24:57.235013: | #3 STATE_V2_CREATE_I: retransmits: cleared Aug 26 18:24:57.235017: | libevent_free: release ptr-libevent@0x7f9748002888 Aug 26 18:24:57.235021: | free_event_entry: release EVENT_RETRANSMIT-pe@0x563b6f93d988 Aug 26 18:24:57.235025: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563b6f93d988 Aug 26 18:24:57.235029: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:24:57.235032: | libevent_malloc: new ptr-libevent@0x563b6f93cfd8 size 128 Aug 26 18:24:57.235044: | #3 spent 0.257 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Aug 26 18:24:57.235048: | crypto helper 4 resuming Aug 26 18:24:57.235062: | crypto helper 4 starting work-order 4 for state #3 Aug 26 18:24:57.235051: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:57.235068: | crypto helper 4 doing crypto (ikev2 Child SA initiator pfs=yes); request ID 4 Aug 26 18:24:57.235079: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_SUSPEND Aug 26 18:24:57.235085: | suspending state #3 and saving MD Aug 26 18:24:57.235088: | #3 is busy; has a suspended MD Aug 26 18:24:57.235094: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:24:57.235098: | "northnet-eastnet/0x2" #3 complete v2 state STATE_V2_CREATE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:24:57.235103: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:24:57.235109: | #1 spent 0.636 milliseconds in ikev2_process_packet() Aug 26 18:24:57.235115: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:24:57.235118: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:24:57.235121: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:24:57.235126: | spent 0.653 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:24:57.235688: | crypto helper 4 finished crypto (ikev2 Child SA initiator pfs=yes); request ID 4 time elapsed 0.000619 seconds Aug 26 18:24:57.235699: | (#3) spent 0.611 milliseconds in crypto helper computing work-order 4: ikev2 Child SA initiator pfs=yes (dh) Aug 26 18:24:57.235701: | crypto helper 4 sending results from work-order 4 for state #3 to event queue Aug 26 18:24:57.235704: | scheduling resume sending helper answer for #3 Aug 26 18:24:57.235706: | libevent_malloc: new ptr-libevent@0x7f9738001f78 size 128 Aug 26 18:24:57.235712: | crypto helper 4 waiting (nothing to do) Aug 26 18:24:57.235721: | processing resume sending helper answer for #3 Aug 26 18:24:57.235729: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:24:57.235733: | crypto helper 4 replies to request ID 4 Aug 26 18:24:57.235736: | calling continuation function 0x563b6df799d0 Aug 26 18:24:57.235740: | ikev2_child_inR_continue for #3 STATE_V2_CREATE_I Aug 26 18:24:57.235744: | TSi: parsing 1 traffic selectors Aug 26 18:24:57.235747: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:57.235750: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:57.235753: | IP Protocol ID: 0 (0x0) Aug 26 18:24:57.235760: | length: 16 (0x10) Aug 26 18:24:57.235763: | start port: 0 (0x0) Aug 26 18:24:57.235766: | end port: 65535 (0xffff) Aug 26 18:24:57.235769: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:57.235771: | TS low c0 00 03 00 Aug 26 18:24:57.235774: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:57.235777: | TS high c0 00 03 ff Aug 26 18:24:57.235780: | TSi: parsed 1 traffic selectors Aug 26 18:24:57.235782: | TSr: parsing 1 traffic selectors Aug 26 18:24:57.235785: | ***parse IKEv2 Traffic Selector: Aug 26 18:24:57.235788: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:24:57.235791: | IP Protocol ID: 0 (0x0) Aug 26 18:24:57.235793: | length: 16 (0x10) Aug 26 18:24:57.235796: | start port: 0 (0x0) Aug 26 18:24:57.235799: | end port: 65535 (0xffff) Aug 26 18:24:57.235801: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:24:57.235804: | TS low c0 00 02 00 Aug 26 18:24:57.235807: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:24:57.235810: | TS high c0 00 02 ff Aug 26 18:24:57.235812: | TSr: parsed 1 traffic selectors Aug 26 18:24:57.235818: | evaluating our conn="northnet-eastnet/0x2" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:24:57.235824: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:57.235830: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:24:57.235834: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:24:57.235837: | TSi[0] port match: YES fitness 65536 Aug 26 18:24:57.235840: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:24:57.235843: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:57.235848: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:24:57.235854: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 18:24:57.235857: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:24:57.235860: | TSr[0] port match: YES fitness 65536 Aug 26 18:24:57.235863: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:24:57.235866: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:24:57.235868: | best fit so far: TSi[0] TSr[0] Aug 26 18:24:57.235871: | found an acceptable TSi/TSr Traffic Selector Aug 26 18:24:57.235874: | printing contents struct traffic_selector Aug 26 18:24:57.235876: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:24:57.235879: | ipprotoid: 0 Aug 26 18:24:57.235882: | port range: 0-65535 Aug 26 18:24:57.235886: | ip range: 192.0.3.0-192.0.3.255 Aug 26 18:24:57.235888: | printing contents struct traffic_selector Aug 26 18:24:57.235891: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:24:57.235893: | ipprotoid: 0 Aug 26 18:24:57.235896: | port range: 0-65535 Aug 26 18:24:57.235900: | ip range: 192.0.2.0-192.0.2.255 Aug 26 18:24:57.235904: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 18:24:57.236106: | install_ipsec_sa() for #3: inbound and outbound Aug 26 18:24:57.236112: | could_route called for northnet-eastnet/0x2 (kind=CK_PERMANENT) Aug 26 18:24:57.236115: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:57.236119: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:57.236122: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:57.236126: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:57.236129: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:57.236134: | route owner of "northnet-eastnet/0x2" unrouted: "northnet-eastnet/0x1" erouted; eroute owner: "northnet-eastnet/0x1" erouted Aug 26 18:24:57.236138: | overlapping permitted with "northnet-eastnet/0x1" #2 Aug 26 18:24:57.236142: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:57.236148: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:57.236151: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:57.236154: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:57.236159: | setting IPsec SA replay-window to 32 Aug 26 18:24:57.236163: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x2' not available on interface eth1 Aug 26 18:24:57.236166: | netlink: enabling tunnel mode Aug 26 18:24:57.236170: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:57.236173: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:57.236536: | netlink response for Add SA esp.ac2ec9ec@192.1.2.23 included non-error error Aug 26 18:24:57.236546: | set up outgoing SA, ref=0/0 Aug 26 18:24:57.236550: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:24:57.236553: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:24:57.236555: | AES_GCM_16 requires 4 salt bytes Aug 26 18:24:57.236557: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:24:57.236561: | setting IPsec SA replay-window to 32 Aug 26 18:24:57.236564: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x2' not available on interface eth1 Aug 26 18:24:57.236566: | netlink: enabling tunnel mode Aug 26 18:24:57.236568: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:24:57.236571: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:24:57.236615: | netlink response for Add SA esp.919dd137@192.1.3.33 included non-error error Aug 26 18:24:57.236691: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Aug 26 18:24:57.236699: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 18:24:57.236703: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:57.236729: | raw_eroute result=success Aug 26 18:24:57.236732: | set up incoming SA, ref=0/0 Aug 26 18:24:57.236735: | sr for #3: unrouted Aug 26 18:24:57.236738: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:24:57.236740: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:24:57.236743: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:57.236746: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Aug 26 18:24:57.236748: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:24:57.236751: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Aug 26 18:24:57.236755: | route owner of "northnet-eastnet/0x2" unrouted: "northnet-eastnet/0x1" erouted; eroute owner: "northnet-eastnet/0x1" erouted Aug 26 18:24:57.236759: | route_and_eroute with c: northnet-eastnet/0x2 (next: none) ero:northnet-eastnet/0x1 esr:{0x563b6f934bd8} ro:northnet-eastnet/0x1 rosr:{0x563b6f934bd8} and state: #3 Aug 26 18:24:57.236762: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Aug 26 18:24:57.236769: | eroute_connection replace eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Aug 26 18:24:57.236772: | IPsec Sa SPD priority set to 1042407 Aug 26 18:24:57.236784: | raw_eroute result=success Aug 26 18:24:57.236787: | running updown command "ipsec _updown" for verb up Aug 26 18:24:57.236790: | command executing up-client Aug 26 18:24:57.236814: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' S Aug 26 18:24:57.236820: | popen cmd is 1050 chars long Aug 26 18:24:57.236823: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x: Aug 26 18:24:57.236825: | cmd( 80):2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUT: Aug 26 18:24:57.236827: | cmd( 160):O_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' : Aug 26 18:24:57.236830: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Aug 26 18:24:57.236832: | cmd( 320):TO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@: Aug 26 18:24:57.236834: | cmd( 400):east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_P: Aug 26 18:24:57.236836: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Aug 26 18:24:57.236838: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRY: Aug 26 18:24:57.236841: | cmd( 640):PT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_: Aug 26 18:24:57.236843: | cmd( 720):CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PE: Aug 26 18:24:57.236845: | cmd( 800):ER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=: Aug 26 18:24:57.236848: | cmd( 880):'' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=': Aug 26 18:24:57.236850: | cmd( 960):' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xac2ec9ec SPI_OUT=0x919dd137 ipsec _u: Aug 26 18:24:57.236852: | cmd(1040):pdown 2>&1: Aug 26 18:24:57.250044: | route_and_eroute: firewall_notified: true Aug 26 18:24:57.250065: | route_and_eroute: instance "northnet-eastnet/0x2", setting eroute_owner {spd=0x563b6f936ab8,sr=0x563b6f936ab8} to #3 (was #0) (newest_ipsec_sa=#0) Aug 26 18:24:57.250173: | #1 spent 0.971 milliseconds in install_ipsec_sa() Aug 26 18:24:57.250186: | inR2: instance northnet-eastnet/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Aug 26 18:24:57.250190: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:24:57.250203: | libevent_free: release ptr-libevent@0x563b6f93cfd8 Aug 26 18:24:57.250209: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563b6f93d988 Aug 26 18:24:57.250225: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:24:57.250230: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_OK Aug 26 18:24:57.250234: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Aug 26 18:24:57.250238: | child state #3: V2_CREATE_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 18:24:57.250241: | Message ID: updating counters for #3 to 2 after switching state Aug 26 18:24:57.250247: | Message ID: recv #1.#3 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1; child: wip.initiator=2->-1 wip.responder=-1 Aug 26 18:24:57.250253: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:24:57.250256: | pstats #3 ikev2.child established Aug 26 18:24:57.250268: "northnet-eastnet/0x2" #3: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 18:24:57.250282: | NAT-T: encaps is 'auto' Aug 26 18:24:57.250310: "northnet-eastnet/0x2" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xac2ec9ec <0x919dd137 xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Aug 26 18:24:57.250323: | releasing whack for #3 (sock=fd@25) Aug 26 18:24:57.250330: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 18:24:57.250333: | releasing whack and unpending for parent #1 Aug 26 18:24:57.250337: | unpending state #1 connection "northnet-eastnet/0x2" Aug 26 18:24:57.250342: | #3 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Aug 26 18:24:57.250346: | event_schedule: new EVENT_SA_REKEY-pe@0x563b6f93d988 Aug 26 18:24:57.250350: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #3 Aug 26 18:24:57.250356: | libevent_malloc: new ptr-libevent@0x563b6f9495d8 size 128 Aug 26 18:24:57.250367: | #3 spent 1.52 milliseconds in resume sending helper answer Aug 26 18:24:57.250372: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:24:57.250377: | libevent_free: release ptr-libevent@0x7f9738001f78 Aug 26 18:24:57.250393: | processing signal PLUTO_SIGCHLD Aug 26 18:24:57.250399: | waitpid returned ECHILD (no child processes left) Aug 26 18:24:57.250404: | spent 0.0055 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:24:59.525408: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:24:59.525431: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:24:59.525435: | FOR_EACH_STATE_... in sort_states Aug 26 18:24:59.525440: | get_sa_info esp.3f2791d7@192.1.3.33 Aug 26 18:24:59.525454: | get_sa_info esp.b0ac32ae@192.1.2.23 Aug 26 18:24:59.525466: | get_sa_info esp.919dd137@192.1.3.33 Aug 26 18:24:59.525472: | get_sa_info esp.ac2ec9ec@192.1.2.23 Aug 26 18:24:59.525484: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:24:59.525491: | spent 0.332 milliseconds in whack Aug 26 18:25:00.773656: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:25:00.773738: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:25:00.773759: | FOR_EACH_STATE_... in sort_states Aug 26 18:25:00.773791: | get_sa_info esp.3f2791d7@192.1.3.33 Aug 26 18:25:00.773849: | get_sa_info esp.b0ac32ae@192.1.2.23 Aug 26 18:25:00.773919: | get_sa_info esp.919dd137@192.1.3.33 Aug 26 18:25:00.773958: | get_sa_info esp.ac2ec9ec@192.1.2.23 Aug 26 18:25:00.774024: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:25:00.774052: | spent 0.426 milliseconds in whack Aug 26 18:25:01.060906: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:25:01.061266: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:25:01.061274: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:25:01.061378: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:25:01.061386: | FOR_EACH_STATE_... in sort_states Aug 26 18:25:01.061397: | get_sa_info esp.3f2791d7@192.1.3.33 Aug 26 18:25:01.061420: | get_sa_info esp.b0ac32ae@192.1.2.23 Aug 26 18:25:01.061440: | get_sa_info esp.919dd137@192.1.3.33 Aug 26 18:25:01.061450: | get_sa_info esp.ac2ec9ec@192.1.2.23 Aug 26 18:25:01.061472: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:25:01.061482: | spent 0.943 milliseconds in whack Aug 26 18:25:01.482264: | spent 0.00288 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:25:01.482298: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:25:01.482305: | 50 73 f3 5a 4c 9e 76 49 c6 0a 30 9b f3 39 58 13 Aug 26 18:25:01.482308: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:25:01.482310: | 8f 89 ca 85 67 51 76 56 c3 ba ee eb ac 9f 7b 3a Aug 26 18:25:01.482312: | 1b 16 8c 60 0b cc ef 1e 75 33 80 56 21 c9 f1 16 Aug 26 18:25:01.482314: | 10 63 01 f9 42 Aug 26 18:25:01.482319: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:25:01.482323: | **parse ISAKMP Message: Aug 26 18:25:01.482326: | initiator cookie: Aug 26 18:25:01.482330: | 50 73 f3 5a 4c 9e 76 49 Aug 26 18:25:01.482333: | responder cookie: Aug 26 18:25:01.482335: | c6 0a 30 9b f3 39 58 13 Aug 26 18:25:01.482339: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:25:01.482342: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:25:01.482345: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:25:01.482349: | flags: none (0x0) Aug 26 18:25:01.482351: | Message ID: 0 (0x0) Aug 26 18:25:01.482354: | length: 69 (0x45) Aug 26 18:25:01.482357: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:25:01.482360: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:25:01.482365: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:25:01.482372: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:25:01.482375: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:25:01.482380: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:25:01.482383: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 18:25:01.482387: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Aug 26 18:25:01.482390: | unpacking clear payload Aug 26 18:25:01.482392: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:25:01.482396: | ***parse IKEv2 Encryption Payload: Aug 26 18:25:01.482399: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:25:01.482401: | flags: none (0x0) Aug 26 18:25:01.482404: | length: 41 (0x29) Aug 26 18:25:01.482407: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 18:25:01.482411: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 18:25:01.482414: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:25:01.482436: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:25:01.482440: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:25:01.482443: | **parse IKEv2 Delete Payload: Aug 26 18:25:01.482445: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:25:01.482448: | flags: none (0x0) Aug 26 18:25:01.482450: | length: 12 (0xc) Aug 26 18:25:01.482453: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:25:01.482456: | SPI size: 4 (0x4) Aug 26 18:25:01.482459: | number of SPIs: 1 (0x1) Aug 26 18:25:01.482461: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 18:25:01.482464: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:25:01.482467: | Now let's proceed with state specific processing Aug 26 18:25:01.482469: | calling processor I3: INFORMATIONAL Request Aug 26 18:25:01.482473: | an informational request should send a response Aug 26 18:25:01.482496: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:25:01.482501: | **emit ISAKMP Message: Aug 26 18:25:01.482504: | initiator cookie: Aug 26 18:25:01.482506: | 50 73 f3 5a 4c 9e 76 49 Aug 26 18:25:01.482509: | responder cookie: Aug 26 18:25:01.482511: | c6 0a 30 9b f3 39 58 13 Aug 26 18:25:01.482514: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:25:01.482517: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:25:01.482520: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:25:01.482523: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:25:01.482526: | Message ID: 0 (0x0) Aug 26 18:25:01.482529: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:25:01.482532: | ***emit IKEv2 Encryption Payload: Aug 26 18:25:01.482535: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:25:01.482537: | flags: none (0x0) Aug 26 18:25:01.482541: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:25:01.482545: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:25:01.482549: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:25:01.482561: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 18:25:01.482564: | SPI ac 2e c9 ec Aug 26 18:25:01.482566: | delete PROTO_v2_ESP SA(0xac2ec9ec) Aug 26 18:25:01.482569: | v2 CHILD SA #3 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 18:25:01.482573: | State DB: found IKEv2 state #3 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 18:25:01.482575: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xac2ec9ec) Aug 26 18:25:01.482579: "northnet-eastnet/0x2" #1: received Delete SA payload: replace IPsec State #3 now Aug 26 18:25:01.482582: | state #3 requesting EVENT_SA_REKEY to be deleted Aug 26 18:25:01.482586: | libevent_free: release ptr-libevent@0x563b6f9495d8 Aug 26 18:25:01.482589: | free_event_entry: release EVENT_SA_REKEY-pe@0x563b6f93d988 Aug 26 18:25:01.482593: | event_schedule: new EVENT_SA_REPLACE-pe@0x563b6f93d988 Aug 26 18:25:01.482596: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3 Aug 26 18:25:01.482600: | libevent_malloc: new ptr-libevent@0x7f9738001f78 size 128 Aug 26 18:25:01.482604: | ****emit IKEv2 Delete Payload: Aug 26 18:25:01.482607: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:25:01.482609: | flags: none (0x0) Aug 26 18:25:01.482612: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:25:01.482614: | SPI size: 4 (0x4) Aug 26 18:25:01.482617: | number of SPIs: 1 (0x1) Aug 26 18:25:01.482620: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:25:01.482623: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:25:01.482627: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 18:25:01.482629: | local SPIs 91 9d d1 37 Aug 26 18:25:01.482632: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:25:01.482635: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:25:01.482638: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:25:01.482641: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:25:01.482644: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:25:01.482647: | emitting length of ISAKMP Message: 69 Aug 26 18:25:01.482662: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:25:01.482668: | 50 73 f3 5a 4c 9e 76 49 c6 0a 30 9b f3 39 58 13 Aug 26 18:25:01.482671: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:25:01.482673: | 38 09 c9 3a a9 7c a0 2f e3 ce 31 b1 46 c9 82 ed Aug 26 18:25:01.482676: | 07 d4 25 79 9a f3 fe c0 7d f7 09 60 d7 89 a2 da Aug 26 18:25:01.482678: | 0f e0 11 72 73 Aug 26 18:25:01.482712: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:25:01.482719: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:25:01.482725: | #1 spent 0.233 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 18:25:01.482731: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:25:01.482734: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 18:25:01.482738: | Message ID: updating counters for #1 to 0 after switching state Aug 26 18:25:01.482745: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 18:25:01.482750: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 18:25:01.482753: "northnet-eastnet/0x2" #1: STATE_PARENT_I3: PARENT SA established Aug 26 18:25:01.482758: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:25:01.482763: | #1 spent 0.461 milliseconds in ikev2_process_packet() Aug 26 18:25:01.482767: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:25:01.482771: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:25:01.482774: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:25:01.482778: | spent 0.476 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:25:01.482785: | timer_event_cb: processing event@0x563b6f93d988 Aug 26 18:25:01.482788: | handling event EVENT_SA_REPLACE for child state #3 Aug 26 18:25:01.482792: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:25:01.482796: | picked newest_ipsec_sa #3 for #3 Aug 26 18:25:01.482799: | replacing stale CHILD SA Aug 26 18:25:01.482803: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:25:01.482806: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:25:01.482810: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 18:25:01.482815: | creating state object #4 at 0x563b6f9457b8 Aug 26 18:25:01.482818: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 18:25:01.482827: | pstats #4 ikev2.child started Aug 26 18:25:01.482830: | duplicating state object #1 "northnet-eastnet/0x2" as #4 for IPSEC SA Aug 26 18:25:01.482834: | #4 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:25:01.482845: | Message ID: init_child #1.#4; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:25:01.482850: | suspend processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:25:01.482854: | start processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:25:01.482858: | child state #4: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 18:25:01.482871: | using existing local ESP/AH proposals for northnet-eastnet/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:25:01.482877: | #4 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #3 using IKE# 1 pfs=MODP2048 Aug 26 18:25:01.482881: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7f9744002b78 Aug 26 18:25:01.482884: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Aug 26 18:25:01.482887: | libevent_malloc: new ptr-libevent@0x563b6f93cfd8 size 128 Aug 26 18:25:01.482892: | RESET processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:25:01.482897: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7f9748002b78 Aug 26 18:25:01.482901: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3 Aug 26 18:25:01.482904: | libevent_malloc: new ptr-libevent@0x563b6f93e878 size 128 Aug 26 18:25:01.482907: | libevent_free: release ptr-libevent@0x7f9738001f78 Aug 26 18:25:01.482912: | free_event_entry: release EVENT_SA_REPLACE-pe@0x563b6f93d988 Aug 26 18:25:01.482916: | #3 spent 0.131 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:25:01.482919: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:25:01.482924: | timer_event_cb: processing event@0x7f9744002b78 Aug 26 18:25:01.482927: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Aug 26 18:25:01.482931: | start processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 18:25:01.482937: | adding Child Rekey Initiator KE and nonce ni work-order 5 for state #4 Aug 26 18:25:01.482940: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563b6f93d988 Aug 26 18:25:01.482944: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 18:25:01.482946: | libevent_malloc: new ptr-libevent@0x7f9738001f78 size 128 Aug 26 18:25:01.482954: | libevent_free: release ptr-libevent@0x563b6f93cfd8 Aug 26 18:25:01.482958: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7f9744002b78 Aug 26 18:25:01.482962: | crypto helper 5 resuming Aug 26 18:25:01.482962: | #4 spent 0.0373 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 18:25:01.482983: | crypto helper 5 starting work-order 5 for state #4 Aug 26 18:25:01.482988: | stop processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 18:25:01.482989: | crypto helper 5 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 Aug 26 18:25:01.482996: | timer_event_cb: processing event@0x7f9748002b78 Aug 26 18:25:01.482999: | handling event EVENT_SA_EXPIRE for child state #3 Aug 26 18:25:01.483004: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:25:01.483008: | picked newest_ipsec_sa #3 for #3 Aug 26 18:25:01.483011: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:25:01.483014: | pstats #3 ikev2.child re-failed exchange-timeout Aug 26 18:25:01.483017: | pstats #3 ikev2.child deleted completed Aug 26 18:25:01.483020: | #3 spent 3.67 milliseconds in total Aug 26 18:25:01.483025: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:25:01.483029: "northnet-eastnet/0x2" #3: deleting state (STATE_V2_IPSEC_I) aged 4.260s and NOT sending notification Aug 26 18:25:01.483032: | child state #3: V2_IPSEC_I(established CHILD SA) => delete Aug 26 18:25:01.483037: | get_sa_info esp.ac2ec9ec@192.1.2.23 Aug 26 18:25:01.483051: | get_sa_info esp.919dd137@192.1.3.33 Aug 26 18:25:01.483059: "northnet-eastnet/0x2" #3: ESP traffic information: in=336B out=336B Aug 26 18:25:01.483064: | child state #3: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:25:01.483104: | running updown command "ipsec _updown" for verb down Aug 26 18:25:01.483108: | command executing down-client Aug 26 18:25:01.483135: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843897' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_ Aug 26 18:25:01.483141: | popen cmd is 1061 chars long Aug 26 18:25:01.483144: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/: Aug 26 18:25:01.483147: | cmd( 80):0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PL: Aug 26 18:25:01.483150: | cmd( 160):UTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0: Aug 26 18:25:01.483153: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Aug 26 18:25:01.483155: | cmd( 320):LUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Aug 26 18:25:01.483158: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Aug 26 18:25:01.483161: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Aug 26 18:25:01.483164: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843897' PLUTO_CONN_POLICY: Aug 26 18:25:01.483167: | cmd( 640):='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN: Aug 26 18:25:01.483169: | cmd( 720):_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 : Aug 26 18:25:01.483172: | cmd( 800):PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_P: Aug 26 18:25:01.483175: | cmd( 880):EER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' : Aug 26 18:25:01.483178: | cmd( 960):VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xac2ec9ec SPI_OUT=0x919dd1: Aug 26 18:25:01.483180: | cmd(1040):37 ipsec _updown 2>&1: Aug 26 18:25:01.483988: | crypto helper 5 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 time elapsed 0.000999 seconds Aug 26 18:25:01.484003: | (#4) spent 0.796 milliseconds in crypto helper computing work-order 5: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 18:25:01.484006: | crypto helper 5 sending results from work-order 5 for state #4 to event queue Aug 26 18:25:01.484008: | scheduling resume sending helper answer for #4 Aug 26 18:25:01.484011: | libevent_malloc: new ptr-libevent@0x7f973c002888 size 128 Aug 26 18:25:01.484022: | crypto helper 5 waiting (nothing to do) Aug 26 18:25:01.494076: | shunt_eroute() called for connection 'northnet-eastnet/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:25:01.494089: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:25:01.494094: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Aug 26 18:25:01.494099: | IPsec Sa SPD priority set to 1042407 Aug 26 18:25:01.494132: | delete esp.ac2ec9ec@192.1.2.23 Aug 26 18:25:01.494154: | netlink response for Del SA esp.ac2ec9ec@192.1.2.23 included non-error error Aug 26 18:25:01.494161: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Aug 26 18:25:01.494170: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:25:01.494194: | raw_eroute result=success Aug 26 18:25:01.494199: | delete esp.919dd137@192.1.3.33 Aug 26 18:25:01.494212: | netlink response for Del SA esp.919dd137@192.1.3.33 included non-error error Aug 26 18:25:01.494225: | in connection_discard for connection northnet-eastnet/0x2 Aug 26 18:25:01.494230: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 18:25:01.494237: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:25:01.494276: | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:25:01.494301: | State DB: found IKEv2 state #4 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 18:25:01.494305: | can't expire unused IKE SA #1; it has the child #4 Aug 26 18:25:01.494309: | libevent_free: release ptr-libevent@0x563b6f93e878 Aug 26 18:25:01.494313: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7f9748002b78 Aug 26 18:25:01.494315: | in statetime_stop() and could not find #3 Aug 26 18:25:01.494317: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:25:01.494336: | spent 0.00184 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:25:01.494351: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:25:01.494353: | 50 73 f3 5a 4c 9e 76 49 c6 0a 30 9b f3 39 58 13 Aug 26 18:25:01.494355: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 18:25:01.494357: | bb f9 c6 c1 58 98 71 a0 f0 83 6d f2 74 1c a5 1d Aug 26 18:25:01.494358: | 6b c4 44 92 c4 be 3a 25 31 08 47 a0 11 aa 44 fd Aug 26 18:25:01.494360: | cc 31 f4 7d a4 Aug 26 18:25:01.494364: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:25:01.494366: | **parse ISAKMP Message: Aug 26 18:25:01.494368: | initiator cookie: Aug 26 18:25:01.494370: | 50 73 f3 5a 4c 9e 76 49 Aug 26 18:25:01.494371: | responder cookie: Aug 26 18:25:01.494373: | c6 0a 30 9b f3 39 58 13 Aug 26 18:25:01.494375: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:25:01.494377: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:25:01.494378: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:25:01.494381: | flags: none (0x0) Aug 26 18:25:01.494383: | Message ID: 1 (0x1) Aug 26 18:25:01.494384: | length: 69 (0x45) Aug 26 18:25:01.494386: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:25:01.494389: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:25:01.494391: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:25:01.494396: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:25:01.494398: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:25:01.494401: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:25:01.494403: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:25:01.494406: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Aug 26 18:25:01.494408: | unpacking clear payload Aug 26 18:25:01.494409: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:25:01.494411: | ***parse IKEv2 Encryption Payload: Aug 26 18:25:01.494413: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:25:01.494415: | flags: none (0x0) Aug 26 18:25:01.494416: | length: 41 (0x29) Aug 26 18:25:01.494418: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 18:25:01.494421: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 18:25:01.494423: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:25:01.494445: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:25:01.494451: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:25:01.494455: | **parse IKEv2 Delete Payload: Aug 26 18:25:01.494458: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:25:01.494461: | flags: none (0x0) Aug 26 18:25:01.494463: | length: 12 (0xc) Aug 26 18:25:01.494466: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:25:01.494469: | SPI size: 4 (0x4) Aug 26 18:25:01.494472: | number of SPIs: 1 (0x1) Aug 26 18:25:01.494475: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 18:25:01.494477: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:25:01.494480: | Now let's proceed with state specific processing Aug 26 18:25:01.494483: | calling processor I3: INFORMATIONAL Request Aug 26 18:25:01.494487: | an informational request should send a response Aug 26 18:25:01.494511: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:25:01.494515: | **emit ISAKMP Message: Aug 26 18:25:01.494518: | initiator cookie: Aug 26 18:25:01.494520: | 50 73 f3 5a 4c 9e 76 49 Aug 26 18:25:01.494522: | responder cookie: Aug 26 18:25:01.494526: | c6 0a 30 9b f3 39 58 13 Aug 26 18:25:01.494529: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:25:01.494531: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:25:01.494534: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:25:01.494537: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:25:01.494539: | Message ID: 1 (0x1) Aug 26 18:25:01.494542: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:25:01.494545: | ***emit IKEv2 Encryption Payload: Aug 26 18:25:01.494548: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:25:01.494551: | flags: none (0x0) Aug 26 18:25:01.494554: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:25:01.494557: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:25:01.494560: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:25:01.494571: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 18:25:01.494574: | SPI b0 ac 32 ae Aug 26 18:25:01.494576: | delete PROTO_v2_ESP SA(0xb0ac32ae) Aug 26 18:25:01.494580: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 18:25:01.494583: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 18:25:01.494586: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xb0ac32ae) Aug 26 18:25:01.494590: "northnet-eastnet/0x2" #1: received Delete SA payload: replace IPsec State #2 now Aug 26 18:25:01.494593: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 18:25:01.494596: | libevent_free: release ptr-libevent@0x563b6f93ac58 Aug 26 18:25:01.494599: | free_event_entry: release EVENT_SA_REKEY-pe@0x563b6f93b098 Aug 26 18:25:01.494602: | event_schedule: new EVENT_SA_REPLACE-pe@0x563b6f93b098 Aug 26 18:25:01.494606: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 18:25:01.494609: | libevent_malloc: new ptr-libevent@0x7f9744003878 size 128 Aug 26 18:25:01.494613: | ****emit IKEv2 Delete Payload: Aug 26 18:25:01.494616: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:25:01.494619: | flags: none (0x0) Aug 26 18:25:01.494622: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:25:01.494624: | SPI size: 4 (0x4) Aug 26 18:25:01.494625: | number of SPIs: 1 (0x1) Aug 26 18:25:01.494627: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:25:01.494630: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:25:01.494633: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 18:25:01.494636: | local SPIs 3f 27 91 d7 Aug 26 18:25:01.494638: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:25:01.494644: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:25:01.494650: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:25:01.494655: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:25:01.494659: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:25:01.494662: | emitting length of ISAKMP Message: 69 Aug 26 18:25:01.494679: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:25:01.494685: | 50 73 f3 5a 4c 9e 76 49 c6 0a 30 9b f3 39 58 13 Aug 26 18:25:01.494689: | 2e 20 25 28 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 18:25:01.494692: | 8b 15 ee 6f 5d 99 4f d5 55 0d 4e 1f 9e 03 8f 5c Aug 26 18:25:01.494695: | 6f 1f a3 e4 bf df 8f 12 ec 78 90 e4 91 7a 2a 54 Aug 26 18:25:01.494697: | e6 53 5d 91 ac Aug 26 18:25:01.494732: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:25:01.494745: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:25:01.494751: | #1 spent 0.246 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 18:25:01.494756: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:25:01.494759: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 18:25:01.494761: | Message ID: updating counters for #1 to 1 after switching state Aug 26 18:25:01.494764: | Message ID: recv #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=0->1 wip.initiator=-1 wip.responder=1->-1 Aug 26 18:25:01.494766: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 18:25:01.494769: "northnet-eastnet/0x2" #1: STATE_PARENT_I3: PARENT SA established Aug 26 18:25:01.494772: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:25:01.494775: | #1 spent 0.419 milliseconds in ikev2_process_packet() Aug 26 18:25:01.494778: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:25:01.494780: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:25:01.494782: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:25:01.494785: | spent 0.429 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:25:01.494791: | processing resume sending helper answer for #4 Aug 26 18:25:01.494794: | start processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Aug 26 18:25:01.494797: | crypto helper 5 replies to request ID 5 Aug 26 18:25:01.494799: | calling continuation function 0x563b6df78b50 Aug 26 18:25:01.494801: | ikev2_child_outI_continue for #4 STATE_V2_REKEY_CHILD_I0 Aug 26 18:25:01.494803: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:25:01.494805: | libevent_free: release ptr-libevent@0x7f9738001f78 Aug 26 18:25:01.494809: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563b6f93d988 Aug 26 18:25:01.494811: | event_schedule: new EVENT_SA_REPLACE-pe@0x563b6f93d988 Aug 26 18:25:01.494813: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #4 Aug 26 18:25:01.494815: | libevent_malloc: new ptr-libevent@0x563b6f93e878 size 128 Aug 26 18:25:01.494818: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 18:25:01.494820: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 18:25:01.494822: | libevent_malloc: new ptr-libevent@0x563b6f93cfd8 size 128 Aug 26 18:25:01.494825: | [RE]START processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:25:01.494827: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Aug 26 18:25:01.494829: | suspending state #4 and saving MD Aug 26 18:25:01.494831: | #4 is busy; has a suspended MD Aug 26 18:25:01.494834: | [RE]START processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:25:01.494836: | "northnet-eastnet/0x2" #4 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:25:01.494838: | resume sending helper answer for #4 suppresed complete_v2_state_transition() Aug 26 18:25:01.494841: | #4 spent 0.0443 milliseconds in resume sending helper answer Aug 26 18:25:01.494846: | stop processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Aug 26 18:25:01.494848: | libevent_free: release ptr-libevent@0x7f973c002888 Aug 26 18:25:01.494850: | processing signal PLUTO_SIGCHLD Aug 26 18:25:01.494854: | waitpid returned ECHILD (no child processes left) Aug 26 18:25:01.494856: | spent 0.00378 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:25:01.494862: | spent 0.00125 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:25:01.494870: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:25:01.494872: | 50 73 f3 5a 4c 9e 76 49 c6 0a 30 9b f3 39 58 13 Aug 26 18:25:01.494874: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Aug 26 18:25:01.494875: | 8d 9e 1a 7f fc 43 b3 6c d1 e0 15 94 ab 37 c2 33 Aug 26 18:25:01.494877: | b4 6b ed 51 30 1e e9 29 71 dd 17 32 b9 19 a5 06 Aug 26 18:25:01.494878: | 6d Aug 26 18:25:01.494881: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:25:01.494883: | **parse ISAKMP Message: Aug 26 18:25:01.494885: | initiator cookie: Aug 26 18:25:01.494886: | 50 73 f3 5a 4c 9e 76 49 Aug 26 18:25:01.494888: | responder cookie: Aug 26 18:25:01.494889: | c6 0a 30 9b f3 39 58 13 Aug 26 18:25:01.494891: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:25:01.494893: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:25:01.494895: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:25:01.494896: | flags: none (0x0) Aug 26 18:25:01.494898: | Message ID: 2 (0x2) Aug 26 18:25:01.494900: | length: 65 (0x41) Aug 26 18:25:01.494902: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:25:01.494904: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:25:01.494906: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:25:01.494909: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:25:01.494911: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:25:01.494914: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:25:01.494916: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Aug 26 18:25:01.494919: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 Aug 26 18:25:01.494920: | unpacking clear payload Aug 26 18:25:01.494922: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:25:01.494924: | ***parse IKEv2 Encryption Payload: Aug 26 18:25:01.494925: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:25:01.494927: | flags: none (0x0) Aug 26 18:25:01.494929: | length: 37 (0x25) Aug 26 18:25:01.494930: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 18:25:01.494933: | Message ID: start-responder #1 request 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Aug 26 18:25:01.494935: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:25:01.494942: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:25:01.494944: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:25:01.494946: | **parse IKEv2 Delete Payload: Aug 26 18:25:01.494948: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:25:01.494949: | flags: none (0x0) Aug 26 18:25:01.494951: | length: 8 (0x8) Aug 26 18:25:01.494952: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 18:25:01.494954: | SPI size: 0 (0x0) Aug 26 18:25:01.494956: | number of SPIs: 0 (0x0) Aug 26 18:25:01.494957: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 18:25:01.494959: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:25:01.494961: | Now let's proceed with state specific processing Aug 26 18:25:01.494962: | calling processor I3: INFORMATIONAL Request Aug 26 18:25:01.494966: | an informational request should send a response Aug 26 18:25:01.494969: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:25:01.494972: | **emit ISAKMP Message: Aug 26 18:25:01.494973: | initiator cookie: Aug 26 18:25:01.494975: | 50 73 f3 5a 4c 9e 76 49 Aug 26 18:25:01.494976: | responder cookie: Aug 26 18:25:01.494978: | c6 0a 30 9b f3 39 58 13 Aug 26 18:25:01.494980: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:25:01.494981: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:25:01.494983: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:25:01.494985: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:25:01.494987: | Message ID: 2 (0x2) Aug 26 18:25:01.494988: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:25:01.494991: | ***emit IKEv2 Encryption Payload: Aug 26 18:25:01.494992: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:25:01.494994: | flags: none (0x0) Aug 26 18:25:01.494996: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:25:01.494998: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:25:01.495000: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:25:01.495004: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:25:01.495006: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:25:01.495008: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:25:01.495010: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 18:25:01.495011: | emitting length of ISAKMP Message: 57 Aug 26 18:25:01.495019: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:25:01.495021: | 50 73 f3 5a 4c 9e 76 49 c6 0a 30 9b f3 39 58 13 Aug 26 18:25:01.495023: | 2e 20 25 28 00 00 00 02 00 00 00 39 00 00 00 1d Aug 26 18:25:01.495024: | 4b ad 4c 55 51 94 1b 68 4a 74 16 db 4a 22 3b c8 Aug 26 18:25:01.495026: | e7 c5 cd 5b 8c 9d a6 c8 08 Aug 26 18:25:01.495042: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 Aug 26 18:25:01.495046: | Message ID: sent #1 response 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 Aug 26 18:25:01.495048: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 18:25:01.495050: | pstats #4 ikev2.child deleted other Aug 26 18:25:01.495053: | #4 spent 0.878 milliseconds in total Aug 26 18:25:01.495056: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:25:01.495058: | start processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:25:01.495061: "northnet-eastnet/0x2" #4: deleting other state #4 (STATE_CHILDSA_DEL) aged 0.012s and NOT sending notification Aug 26 18:25:01.495063: | child state #4: CHILDSA_DEL(informational) => delete Aug 26 18:25:01.495065: | disconnecting state #4 from md Aug 26 18:25:01.495067: | state #4 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:25:01.495069: | libevent_free: release ptr-libevent@0x563b6f93e878 Aug 26 18:25:01.495071: | free_event_entry: release EVENT_SA_REPLACE-pe@0x563b6f93d988 Aug 26 18:25:01.495073: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Aug 26 18:25:01.495078: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:25:01.495089: | raw_eroute result=success Aug 26 18:25:01.495092: | in connection_discard for connection northnet-eastnet/0x2 Aug 26 18:25:01.495094: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL Aug 26 18:25:01.495099: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:25:01.495109: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:25:01.495112: | resume processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:25:01.495115: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:25:01.495117: | pstats #2 ikev2.child deleted completed Aug 26 18:25:01.495119: | #2 spent 2.76 milliseconds in total Aug 26 18:25:01.495122: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:25:01.495125: | start processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:25:01.495127: "northnet-eastnet/0x1" #2: deleting other state #2 connection (STATE_CHILDSA_DEL) "northnet-eastnet/0x1" aged 4.368s and NOT sending notification Aug 26 18:25:01.495129: | child state #2: CHILDSA_DEL(informational) => delete Aug 26 18:25:01.495131: | state #2 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:25:01.495133: | libevent_free: release ptr-libevent@0x7f9744003878 Aug 26 18:25:01.495134: | free_event_entry: release EVENT_SA_REPLACE-pe@0x563b6f93b098 Aug 26 18:25:01.495238: | running updown command "ipsec _updown" for verb down Aug 26 18:25:01.495245: | command executing down-client Aug 26 18:25:01.495279: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843897' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_ Aug 26 18:25:01.495283: | popen cmd is 1061 chars long Aug 26 18:25:01.495287: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/: Aug 26 18:25:01.495319: | cmd( 80):0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PL: Aug 26 18:25:01.495324: | cmd( 160):UTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0: Aug 26 18:25:01.495327: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Aug 26 18:25:01.495331: | cmd( 320):LUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Aug 26 18:25:01.495334: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Aug 26 18:25:01.495338: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Aug 26 18:25:01.495342: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566843897' PLUTO_CONN_POLICY: Aug 26 18:25:01.495345: | cmd( 640):='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN: Aug 26 18:25:01.495349: | cmd( 720):_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 : Aug 26 18:25:01.495352: | cmd( 800):PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_P: Aug 26 18:25:01.495359: | cmd( 880):EER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' : Aug 26 18:25:01.495363: | cmd( 960):VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xb0ac32ae SPI_OUT=0x3f2791: Aug 26 18:25:01.495366: | cmd(1040):d7 ipsec _updown 2>&1: Aug 26 18:25:01.507814: | shunt_eroute() called for connection 'northnet-eastnet/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:25:01.507828: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:25:01.507833: | priority calculation of connection "northnet-eastnet/0x1" is 0xfe7e7 Aug 26 18:25:01.507838: | IPsec Sa SPD priority set to 1042407 Aug 26 18:25:01.507876: | delete esp.b0ac32ae@192.1.2.23 Aug 26 18:25:01.507904: | netlink response for Del SA esp.b0ac32ae@192.1.2.23 included non-error error Aug 26 18:25:01.507909: | priority calculation of connection "northnet-eastnet/0x1" is 0xfe7e7 Aug 26 18:25:01.507917: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:25:01.507929: | raw_eroute result=success Aug 26 18:25:01.507933: | delete esp.3f2791d7@192.1.3.33 Aug 26 18:25:01.507952: | netlink response for Del SA esp.3f2791d7@192.1.3.33 included non-error error Aug 26 18:25:01.507966: | in connection_discard for connection northnet-eastnet/0x1 Aug 26 18:25:01.507970: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 18:25:01.507979: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:25:01.507989: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:25:01.507996: | resume processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:25:01.508013: | State DB: IKEv2 state not found (delete_my_family) Aug 26 18:25:01.508016: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 18:25:01.508021: | pstats #1 ikev2.ike deleted completed Aug 26 18:25:01.508029: | #1 spent 13.6 milliseconds in total Aug 26 18:25:01.508033: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:25:01.508037: "northnet-eastnet/0x2" #1: deleting state (STATE_IKESA_DEL) aged 4.389s and NOT sending notification Aug 26 18:25:01.508041: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 18:25:01.508097: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 18:25:01.508110: | libevent_free: release ptr-libevent@0x7f9740000f48 Aug 26 18:25:01.508115: | free_event_entry: release EVENT_SA_REKEY-pe@0x563b6f93af28 Aug 26 18:25:01.508118: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:25:01.508122: | picked newest_isakmp_sa #0 for #1 Aug 26 18:25:01.508126: "northnet-eastnet/0x2" #1: deleting IKE SA for connection 'northnet-eastnet/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:25:01.508132: | add revival: connection 'northnet-eastnet/0x2' added to the list and scheduled for 0 seconds Aug 26 18:25:01.508136: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 18:25:01.508140: | in connection_discard for connection northnet-eastnet/0x2 Aug 26 18:25:01.508143: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 18:25:01.508147: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 18:25:01.508184: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:25:01.508216: | in statetime_stop() and could not find #1 Aug 26 18:25:01.508220: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:25:01.508224: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 18:25:01.508227: | STF_OK but no state object remains Aug 26 18:25:01.508230: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:25:01.508236: | in statetime_stop() and could not find #1 Aug 26 18:25:01.508242: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:25:01.508246: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:25:01.508249: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:25:01.508254: | spent 1.25 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:25:01.508261: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 18:25:01.508264: | IKE SA with pending initiates disappeared Aug 26 18:25:01.508269: | (#1) spent 0.00346 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 18:25:01.508272: | libevent_free: release ptr-libevent@0x563b6f93cfd8 Aug 26 18:25:01.508284: | processing global timer EVENT_REVIVE_CONNS Aug 26 18:25:01.508305: Initiating connection northnet-eastnet/0x2 which received a Delete/Notify but must remain up per local policy Aug 26 18:25:01.508311: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:25:01.508316: | start processing: connection "northnet-eastnet/0x2" (in initiate_a_connection() at initiate.c:186) Aug 26 18:25:01.508320: | connection 'northnet-eastnet/0x2' +POLICY_UP Aug 26 18:25:01.508323: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 18:25:01.508326: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:25:01.508340: | creating state object #5 at 0x563b6f93dba8 Aug 26 18:25:01.508343: | State DB: adding IKEv2 state #5 in UNDEFINED Aug 26 18:25:01.508349: | pstats #5 ikev2.ike started Aug 26 18:25:01.508352: | Message ID: init #5: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:25:01.508356: | parent state #5: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:25:01.508361: | Message ID: init_ike #5; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:25:01.508367: | suspend processing: connection "northnet-eastnet/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:25:01.508372: | start processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:25:01.508375: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:25:01.508379: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet/0x2" IKE SA #5 "northnet-eastnet/0x2" Aug 26 18:25:01.508383: "northnet-eastnet/0x2" #5: initiating v2 parent SA Aug 26 18:25:01.508400: | using existing local IKE proposals for connection northnet-eastnet/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:25:01.508409: | adding ikev2_outI1 KE work-order 6 for state #5 Aug 26 18:25:01.508412: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563b6f93af28 Aug 26 18:25:01.508416: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Aug 26 18:25:01.508419: | libevent_malloc: new ptr-libevent@0x563b6f93ac58 size 128 Aug 26 18:25:01.508429: | #5 spent 0.113 milliseconds in ikev2_parent_outI1() Aug 26 18:25:01.508435: | RESET processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:25:01.508438: | RESET processing: connection "northnet-eastnet/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:25:01.508441: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:25:01.508450: | spent 0.146 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 18:25:01.508454: | processing signal PLUTO_SIGCHLD Aug 26 18:25:01.508458: | waitpid returned ECHILD (no child processes left) Aug 26 18:25:01.508462: | spent 0.00453 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:25:01.508473: | crypto helper 3 resuming Aug 26 18:25:01.508480: | crypto helper 3 starting work-order 6 for state #5 Aug 26 18:25:01.508484: | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 6 Aug 26 18:25:01.509503: | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 6 time elapsed 0.001018 seconds Aug 26 18:25:01.509517: | (#5) spent 1.03 milliseconds in crypto helper computing work-order 6: ikev2_outI1 KE (pcr) Aug 26 18:25:01.509520: | crypto helper 3 sending results from work-order 6 for state #5 to event queue Aug 26 18:25:01.509524: | scheduling resume sending helper answer for #5 Aug 26 18:25:01.509527: | libevent_malloc: new ptr-libevent@0x7f9730002888 size 128 Aug 26 18:25:01.509536: | crypto helper 3 waiting (nothing to do) Aug 26 18:25:01.509547: | processing resume sending helper answer for #5 Aug 26 18:25:01.509560: | start processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:25:01.509566: | crypto helper 3 replies to request ID 6 Aug 26 18:25:01.509569: | calling continuation function 0x563b6df78b50 Aug 26 18:25:01.509572: | ikev2_parent_outI1_continue for #5 Aug 26 18:25:01.509598: | **emit ISAKMP Message: Aug 26 18:25:01.509601: | initiator cookie: Aug 26 18:25:01.509604: | 47 e7 eb a1 99 df 6b c8 Aug 26 18:25:01.509606: | responder cookie: Aug 26 18:25:01.509609: | 00 00 00 00 00 00 00 00 Aug 26 18:25:01.509612: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:25:01.509615: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:25:01.509618: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:25:01.509622: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:25:01.509625: | Message ID: 0 (0x0) Aug 26 18:25:01.509628: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:25:01.509645: | using existing local IKE proposals for connection northnet-eastnet/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:25:01.509648: | Emitting ikev2_proposals ... Aug 26 18:25:01.509651: | ***emit IKEv2 Security Association Payload: Aug 26 18:25:01.509654: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:25:01.509656: | flags: none (0x0) Aug 26 18:25:01.509660: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:25:01.509663: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:25:01.509666: | discarding INTEG=NONE Aug 26 18:25:01.509669: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:25:01.509672: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:25:01.509674: | prop #: 1 (0x1) Aug 26 18:25:01.509677: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:25:01.509680: | spi size: 0 (0x0) Aug 26 18:25:01.509682: | # transforms: 11 (0xb) Aug 26 18:25:01.509685: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:25:01.509692: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.509695: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509697: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:25:01.509700: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:25:01.509703: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.509706: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:25:01.509709: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:25:01.509712: | length/value: 256 (0x100) Aug 26 18:25:01.509715: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:25:01.509718: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.509721: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509723: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:25:01.509726: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:25:01.509729: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509732: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.509735: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.509738: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.509740: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509743: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:25:01.509746: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:25:01.509749: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509752: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.509754: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.509757: | discarding INTEG=NONE Aug 26 18:25:01.509759: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.509762: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509765: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.509767: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:25:01.509770: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509773: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.509776: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.509778: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.509781: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509784: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.509786: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:25:01.509789: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509792: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.509795: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.509798: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.509800: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509803: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.509806: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:25:01.509809: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509813: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.509816: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.509818: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.509821: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509824: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.509826: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:25:01.509829: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509832: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.509835: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.509838: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.509840: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509843: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.509846: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:25:01.509849: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509852: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.509854: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.509857: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.509860: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509862: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.509865: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:25:01.509868: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509871: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.509874: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.509876: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.509879: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509882: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.509884: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:25:01.509887: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509890: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.509893: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.509896: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.509898: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:25:01.509901: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.509903: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:25:01.509907: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509910: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.509912: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.509915: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:25:01.509918: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:25:01.509920: | discarding INTEG=NONE Aug 26 18:25:01.509924: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:25:01.509927: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:25:01.509930: | prop #: 2 (0x2) Aug 26 18:25:01.509932: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:25:01.509935: | spi size: 0 (0x0) Aug 26 18:25:01.509937: | # transforms: 11 (0xb) Aug 26 18:25:01.509940: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:25:01.509943: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:25:01.509946: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.509949: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509951: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:25:01.509954: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:25:01.509957: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.509960: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:25:01.509963: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:25:01.509965: | length/value: 128 (0x80) Aug 26 18:25:01.509968: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:25:01.509971: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.509973: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509976: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:25:01.509979: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:25:01.509982: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509985: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.509987: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.509990: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.509993: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.509995: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:25:01.509998: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:25:01.510001: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510004: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510007: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510009: | discarding INTEG=NONE Aug 26 18:25:01.510011: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510014: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510017: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510019: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:25:01.510023: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510025: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510028: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510031: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510033: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510036: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510039: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:25:01.510042: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510045: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510049: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510051: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510054: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510057: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510060: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:25:01.510063: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510066: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510069: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510071: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510074: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510076: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510079: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:25:01.510082: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510085: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510088: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510091: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510093: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510096: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510099: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:25:01.510102: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510105: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510107: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510110: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510113: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510115: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510118: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:25:01.510121: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510124: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510127: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510129: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510132: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510134: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510137: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:25:01.510140: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510143: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510146: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510149: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510151: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:25:01.510154: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510157: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:25:01.510161: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510164: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510167: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510170: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:25:01.510173: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:25:01.510176: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:25:01.510178: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:25:01.510181: | prop #: 3 (0x3) Aug 26 18:25:01.510183: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:25:01.510186: | spi size: 0 (0x0) Aug 26 18:25:01.510188: | # transforms: 13 (0xd) Aug 26 18:25:01.510191: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:25:01.510194: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:25:01.510197: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510200: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510202: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:25:01.510205: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:25:01.510208: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510211: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:25:01.510213: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:25:01.510216: | length/value: 256 (0x100) Aug 26 18:25:01.510219: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:25:01.510221: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510224: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510226: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:25:01.510229: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:25:01.510232: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510235: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510238: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510240: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510243: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510246: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:25:01.510248: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:25:01.510251: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510254: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510257: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510260: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510262: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510265: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:25:01.510268: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:25:01.510271: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510274: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510278: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510280: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510283: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510286: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:25:01.510307: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:25:01.510314: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510317: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510320: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510335: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510338: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510340: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510343: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:25:01.510346: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510349: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510351: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510354: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510356: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510359: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510361: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:25:01.510365: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510367: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510370: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510373: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510375: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510378: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510380: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:25:01.510383: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510386: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510389: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510391: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510406: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510409: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510412: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:25:01.510415: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510418: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510421: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510423: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510426: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510428: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510431: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:25:01.510434: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510439: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510442: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510444: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510447: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510450: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510452: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:25:01.510455: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510458: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510461: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510464: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510466: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510469: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510472: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:25:01.510475: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510478: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510480: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510483: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510485: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:25:01.510488: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510491: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:25:01.510494: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510497: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510499: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510502: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:25:01.510505: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:25:01.510507: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:25:01.510510: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:25:01.510513: | prop #: 4 (0x4) Aug 26 18:25:01.510515: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:25:01.510518: | spi size: 0 (0x0) Aug 26 18:25:01.510520: | # transforms: 13 (0xd) Aug 26 18:25:01.510523: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:25:01.510526: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:25:01.510529: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510531: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510534: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:25:01.510537: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:25:01.510540: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510542: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:25:01.510545: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:25:01.510548: | length/value: 128 (0x80) Aug 26 18:25:01.510550: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:25:01.510552: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510557: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510560: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:25:01.510562: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:25:01.510565: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510568: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510571: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510574: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510576: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510579: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:25:01.510581: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:25:01.510584: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510587: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510590: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510593: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510595: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510598: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:25:01.510601: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:25:01.510604: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510607: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510610: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510612: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510615: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510618: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:25:01.510620: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:25:01.510623: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510626: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510629: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510632: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510634: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510637: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510639: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:25:01.510643: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510646: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510648: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510651: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510654: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510656: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510659: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:25:01.510662: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510665: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510669: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510672: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510675: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510677: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510680: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:25:01.510683: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510686: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510689: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510692: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510694: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510697: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510699: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:25:01.510703: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510706: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510708: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510711: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510714: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510716: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510719: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:25:01.510722: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510725: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510728: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510730: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510733: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510736: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510738: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:25:01.510741: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510744: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510747: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510750: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510752: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510755: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510758: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:25:01.510761: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510764: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510766: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510769: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:25:01.510771: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:25:01.510774: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:25:01.510777: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:25:01.510780: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:25:01.510784: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:25:01.510787: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:25:01.510790: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:25:01.510792: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:25:01.510795: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:25:01.510798: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:25:01.510802: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:25:01.510804: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:25:01.510807: | flags: none (0x0) Aug 26 18:25:01.510810: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:25:01.510814: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:25:01.510817: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:25:01.510821: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:25:01.510824: | ikev2 g^x 7d 77 05 75 0b a6 5f 0a 26 2f af 96 8d 56 41 5c Aug 26 18:25:01.510827: | ikev2 g^x fe 21 ec 9f 3d be 53 a3 eb df 83 95 98 8a 04 3e Aug 26 18:25:01.510829: | ikev2 g^x e9 a5 bb a4 7b 51 f4 06 c0 85 1f bd 3e bb 12 15 Aug 26 18:25:01.510832: | ikev2 g^x 6e 20 e2 c9 f1 44 a4 79 d7 ff 38 9a b8 c8 d3 cf Aug 26 18:25:01.510834: | ikev2 g^x cd 11 7e 30 8e 72 35 8f b0 91 ea 18 6a d5 3d 64 Aug 26 18:25:01.510837: | ikev2 g^x c1 f1 aa d0 a6 46 14 d1 bb bd dd c0 49 5b b5 59 Aug 26 18:25:01.510839: | ikev2 g^x 30 7a c7 f2 fa 7e fc 64 68 9a 03 89 85 68 a1 d6 Aug 26 18:25:01.510842: | ikev2 g^x 3d f1 34 16 9d 2a 27 5c e4 97 39 c2 7a 19 8e 1c Aug 26 18:25:01.510844: | ikev2 g^x 9f 7f 01 fc a9 34 f7 20 7b e7 18 b3 5c a5 fe f3 Aug 26 18:25:01.510847: | ikev2 g^x 2c 56 e1 ba 20 e1 a5 fd b0 02 7d 6e 9a c7 4c 91 Aug 26 18:25:01.510850: | ikev2 g^x f7 4c 3b c8 f2 89 b9 81 9d 97 bc 09 d9 ff 6d 4f Aug 26 18:25:01.510852: | ikev2 g^x b4 02 6c b6 16 80 ce 25 21 5c a9 7f c2 f5 eb 3a Aug 26 18:25:01.510855: | ikev2 g^x 7c b6 50 a3 a9 fb b5 5e 48 19 57 ef 96 79 b2 c0 Aug 26 18:25:01.510857: | ikev2 g^x c8 9e a5 29 01 3e 30 60 14 00 c9 57 b7 1d 1a 46 Aug 26 18:25:01.510860: | ikev2 g^x 97 61 44 97 4c ed b7 b2 7f 2a 13 e3 36 b8 0b da Aug 26 18:25:01.510863: | ikev2 g^x 47 07 2d 16 02 0e 63 a3 67 8a 84 f5 3f 94 50 fb Aug 26 18:25:01.510866: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:25:01.510868: | ***emit IKEv2 Nonce Payload: Aug 26 18:25:01.510871: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:25:01.510873: | flags: none (0x0) Aug 26 18:25:01.510877: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:25:01.510880: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:25:01.510883: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:25:01.510886: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:25:01.510888: | IKEv2 nonce 23 1a 50 4a e2 02 85 db c8 df 62 99 2c 4c ef ae Aug 26 18:25:01.510891: | IKEv2 nonce 05 fb 1e 2d 58 e9 30 9d bd 5c 8f 38 32 14 25 3a Aug 26 18:25:01.510894: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:25:01.510897: | Adding a v2N Payload Aug 26 18:25:01.510899: | ***emit IKEv2 Notify Payload: Aug 26 18:25:01.510902: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:25:01.510904: | flags: none (0x0) Aug 26 18:25:01.510909: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:25:01.510911: | SPI size: 0 (0x0) Aug 26 18:25:01.510914: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:25:01.510918: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:25:01.510920: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:25:01.510923: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:25:01.510927: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:25:01.510930: | natd_hash: rcookie is zero Aug 26 18:25:01.510950: | natd_hash: hasher=0x563b6e04d800(20) Aug 26 18:25:01.510952: | natd_hash: icookie= 47 e7 eb a1 99 df 6b c8 Aug 26 18:25:01.510955: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:25:01.510958: | natd_hash: ip= c0 01 03 21 Aug 26 18:25:01.510960: | natd_hash: port=500 Aug 26 18:25:01.510963: | natd_hash: hash= be af d9 7d 86 21 f0 45 16 21 98 32 23 5a 4e 12 Aug 26 18:25:01.510965: | natd_hash: hash= 9f 8a 1b 2d Aug 26 18:25:01.510968: | Adding a v2N Payload Aug 26 18:25:01.510970: | ***emit IKEv2 Notify Payload: Aug 26 18:25:01.510973: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:25:01.510975: | flags: none (0x0) Aug 26 18:25:01.510978: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:25:01.510980: | SPI size: 0 (0x0) Aug 26 18:25:01.510983: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:25:01.510987: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:25:01.510989: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:25:01.510993: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:25:01.510995: | Notify data be af d9 7d 86 21 f0 45 16 21 98 32 23 5a 4e 12 Aug 26 18:25:01.510998: | Notify data 9f 8a 1b 2d Aug 26 18:25:01.511001: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:25:01.511003: | natd_hash: rcookie is zero Aug 26 18:25:01.511009: | natd_hash: hasher=0x563b6e04d800(20) Aug 26 18:25:01.511012: | natd_hash: icookie= 47 e7 eb a1 99 df 6b c8 Aug 26 18:25:01.511015: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:25:01.511017: | natd_hash: ip= c0 01 02 17 Aug 26 18:25:01.511019: | natd_hash: port=500 Aug 26 18:25:01.511022: | natd_hash: hash= 9c 9d c7 ce f6 56 21 1d d7 76 7a 6f ee 11 5d 22 Aug 26 18:25:01.511024: | natd_hash: hash= 7a 30 d0 e1 Aug 26 18:25:01.511027: | Adding a v2N Payload Aug 26 18:25:01.511029: | ***emit IKEv2 Notify Payload: Aug 26 18:25:01.511032: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:25:01.511035: | flags: none (0x0) Aug 26 18:25:01.511037: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:25:01.511040: | SPI size: 0 (0x0) Aug 26 18:25:01.511042: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:25:01.511046: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:25:01.511048: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:25:01.511052: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:25:01.511054: | Notify data 9c 9d c7 ce f6 56 21 1d d7 76 7a 6f ee 11 5d 22 Aug 26 18:25:01.511057: | Notify data 7a 30 d0 e1 Aug 26 18:25:01.511059: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:25:01.511062: | emitting length of ISAKMP Message: 828 Aug 26 18:25:01.511070: | stop processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:25:01.511077: | start processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:25:01.511081: | #5 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:25:01.511086: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:25:01.511090: | parent state #5: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:25:01.511093: | Message ID: updating counters for #5 to 4294967295 after switching state Aug 26 18:25:01.511096: | Message ID: IKE #5 skipping update_recv as MD is fake Aug 26 18:25:01.511101: | Message ID: sent #5 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:25:01.511105: "northnet-eastnet/0x2" #5: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:25:01.511110: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:25:01.511121: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Aug 26 18:25:01.511124: | 47 e7 eb a1 99 df 6b c8 00 00 00 00 00 00 00 00 Aug 26 18:25:01.511126: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:25:01.511129: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:25:01.511131: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:25:01.511134: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:25:01.511136: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:25:01.511139: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:25:01.511141: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:25:01.511144: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:25:01.511146: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:25:01.511149: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:25:01.511151: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:25:01.511154: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:25:01.511156: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:25:01.511159: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:25:01.511161: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:25:01.511164: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:25:01.511166: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:25:01.511169: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:25:01.511171: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:25:01.511174: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:25:01.511176: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:25:01.511179: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:25:01.511181: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:25:01.511184: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:25:01.511186: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:25:01.511189: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:25:01.511191: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:25:01.511194: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:25:01.511196: | 28 00 01 08 00 0e 00 00 7d 77 05 75 0b a6 5f 0a Aug 26 18:25:01.511199: | 26 2f af 96 8d 56 41 5c fe 21 ec 9f 3d be 53 a3 Aug 26 18:25:01.511201: | eb df 83 95 98 8a 04 3e e9 a5 bb a4 7b 51 f4 06 Aug 26 18:25:01.511204: | c0 85 1f bd 3e bb 12 15 6e 20 e2 c9 f1 44 a4 79 Aug 26 18:25:01.511206: | d7 ff 38 9a b8 c8 d3 cf cd 11 7e 30 8e 72 35 8f Aug 26 18:25:01.511209: | b0 91 ea 18 6a d5 3d 64 c1 f1 aa d0 a6 46 14 d1 Aug 26 18:25:01.511211: | bb bd dd c0 49 5b b5 59 30 7a c7 f2 fa 7e fc 64 Aug 26 18:25:01.511214: | 68 9a 03 89 85 68 a1 d6 3d f1 34 16 9d 2a 27 5c Aug 26 18:25:01.511216: | e4 97 39 c2 7a 19 8e 1c 9f 7f 01 fc a9 34 f7 20 Aug 26 18:25:01.511219: | 7b e7 18 b3 5c a5 fe f3 2c 56 e1 ba 20 e1 a5 fd Aug 26 18:25:01.511221: | b0 02 7d 6e 9a c7 4c 91 f7 4c 3b c8 f2 89 b9 81 Aug 26 18:25:01.511224: | 9d 97 bc 09 d9 ff 6d 4f b4 02 6c b6 16 80 ce 25 Aug 26 18:25:01.511227: | 21 5c a9 7f c2 f5 eb 3a 7c b6 50 a3 a9 fb b5 5e Aug 26 18:25:01.511230: | 48 19 57 ef 96 79 b2 c0 c8 9e a5 29 01 3e 30 60 Aug 26 18:25:01.511232: | 14 00 c9 57 b7 1d 1a 46 97 61 44 97 4c ed b7 b2 Aug 26 18:25:01.511235: | 7f 2a 13 e3 36 b8 0b da 47 07 2d 16 02 0e 63 a3 Aug 26 18:25:01.511238: | 67 8a 84 f5 3f 94 50 fb 29 00 00 24 23 1a 50 4a Aug 26 18:25:01.511240: | e2 02 85 db c8 df 62 99 2c 4c ef ae 05 fb 1e 2d Aug 26 18:25:01.511243: | 58 e9 30 9d bd 5c 8f 38 32 14 25 3a 29 00 00 08 Aug 26 18:25:01.511245: | 00 00 40 2e 29 00 00 1c 00 00 40 04 be af d9 7d Aug 26 18:25:01.511248: | 86 21 f0 45 16 21 98 32 23 5a 4e 12 9f 8a 1b 2d Aug 26 18:25:01.511250: | 00 00 00 1c 00 00 40 05 9c 9d c7 ce f6 56 21 1d Aug 26 18:25:01.511252: | d7 76 7a 6f ee 11 5d 22 7a 30 d0 e1 Aug 26 18:25:01.511307: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:25:01.511316: | libevent_free: release ptr-libevent@0x563b6f93ac58 Aug 26 18:25:01.511319: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563b6f93af28 Aug 26 18:25:01.511323: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:25:01.511326: "northnet-eastnet/0x2" #5: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:25:01.511330: | event_schedule: new EVENT_RETRANSMIT-pe@0x563b6f93af28 Aug 26 18:25:01.511333: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #5 Aug 26 18:25:01.511337: | libevent_malloc: new ptr-libevent@0x563b6f93e878 size 128 Aug 26 18:25:01.511342: | #5 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29187.253796 Aug 26 18:25:01.511347: | resume sending helper answer for #5 suppresed complete_v2_state_transition() and stole MD Aug 26 18:25:01.511355: | #5 spent 1.74 milliseconds in resume sending helper answer Aug 26 18:25:01.511360: | stop processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:25:01.511363: | libevent_free: release ptr-libevent@0x7f9730002888 Aug 26 18:25:01.974482: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:25:01.974512: shutting down Aug 26 18:25:01.974522: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 18:25:01.974527: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:25:01.974529: forgetting secrets Aug 26 18:25:01.974536: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:25:01.974542: | start processing: connection "northnet-eastnet/0x2" (in delete_connection() at connections.c:189) Aug 26 18:25:01.974546: | removing pending policy for no connection {0x563b6f927738} Aug 26 18:25:01.974549: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:25:01.974552: | pass 0 Aug 26 18:25:01.974555: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:25:01.974557: | state #5 Aug 26 18:25:01.974561: | suspend processing: connection "northnet-eastnet/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:25:01.974567: | start processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:25:01.974571: | pstats #5 ikev2.ike deleted other Aug 26 18:25:01.974577: | #5 spent 2.88 milliseconds in total Aug 26 18:25:01.974582: | [RE]START processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:25:01.974586: "northnet-eastnet/0x2" #5: deleting state (STATE_PARENT_I1) aged 0.466s and NOT sending notification Aug 26 18:25:01.974590: | parent state #5: PARENT_I1(half-open IKE SA) => delete Aug 26 18:25:01.974594: | state #5 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:25:01.974597: | #5 STATE_PARENT_I1: retransmits: cleared Aug 26 18:25:01.974605: | libevent_free: release ptr-libevent@0x563b6f93e878 Aug 26 18:25:01.974609: | free_event_entry: release EVENT_RETRANSMIT-pe@0x563b6f93af28 Aug 26 18:25:01.974613: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:25:01.974616: | picked newest_isakmp_sa #0 for #5 Aug 26 18:25:01.974620: "northnet-eastnet/0x2" #5: deleting IKE SA for connection 'northnet-eastnet/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:25:01.974624: | add revival: connection 'northnet-eastnet/0x2' added to the list and scheduled for 5 seconds Aug 26 18:25:01.974627: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 18:25:01.974634: | stop processing: connection "northnet-eastnet/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 18:25:01.974637: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 18:25:01.974640: | in connection_discard for connection northnet-eastnet/0x2 Aug 26 18:25:01.974643: | State DB: deleting IKEv2 state #5 in PARENT_I1 Aug 26 18:25:01.974647: | parent state #5: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 18:25:01.974668: | stop processing: state #5 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:25:01.974673: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:25:01.974676: | pass 1 Aug 26 18:25:01.974679: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:25:01.974683: | shunt_eroute() called for connection 'northnet-eastnet/0x2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:25:01.974687: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:25:01.974690: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Aug 26 18:25:01.974727: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Aug 26 18:25:01.974739: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:25:01.974742: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:25:01.974745: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Aug 26 18:25:01.974749: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:25:01.974752: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Aug 26 18:25:01.974757: | route owner of "northnet-eastnet/0x2" unrouted: "northnet-eastnet/0x1" prospective erouted Aug 26 18:25:01.974761: | flush revival: connection 'northnet-eastnet/0x2' revival flushed Aug 26 18:25:01.974765: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 18:25:01.974778: | start processing: connection "northnet-eastnet/0x1" (in delete_connection() at connections.c:189) Aug 26 18:25:01.974781: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:25:01.974784: | pass 0 Aug 26 18:25:01.974786: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:25:01.974789: | pass 1 Aug 26 18:25:01.974791: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:25:01.974795: | shunt_eroute() called for connection 'northnet-eastnet/0x1' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:25:01.974798: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:25:01.974801: | priority calculation of connection "northnet-eastnet/0x1" is 0xfe7e7 Aug 26 18:25:01.974810: "northnet-eastnet/0x1": ERROR: netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete included errno 2: No such file or directory Aug 26 18:25:01.974814: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:25:01.974817: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:25:01.974820: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Aug 26 18:25:01.974823: | route owner of "northnet-eastnet/0x1" unrouted: NULL Aug 26 18:25:01.974827: | running updown command "ipsec _updown" for verb unroute Aug 26 18:25:01.974830: | command executing unroute-client Aug 26 18:25:01.974862: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH Aug 26 18:25:01.974866: | popen cmd is 1042 chars long Aug 26 18:25:01.974869: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:25:01.974872: | cmd( 80):et/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33': Aug 26 18:25:01.974875: | cmd( 160): PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 18:25:01.974878: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Aug 26 18:25:01.974881: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER: Aug 26 18:25:01.974884: | cmd( 400):_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' P: Aug 26 18:25:01.974887: | cmd( 480):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0: Aug 26 18:25:01.974890: | cmd( 560):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK: Aug 26 18:25:01.974893: | cmd( 640):+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : Aug 26 18:25:01.974895: | cmd( 720):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO: Aug 26 18:25:01.974898: | cmd( 800):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B: Aug 26 18:25:01.974901: | cmd( 880):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I: Aug 26 18:25:01.974904: | cmd( 960):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>: Aug 26 18:25:01.974907: | cmd(1040):&1: Aug 26 18:25:01.992411: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.992433: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.992438: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.992611: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.992650: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.992679: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.992694: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.992720: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.992750: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.992778: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.992806: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.992840: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.992872: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.992908: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.992941: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.992971: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.993007: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.993041: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.993074: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.993107: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.993140: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.993176: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.993210: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.993244: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.993650: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.993682: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:25:01.999918: | free hp@0x563b6f936888 Aug 26 18:25:01.999936: | flush revival: connection 'northnet-eastnet/0x1' wasn't on the list Aug 26 18:25:01.999942: | stop processing: connection "northnet-eastnet/0x1" (in discard_connection() at connections.c:249) Aug 26 18:25:01.999961: | crl fetch request list locked by 'free_crl_fetch' Aug 26 18:25:01.999965: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 18:25:01.999975: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 18:25:01.999979: shutting down interface lo/lo 127.0.0.1:500 Aug 26 18:25:01.999983: shutting down interface eth0/eth0 192.0.3.254:4500 Aug 26 18:25:01.999987: shutting down interface eth0/eth0 192.0.3.254:500 Aug 26 18:25:01.999991: shutting down interface eth1/eth1 192.1.3.33:4500 Aug 26 18:25:01.999994: shutting down interface eth1/eth1 192.1.3.33:500 Aug 26 18:25:01.999999: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 18:25:02.000012: | libevent_free: release ptr-libevent@0x563b6f9282a8 Aug 26 18:25:02.000017: | free_event_entry: release EVENT_NULL-pe@0x563b6f934138 Aug 26 18:25:02.000029: | libevent_free: release ptr-libevent@0x563b6f8c41c8 Aug 26 18:25:02.000033: | free_event_entry: release EVENT_NULL-pe@0x563b6f9341e8 Aug 26 18:25:02.000042: | libevent_free: release ptr-libevent@0x563b6f8c6068 Aug 26 18:25:02.000045: | free_event_entry: release EVENT_NULL-pe@0x563b6f934298 Aug 26 18:25:02.000054: | libevent_free: release ptr-libevent@0x563b6f8c31b8 Aug 26 18:25:02.000057: | free_event_entry: release EVENT_NULL-pe@0x563b6f934348 Aug 26 18:25:02.000064: | libevent_free: release ptr-libevent@0x563b6f8944e8 Aug 26 18:25:02.000067: | free_event_entry: release EVENT_NULL-pe@0x563b6f9343f8 Aug 26 18:25:02.000074: | libevent_free: release ptr-libevent@0x563b6f8941d8 Aug 26 18:25:02.000077: | free_event_entry: release EVENT_NULL-pe@0x563b6f9344a8 Aug 26 18:25:02.000083: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:25:02.000492: | libevent_free: release ptr-libevent@0x563b6f928358 Aug 26 18:25:02.000501: | free_event_entry: release EVENT_NULL-pe@0x563b6f91c098 Aug 26 18:25:02.000507: | libevent_free: release ptr-libevent@0x563b6f8c5f68 Aug 26 18:25:02.000512: | free_event_entry: release EVENT_NULL-pe@0x563b6f91b558 Aug 26 18:25:02.000517: | libevent_free: release ptr-libevent@0x563b6f8ffb08 Aug 26 18:25:02.000519: | free_event_entry: release EVENT_NULL-pe@0x563b6f91c108 Aug 26 18:25:02.000524: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 18:25:02.000527: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 18:25:02.000530: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 18:25:02.000536: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 18:25:02.000538: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 18:25:02.000541: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 18:25:02.000543: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 18:25:02.000546: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 18:25:02.000548: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 18:25:02.000553: | libevent_free: release ptr-libevent@0x563b6f8c73e8 Aug 26 18:25:02.000556: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 18:25:02.000560: | libevent_free: release ptr-libevent@0x563b6f933898 Aug 26 18:25:02.000562: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 18:25:02.000565: | libevent_free: release ptr-libevent@0x563b6f9339a8 Aug 26 18:25:02.000568: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 18:25:02.000571: | libevent_free: release ptr-libevent@0x563b6f933be8 Aug 26 18:25:02.000573: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 18:25:02.000575: | releasing event base Aug 26 18:25:02.000588: | libevent_free: release ptr-libevent@0x563b6f933ab8 Aug 26 18:25:02.000591: | libevent_free: release ptr-libevent@0x563b6f916948 Aug 26 18:25:02.000595: | libevent_free: release ptr-libevent@0x563b6f9168f8 Aug 26 18:25:02.000598: | libevent_free: release ptr-libevent@0x7f97440027d8 Aug 26 18:25:02.000602: | libevent_free: release ptr-libevent@0x563b6f916848 Aug 26 18:25:02.000605: | libevent_free: release ptr-libevent@0x563b6f933668 Aug 26 18:25:02.000608: | libevent_free: release ptr-libevent@0x563b6f933818 Aug 26 18:25:02.000610: | libevent_free: release ptr-libevent@0x563b6f916af8 Aug 26 18:25:02.000613: | libevent_free: release ptr-libevent@0x563b6f91b668 Aug 26 18:25:02.000616: | libevent_free: release ptr-libevent@0x563b6f91c058 Aug 26 18:25:02.000618: | libevent_free: release ptr-libevent@0x563b6f934518 Aug 26 18:25:02.000621: | libevent_free: release ptr-libevent@0x563b6f934468 Aug 26 18:25:02.000623: | libevent_free: release ptr-libevent@0x563b6f9343b8 Aug 26 18:25:02.000626: | libevent_free: release ptr-libevent@0x563b6f934308 Aug 26 18:25:02.000628: | libevent_free: release ptr-libevent@0x563b6f934258 Aug 26 18:25:02.000631: | libevent_free: release ptr-libevent@0x563b6f9341a8 Aug 26 18:25:02.000633: | libevent_free: release ptr-libevent@0x563b6f8c2a08 Aug 26 18:25:02.000636: | libevent_free: release ptr-libevent@0x563b6f933968 Aug 26 18:25:02.000639: | libevent_free: release ptr-libevent@0x563b6f933858 Aug 26 18:25:02.000641: | libevent_free: release ptr-libevent@0x563b6f9337d8 Aug 26 18:25:02.000644: | libevent_free: release ptr-libevent@0x563b6f933a78 Aug 26 18:25:02.000646: | libevent_free: release ptr-libevent@0x563b6f9336a8 Aug 26 18:25:02.000649: | libevent_free: release ptr-libevent@0x563b6f893908 Aug 26 18:25:02.000652: | libevent_free: release ptr-libevent@0x563b6f893d38 Aug 26 18:25:02.000655: | libevent_free: release ptr-libevent@0x563b6f8c2d78 Aug 26 18:25:02.000657: | releasing global libevent data Aug 26 18:25:02.000661: | libevent_free: release ptr-libevent@0x563b6f8c4588 Aug 26 18:25:02.000663: | libevent_free: release ptr-libevent@0x563b6f893cd8 Aug 26 18:25:02.000666: | libevent_free: release ptr-libevent@0x563b6f893dd8 Aug 26 18:25:02.000705: leak detective found no leaks