Aug 26 18:33:53.954646: FIPS Product: YES
Aug 26 18:33:53.954734: FIPS Kernel: NO
Aug 26 18:33:53.954738: FIPS Mode: NO
Aug 26 18:33:53.954740: NSS DB directory: sql:/etc/ipsec.d
Aug 26 18:33:53.954876: Initializing NSS
Aug 26 18:33:53.954884: Opening NSS database "sql:/etc/ipsec.d" read-only
Aug 26 18:33:53.979948: NSS initialized
Aug 26 18:33:53.979962: NSS crypto library initialized
Aug 26 18:33:53.979964: FIPS HMAC integrity support [enabled]
Aug 26 18:33:53.979966: FIPS mode disabled for pluto daemon
Aug 26 18:33:54.004974: FIPS HMAC integrity verification self-test FAILED
Aug 26 18:33:54.005281: libcap-ng support [enabled]
Aug 26 18:33:54.005292: Linux audit support [enabled]
Aug 26 18:33:54.005357: Linux audit activated
Aug 26 18:33:54.005363: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:26804
Aug 26 18:33:54.005365: core dump dir: /tmp
Aug 26 18:33:54.005367: secrets file: /etc/ipsec.secrets
Aug 26 18:33:54.005368: leak-detective enabled
Aug 26 18:33:54.005369: NSS crypto [enabled]
Aug 26 18:33:54.005371: XAUTH PAM support [enabled]
Aug 26 18:33:54.005426: | libevent is using pluto's memory allocator
Aug 26 18:33:54.005431: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Aug 26 18:33:54.005442: | libevent_malloc: new ptr-libevent@0x55f135676348 size 40
Aug 26 18:33:54.005445: | libevent_malloc: new ptr-libevent@0x55f135654cd8 size 40
Aug 26 18:33:54.005447: | libevent_malloc: new ptr-libevent@0x55f135654dd8 size 40
Aug 26 18:33:54.005449: | creating event base
Aug 26 18:33:54.005451: | libevent_malloc: new ptr-libevent@0x55f1356d9658 size 56
Aug 26 18:33:54.005454: | libevent_malloc: new ptr-libevent@0x55f13567d698 size 664
Aug 26 18:33:54.005465: | libevent_malloc: new ptr-libevent@0x55f1356d96c8 size 24
Aug 26 18:33:54.005467: | libevent_malloc: new ptr-libevent@0x55f1356d9718 size 384
Aug 26 18:33:54.005475: | libevent_malloc: new ptr-libevent@0x55f1356d9618 size 16
Aug 26 18:33:54.005476: | libevent_malloc: new ptr-libevent@0x55f135654908 size 40
Aug 26 18:33:54.005478: | libevent_malloc: new ptr-libevent@0x55f135654d38 size 48
Aug 26 18:33:54.005482: | libevent_realloc: new ptr-libevent@0x55f13567d328 size 256
Aug 26 18:33:54.005484: | libevent_malloc: new ptr-libevent@0x55f1356d98c8 size 16
Aug 26 18:33:54.005488: | libevent_free: release ptr-libevent@0x55f1356d9658
Aug 26 18:33:54.005491: | libevent initialized
Aug 26 18:33:54.005494: | libevent_realloc: new ptr-libevent@0x55f1356d9658 size 64
Aug 26 18:33:54.005498: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds
Aug 26 18:33:54.005508: | init_nat_traversal() initialized with keep_alive=0s
Aug 26 18:33:54.005510: NAT-Traversal support  [enabled]
Aug 26 18:33:54.005512: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
Aug 26 18:33:54.005516: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized
Aug 26 18:33:54.005518: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
Aug 26 18:33:54.005547: | global one-shot timer EVENT_REVIVE_CONNS initialized
Aug 26 18:33:54.005549: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
Aug 26 18:33:54.005552: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds
Aug 26 18:33:54.005585: Encryption algorithms:
Aug 26 18:33:54.005589:   AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
Aug 26 18:33:54.005592:   AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
Aug 26 18:33:54.005595:   AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
Aug 26 18:33:54.005597:   3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
Aug 26 18:33:54.005599:   CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
Aug 26 18:33:54.005606:   CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
Aug 26 18:33:54.005609:   AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
Aug 26 18:33:54.005611:   AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
Aug 26 18:33:54.005613:   AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
Aug 26 18:33:54.005616:   AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
Aug 26 18:33:54.005618:   AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
Aug 26 18:33:54.005620:   SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
Aug 26 18:33:54.005623:   TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
Aug 26 18:33:54.005625:   TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
Aug 26 18:33:54.005627:   NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_gmac
Aug 26 18:33:54.005629:   NULL                    IKEv1:     ESP     IKEv2:     ESP           []
Aug 26 18:33:54.005631:   CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
Aug 26 18:33:54.005636: Hash algorithms:
Aug 26 18:33:54.005638:   MD5                     IKEv1: IKE         IKEv2:                 
Aug 26 18:33:54.005640:   SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
Aug 26 18:33:54.005642:   SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
Aug 26 18:33:54.005644:   SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
Aug 26 18:33:54.005646:   SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
Aug 26 18:33:54.005657: PRF algorithms:
Aug 26 18:33:54.005659:   HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
Aug 26 18:33:54.005661:   HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
Aug 26 18:33:54.005663:   HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
Aug 26 18:33:54.005665:   HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
Aug 26 18:33:54.005667:   HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
Aug 26 18:33:54.005669:   AES_XCBC                IKEv1:             IKEv2: IKE               aes128_xcbc
Aug 26 18:33:54.005685: Integrity algorithms:
Aug 26 18:33:54.005688:   HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
Aug 26 18:33:54.005690:   HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
Aug 26 18:33:54.005693:   HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, sha2_512_256, hmac_sha2_512
Aug 26 18:33:54.005695:   HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, sha2_384_192, hmac_sha2_384
Aug 26 18:33:54.005698:   HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Aug 26 18:33:54.005699:   HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH      
Aug 26 18:33:54.005702:   AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH        aes_xcbc, aes128_xcbc, aes128_xcbc_96
Aug 26 18:33:54.005704:   AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
Aug 26 18:33:54.005706:   NONE                    IKEv1:     ESP     IKEv2: IKE ESP     FIPS  null
Aug 26 18:33:54.005713: DH algorithms:
Aug 26 18:33:54.005716:   NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
Aug 26 18:33:54.005718:   MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
Aug 26 18:33:54.005719:   MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
Aug 26 18:33:54.005723:   MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
Aug 26 18:33:54.005725:   MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
Aug 26 18:33:54.005727:   MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
Aug 26 18:33:54.005729:   MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
Aug 26 18:33:54.005731:   DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256, ecp256
Aug 26 18:33:54.005741:   DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384, ecp384
Aug 26 18:33:54.005743:   DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521, ecp521
Aug 26 18:33:54.005745:   DH31                    IKEv1: IKE         IKEv2: IKE ESP AH        curve25519
Aug 26 18:33:54.005746: testing CAMELLIA_CBC:
Aug 26 18:33:54.005749:   Camellia: 16 bytes with 128-bit key
Aug 26 18:33:54.005838:   Camellia: 16 bytes with 128-bit key
Aug 26 18:33:54.005857:   Camellia: 16 bytes with 256-bit key
Aug 26 18:33:54.005875:   Camellia: 16 bytes with 256-bit key
Aug 26 18:33:54.005893: testing AES_GCM_16:
Aug 26 18:33:54.005895:   empty string
Aug 26 18:33:54.005915:   one block
Aug 26 18:33:54.005931:   two blocks
Aug 26 18:33:54.005947:   two blocks with associated data
Aug 26 18:33:54.005963: testing AES_CTR:
Aug 26 18:33:54.005965:   Encrypting 16 octets using AES-CTR with 128-bit key
Aug 26 18:33:54.005981:   Encrypting 32 octets using AES-CTR with 128-bit key
Aug 26 18:33:54.005998:   Encrypting 36 octets using AES-CTR with 128-bit key
Aug 26 18:33:54.006015:   Encrypting 16 octets using AES-CTR with 192-bit key
Aug 26 18:33:54.006031:   Encrypting 32 octets using AES-CTR with 192-bit key
Aug 26 18:33:54.006054:   Encrypting 36 octets using AES-CTR with 192-bit key
Aug 26 18:33:54.006079:   Encrypting 16 octets using AES-CTR with 256-bit key
Aug 26 18:33:54.006106:   Encrypting 32 octets using AES-CTR with 256-bit key
Aug 26 18:33:54.006131:   Encrypting 36 octets using AES-CTR with 256-bit key
Aug 26 18:33:54.006158: testing AES_CBC:
Aug 26 18:33:54.006161:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Aug 26 18:33:54.006201:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Aug 26 18:33:54.006229:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Aug 26 18:33:54.006257:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Aug 26 18:33:54.006283: testing AES_XCBC:
Aug 26 18:33:54.006286:   RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input
Aug 26 18:33:54.006383:   RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input
Aug 26 18:33:54.006465:   RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input
Aug 26 18:33:54.006555:   RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input
Aug 26 18:33:54.006710:   RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input
Aug 26 18:33:54.006786:   RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input
Aug 26 18:33:54.006861:   RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input
Aug 26 18:33:54.007029:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Aug 26 18:33:54.007105:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Aug 26 18:33:54.007186:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Aug 26 18:33:54.007362: testing HMAC_MD5:
Aug 26 18:33:54.007366:   RFC 2104: MD5_HMAC test 1
Aug 26 18:33:54.007472:   RFC 2104: MD5_HMAC test 2
Aug 26 18:33:54.007563:   RFC 2104: MD5_HMAC test 3
Aug 26 18:33:54.007688: 8 CPU cores online
Aug 26 18:33:54.007692: starting up 7 crypto helpers
Aug 26 18:33:54.007731: started thread for crypto helper 0
Aug 26 18:33:54.007764: started thread for crypto helper 1
Aug 26 18:33:54.007770: | starting up helper thread 1
Aug 26 18:33:54.007783: | status value returned by setting the priority of this thread (crypto helper 1) 22
Aug 26 18:33:54.007785: started thread for crypto helper 2
Aug 26 18:33:54.007788: | crypto helper 1 waiting (nothing to do)
Aug 26 18:33:54.007818: started thread for crypto helper 3
Aug 26 18:33:54.007821: | starting up helper thread 3
Aug 26 18:33:54.007832: | starting up helper thread 0
Aug 26 18:33:54.007842: | status value returned by setting the priority of this thread (crypto helper 3) 22
Aug 26 18:33:54.007853: | status value returned by setting the priority of this thread (crypto helper 0) 22
Aug 26 18:33:54.007859: | crypto helper 3 waiting (nothing to do)
Aug 26 18:33:54.007872: | crypto helper 0 waiting (nothing to do)
Aug 26 18:33:54.007874: started thread for crypto helper 4
Aug 26 18:33:54.007876: | starting up helper thread 2
Aug 26 18:33:54.007890: | status value returned by setting the priority of this thread (crypto helper 2) 22
Aug 26 18:33:54.007892: | crypto helper 2 waiting (nothing to do)
Aug 26 18:33:54.007906: started thread for crypto helper 5
Aug 26 18:33:54.007943: started thread for crypto helper 6
Aug 26 18:33:54.007961: | checking IKEv1 state table
Aug 26 18:33:54.007970: |   MAIN_R0: category: half-open IKE SA flags: 0:
Aug 26 18:33:54.007974: |     -> MAIN_R1 EVENT_SO_DISCARD
Aug 26 18:33:54.007978: |   MAIN_I1: category: half-open IKE SA flags: 0:
Aug 26 18:33:54.007993: |     -> MAIN_I2 EVENT_RETRANSMIT
Aug 26 18:33:54.007997: |   MAIN_R1: category: open IKE SA flags: 200:
Aug 26 18:33:54.008000: |     -> MAIN_R2 EVENT_RETRANSMIT
Aug 26 18:33:54.008002: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 18:33:54.008004: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 18:33:54.008007: |   MAIN_I2: category: open IKE SA flags: 0:
Aug 26 18:33:54.008010: |     -> MAIN_I3 EVENT_RETRANSMIT
Aug 26 18:33:54.008012: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 18:33:54.008015: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 18:33:54.008017: |   MAIN_R2: category: open IKE SA flags: 0:
Aug 26 18:33:54.008020: |     -> MAIN_R3 EVENT_SA_REPLACE
Aug 26 18:33:54.008022: |     -> MAIN_R3 EVENT_SA_REPLACE
Aug 26 18:33:54.008025: |     -> UNDEFINED EVENT_SA_REPLACE
Aug 26 18:33:54.008027: |   MAIN_I3: category: open IKE SA flags: 0:
Aug 26 18:33:54.008030: |     -> MAIN_I4 EVENT_SA_REPLACE
Aug 26 18:33:54.008032: |     -> MAIN_I4 EVENT_SA_REPLACE
Aug 26 18:33:54.008035: |     -> UNDEFINED EVENT_SA_REPLACE
Aug 26 18:33:54.008038: |   MAIN_R3: category: established IKE SA flags: 200:
Aug 26 18:33:54.008040: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:54.008043: |   MAIN_I4: category: established IKE SA flags: 0:
Aug 26 18:33:54.008045: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:54.008048: |   AGGR_R0: category: half-open IKE SA flags: 0:
Aug 26 18:33:54.008050: |     -> AGGR_R1 EVENT_SO_DISCARD
Aug 26 18:33:54.008053: |   AGGR_I1: category: half-open IKE SA flags: 0:
Aug 26 18:33:54.008055: |     -> AGGR_I2 EVENT_SA_REPLACE
Aug 26 18:33:54.008058: |     -> AGGR_I2 EVENT_SA_REPLACE
Aug 26 18:33:54.008061: |   AGGR_R1: category: open IKE SA flags: 200:
Aug 26 18:33:54.008076: |     -> AGGR_R2 EVENT_SA_REPLACE
Aug 26 18:33:54.008078: |     -> AGGR_R2 EVENT_SA_REPLACE
Aug 26 18:33:54.008081: |   AGGR_I2: category: established IKE SA flags: 200:
Aug 26 18:33:54.008084: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:54.008087: |   AGGR_R2: category: established IKE SA flags: 0:
Aug 26 18:33:54.008090: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:54.008093: |   QUICK_R0: category: established CHILD SA flags: 0:
Aug 26 18:33:54.008096: |     -> QUICK_R1 EVENT_RETRANSMIT
Aug 26 18:33:54.008099: |   QUICK_I1: category: established CHILD SA flags: 0:
Aug 26 18:33:54.008102: |     -> QUICK_I2 EVENT_SA_REPLACE
Aug 26 18:33:54.008105: |   QUICK_R1: category: established CHILD SA flags: 0:
Aug 26 18:33:54.008108: |     -> QUICK_R2 EVENT_SA_REPLACE
Aug 26 18:33:54.008111: |   QUICK_I2: category: established CHILD SA flags: 200:
Aug 26 18:33:54.008113: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:54.008116: |   QUICK_R2: category: established CHILD SA flags: 0:
Aug 26 18:33:54.008118: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:54.008121: |   INFO: category: informational flags: 0:
Aug 26 18:33:54.008123: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:54.008127: |   INFO_PROTECTED: category: informational flags: 0:
Aug 26 18:33:54.008129: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:54.008131: |   XAUTH_R0: category: established IKE SA flags: 0:
Aug 26 18:33:54.008132: |     -> XAUTH_R1 EVENT_NULL
Aug 26 18:33:54.008134: |   XAUTH_R1: category: established IKE SA flags: 0:
Aug 26 18:33:54.008136: |     -> MAIN_R3 EVENT_SA_REPLACE
Aug 26 18:33:54.008138: |   MODE_CFG_R0: category: informational flags: 0:
Aug 26 18:33:54.008139: |     -> MODE_CFG_R1 EVENT_SA_REPLACE
Aug 26 18:33:54.008141: |   MODE_CFG_R1: category: established IKE SA flags: 0:
Aug 26 18:33:54.008143: |     -> MODE_CFG_R2 EVENT_SA_REPLACE
Aug 26 18:33:54.008145: |   MODE_CFG_R2: category: established IKE SA flags: 0:
Aug 26 18:33:54.008146: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:54.008148: |   MODE_CFG_I1: category: established IKE SA flags: 0:
Aug 26 18:33:54.008149: |     -> MAIN_I4 EVENT_SA_REPLACE
Aug 26 18:33:54.008151: |   XAUTH_I0: category: established IKE SA flags: 0:
Aug 26 18:33:54.008153: |     -> XAUTH_I1 EVENT_RETRANSMIT
Aug 26 18:33:54.008155: |   XAUTH_I1: category: established IKE SA flags: 0:
Aug 26 18:33:54.008156: |     -> MAIN_I4 EVENT_RETRANSMIT
Aug 26 18:33:54.008162: | checking IKEv2 state table
Aug 26 18:33:54.008166: |   PARENT_I0: category: ignore flags: 0:
Aug 26 18:33:54.008168: |     -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT)
Aug 26 18:33:54.008170: |   PARENT_I1: category: half-open IKE SA flags: 0:
Aug 26 18:33:54.008172: |     -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification)
Aug 26 18:33:54.008174: |     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH)
Aug 26 18:33:54.008176: |   PARENT_I2: category: open IKE SA flags: 0:
Aug 26 18:33:54.008178: |     -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification)
Aug 26 18:33:54.008180: |     -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification)
Aug 26 18:33:54.008182: |     -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification)
Aug 26 18:33:54.008183: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response)
Aug 26 18:33:54.008186: |     -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification)
Aug 26 18:33:54.008188: |   PARENT_I3: category: established IKE SA flags: 0:
Aug 26 18:33:54.008191: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Request)
Aug 26 18:33:54.008194: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Response)
Aug 26 18:33:54.008197: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request)
Aug 26 18:33:54.008199: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response)
Aug 26 18:33:54.008202: |   PARENT_R0: category: half-open IKE SA flags: 0:
Aug 26 18:33:54.008205: |     -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT)
Aug 26 18:33:54.008208: |   PARENT_R1: category: half-open IKE SA flags: 0:
Aug 26 18:33:54.008211: | starting up helper thread 6
Aug 26 18:33:54.008211: |     -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED))
Aug 26 18:33:54.008230: | status value returned by setting the priority of this thread (crypto helper 6) 22
Aug 26 18:33:54.008240: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request)
Aug 26 18:33:54.008245: | crypto helper 6 waiting (nothing to do)
Aug 26 18:33:54.008251: |   PARENT_R2: category: established IKE SA flags: 0:
Aug 26 18:33:54.008259: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request)
Aug 26 18:33:54.008262: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response)
Aug 26 18:33:54.008265: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request)
Aug 26 18:33:54.008268: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response)
Aug 26 18:33:54.008271: |   V2_CREATE_I0: category: established IKE SA flags: 0:
Aug 26 18:33:54.008274: |     -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA)
Aug 26 18:33:54.008280: |   V2_CREATE_I: category: established IKE SA flags: 0:
Aug 26 18:33:54.008283: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response)
Aug 26 18:33:54.008286: |   V2_REKEY_IKE_I0: category: established IKE SA flags: 0:
Aug 26 18:33:54.008299: |     -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey)
Aug 26 18:33:54.008304: |   V2_REKEY_IKE_I: category: established IKE SA flags: 0:
Aug 26 18:33:54.008300: | starting up helper thread 4
Aug 26 18:33:54.008309: |     -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response)
Aug 26 18:33:54.008316: | status value returned by setting the priority of this thread (crypto helper 4) 22
Aug 26 18:33:54.008326: | crypto helper 4 waiting (nothing to do)
Aug 26 18:33:54.008322: |   V2_REKEY_CHILD_I0: category: established IKE SA flags: 0:
Aug 26 18:33:54.008335: |     -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA)
Aug 26 18:33:54.008339: |   V2_REKEY_CHILD_I: category: established IKE SA flags: 0: <none>
Aug 26 18:33:54.008343: |   V2_CREATE_R: category: established IKE SA flags: 0:
Aug 26 18:33:54.008346: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request)
Aug 26 18:33:54.008349: |   V2_REKEY_IKE_R: category: established IKE SA flags: 0:
Aug 26 18:33:54.008352: |     -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey)
Aug 26 18:33:54.008356: |   V2_REKEY_CHILD_R: category: established IKE SA flags: 0: <none>
Aug 26 18:33:54.008359: |   V2_IPSEC_I: category: established CHILD SA flags: 0: <none>
Aug 26 18:33:54.008362: |   V2_IPSEC_R: category: established CHILD SA flags: 0: <none>
Aug 26 18:33:54.008365: |   IKESA_DEL: category: established IKE SA flags: 0:
Aug 26 18:33:54.008368: |     -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
Aug 26 18:33:54.008371: |   CHILDSA_DEL: category: informational flags: 0: <none>
Aug 26 18:33:54.008542: | starting up helper thread 5
Aug 26 18:33:54.008552: | status value returned by setting the priority of this thread (crypto helper 5) 22
Aug 26 18:33:54.008555: | crypto helper 5 waiting (nothing to do)
Aug 26 18:33:54.008692: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64
Aug 26 18:33:54.008979: | Hard-wiring algorithms
Aug 26 18:33:54.008982: | adding AES_CCM_16 to kernel algorithm db
Aug 26 18:33:54.008986: | adding AES_CCM_12 to kernel algorithm db
Aug 26 18:33:54.008987: | adding AES_CCM_8 to kernel algorithm db
Aug 26 18:33:54.008989: | adding 3DES_CBC to kernel algorithm db
Aug 26 18:33:54.008991: | adding CAMELLIA_CBC to kernel algorithm db
Aug 26 18:33:54.008993: | adding AES_GCM_16 to kernel algorithm db
Aug 26 18:33:54.008994: | adding AES_GCM_12 to kernel algorithm db
Aug 26 18:33:54.008996: | adding AES_GCM_8 to kernel algorithm db
Aug 26 18:33:54.008998: | adding AES_CTR to kernel algorithm db
Aug 26 18:33:54.008999: | adding AES_CBC to kernel algorithm db
Aug 26 18:33:54.009001: | adding SERPENT_CBC to kernel algorithm db
Aug 26 18:33:54.009003: | adding TWOFISH_CBC to kernel algorithm db
Aug 26 18:33:54.009005: | adding NULL_AUTH_AES_GMAC to kernel algorithm db
Aug 26 18:33:54.009007: | adding NULL to kernel algorithm db
Aug 26 18:33:54.009009: | adding CHACHA20_POLY1305 to kernel algorithm db
Aug 26 18:33:54.009011: | adding HMAC_MD5_96 to kernel algorithm db
Aug 26 18:33:54.009012: | adding HMAC_SHA1_96 to kernel algorithm db
Aug 26 18:33:54.009014: | adding HMAC_SHA2_512_256 to kernel algorithm db
Aug 26 18:33:54.009016: | adding HMAC_SHA2_384_192 to kernel algorithm db
Aug 26 18:33:54.009018: | adding HMAC_SHA2_256_128 to kernel algorithm db
Aug 26 18:33:54.009019: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
Aug 26 18:33:54.009021: | adding AES_XCBC_96 to kernel algorithm db
Aug 26 18:33:54.009023: | adding AES_CMAC_96 to kernel algorithm db
Aug 26 18:33:54.009025: | adding NONE to kernel algorithm db
Aug 26 18:33:54.009045: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes
Aug 26 18:33:54.009051: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
Aug 26 18:33:54.009053: | setup kernel fd callback
Aug 26 18:33:54.009055: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55f1356de328
Aug 26 18:33:54.009059: | libevent_malloc: new ptr-libevent@0x55f1356c2778 size 128
Aug 26 18:33:54.009062: | libevent_malloc: new ptr-libevent@0x55f1356de438 size 16
Aug 26 18:33:54.009067: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55f1356dee68
Aug 26 18:33:54.009069: | libevent_malloc: new ptr-libevent@0x55f13567db38 size 128
Aug 26 18:33:54.009071: | libevent_malloc: new ptr-libevent@0x55f1356dee28 size 16
Aug 26 18:33:54.009224: | global one-shot timer EVENT_CHECK_CRLS initialized
Aug 26 18:33:54.009231: selinux support is enabled.
Aug 26 18:33:54.009694: | unbound context created - setting debug level to 5
Aug 26 18:33:54.009773: | /etc/hosts lookups activated
Aug 26 18:33:54.009788: | /etc/resolv.conf usage activated
Aug 26 18:33:54.009832: | outgoing-port-avoid set 0-65535
Aug 26 18:33:54.009857: | outgoing-port-permit set 32768-60999
Aug 26 18:33:54.009860: | Loading dnssec root key from:/var/lib/unbound/root.key
Aug 26 18:33:54.009863: | No additional dnssec trust anchors defined via dnssec-trusted= option
Aug 26 18:33:54.009865: | Setting up events, loop start
Aug 26 18:33:54.009868: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55f1356deed8
Aug 26 18:33:54.009870: | libevent_malloc: new ptr-libevent@0x55f1356eb068 size 128
Aug 26 18:33:54.009873: | libevent_malloc: new ptr-libevent@0x55f1356f62b8 size 16
Aug 26 18:33:54.009878: | libevent_realloc: new ptr-libevent@0x55f1356f62f8 size 256
Aug 26 18:33:54.009880: | libevent_malloc: new ptr-libevent@0x55f1356f6428 size 8
Aug 26 18:33:54.009883: | libevent_realloc: new ptr-libevent@0x55f135650918 size 144
Aug 26 18:33:54.009887: | libevent_malloc: new ptr-libevent@0x55f135681df8 size 152
Aug 26 18:33:54.009892: | libevent_malloc: new ptr-libevent@0x55f1356f6468 size 16
Aug 26 18:33:54.009897: | signal event handler PLUTO_SIGCHLD installed
Aug 26 18:33:54.009900: | libevent_malloc: new ptr-libevent@0x55f1356f64a8 size 8
Aug 26 18:33:54.009902: | libevent_malloc: new ptr-libevent@0x55f1356f64e8 size 152
Aug 26 18:33:54.009905: | signal event handler PLUTO_SIGTERM installed
Aug 26 18:33:54.009906: | libevent_malloc: new ptr-libevent@0x55f1356f65b8 size 8
Aug 26 18:33:54.009908: | libevent_malloc: new ptr-libevent@0x55f1356f65f8 size 152
Aug 26 18:33:54.009910: | signal event handler PLUTO_SIGHUP installed
Aug 26 18:33:54.009912: | libevent_malloc: new ptr-libevent@0x55f1356f66c8 size 8
Aug 26 18:33:54.009914: | libevent_realloc: release ptr-libevent@0x55f135650918
Aug 26 18:33:54.009916: | libevent_realloc: new ptr-libevent@0x55f1356f6708 size 256
Aug 26 18:33:54.009918: | libevent_malloc: new ptr-libevent@0x55f1356f6838 size 152
Aug 26 18:33:54.009920: | signal event handler PLUTO_SIGSYS installed
Aug 26 18:33:54.010195: | created addconn helper (pid:26829) using fork+execve
Aug 26 18:33:54.010210: | forked child 26829
Aug 26 18:33:54.012969: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:54.012992: listening for IKE messages
Aug 26 18:33:54.026634: | Inspecting interface lo 
Aug 26 18:33:54.026652: | found lo with address 127.0.0.1
Aug 26 18:33:54.026659: | Inspecting interface eth0 
Aug 26 18:33:54.026662: | found eth0 with address 192.0.2.254
Aug 26 18:33:54.026665: | Inspecting interface eth1 
Aug 26 18:33:54.026667: | found eth1 with address 192.1.2.23
Aug 26 18:33:54.026791: Kernel supports NIC esp-hw-offload
Aug 26 18:33:54.026802: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500
Aug 26 18:33:54.026865: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 18:33:54.026869: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 18:33:54.026872: adding interface eth1/eth1 192.1.2.23:4500
Aug 26 18:33:54.026909: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500
Aug 26 18:33:54.026926: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 18:33:54.026929: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 18:33:54.026931: adding interface eth0/eth0 192.0.2.254:4500
Aug 26 18:33:54.026951: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
Aug 26 18:33:54.026968: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 18:33:54.026971: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 18:33:54.026974: adding interface lo/lo 127.0.0.1:4500
Aug 26 18:33:54.027045: | no interfaces to sort
Aug 26 18:33:54.027049: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Aug 26 18:33:54.027054: | add_fd_read_event_handler: new ethX-pe@0x55f1356f6e18
Aug 26 18:33:54.027059: | libevent_malloc: new ptr-libevent@0x55f1356eafb8 size 128
Aug 26 18:33:54.027062: | libevent_malloc: new ptr-libevent@0x55f1356f6e88 size 16
Aug 26 18:33:54.027067: | setup callback for interface lo 127.0.0.1:4500 fd 22
Aug 26 18:33:54.027069: | add_fd_read_event_handler: new ethX-pe@0x55f1356f6ec8
Aug 26 18:33:54.027071: | libevent_malloc: new ptr-libevent@0x55f13567da88 size 128
Aug 26 18:33:54.027073: | libevent_malloc: new ptr-libevent@0x55f1356f6f38 size 16
Aug 26 18:33:54.027076: | setup callback for interface lo 127.0.0.1:500 fd 21
Aug 26 18:33:54.027078: | add_fd_read_event_handler: new ethX-pe@0x55f1356f6f78
Aug 26 18:33:54.027081: | libevent_malloc: new ptr-libevent@0x55f135681968 size 128
Aug 26 18:33:54.027082: | libevent_malloc: new ptr-libevent@0x55f1356f6fe8 size 16
Aug 26 18:33:54.027085: | setup callback for interface eth0 192.0.2.254:4500 fd 20
Aug 26 18:33:54.027087: | add_fd_read_event_handler: new ethX-pe@0x55f1356f7028
Aug 26 18:33:54.027447: | libevent_malloc: new ptr-libevent@0x55f135676b78 size 128
Aug 26 18:33:54.027451: | libevent_malloc: new ptr-libevent@0x55f1356f7098 size 16
Aug 26 18:33:54.027456: | setup callback for interface eth0 192.0.2.254:500 fd 19
Aug 26 18:33:54.027458: | add_fd_read_event_handler: new ethX-pe@0x55f1356f70d8
Aug 26 18:33:54.027461: | libevent_malloc: new ptr-libevent@0x55f13565ab78 size 128
Aug 26 18:33:54.027463: | libevent_malloc: new ptr-libevent@0x55f1356f7148 size 16
Aug 26 18:33:54.027466: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Aug 26 18:33:54.027468: | add_fd_read_event_handler: new ethX-pe@0x55f1356f7188
Aug 26 18:33:54.027471: | libevent_malloc: new ptr-libevent@0x55f1356551d8 size 128
Aug 26 18:33:54.027473: | libevent_malloc: new ptr-libevent@0x55f1356f71f8 size 16
Aug 26 18:33:54.027476: | setup callback for interface eth1 192.1.2.23:500 fd 17
Aug 26 18:33:54.027480: | certs and keys locked by 'free_preshared_secrets'
Aug 26 18:33:54.027481: | certs and keys unlocked by 'free_preshared_secrets'
Aug 26 18:33:54.027501: loading secrets from "/etc/ipsec.secrets"
Aug 26 18:33:54.027510: | id type added to secret(0x55f135650b58) PKK_PSK: @west
Aug 26 18:33:54.027512: | id type added to secret(0x55f135650b58) PKK_PSK: @east
Aug 26 18:33:54.027515: | Processing PSK at line 1: passed
Aug 26 18:33:54.027517: | certs and keys locked by 'process_secret'
Aug 26 18:33:54.027520: | certs and keys unlocked by 'process_secret'
Aug 26 18:33:54.027528: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:54.027534: | spent 0.692 milliseconds in whack
Aug 26 18:33:54.029329: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:54.029358: listening for IKE messages
Aug 26 18:33:54.029382: | Inspecting interface lo 
Aug 26 18:33:54.029387: | found lo with address 127.0.0.1
Aug 26 18:33:54.029389: | Inspecting interface eth0 
Aug 26 18:33:54.029392: | found eth0 with address 192.0.2.254
Aug 26 18:33:54.029394: | Inspecting interface eth1 
Aug 26 18:33:54.029396: | found eth1 with address 192.1.2.23
Aug 26 18:33:54.029443: | no interfaces to sort
Aug 26 18:33:54.029453: | libevent_free: release ptr-libevent@0x55f1356eafb8
Aug 26 18:33:54.029456: | free_event_entry: release EVENT_NULL-pe@0x55f1356f6e18
Aug 26 18:33:54.029458: | add_fd_read_event_handler: new ethX-pe@0x55f1356f6e18
Aug 26 18:33:54.029460: | libevent_malloc: new ptr-libevent@0x55f1356eafb8 size 128
Aug 26 18:33:54.029465: | setup callback for interface lo 127.0.0.1:4500 fd 22
Aug 26 18:33:54.029467: | libevent_free: release ptr-libevent@0x55f13567da88
Aug 26 18:33:54.029469: | free_event_entry: release EVENT_NULL-pe@0x55f1356f6ec8
Aug 26 18:33:54.029471: | add_fd_read_event_handler: new ethX-pe@0x55f1356f6ec8
Aug 26 18:33:54.029473: | libevent_malloc: new ptr-libevent@0x55f13567da88 size 128
Aug 26 18:33:54.029476: | setup callback for interface lo 127.0.0.1:500 fd 21
Aug 26 18:33:54.029479: | libevent_free: release ptr-libevent@0x55f135681968
Aug 26 18:33:54.029481: | free_event_entry: release EVENT_NULL-pe@0x55f1356f6f78
Aug 26 18:33:54.029482: | add_fd_read_event_handler: new ethX-pe@0x55f1356f6f78
Aug 26 18:33:54.029484: | libevent_malloc: new ptr-libevent@0x55f135681968 size 128
Aug 26 18:33:54.029487: | setup callback for interface eth0 192.0.2.254:4500 fd 20
Aug 26 18:33:54.029490: | libevent_free: release ptr-libevent@0x55f135676b78
Aug 26 18:33:54.029491: | free_event_entry: release EVENT_NULL-pe@0x55f1356f7028
Aug 26 18:33:54.029493: | add_fd_read_event_handler: new ethX-pe@0x55f1356f7028
Aug 26 18:33:54.029495: | libevent_malloc: new ptr-libevent@0x55f135676b78 size 128
Aug 26 18:33:54.029498: | setup callback for interface eth0 192.0.2.254:500 fd 19
Aug 26 18:33:54.029500: | libevent_free: release ptr-libevent@0x55f13565ab78
Aug 26 18:33:54.029502: | free_event_entry: release EVENT_NULL-pe@0x55f1356f70d8
Aug 26 18:33:54.029504: | add_fd_read_event_handler: new ethX-pe@0x55f1356f70d8
Aug 26 18:33:54.029505: | libevent_malloc: new ptr-libevent@0x55f13565ab78 size 128
Aug 26 18:33:54.029508: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Aug 26 18:33:54.029511: | libevent_free: release ptr-libevent@0x55f1356551d8
Aug 26 18:33:54.029513: | free_event_entry: release EVENT_NULL-pe@0x55f1356f7188
Aug 26 18:33:54.029515: | add_fd_read_event_handler: new ethX-pe@0x55f1356f7188
Aug 26 18:33:54.029516: | libevent_malloc: new ptr-libevent@0x55f1356551d8 size 128
Aug 26 18:33:54.029519: | setup callback for interface eth1 192.1.2.23:500 fd 17
Aug 26 18:33:54.029521: | certs and keys locked by 'free_preshared_secrets'
Aug 26 18:33:54.029523: forgetting secrets
Aug 26 18:33:54.029528: | certs and keys unlocked by 'free_preshared_secrets'
Aug 26 18:33:54.029538: loading secrets from "/etc/ipsec.secrets"
Aug 26 18:33:54.029543: | id type added to secret(0x55f135650b58) PKK_PSK: @west
Aug 26 18:33:54.029545: | id type added to secret(0x55f135650b58) PKK_PSK: @east
Aug 26 18:33:54.029548: | Processing PSK at line 1: passed
Aug 26 18:33:54.029550: | certs and keys locked by 'process_secret'
Aug 26 18:33:54.029551: | certs and keys unlocked by 'process_secret'
Aug 26 18:33:54.029557: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:54.029561: | spent 0.239 milliseconds in whack
Aug 26 18:33:54.029940: | processing signal PLUTO_SIGCHLD
Aug 26 18:33:54.029948: | waitpid returned pid 26829 (exited with status 0)
Aug 26 18:33:54.029950: | reaped addconn helper child (status 0)
Aug 26 18:33:54.029954: | waitpid returned ECHILD (no child processes left)
Aug 26 18:33:54.029957: | spent 0.0116 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 18:33:54.157340: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:54.157361: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 18:33:54.157365: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 18:33:54.157367: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 18:33:54.157369: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 18:33:54.157373: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 18:33:54.157379: | Added new connection east with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 18:33:54.157426: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Aug 26 18:33:54.157429: | from whack: got --esp=
Aug 26 18:33:54.157461: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Aug 26 18:33:54.157466: | counting wild cards for @west is 0
Aug 26 18:33:54.157468: | counting wild cards for @east is 0
Aug 26 18:33:54.157477: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none
Aug 26 18:33:54.157480: | new hp@0x55f1356f94d8
Aug 26 18:33:54.157483: added connection description "east"
Aug 26 18:33:54.157492: | ike_life: 3600s; ipsec_life: 30s; rekey_margin: 5s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 18:33:54.157502: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24
Aug 26 18:33:54.157510: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:54.157516: | spent 0.184 milliseconds in whack
Aug 26 18:33:54.157779: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:54.157795: add keyid @west
Aug 26 18:33:54.157799: | add pubkey  01 03 a6 f5  d6 3f e3 8f  6c 01 6a fc  7b 7c 6d 57
Aug 26 18:33:54.157801: | add pubkey  8b 49 39 0d  77 f7 ac e2  85 f1 98 1e  4b 6d a5 3e
Aug 26 18:33:54.157803: | add pubkey  b3 96 9a d1  99 5a bc 10  f2 97 de f2  28 f9 5f 92
Aug 26 18:33:54.157805: | add pubkey  09 f0 c8 d4  12 e4 60 6e  9c 60 98 10  01 7d 26 b7
Aug 26 18:33:54.157807: | add pubkey  8f 95 62 2d  87 dd cd de  f6 d3 8f 35  b0 50 d0 18
Aug 26 18:33:54.157809: | add pubkey  f5 99 f8 04  f1 ff 61 5b  bc 7f 1f c0  04 d8 e4 8c
Aug 26 18:33:54.157811: | add pubkey  ac 34 ad 7a  c1 da 3c 2d  8c 30 ae d6  3c 59 b1 3a
Aug 26 18:33:54.157813: | add pubkey  94 d3 d5 2a  73 91 bd 59  5f 3e 72 bf  4a 1b 9d c5
Aug 26 18:33:54.157815: | add pubkey  b2 2b 4d e7  0d 24 3e 77  f9 7f 2d d6  9d 29 ef 70
Aug 26 18:33:54.157817: | add pubkey  7d 7a 6d a2  b8 61 0c 4b  09 4a 06 71  84 70 85 9a
Aug 26 18:33:54.157819: | add pubkey  8f 52 a1 80  06 fd c6 fc  3e 27 fa 16  fa 32 83 a9
Aug 26 18:33:54.157821: | add pubkey  ca 80 db 0f  4a bf f7 e9  55 8e bd 29  4d 23 a6 dc
Aug 26 18:33:54.157823: | add pubkey  2a b3 5d 62  a9 21 1e be  83 d8 69 3c  03 0a 48 8e
Aug 26 18:33:54.157825: | add pubkey  d3 3a 11 f2  86 5a d1 30  65 bd c8 f4  83 87 ff 04
Aug 26 18:33:54.157827: | add pubkey  87 33 05 4f  e0 d8 8c fe  b3 19 4c dd  85 40 f3 4d
Aug 26 18:33:54.157829: | add pubkey  6e e8 49 14  06 2c 1f 59  59 05 8f 20  b0 ca 46 3f
Aug 26 18:33:54.157831: | add pubkey  c9 20 7e 04  30 7d 9a 80  6c 3f 0a 89  f7 d3 af d8
Aug 26 18:33:54.157832: | add pubkey  15 04 37 f9
Aug 26 18:33:54.157870: | computed rsa CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Aug 26 18:33:54.157872: | computed rsa CKAID  7f 0f 03 50
Aug 26 18:33:54.157886: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:54.157891: | spent 0.119 milliseconds in whack
Aug 26 18:33:54.157990: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:54.158004: add keyid @east
Aug 26 18:33:54.158007: | add pubkey  01 03 bd 6c  96 eb df 78  89 b3 ed 77  0d a1 7f 7b
Aug 26 18:33:54.158009: | add pubkey  e5 16 c2 c9  e4 7d 92 0a  90 9d 55 43  b4 62 13 03
Aug 26 18:33:54.158011: | add pubkey  85 7a e0 26  7b 54 1f ca  09 93 cf ff  25 c9 02 4c
Aug 26 18:33:54.158013: | add pubkey  78 ca 94 e5  3e ac d1 f9  a8 e5 bb 7f  cc 20 84 e0
Aug 26 18:33:54.158018: | add pubkey  21 c9 f0 0d  c5 44 ba f3  48 64 61 58  f6 0f 63 0d
Aug 26 18:33:54.158020: | add pubkey  d2 67 1e 59  8b ec f3 50  39 71 fb 39  da 11 64 b6
Aug 26 18:33:54.158021: | add pubkey  62 cd 5f d3  8d 2e c1 50  ed 9c 6e 22  0c 39 a7 ce
Aug 26 18:33:54.158023: | add pubkey  62 b5 af 8a  80 0f 2e 4c  05 5c 82 c7  8d 29 02 2e
Aug 26 18:33:54.158025: | add pubkey  bb 23 5f db  f2 9e b5 7d  e2 20 70 1a  63 f3 8e 5d
Aug 26 18:33:54.158027: | add pubkey  ac 47 f0 5c  26 4e b1 d0  42 60 52 4a  b0 77 25 ce
Aug 26 18:33:54.158028: | add pubkey  e0 98 2b 43  f4 c7 59 1a  64 01 83 ea  4e e3 1a 2a
Aug 26 18:33:54.158030: | add pubkey  92 b8 55 ab  63 dd 4b 70  47 29 dc e9  b4 60 bf 43
Aug 26 18:33:54.158032: | add pubkey  4d 58 8f 64  73 95 70 ac  35 89 b2 c2  9c d4 62 c0
Aug 26 18:33:54.158034: | add pubkey  5f 56 5f ad  1b e5 dd 49  93 6a f5 23  82 ed d4 e7
Aug 26 18:33:54.158035: | add pubkey  d5 f1 55 f2  2d a2 26 a6  36 53 2f 94  fb 99 22 5c
Aug 26 18:33:54.158037: | add pubkey  47 cc 6d 80  30 88 96 38  0c f5 f2 ed  37 d0 09 d5
Aug 26 18:33:54.158039: | add pubkey  07 8f 69 ef  a9 99 ce 4d  1a 77 9e 39  c4 38 f3 c5
Aug 26 18:33:54.158040: | add pubkey  51 51 48 ef
Aug 26 18:33:54.158051: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Aug 26 18:33:54.158053: | computed rsa CKAID  8a 82 25 f1
Aug 26 18:33:54.158062: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:54.158066: | spent 0.0813 milliseconds in whack
Aug 26 18:33:55.405804: | spent 0.00311 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 18:33:55.405840: | *received 828 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 18:33:55.405845: |   6f f2 57 49  83 43 c8 1b  00 00 00 00  00 00 00 00
Aug 26 18:33:55.405848: |   21 20 22 08  00 00 00 00  00 00 03 3c  22 00 01 b4
Aug 26 18:33:55.405851: |   02 00 00 64  01 01 00 0b  03 00 00 0c  01 00 00 14
Aug 26 18:33:55.405853: |   80 0e 01 00  03 00 00 08  02 00 00 07  03 00 00 08
Aug 26 18:33:55.405856: |   02 00 00 05  03 00 00 08  04 00 00 0e  03 00 00 08
Aug 26 18:33:55.405859: |   04 00 00 0f  03 00 00 08  04 00 00 10  03 00 00 08
Aug 26 18:33:55.405863: |   04 00 00 12  03 00 00 08  04 00 00 13  03 00 00 08
Aug 26 18:33:55.405866: |   04 00 00 14  03 00 00 08  04 00 00 15  00 00 00 08
Aug 26 18:33:55.405868: |   04 00 00 1f  02 00 00 64  02 01 00 0b  03 00 00 0c
Aug 26 18:33:55.405871: |   01 00 00 14  80 0e 00 80  03 00 00 08  02 00 00 07
Aug 26 18:33:55.405874: |   03 00 00 08  02 00 00 05  03 00 00 08  04 00 00 0e
Aug 26 18:33:55.405877: |   03 00 00 08  04 00 00 0f  03 00 00 08  04 00 00 10
Aug 26 18:33:55.405880: |   03 00 00 08  04 00 00 12  03 00 00 08  04 00 00 13
Aug 26 18:33:55.405882: |   03 00 00 08  04 00 00 14  03 00 00 08  04 00 00 15
Aug 26 18:33:55.405885: |   00 00 00 08  04 00 00 1f  02 00 00 74  03 01 00 0d
Aug 26 18:33:55.405888: |   03 00 00 0c  01 00 00 0c  80 0e 01 00  03 00 00 08
Aug 26 18:33:55.405890: |   02 00 00 07  03 00 00 08  02 00 00 05  03 00 00 08
Aug 26 18:33:55.405893: |   03 00 00 0e  03 00 00 08  03 00 00 0c  03 00 00 08
Aug 26 18:33:55.405896: |   04 00 00 0e  03 00 00 08  04 00 00 0f  03 00 00 08
Aug 26 18:33:55.405898: |   04 00 00 10  03 00 00 08  04 00 00 12  03 00 00 08
Aug 26 18:33:55.405901: |   04 00 00 13  03 00 00 08  04 00 00 14  03 00 00 08
Aug 26 18:33:55.405908: |   04 00 00 15  00 00 00 08  04 00 00 1f  00 00 00 74
Aug 26 18:33:55.405911: |   04 01 00 0d  03 00 00 0c  01 00 00 0c  80 0e 00 80
Aug 26 18:33:55.405913: |   03 00 00 08  02 00 00 07  03 00 00 08  02 00 00 05
Aug 26 18:33:55.405916: |   03 00 00 08  03 00 00 0e  03 00 00 08  03 00 00 0c
Aug 26 18:33:55.405918: |   03 00 00 08  04 00 00 0e  03 00 00 08  04 00 00 0f
Aug 26 18:33:55.405921: |   03 00 00 08  04 00 00 10  03 00 00 08  04 00 00 12
Aug 26 18:33:55.405924: |   03 00 00 08  04 00 00 13  03 00 00 08  04 00 00 14
Aug 26 18:33:55.405926: |   03 00 00 08  04 00 00 15  00 00 00 08  04 00 00 1f
Aug 26 18:33:55.405929: |   28 00 01 08  00 0e 00 00  30 68 8b 9a  42 15 25 ae
Aug 26 18:33:55.405936: |   13 1a 9a d4  64 ae bc 14  31 c0 a1 69  46 d8 f0 77
Aug 26 18:33:55.405939: |   33 bd 35 fb  4e 38 87 36  64 f1 46 4c  03 6a 8c 51
Aug 26 18:33:55.405942: |   5a b6 44 86  64 33 1f 2e  99 2a e6 16  b4 05 47 b5
Aug 26 18:33:55.405945: |   4e 24 aa 2c  5d d6 44 51  01 2c ec 06  cb 2a ab 1d
Aug 26 18:33:55.405947: |   9f 04 2a 35  1a ee 2d 0c  e0 93 de 5d  54 08 92 61
Aug 26 18:33:55.405950: |   b3 76 54 43  60 fb f7 98  43 77 da fe  03 ea 3c e0
Aug 26 18:33:55.405952: |   f3 d6 00 6c  a4 a0 d1 5f  50 05 20 24  91 f8 8a bf
Aug 26 18:33:55.405955: |   a6 83 4d 38  37 cb 81 25  4a 35 30 fd  8e e0 e2 60
Aug 26 18:33:55.405957: |   dd d4 22 13  39 6c 4e b4  7c 4d 08 a9  2a 61 bd 1c
Aug 26 18:33:55.405960: |   d4 4b 0c dc  76 f3 4c 66  e5 07 2b 96  d6 55 d0 dc
Aug 26 18:33:55.405962: |   10 02 ec d2  d1 3b c5 6b  7f 33 53 18  84 2b 0f fb
Aug 26 18:33:55.405965: |   3f f6 c8 56  c1 e7 85 94  4d ea d5 46  8a 46 86 c9
Aug 26 18:33:55.405968: |   21 c0 52 54  5a b5 c1 15  4d ab 02 1f  8f 1e 03 36
Aug 26 18:33:55.405971: |   5c 29 23 78  57 46 cd 56  bf d0 ad 22  a5 c2 f0 62
Aug 26 18:33:55.405973: |   7a a2 de 82  e9 a2 e5 6d  61 81 54 e3  62 62 c2 b1
Aug 26 18:33:55.405976: |   1c 24 09 98  6b 7a ce cf  29 00 00 24  91 bb 6d 5e
Aug 26 18:33:55.405979: |   02 9c a6 71  e4 3c 7b 8c  1a 3f b4 f0  b0 ae 6f e3
Aug 26 18:33:55.405982: |   51 ae 5e e5  08 98 7d b3  9f 90 88 6a  29 00 00 08
Aug 26 18:33:55.405984: |   00 00 40 2e  29 00 00 1c  00 00 40 04  cf fd 8d 62
Aug 26 18:33:55.405987: |   c7 e4 3d 04  51 c7 98 c3  7d b7 9f 9a  4d 3d c7 88
Aug 26 18:33:55.405990: |   00 00 00 1c  00 00 40 05  b6 81 c6 a4  25 73 1e 7a
Aug 26 18:33:55.405992: |   a7 78 f0 0a  4d a3 0a 64  10 e8 c0 70
Aug 26 18:33:55.406000: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 18:33:55.406004: | **parse ISAKMP Message:
Aug 26 18:33:55.406007: |    initiator cookie:
Aug 26 18:33:55.406010: |   6f f2 57 49  83 43 c8 1b
Aug 26 18:33:55.406013: |    responder cookie:
Aug 26 18:33:55.406016: |   00 00 00 00  00 00 00 00
Aug 26 18:33:55.406019: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 18:33:55.406023: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:33:55.406026: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Aug 26 18:33:55.406029: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 18:33:55.406032: |    Message ID: 0 (0x0)
Aug 26 18:33:55.406035: |    length: 828 (0x33c)
Aug 26 18:33:55.406038: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34)
Aug 26 18:33:55.406042: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request 
Aug 26 18:33:55.406046: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi)
Aug 26 18:33:55.406049: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Aug 26 18:33:55.406053: | ***parse IKEv2 Security Association Payload:
Aug 26 18:33:55.406056: |    next payload type: ISAKMP_NEXT_v2KE (0x22)
Aug 26 18:33:55.406059: |    flags: none (0x0)
Aug 26 18:33:55.406062: |    length: 436 (0x1b4)
Aug 26 18:33:55.406065: | processing payload: ISAKMP_NEXT_v2SA (len=432)
Aug 26 18:33:55.406068: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Aug 26 18:33:55.406072: | ***parse IKEv2 Key Exchange Payload:
Aug 26 18:33:55.406075: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Aug 26 18:33:55.406078: |    flags: none (0x0)
Aug 26 18:33:55.406081: |    length: 264 (0x108)
Aug 26 18:33:55.406084: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:55.406087: | processing payload: ISAKMP_NEXT_v2KE (len=256)
Aug 26 18:33:55.406090: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Aug 26 18:33:55.406093: | ***parse IKEv2 Nonce Payload:
Aug 26 18:33:55.406095: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 18:33:55.406098: |    flags: none (0x0)
Aug 26 18:33:55.406101: |    length: 36 (0x24)
Aug 26 18:33:55.406103: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Aug 26 18:33:55.406106: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 26 18:33:55.406109: | ***parse IKEv2 Notify Payload:
Aug 26 18:33:55.406115: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 18:33:55.406117: |    flags: none (0x0)
Aug 26 18:33:55.406120: |    length: 8 (0x8)
Aug 26 18:33:55.406123: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:33:55.406125: |    SPI size: 0 (0x0)
Aug 26 18:33:55.406128: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Aug 26 18:33:55.406131: | processing payload: ISAKMP_NEXT_v2N (len=0)
Aug 26 18:33:55.406134: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 26 18:33:55.406137: | ***parse IKEv2 Notify Payload:
Aug 26 18:33:55.406139: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 18:33:55.406142: |    flags: none (0x0)
Aug 26 18:33:55.406145: |    length: 28 (0x1c)
Aug 26 18:33:55.406147: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:33:55.406150: |    SPI size: 0 (0x0)
Aug 26 18:33:55.406153: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Aug 26 18:33:55.406156: | processing payload: ISAKMP_NEXT_v2N (len=20)
Aug 26 18:33:55.406158: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 26 18:33:55.406161: | ***parse IKEv2 Notify Payload:
Aug 26 18:33:55.406164: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:55.406166: |    flags: none (0x0)
Aug 26 18:33:55.406169: |    length: 28 (0x1c)
Aug 26 18:33:55.406171: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:33:55.406174: |    SPI size: 0 (0x0)
Aug 26 18:33:55.406177: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Aug 26 18:33:55.406180: | processing payload: ISAKMP_NEXT_v2N (len=20)
Aug 26 18:33:55.406183: | DDOS disabled and no cookie sent, continuing
Aug 26 18:33:55.406189: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports
Aug 26 18:33:55.406195: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 18:33:55.406199: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Aug 26 18:33:55.406203: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east)
Aug 26 18:33:55.406206: | find_next_host_connection returns empty
Aug 26 18:33:55.406211: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=ECDSA+IKEV2_ALLOW but ignoring ports
Aug 26 18:33:55.406214: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Aug 26 18:33:55.406217: | find_next_host_connection returns empty
Aug 26 18:33:55.406222: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW
Aug 26 18:33:55.406227: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports
Aug 26 18:33:55.406232: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 18:33:55.406235: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Aug 26 18:33:55.406239: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east)
Aug 26 18:33:55.406242: | find_next_host_connection returns empty
Aug 26 18:33:55.406246: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=RSASIG+IKEV2_ALLOW but ignoring ports
Aug 26 18:33:55.406249: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Aug 26 18:33:55.406252: | find_next_host_connection returns empty
Aug 26 18:33:55.406256: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW
Aug 26 18:33:55.406261: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports
Aug 26 18:33:55.406266: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 18:33:55.406269: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Aug 26 18:33:55.406273: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east)
Aug 26 18:33:55.406276: | find_next_host_connection returns east
Aug 26 18:33:55.406279: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Aug 26 18:33:55.406284: | find_next_host_connection returns empty
Aug 26 18:33:55.406311: | found connection: east with policy PSK+IKEV2_ALLOW
Aug 26 18:33:55.406340: | creating state object #1 at 0x55f1356fb738
Aug 26 18:33:55.406344: | State DB: adding IKEv2 state #1 in UNDEFINED
Aug 26 18:33:55.406354: | pstats #1 ikev2.ike started
Aug 26 18:33:55.406358: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0
Aug 26 18:33:55.406361: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA)
Aug 26 18:33:55.406367: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1
Aug 26 18:33:55.406377: | start processing: state #1 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 18:33:55.406381: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 18:33:55.406386: | [RE]START processing: state #1 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064)
Aug 26 18:33:55.406390: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000
Aug 26 18:33:55.406394: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1
Aug 26 18:33:55.406399: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0
Aug 26 18:33:55.406402: | #1 in state PARENT_R0: processing SA_INIT request
Aug 26 18:33:55.406405: | selected state microcode Respond to IKE_SA_INIT
Aug 26 18:33:55.406408: | Now let's proceed with state specific processing
Aug 26 18:33:55.406411: | calling processor Respond to IKE_SA_INIT
Aug 26 18:33:55.406418: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669)
Aug 26 18:33:55.406422: | constructing local IKE proposals for east (IKE SA responder matching remote proposals)
Aug 26 18:33:55.406432: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 18:33:55.406440: | ...  ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:33:55.406444: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 18:33:55.406450: | ...  ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:33:55.406453: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 18:33:55.406457: | ...  ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:33:55.406459: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 18:33:55.406463: | ...  ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:33:55.406470: "east": constructed local IKE proposals for east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:33:55.406477: | Comparing remote proposals against IKE responder 4 local proposals
Aug 26 18:33:55.406480: | local proposal 1 type ENCR has 1 transforms
Aug 26 18:33:55.406482: | local proposal 1 type PRF has 2 transforms
Aug 26 18:33:55.406483: | local proposal 1 type INTEG has 1 transforms
Aug 26 18:33:55.406485: | local proposal 1 type DH has 8 transforms
Aug 26 18:33:55.406487: | local proposal 1 type ESN has 0 transforms
Aug 26 18:33:55.406489: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
Aug 26 18:33:55.406491: | local proposal 2 type ENCR has 1 transforms
Aug 26 18:33:55.406493: | local proposal 2 type PRF has 2 transforms
Aug 26 18:33:55.406495: | local proposal 2 type INTEG has 1 transforms
Aug 26 18:33:55.406497: | local proposal 2 type DH has 8 transforms
Aug 26 18:33:55.406498: | local proposal 2 type ESN has 0 transforms
Aug 26 18:33:55.406500: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
Aug 26 18:33:55.406502: | local proposal 3 type ENCR has 1 transforms
Aug 26 18:33:55.406504: | local proposal 3 type PRF has 2 transforms
Aug 26 18:33:55.406506: | local proposal 3 type INTEG has 2 transforms
Aug 26 18:33:55.406507: | local proposal 3 type DH has 8 transforms
Aug 26 18:33:55.406509: | local proposal 3 type ESN has 0 transforms
Aug 26 18:33:55.406511: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Aug 26 18:33:55.406513: | local proposal 4 type ENCR has 1 transforms
Aug 26 18:33:55.406515: | local proposal 4 type PRF has 2 transforms
Aug 26 18:33:55.406516: | local proposal 4 type INTEG has 2 transforms
Aug 26 18:33:55.406518: | local proposal 4 type DH has 8 transforms
Aug 26 18:33:55.406520: | local proposal 4 type ESN has 0 transforms
Aug 26 18:33:55.406522: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Aug 26 18:33:55.406524: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:55.406526: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:55.406528: |    length: 100 (0x64)
Aug 26 18:33:55.406530: |    prop #: 1 (0x1)
Aug 26 18:33:55.406532: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:33:55.406533: |    spi size: 0 (0x0)
Aug 26 18:33:55.406535: |    # transforms: 11 (0xb)
Aug 26 18:33:55.406538: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals
Aug 26 18:33:55.406540: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406542: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406543: |    length: 12 (0xc)
Aug 26 18:33:55.406545: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:55.406547: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:55.406549: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:55.406551: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:55.406553: |    length/value: 256 (0x100)
Aug 26 18:33:55.406556: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Aug 26 18:33:55.406558: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406560: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406561: |    length: 8 (0x8)
Aug 26 18:33:55.406563: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:55.406565: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:33:55.406567: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
Aug 26 18:33:55.406570: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
Aug 26 18:33:55.406572: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
Aug 26 18:33:55.406574: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
Aug 26 18:33:55.406576: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406579: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406581: |    length: 8 (0x8)
Aug 26 18:33:55.406582: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:55.406584: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 18:33:55.406586: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406588: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406589: |    length: 8 (0x8)
Aug 26 18:33:55.406591: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406593: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:55.406595: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
Aug 26 18:33:55.406598: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0
Aug 26 18:33:55.406600: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0
Aug 26 18:33:55.406602: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0
Aug 26 18:33:55.406603: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406605: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406607: |    length: 8 (0x8)
Aug 26 18:33:55.406609: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406610: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 18:33:55.406612: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406614: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406616: |    length: 8 (0x8)
Aug 26 18:33:55.406617: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406619: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 18:33:55.406621: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406623: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406624: |    length: 8 (0x8)
Aug 26 18:33:55.406626: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406628: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 18:33:55.406630: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406631: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406633: |    length: 8 (0x8)
Aug 26 18:33:55.406635: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406637: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 18:33:55.406638: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406640: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406642: |    length: 8 (0x8)
Aug 26 18:33:55.406644: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406645: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 18:33:55.406648: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406649: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406651: |    length: 8 (0x8)
Aug 26 18:33:55.406653: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406654: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 18:33:55.406656: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406658: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:55.406660: |    length: 8 (0x8)
Aug 26 18:33:55.406661: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406663: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 18:33:55.406666: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
Aug 26 18:33:55.406669: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
Aug 26 18:33:55.406671: | remote proposal 1 matches local proposal 1
Aug 26 18:33:55.406673: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:55.406675: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:55.406676: |    length: 100 (0x64)
Aug 26 18:33:55.406678: |    prop #: 2 (0x2)
Aug 26 18:33:55.406680: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:33:55.406684: |    spi size: 0 (0x0)
Aug 26 18:33:55.406686: |    # transforms: 11 (0xb)
Aug 26 18:33:55.406689: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:55.406691: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406692: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406694: |    length: 12 (0xc)
Aug 26 18:33:55.406696: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:55.406698: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:55.406699: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:55.406701: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:55.406703: |    length/value: 128 (0x80)
Aug 26 18:33:55.406705: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406707: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406708: |    length: 8 (0x8)
Aug 26 18:33:55.406710: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:55.406712: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:33:55.406714: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406715: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406717: |    length: 8 (0x8)
Aug 26 18:33:55.406719: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:55.406720: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 18:33:55.406722: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406724: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406726: |    length: 8 (0x8)
Aug 26 18:33:55.406727: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406729: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:55.406731: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406733: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406734: |    length: 8 (0x8)
Aug 26 18:33:55.406736: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406738: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 18:33:55.406740: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406741: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406743: |    length: 8 (0x8)
Aug 26 18:33:55.406745: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406747: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 18:33:55.406749: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406750: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406752: |    length: 8 (0x8)
Aug 26 18:33:55.406754: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406755: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 18:33:55.406757: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406759: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406761: |    length: 8 (0x8)
Aug 26 18:33:55.406762: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406764: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 18:33:55.406766: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406768: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406769: |    length: 8 (0x8)
Aug 26 18:33:55.406771: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406773: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 18:33:55.406775: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406776: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406778: |    length: 8 (0x8)
Aug 26 18:33:55.406780: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406782: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 18:33:55.406783: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406785: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:55.406787: |    length: 8 (0x8)
Aug 26 18:33:55.406789: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406791: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 18:33:55.406794: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH
Aug 26 18:33:55.406796: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH
Aug 26 18:33:55.406798: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:55.406800: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:55.406801: |    length: 116 (0x74)
Aug 26 18:33:55.406803: |    prop #: 3 (0x3)
Aug 26 18:33:55.406805: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:33:55.406806: |    spi size: 0 (0x0)
Aug 26 18:33:55.406808: |    # transforms: 13 (0xd)
Aug 26 18:33:55.406810: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:55.406812: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406814: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406816: |    length: 12 (0xc)
Aug 26 18:33:55.406817: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:55.406819: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 18:33:55.406821: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:55.406823: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:55.406824: |    length/value: 256 (0x100)
Aug 26 18:33:55.406826: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406828: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406830: |    length: 8 (0x8)
Aug 26 18:33:55.406831: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:55.406833: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:33:55.406835: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406837: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406838: |    length: 8 (0x8)
Aug 26 18:33:55.406840: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:55.406842: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 18:33:55.406844: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406845: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406847: |    length: 8 (0x8)
Aug 26 18:33:55.406849: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:55.406851: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 18:33:55.406853: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406854: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406856: |    length: 8 (0x8)
Aug 26 18:33:55.406858: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:55.406859: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 18:33:55.406861: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406863: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406865: |    length: 8 (0x8)
Aug 26 18:33:55.406866: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406868: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:55.406870: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406872: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406873: |    length: 8 (0x8)
Aug 26 18:33:55.406875: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406877: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 18:33:55.406879: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406880: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406882: |    length: 8 (0x8)
Aug 26 18:33:55.406884: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406885: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 18:33:55.406887: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406889: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406891: |    length: 8 (0x8)
Aug 26 18:33:55.406892: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406894: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 18:33:55.406897: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406899: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406901: |    length: 8 (0x8)
Aug 26 18:33:55.406902: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406904: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 18:33:55.406906: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406908: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406909: |    length: 8 (0x8)
Aug 26 18:33:55.406911: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406913: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 18:33:55.406915: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406916: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406918: |    length: 8 (0x8)
Aug 26 18:33:55.406920: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406921: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 18:33:55.406923: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406925: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:55.406927: |    length: 8 (0x8)
Aug 26 18:33:55.406928: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.406930: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 18:33:55.406933: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Aug 26 18:33:55.406935: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Aug 26 18:33:55.406937: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:55.406938: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 18:33:55.406940: |    length: 116 (0x74)
Aug 26 18:33:55.406942: |    prop #: 4 (0x4)
Aug 26 18:33:55.406943: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:33:55.406945: |    spi size: 0 (0x0)
Aug 26 18:33:55.406947: |    # transforms: 13 (0xd)
Aug 26 18:33:55.406949: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:55.406951: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406953: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406954: |    length: 12 (0xc)
Aug 26 18:33:55.406956: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:55.406958: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 18:33:55.406959: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:55.406961: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:55.406963: |    length/value: 128 (0x80)
Aug 26 18:33:55.406965: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406967: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406968: |    length: 8 (0x8)
Aug 26 18:33:55.406970: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:55.406972: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:33:55.406974: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406975: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406977: |    length: 8 (0x8)
Aug 26 18:33:55.406979: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:55.406980: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 18:33:55.406982: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406984: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406986: |    length: 8 (0x8)
Aug 26 18:33:55.406987: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:55.406989: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 18:33:55.406991: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.406993: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.406994: |    length: 8 (0x8)
Aug 26 18:33:55.406996: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:55.406998: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 18:33:55.407000: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.407002: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.407004: |    length: 8 (0x8)
Aug 26 18:33:55.407006: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.407008: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:55.407010: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.407011: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.407013: |    length: 8 (0x8)
Aug 26 18:33:55.407015: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.407016: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 18:33:55.407018: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.407020: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.407022: |    length: 8 (0x8)
Aug 26 18:33:55.407023: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.407025: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 18:33:55.407027: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.407029: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.407030: |    length: 8 (0x8)
Aug 26 18:33:55.407032: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.407034: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 18:33:55.407036: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.407037: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.407039: |    length: 8 (0x8)
Aug 26 18:33:55.407041: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.407042: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 18:33:55.407044: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.407046: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.407048: |    length: 8 (0x8)
Aug 26 18:33:55.407049: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.407051: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 18:33:55.407053: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.407055: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.407056: |    length: 8 (0x8)
Aug 26 18:33:55.407058: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.407060: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 18:33:55.407062: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.407063: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:55.407065: |    length: 8 (0x8)
Aug 26 18:33:55.407067: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.407069: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 18:33:55.407071: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Aug 26 18:33:55.407073: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Aug 26 18:33:55.407076: "east" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519
Aug 26 18:33:55.407080: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048
Aug 26 18:33:55.407081: | converting proposal to internal trans attrs
Aug 26 18:33:55.407085: | natd_hash: rcookie is zero
Aug 26 18:33:55.407094: | natd_hash: hasher=0x55f133a04800(20)
Aug 26 18:33:55.407096: | natd_hash: icookie=  6f f2 57 49  83 43 c8 1b
Aug 26 18:33:55.407099: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Aug 26 18:33:55.407101: | natd_hash: ip=  c0 01 02 17
Aug 26 18:33:55.407102: | natd_hash: port=500
Aug 26 18:33:55.407104: | natd_hash: hash=  b6 81 c6 a4  25 73 1e 7a  a7 78 f0 0a  4d a3 0a 64
Aug 26 18:33:55.407106: | natd_hash: hash=  10 e8 c0 70
Aug 26 18:33:55.407108: | natd_hash: rcookie is zero
Aug 26 18:33:55.407112: | natd_hash: hasher=0x55f133a04800(20)
Aug 26 18:33:55.407114: | natd_hash: icookie=  6f f2 57 49  83 43 c8 1b
Aug 26 18:33:55.407115: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Aug 26 18:33:55.407117: | natd_hash: ip=  c0 01 02 2d
Aug 26 18:33:55.407118: | natd_hash: port=500
Aug 26 18:33:55.407120: | natd_hash: hash=  cf fd 8d 62  c7 e4 3d 04  51 c7 98 c3  7d b7 9f 9a
Aug 26 18:33:55.407122: | natd_hash: hash=  4d 3d c7 88
Aug 26 18:33:55.407124: | NAT_TRAVERSAL encaps using auto-detect
Aug 26 18:33:55.407125: | NAT_TRAVERSAL this end is NOT behind NAT
Aug 26 18:33:55.407127: | NAT_TRAVERSAL that end is NOT behind NAT
Aug 26 18:33:55.407129: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45
Aug 26 18:33:55.407134: | adding ikev2_inI1outR1 KE work-order 1 for state #1
Aug 26 18:33:55.407136: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55f1356f95b8
Aug 26 18:33:55.407140: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Aug 26 18:33:55.407142: | libevent_malloc: new ptr-libevent@0x55f1356fd838 size 128
Aug 26 18:33:55.407153: |   #1 spent 0.737 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet()
Aug 26 18:33:55.407158: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:33:55.407159: | crypto helper 1 resuming
Aug 26 18:33:55.407161: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND
Aug 26 18:33:55.407178: | suspending state #1 and saving MD
Aug 26 18:33:55.407179: | crypto helper 1 starting work-order 1 for state #1
Aug 26 18:33:55.407180: | #1 is busy; has a suspended MD
Aug 26 18:33:55.407187: | crypto helper 1 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1
Aug 26 18:33:55.407189: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269)
Aug 26 18:33:55.407195: | "east" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451
Aug 26 18:33:55.407198: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 18:33:55.407202: | #1 spent 1.35 milliseconds in ikev2_process_packet()
Aug 26 18:33:55.407205: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 18:33:55.407207: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 18:33:55.407209: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 18:33:55.407212: | spent 1.36 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 18:33:55.408273: | crypto helper 1 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.001086 seconds
Aug 26 18:33:55.408292: | (#1) spent 1.1 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr)
Aug 26 18:33:55.408297: | crypto helper 1 sending results from work-order 1 for state #1 to event queue
Aug 26 18:33:55.408301: | scheduling resume sending helper answer for #1
Aug 26 18:33:55.408305: | libevent_malloc: new ptr-libevent@0x7fae24002888 size 128
Aug 26 18:33:55.408314: | crypto helper 1 waiting (nothing to do)
Aug 26 18:33:55.408320: | processing resume sending helper answer for #1
Aug 26 18:33:55.408328: | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Aug 26 18:33:55.408333: | crypto helper 1 replies to request ID 1
Aug 26 18:33:55.408337: | calling continuation function 0x55f13392fb50
Aug 26 18:33:55.408340: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1
Aug 26 18:33:55.408379: | **emit ISAKMP Message:
Aug 26 18:33:55.408383: |    initiator cookie:
Aug 26 18:33:55.408386: |   6f f2 57 49  83 43 c8 1b
Aug 26 18:33:55.408389: |    responder cookie:
Aug 26 18:33:55.408392: |   d5 48 a5 73  23 24 0f 25
Aug 26 18:33:55.408395: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 18:33:55.408398: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:33:55.408401: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Aug 26 18:33:55.408405: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 18:33:55.408407: |    Message ID: 0 (0x0)
Aug 26 18:33:55.408411: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 18:33:55.408415: | Emitting ikev2_proposal ...
Aug 26 18:33:55.408418: | ***emit IKEv2 Security Association Payload:
Aug 26 18:33:55.408421: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:55.408424: |    flags: none (0x0)
Aug 26 18:33:55.408428: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Aug 26 18:33:55.408431: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:55.408435: | ****emit IKEv2 Proposal Substructure Payload:
Aug 26 18:33:55.408438: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 18:33:55.408441: |    prop #: 1 (0x1)
Aug 26 18:33:55.408443: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:33:55.408446: |    spi size: 0 (0x0)
Aug 26 18:33:55.408449: |    # transforms: 3 (0x3)
Aug 26 18:33:55.408452: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Aug 26 18:33:55.408456: | *****emit IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.408459: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.408461: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:55.408464: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:55.408468: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:33:55.408471: | ******emit IKEv2 Attribute Substructure Payload:
Aug 26 18:33:55.408475: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:55.408478: |    length/value: 256 (0x100)
Aug 26 18:33:55.408482: | emitting length of IKEv2 Transform Substructure Payload: 12
Aug 26 18:33:55.408486: | *****emit IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.408489: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.408492: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:55.408496: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:33:55.408499: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.408503: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:33:55.408507: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 18:33:55.408509: | *****emit IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.408512: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:55.408515: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:55.408517: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:55.408521: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.408524: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:33:55.408526: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 18:33:55.408528: | emitting length of IKEv2 Proposal Substructure Payload: 36
Aug 26 18:33:55.408530: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Aug 26 18:33:55.408534: | emitting length of IKEv2 Security Association Payload: 40
Aug 26 18:33:55.408536: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Aug 26 18:33:55.408539: | ***emit IKEv2 Key Exchange Payload:
Aug 26 18:33:55.408541: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:55.408543: |    flags: none (0x0)
Aug 26 18:33:55.408544: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:55.408547: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
Aug 26 18:33:55.408549: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:55.408551: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
Aug 26 18:33:55.408554: | ikev2 g^x  45 13 45 10  b0 af 2e 32  29 18 b3 2d  6e 60 90 e3
Aug 26 18:33:55.408555: | ikev2 g^x  9e 69 69 06  74 d9 61 fa  53 0b b6 db  fb de 14 9c
Aug 26 18:33:55.408557: | ikev2 g^x  d5 73 42 13  d8 9f 8f 3d  0b 4f 82 38  d0 54 11 b2
Aug 26 18:33:55.408559: | ikev2 g^x  56 31 1a 70  52 39 cb 87  45 ff 9a e0  00 fd 12 67
Aug 26 18:33:55.408560: | ikev2 g^x  07 01 23 50  c8 b3 ae 58  61 3f 72 f3  aa 81 00 24
Aug 26 18:33:55.408562: | ikev2 g^x  84 8d 46 15  ef 96 6c f1  8a c9 ce f3  dc fe 14 4b
Aug 26 18:33:55.408564: | ikev2 g^x  24 d0 9b 3d  90 d1 fe 4c  cc 87 3c 1b  a3 b9 8a b8
Aug 26 18:33:55.408566: | ikev2 g^x  10 8c d9 8d  67 c7 9a a2  f0 22 ee e4  df b6 18 f1
Aug 26 18:33:55.408567: | ikev2 g^x  5b f5 79 9a  43 72 98 a8  60 50 21 3b  a4 cf 6b 22
Aug 26 18:33:55.408569: | ikev2 g^x  5a e6 25 eb  4b 07 0d 9c  c8 98 fb 84  77 c9 a6 36
Aug 26 18:33:55.408571: | ikev2 g^x  90 90 70 c8  d6 d7 25 26  e8 1c bc 6a  cd 06 39 60
Aug 26 18:33:55.408572: | ikev2 g^x  10 e9 d3 25  ad 77 52 d7  d8 51 fc 7e  2a 4c 9f 9e
Aug 26 18:33:55.408574: | ikev2 g^x  21 fb 6b 5d  00 eb 45 6a  00 27 15 5c  e7 6f e8 93
Aug 26 18:33:55.408576: | ikev2 g^x  e8 36 79 05  11 3c 7e 10  81 eb ac b4  6a 12 4f 76
Aug 26 18:33:55.408577: | ikev2 g^x  2e ef 14 cb  e0 4b 79 34  68 6b c8 f0  07 76 23 30
Aug 26 18:33:55.408579: | ikev2 g^x  ef 1d 83 79  bf 3f 5d d4  c4 5e ea c5  0c bb 6f 24
Aug 26 18:33:55.408581: | emitting length of IKEv2 Key Exchange Payload: 264
Aug 26 18:33:55.408583: | ***emit IKEv2 Nonce Payload:
Aug 26 18:33:55.408585: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 18:33:55.408586: |    flags: none (0x0)
Aug 26 18:33:55.408589: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N
Aug 26 18:33:55.408591: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Aug 26 18:33:55.408593: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:55.408595: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Aug 26 18:33:55.408597: | IKEv2 nonce  28 22 ac 5d  28 77 14 dc  f5 75 d6 8d  0e aa 43 4b
Aug 26 18:33:55.408599: | IKEv2 nonce  3c 99 90 6a  c2 d7 87 cc  7f a3 47 58  a7 6a 72 38
Aug 26 18:33:55.408600: | emitting length of IKEv2 Nonce Payload: 36
Aug 26 18:33:55.408602: | Adding a v2N Payload
Aug 26 18:33:55.408604: | ***emit IKEv2 Notify Payload:
Aug 26 18:33:55.408606: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:55.408608: |    flags: none (0x0)
Aug 26 18:33:55.408610: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:33:55.408612: |    SPI size: 0 (0x0)
Aug 26 18:33:55.408614: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Aug 26 18:33:55.408616: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 18:33:55.408618: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:55.408620: | emitting length of IKEv2 Notify Payload: 8
Aug 26 18:33:55.408623: |  NAT-Traversal support  [enabled] add v2N payloads.
Aug 26 18:33:55.408631: | natd_hash: hasher=0x55f133a04800(20)
Aug 26 18:33:55.408633: | natd_hash: icookie=  6f f2 57 49  83 43 c8 1b
Aug 26 18:33:55.408635: | natd_hash: rcookie=  d5 48 a5 73  23 24 0f 25
Aug 26 18:33:55.408636: | natd_hash: ip=  c0 01 02 17
Aug 26 18:33:55.408638: | natd_hash: port=500
Aug 26 18:33:55.408640: | natd_hash: hash=  85 2a 2b b0  59 a5 c8 2b  2f d2 a9 5d  d8 24 b6 68
Aug 26 18:33:55.408642: | natd_hash: hash=  90 70 c6 2e
Aug 26 18:33:55.408643: | Adding a v2N Payload
Aug 26 18:33:55.408645: | ***emit IKEv2 Notify Payload:
Aug 26 18:33:55.408647: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:55.408649: |    flags: none (0x0)
Aug 26 18:33:55.408651: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:33:55.408652: |    SPI size: 0 (0x0)
Aug 26 18:33:55.408654: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Aug 26 18:33:55.408656: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 18:33:55.408658: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:55.408660: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Aug 26 18:33:55.408662: | Notify data  85 2a 2b b0  59 a5 c8 2b  2f d2 a9 5d  d8 24 b6 68
Aug 26 18:33:55.408664: | Notify data  90 70 c6 2e
Aug 26 18:33:55.408666: | emitting length of IKEv2 Notify Payload: 28
Aug 26 18:33:55.408670: | natd_hash: hasher=0x55f133a04800(20)
Aug 26 18:33:55.408671: | natd_hash: icookie=  6f f2 57 49  83 43 c8 1b
Aug 26 18:33:55.408673: | natd_hash: rcookie=  d5 48 a5 73  23 24 0f 25
Aug 26 18:33:55.408675: | natd_hash: ip=  c0 01 02 2d
Aug 26 18:33:55.408676: | natd_hash: port=500
Aug 26 18:33:55.408678: | natd_hash: hash=  e1 55 44 d7  39 64 4a ff  0e 5e 0f 9b  ff d6 c0 5b
Aug 26 18:33:55.408680: | natd_hash: hash=  7a 8e 9e 23
Aug 26 18:33:55.408682: | Adding a v2N Payload
Aug 26 18:33:55.408683: | ***emit IKEv2 Notify Payload:
Aug 26 18:33:55.408685: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:55.408687: |    flags: none (0x0)
Aug 26 18:33:55.408689: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:33:55.408690: |    SPI size: 0 (0x0)
Aug 26 18:33:55.408692: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Aug 26 18:33:55.408694: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 18:33:55.408696: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:55.408698: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Aug 26 18:33:55.408700: | Notify data  e1 55 44 d7  39 64 4a ff  0e 5e 0f 9b  ff d6 c0 5b
Aug 26 18:33:55.408702: | Notify data  7a 8e 9e 23
Aug 26 18:33:55.408703: | emitting length of IKEv2 Notify Payload: 28
Aug 26 18:33:55.408705: | emitting length of ISAKMP Message: 432
Aug 26 18:33:55.408710: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:33:55.408713: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK
Aug 26 18:33:55.408715: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1
Aug 26 18:33:55.408717: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA)
Aug 26 18:33:55.408720: | Message ID: updating counters for #1 to 0 after switching state
Aug 26 18:33:55.408723: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1
Aug 26 18:33:55.408726: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1
Aug 26 18:33:55.408730: "east" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
Aug 26 18:33:55.408734: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Aug 26 18:33:55.408742: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Aug 26 18:33:55.408744: |   6f f2 57 49  83 43 c8 1b  d5 48 a5 73  23 24 0f 25
Aug 26 18:33:55.408746: |   21 20 22 20  00 00 00 00  00 00 01 b0  22 00 00 28
Aug 26 18:33:55.408747: |   00 00 00 24  01 01 00 03  03 00 00 0c  01 00 00 14
Aug 26 18:33:55.408749: |   80 0e 01 00  03 00 00 08  02 00 00 07  00 00 00 08
Aug 26 18:33:55.408750: |   04 00 00 0e  28 00 01 08  00 0e 00 00  45 13 45 10
Aug 26 18:33:55.408752: |   b0 af 2e 32  29 18 b3 2d  6e 60 90 e3  9e 69 69 06
Aug 26 18:33:55.408754: |   74 d9 61 fa  53 0b b6 db  fb de 14 9c  d5 73 42 13
Aug 26 18:33:55.408755: |   d8 9f 8f 3d  0b 4f 82 38  d0 54 11 b2  56 31 1a 70
Aug 26 18:33:55.408757: |   52 39 cb 87  45 ff 9a e0  00 fd 12 67  07 01 23 50
Aug 26 18:33:55.408759: |   c8 b3 ae 58  61 3f 72 f3  aa 81 00 24  84 8d 46 15
Aug 26 18:33:55.408760: |   ef 96 6c f1  8a c9 ce f3  dc fe 14 4b  24 d0 9b 3d
Aug 26 18:33:55.408762: |   90 d1 fe 4c  cc 87 3c 1b  a3 b9 8a b8  10 8c d9 8d
Aug 26 18:33:55.408764: |   67 c7 9a a2  f0 22 ee e4  df b6 18 f1  5b f5 79 9a
Aug 26 18:33:55.408765: |   43 72 98 a8  60 50 21 3b  a4 cf 6b 22  5a e6 25 eb
Aug 26 18:33:55.408767: |   4b 07 0d 9c  c8 98 fb 84  77 c9 a6 36  90 90 70 c8
Aug 26 18:33:55.408769: |   d6 d7 25 26  e8 1c bc 6a  cd 06 39 60  10 e9 d3 25
Aug 26 18:33:55.408770: |   ad 77 52 d7  d8 51 fc 7e  2a 4c 9f 9e  21 fb 6b 5d
Aug 26 18:33:55.408772: |   00 eb 45 6a  00 27 15 5c  e7 6f e8 93  e8 36 79 05
Aug 26 18:33:55.408773: |   11 3c 7e 10  81 eb ac b4  6a 12 4f 76  2e ef 14 cb
Aug 26 18:33:55.408775: |   e0 4b 79 34  68 6b c8 f0  07 76 23 30  ef 1d 83 79
Aug 26 18:33:55.408777: |   bf 3f 5d d4  c4 5e ea c5  0c bb 6f 24  29 00 00 24
Aug 26 18:33:55.408778: |   28 22 ac 5d  28 77 14 dc  f5 75 d6 8d  0e aa 43 4b
Aug 26 18:33:55.408780: |   3c 99 90 6a  c2 d7 87 cc  7f a3 47 58  a7 6a 72 38
Aug 26 18:33:55.408782: |   29 00 00 08  00 00 40 2e  29 00 00 1c  00 00 40 04
Aug 26 18:33:55.408783: |   85 2a 2b b0  59 a5 c8 2b  2f d2 a9 5d  d8 24 b6 68
Aug 26 18:33:55.408785: |   90 70 c6 2e  00 00 00 1c  00 00 40 05  e1 55 44 d7
Aug 26 18:33:55.408787: |   39 64 4a ff  0e 5e 0f 9b  ff d6 c0 5b  7a 8e 9e 23
Aug 26 18:33:55.408823: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Aug 26 18:33:55.408828: | libevent_free: release ptr-libevent@0x55f1356fd838
Aug 26 18:33:55.408830: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55f1356f95b8
Aug 26 18:33:55.408832: | event_schedule: new EVENT_SO_DISCARD-pe@0x55f1356f95b8
Aug 26 18:33:55.408835: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1
Aug 26 18:33:55.408837: | libevent_malloc: new ptr-libevent@0x55f1356fe928 size 128
Aug 26 18:33:55.408840: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Aug 26 18:33:55.408844: | #1 spent 0.495 milliseconds in resume sending helper answer
Aug 26 18:33:55.408848: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Aug 26 18:33:55.408850: | libevent_free: release ptr-libevent@0x7fae24002888
Aug 26 18:33:55.411943: | spent 0.00267 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 18:33:55.411966: | *received 365 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 18:33:55.411970: |   6f f2 57 49  83 43 c8 1b  d5 48 a5 73  23 24 0f 25
Aug 26 18:33:55.411973: |   2e 20 23 08  00 00 00 01  00 00 01 6d  23 00 01 51
Aug 26 18:33:55.411975: |   45 98 93 83  93 ac a5 83  e9 6c 6d 5f  bc 33 4a 3d
Aug 26 18:33:55.411977: |   a0 65 60 d5  04 3e 46 a6  5e 00 5f d6  c6 bf 50 e0
Aug 26 18:33:55.411979: |   0f 9e d8 fd  b9 dd 43 f5  67 d0 a1 d8  13 52 07 2d
Aug 26 18:33:55.411981: |   27 c4 88 e1  82 f9 c0 25  a4 4a 34 c3  d5 d8 97 5a
Aug 26 18:33:55.411982: |   49 ba bf f4  ac b7 39 af  e2 81 6f d0  fd c6 3b dc
Aug 26 18:33:55.411984: |   e6 94 d2 a9  45 83 bb 24  9f eb 61 67  46 d7 c4 a6
Aug 26 18:33:55.411988: |   55 a0 49 3f  d0 2b 4b 59  91 0d b2 29  17 e3 24 f9
Aug 26 18:33:55.411989: |   1d 04 08 b6  12 fe 84 ed  17 00 97 ee  16 53 f3 07
Aug 26 18:33:55.411991: |   43 ef 1f 24  78 29 59 19  00 58 4e 37  d7 b5 9e 66
Aug 26 18:33:55.411993: |   0a b1 3d c8  3c c5 76 a0  d6 eb e9 fd  81 31 36 c0
Aug 26 18:33:55.411994: |   b5 1d 39 b4  9f 6e 00 b2  8c 19 36 37  9e 5a 7b 73
Aug 26 18:33:55.411996: |   17 6a fc 6a  e6 e3 5f 05  9d dd ca f6  68 81 2a 0f
Aug 26 18:33:55.411998: |   81 40 43 60  29 54 64 8e  cc 3a de 9f  9f 46 d9 90
Aug 26 18:33:55.411999: |   43 69 bf 95  41 fd 0a 03  06 0e 2e a5  70 11 2f 85
Aug 26 18:33:55.412001: |   88 5f b9 bc  02 33 04 bf  b9 c6 35 4d  e9 1f 51 7e
Aug 26 18:33:55.412002: |   82 30 03 0f  f9 95 75 15  95 71 8f 96  36 4b b2 9d
Aug 26 18:33:55.412004: |   7c 22 42 a9  10 71 53 e7  0e 5a a6 f1  d1 21 56 75
Aug 26 18:33:55.412006: |   c5 8b 56 6a  55 f0 fa 5f  39 41 4e 14  80 fd 0f 56
Aug 26 18:33:55.412007: |   9c 18 3b 1e  d7 25 b2 ed  02 02 cf 9d  f2 02 27 0a
Aug 26 18:33:55.412009: |   1b 41 7a 25  91 7f 67 26  b4 0e f9 f1  5b 00 53 0a
Aug 26 18:33:55.412011: |   9d 1e 2a 2b  79 20 de 4e  30 94 8f a1  9e
Aug 26 18:33:55.412014: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 18:33:55.412017: | **parse ISAKMP Message:
Aug 26 18:33:55.412019: |    initiator cookie:
Aug 26 18:33:55.412021: |   6f f2 57 49  83 43 c8 1b
Aug 26 18:33:55.412022: |    responder cookie:
Aug 26 18:33:55.412024: |   d5 48 a5 73  23 24 0f 25
Aug 26 18:33:55.412026: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Aug 26 18:33:55.412028: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:33:55.412030: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Aug 26 18:33:55.412032: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 18:33:55.412034: |    Message ID: 1 (0x1)
Aug 26 18:33:55.412036: |    length: 365 (0x16d)
Aug 26 18:33:55.412038: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Aug 26 18:33:55.412041: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request 
Aug 26 18:33:55.412044: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa)
Aug 26 18:33:55.412048: | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 18:33:55.412051: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 18:33:55.412054: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Aug 26 18:33:55.412056: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
Aug 26 18:33:55.412059: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0
Aug 26 18:33:55.412061: | unpacking clear payload
Aug 26 18:33:55.412063: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Aug 26 18:33:55.412065: | ***parse IKEv2 Encryption Payload:
Aug 26 18:33:55.412067: |    next payload type: ISAKMP_NEXT_v2IDi (0x23)
Aug 26 18:33:55.412069: |    flags: none (0x0)
Aug 26 18:33:55.412070: |    length: 337 (0x151)
Aug 26 18:33:55.412072: | processing payload: ISAKMP_NEXT_v2SK (len=333)
Aug 26 18:33:55.412076: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1
Aug 26 18:33:55.412078: | #1 in state PARENT_R1: received v2I1, sent v2R1
Aug 26 18:33:55.412080: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED)
Aug 26 18:33:55.412082: | Now let's proceed with state specific processing
Aug 26 18:33:55.412084: | calling processor Responder: process IKE_AUTH request (no SKEYSEED)
Aug 26 18:33:55.412086: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2
Aug 26 18:33:55.412089: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16
Aug 26 18:33:55.412092: | adding ikev2_inI2outR2 KE work-order 2 for state #1
Aug 26 18:33:55.412094: | state #1 requesting EVENT_SO_DISCARD to be deleted
Aug 26 18:33:55.412098: | libevent_free: release ptr-libevent@0x55f1356fe928
Aug 26 18:33:55.412101: | free_event_entry: release EVENT_SO_DISCARD-pe@0x55f1356f95b8
Aug 26 18:33:55.412103: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55f1356f95b8
Aug 26 18:33:55.412106: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Aug 26 18:33:55.412108: | libevent_malloc: new ptr-libevent@0x7fae24002888 size 128
Aug 26 18:33:55.412116: |   #1 spent 0.0282 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet()
Aug 26 18:33:55.412120: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:33:55.412122: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND
Aug 26 18:33:55.412123: | crypto helper 3 resuming
Aug 26 18:33:55.412124: | suspending state #1 and saving MD
Aug 26 18:33:55.412139: | crypto helper 3 starting work-order 2 for state #1
Aug 26 18:33:55.412141: | #1 is busy; has a suspended MD
Aug 26 18:33:55.412147: | crypto helper 3 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2
Aug 26 18:33:55.412149: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269)
Aug 26 18:33:55.412155: | "east" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451
Aug 26 18:33:55.412158: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 18:33:55.412162: | #1 spent 0.198 milliseconds in ikev2_process_packet()
Aug 26 18:33:55.412165: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 18:33:55.412167: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 18:33:55.412169: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 18:33:55.412172: | spent 0.208 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 18:33:55.413018: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4
Aug 26 18:33:55.413322: | crypto helper 3 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001176 seconds
Aug 26 18:33:55.413331: | (#1) spent 1.16 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr)
Aug 26 18:33:55.413333: | crypto helper 3 sending results from work-order 2 for state #1 to event queue
Aug 26 18:33:55.413336: | scheduling resume sending helper answer for #1
Aug 26 18:33:55.413338: | libevent_malloc: new ptr-libevent@0x7fae1c000f48 size 128
Aug 26 18:33:55.413344: | crypto helper 3 waiting (nothing to do)
Aug 26 18:33:55.413389: | processing resume sending helper answer for #1
Aug 26 18:33:55.413399: | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Aug 26 18:33:55.413403: | crypto helper 3 replies to request ID 2
Aug 26 18:33:55.413405: | calling continuation function 0x55f13392fb50
Aug 26 18:33:55.413407: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2
Aug 26 18:33:55.413409: | #1 in state PARENT_R1: received v2I1, sent v2R1
Aug 26 18:33:55.413423: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success
Aug 26 18:33:55.413425: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi)
Aug 26 18:33:55.413428: | **parse IKEv2 Identification - Initiator - Payload:
Aug 26 18:33:55.413430: |    next payload type: ISAKMP_NEXT_v2IDr (0x24)
Aug 26 18:33:55.413432: |    flags: none (0x0)
Aug 26 18:33:55.413434: |    length: 12 (0xc)
Aug 26 18:33:55.413436: |    ID type: ID_FQDN (0x2)
Aug 26 18:33:55.413438: | processing payload: ISAKMP_NEXT_v2IDi (len=4)
Aug 26 18:33:55.413440: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr)
Aug 26 18:33:55.413441: | **parse IKEv2 Identification - Responder - Payload:
Aug 26 18:33:55.413443: |    next payload type: ISAKMP_NEXT_v2AUTH (0x27)
Aug 26 18:33:55.413445: |    flags: none (0x0)
Aug 26 18:33:55.413447: |    length: 12 (0xc)
Aug 26 18:33:55.413450: |    ID type: ID_FQDN (0x2)
Aug 26 18:33:55.413452: | processing payload: ISAKMP_NEXT_v2IDr (len=4)
Aug 26 18:33:55.413454: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH)
Aug 26 18:33:55.413456: | **parse IKEv2 Authentication Payload:
Aug 26 18:33:55.413458: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 18:33:55.413459: |    flags: none (0x0)
Aug 26 18:33:55.413461: |    length: 72 (0x48)
Aug 26 18:33:55.413463: |    auth method: IKEv2_AUTH_SHARED (0x2)
Aug 26 18:33:55.413465: | processing payload: ISAKMP_NEXT_v2AUTH (len=64)
Aug 26 18:33:55.413466: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Aug 26 18:33:55.413468: | **parse IKEv2 Security Association Payload:
Aug 26 18:33:55.413470: |    next payload type: ISAKMP_NEXT_v2TSi (0x2c)
Aug 26 18:33:55.413472: |    flags: none (0x0)
Aug 26 18:33:55.413473: |    length: 164 (0xa4)
Aug 26 18:33:55.413475: | processing payload: ISAKMP_NEXT_v2SA (len=160)
Aug 26 18:33:55.413477: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi)
Aug 26 18:33:55.413479: | **parse IKEv2 Traffic Selector - Initiator - Payload:
Aug 26 18:33:55.413480: |    next payload type: ISAKMP_NEXT_v2TSr (0x2d)
Aug 26 18:33:55.413482: |    flags: none (0x0)
Aug 26 18:33:55.413484: |    length: 24 (0x18)
Aug 26 18:33:55.413486: |    number of TS: 1 (0x1)
Aug 26 18:33:55.413487: | processing payload: ISAKMP_NEXT_v2TSi (len=16)
Aug 26 18:33:55.413489: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr)
Aug 26 18:33:55.413491: | **parse IKEv2 Traffic Selector - Responder - Payload:
Aug 26 18:33:55.413493: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:55.413494: |    flags: none (0x0)
Aug 26 18:33:55.413496: |    length: 24 (0x18)
Aug 26 18:33:55.413498: |    number of TS: 1 (0x1)
Aug 26 18:33:55.413499: | processing payload: ISAKMP_NEXT_v2TSr (len=16)
Aug 26 18:33:55.413501: | selected state microcode Responder: process IKE_AUTH request
Aug 26 18:33:55.413503: | Now let's proceed with state specific processing
Aug 26 18:33:55.413505: | calling processor Responder: process IKE_AUTH request
Aug 26 18:33:55.413509: "east" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr}
Aug 26 18:33:55.413513: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669)
Aug 26 18:33:55.413516: | received IDr payload - extracting our alleged ID
Aug 26 18:33:55.413518: | refine_host_connection for IKEv2: starting with "east"
Aug 26 18:33:55.413522: |    match_id a=@west
Aug 26 18:33:55.413524: |             b=@west
Aug 26 18:33:55.413525: |    results  matched
Aug 26 18:33:55.413528: | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0))
Aug 26 18:33:55.413530: | Warning: not switching back to template of current instance
Aug 26 18:33:55.413532: | Peer expects us to be @east (ID_FQDN) according to its IDr payload
Aug 26 18:33:55.413534: | This connection's local id is @east (ID_FQDN)
Aug 26 18:33:55.413536: | refine_host_connection: checked east against east, now for see if best
Aug 26 18:33:55.413539: | started looking for secret for @east->@west of kind PKK_PSK
Aug 26 18:33:55.413541: | actually looking for secret for @east->@west of kind PKK_PSK
Aug 26 18:33:55.413543: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Aug 26 18:33:55.413545: | 1: compared key @east to @east / @west -> 010
Aug 26 18:33:55.413548: | 2: compared key @west to @east / @west -> 014
Aug 26 18:33:55.413549: | line 1: match=014
Aug 26 18:33:55.413552: | match 014 beats previous best_match 000 match=0x55f135650b58 (line=1)
Aug 26 18:33:55.413554: | concluding with best_match=014 best=0x55f135650b58 (lineno=1)
Aug 26 18:33:55.413556: | returning because exact peer id match
Aug 26 18:33:55.413558: | offered CA: '%none'
Aug 26 18:33:55.413560: "east" #1: IKEv2 mode peer ID is ID_FQDN: '@west'
Aug 26 18:33:55.413576: | verifying AUTH payload
Aug 26 18:33:55.413580: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret
Aug 26 18:33:55.413583: | started looking for secret for @east->@west of kind PKK_PSK
Aug 26 18:33:55.413585: | actually looking for secret for @east->@west of kind PKK_PSK
Aug 26 18:33:55.413587: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Aug 26 18:33:55.413590: | 1: compared key @east to @east / @west -> 010
Aug 26 18:33:55.413592: | 2: compared key @west to @east / @west -> 014
Aug 26 18:33:55.413593: | line 1: match=014
Aug 26 18:33:55.413595: | match 014 beats previous best_match 000 match=0x55f135650b58 (line=1)
Aug 26 18:33:55.413597: | concluding with best_match=014 best=0x55f135650b58 (lineno=1)
Aug 26 18:33:55.413637: "east" #1: Authenticated using authby=secret
Aug 26 18:33:55.413641: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA)
Aug 26 18:33:55.413645: | #1 will start re-keying in 3598 seconds with margin of 2 seconds (attempting re-key)
Aug 26 18:33:55.413647: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Aug 26 18:33:55.413649: | libevent_free: release ptr-libevent@0x7fae24002888
Aug 26 18:33:55.413651: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55f1356f95b8
Aug 26 18:33:55.413653: | event_schedule: new EVENT_SA_REKEY-pe@0x55f1356f95b8
Aug 26 18:33:55.413656: | inserting event EVENT_SA_REKEY, timeout in 3598 seconds for #1
Aug 26 18:33:55.413658: | libevent_malloc: new ptr-libevent@0x55f1356fe928 size 128
Aug 26 18:33:55.413737: | pstats #1 ikev2.ike established
Aug 26 18:33:55.413744: | **emit ISAKMP Message:
Aug 26 18:33:55.413746: |    initiator cookie:
Aug 26 18:33:55.413748: |   6f f2 57 49  83 43 c8 1b
Aug 26 18:33:55.413750: |    responder cookie:
Aug 26 18:33:55.413751: |   d5 48 a5 73  23 24 0f 25
Aug 26 18:33:55.413754: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 18:33:55.413756: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:33:55.413757: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Aug 26 18:33:55.413759: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 18:33:55.413761: |    Message ID: 1 (0x1)
Aug 26 18:33:55.413763: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 18:33:55.413766: | IKEv2 CERT: send a certificate?
Aug 26 18:33:55.413768: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK
Aug 26 18:33:55.413770: | ***emit IKEv2 Encryption Payload:
Aug 26 18:33:55.413772: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:55.413773: |    flags: none (0x0)
Aug 26 18:33:55.413776: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Aug 26 18:33:55.413778: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:55.413780: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Aug 26 18:33:55.413787: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Aug 26 18:33:55.413796: | ****emit IKEv2 Identification - Responder - Payload:
Aug 26 18:33:55.413798: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:55.413799: |    flags: none (0x0)
Aug 26 18:33:55.413801: |    ID type: ID_FQDN (0x2)
Aug 26 18:33:55.413804: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr)
Aug 26 18:33:55.413806: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:55.413808: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload
Aug 26 18:33:55.413810: | my identity  65 61 73 74
Aug 26 18:33:55.413812: | emitting length of IKEv2 Identification - Responder - Payload: 12
Aug 26 18:33:55.413817: | assembled IDr payload
Aug 26 18:33:55.413819: | CHILD SA proposals received
Aug 26 18:33:55.413821: | going to assemble AUTH payload
Aug 26 18:33:55.413823: | ****emit IKEv2 Authentication Payload:
Aug 26 18:33:55.413824: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 18:33:55.413828: |    flags: none (0x0)
Aug 26 18:33:55.413830: |    auth method: IKEv2_AUTH_SHARED (0x2)
Aug 26 18:33:55.413832: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA
Aug 26 18:33:55.413834: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH)
Aug 26 18:33:55.413836: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:55.413839: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret
Aug 26 18:33:55.413841: | started looking for secret for @east->@west of kind PKK_PSK
Aug 26 18:33:55.413843: | actually looking for secret for @east->@west of kind PKK_PSK
Aug 26 18:33:55.413845: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Aug 26 18:33:55.413847: | 1: compared key @east to @east / @west -> 010
Aug 26 18:33:55.413849: | 2: compared key @west to @east / @west -> 014
Aug 26 18:33:55.413851: | line 1: match=014
Aug 26 18:33:55.413853: | match 014 beats previous best_match 000 match=0x55f135650b58 (line=1)
Aug 26 18:33:55.413855: | concluding with best_match=014 best=0x55f135650b58 (lineno=1)
Aug 26 18:33:55.413890: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload
Aug 26 18:33:55.413893: | PSK auth  f2 af 6e 7a  f4 46 e5 71  06 b2 64 6b  56 45 3d 5d
Aug 26 18:33:55.413895: | PSK auth  2a 4e ec 9a  42 d4 e9 4f  c1 75 bb 7b  c4 13 e0 e3
Aug 26 18:33:55.413896: | PSK auth  28 ac d6 bb  c1 9e ae 3f  26 52 29 f6  f7 38 3e d0
Aug 26 18:33:55.413898: | PSK auth  3f ee b3 eb  dd 57 b6 84  35 62 4d d2  3b 4e 3a f6
Aug 26 18:33:55.413900: | emitting length of IKEv2 Authentication Payload: 72
Aug 26 18:33:55.413905: | creating state object #2 at 0x55f1356ff648
Aug 26 18:33:55.413908: | State DB: adding IKEv2 state #2 in UNDEFINED
Aug 26 18:33:55.413911: | pstats #2 ikev2.child started
Aug 26 18:33:55.413913: | duplicating state object #1 "east" as #2 for IPSEC SA
Aug 26 18:33:55.413916: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484)
Aug 26 18:33:55.413921: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1
Aug 26 18:33:55.413924: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1
Aug 26 18:33:55.413927: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1
Aug 26 18:33:55.413930: | Child SA TS Request has ike->sa == md->st; so using parent connection
Aug 26 18:33:55.413932: | TSi: parsing 1 traffic selectors
Aug 26 18:33:55.413934: | ***parse IKEv2 Traffic Selector:
Aug 26 18:33:55.413936: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 18:33:55.413938: |    IP Protocol ID: 0 (0x0)
Aug 26 18:33:55.413940: |    length: 16 (0x10)
Aug 26 18:33:55.413941: |    start port: 0 (0x0)
Aug 26 18:33:55.413943: |    end port: 65535 (0xffff)
Aug 26 18:33:55.413945: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Aug 26 18:33:55.413947: | TS low  c0 00 01 00
Aug 26 18:33:55.413949: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Aug 26 18:33:55.413951: | TS high  c0 00 01 ff
Aug 26 18:33:55.413953: | TSi: parsed 1 traffic selectors
Aug 26 18:33:55.413954: | TSr: parsing 1 traffic selectors
Aug 26 18:33:55.413956: | ***parse IKEv2 Traffic Selector:
Aug 26 18:33:55.413958: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 18:33:55.413960: |    IP Protocol ID: 0 (0x0)
Aug 26 18:33:55.413961: |    length: 16 (0x10)
Aug 26 18:33:55.413963: |    start port: 0 (0x0)
Aug 26 18:33:55.413965: |    end port: 65535 (0xffff)
Aug 26 18:33:55.413966: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Aug 26 18:33:55.413968: | TS low  c0 00 02 00
Aug 26 18:33:55.413971: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Aug 26 18:33:55.413973: | TS high  c0 00 02 ff
Aug 26 18:33:55.413975: | TSr: parsed 1 traffic selectors
Aug 26 18:33:55.413977: | looking for best SPD in current connection
Aug 26 18:33:55.413981: | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their:
Aug 26 18:33:55.413984: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:55.413988: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 18:33:55.413991: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 18:33:55.413993: |           TSi[0] port match: YES fitness 65536
Aug 26 18:33:55.413995: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 18:33:55.413997: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 18:33:55.414000: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:55.414003: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Aug 26 18:33:55.414005: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Aug 26 18:33:55.414007: |           TSr[0] port match: YES fitness 65536
Aug 26 18:33:55.414009: |         narrow protocol end=*0 == TSr[0]=*0: 0
Aug 26 18:33:55.414011: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Aug 26 18:33:55.414013: | best fit so far: TSi[0] TSr[0]
Aug 26 18:33:55.414015: |     found better spd route for TSi[0],TSr[0]
Aug 26 18:33:55.414016: | looking for better host pair
Aug 26 18:33:55.414020: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 18:33:55.414023: |   checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found
Aug 26 18:33:55.414025: |   investigating connection "east" as a better match
Aug 26 18:33:55.414027: |    match_id a=@west
Aug 26 18:33:55.414028: |             b=@west
Aug 26 18:33:55.414030: |    results  matched
Aug 26 18:33:55.414033: | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their:
Aug 26 18:33:55.414036: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:55.414039: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 18:33:55.414042: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 18:33:55.414043: |           TSi[0] port match: YES fitness 65536
Aug 26 18:33:55.414045: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 18:33:55.414047: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 18:33:55.414050: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:55.414053: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Aug 26 18:33:55.414055: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Aug 26 18:33:55.414057: |           TSr[0] port match: YES fitness 65536
Aug 26 18:33:55.414059: |         narrow protocol end=*0 == TSr[0]=*0: 0
Aug 26 18:33:55.414061: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Aug 26 18:33:55.414062: | best fit so far: TSi[0] TSr[0]
Aug 26 18:33:55.414064: |   did not find a better connection using host pair
Aug 26 18:33:55.414066: | printing contents struct traffic_selector
Aug 26 18:33:55.414068: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Aug 26 18:33:55.414069: |   ipprotoid: 0
Aug 26 18:33:55.414071: |   port range: 0-65535
Aug 26 18:33:55.414074: |   ip range: 192.0.2.0-192.0.2.255
Aug 26 18:33:55.414075: | printing contents struct traffic_selector
Aug 26 18:33:55.414077: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Aug 26 18:33:55.414078: |   ipprotoid: 0
Aug 26 18:33:55.414080: |   port range: 0-65535
Aug 26 18:33:55.414082: |   ip range: 192.0.1.0-192.0.1.255
Aug 26 18:33:55.414086: | constructing ESP/AH proposals with all DH removed  for east (IKE_AUTH responder matching remote ESP/AH proposals)
Aug 26 18:33:55.414091: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Aug 26 18:33:55.414096: | ...  ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED
Aug 26 18:33:55.414098: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Aug 26 18:33:55.414101: | ...  ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED
Aug 26 18:33:55.414103: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Aug 26 18:33:55.414106: | ...  ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 18:33:55.414108: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Aug 26 18:33:55.414111: | ...  ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 18:33:55.414116: "east": constructed local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 18:33:55.414119: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals
Aug 26 18:33:55.414121: | local proposal 1 type ENCR has 1 transforms
Aug 26 18:33:55.414123: | local proposal 1 type PRF has 0 transforms
Aug 26 18:33:55.414125: | local proposal 1 type INTEG has 1 transforms
Aug 26 18:33:55.414127: | local proposal 1 type DH has 1 transforms
Aug 26 18:33:55.414128: | local proposal 1 type ESN has 1 transforms
Aug 26 18:33:55.414131: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH
Aug 26 18:33:55.414133: | local proposal 2 type ENCR has 1 transforms
Aug 26 18:33:55.414134: | local proposal 2 type PRF has 0 transforms
Aug 26 18:33:55.414136: | local proposal 2 type INTEG has 1 transforms
Aug 26 18:33:55.414138: | local proposal 2 type DH has 1 transforms
Aug 26 18:33:55.414140: | local proposal 2 type ESN has 1 transforms
Aug 26 18:33:55.414142: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH
Aug 26 18:33:55.414143: | local proposal 3 type ENCR has 1 transforms
Aug 26 18:33:55.414145: | local proposal 3 type PRF has 0 transforms
Aug 26 18:33:55.414147: | local proposal 3 type INTEG has 2 transforms
Aug 26 18:33:55.414149: | local proposal 3 type DH has 1 transforms
Aug 26 18:33:55.414150: | local proposal 3 type ESN has 1 transforms
Aug 26 18:33:55.414152: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH
Aug 26 18:33:55.414154: | local proposal 4 type ENCR has 1 transforms
Aug 26 18:33:55.414156: | local proposal 4 type PRF has 0 transforms
Aug 26 18:33:55.414158: | local proposal 4 type INTEG has 2 transforms
Aug 26 18:33:55.414159: | local proposal 4 type DH has 1 transforms
Aug 26 18:33:55.414161: | local proposal 4 type ESN has 1 transforms
Aug 26 18:33:55.414163: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH
Aug 26 18:33:55.414165: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:55.414167: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:55.414169: |    length: 32 (0x20)
Aug 26 18:33:55.414171: |    prop #: 1 (0x1)
Aug 26 18:33:55.414173: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:33:55.414174: |    spi size: 4 (0x4)
Aug 26 18:33:55.414176: |    # transforms: 2 (0x2)
Aug 26 18:33:55.414178: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:33:55.414180: | remote SPI  c8 b5 1e 46
Aug 26 18:33:55.414182: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals
Aug 26 18:33:55.414185: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.414186: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.414188: |    length: 12 (0xc)
Aug 26 18:33:55.414190: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:55.414194: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:55.414196: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:55.414198: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:55.414200: |    length/value: 256 (0x100)
Aug 26 18:33:55.414203: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Aug 26 18:33:55.414205: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.414207: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:55.414209: |    length: 8 (0x8)
Aug 26 18:33:55.414211: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:33:55.414212: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:33:55.414215: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0
Aug 26 18:33:55.414217: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0
Aug 26 18:33:55.414219: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0
Aug 26 18:33:55.414221: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0
Aug 26 18:33:55.414224: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none
Aug 26 18:33:55.414227: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN
Aug 26 18:33:55.414229: | remote proposal 1 matches local proposal 1
Aug 26 18:33:55.414231: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:55.414232: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:55.414234: |    length: 32 (0x20)
Aug 26 18:33:55.414236: |    prop #: 2 (0x2)
Aug 26 18:33:55.414237: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:33:55.414239: |    spi size: 4 (0x4)
Aug 26 18:33:55.414241: |    # transforms: 2 (0x2)
Aug 26 18:33:55.414243: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:33:55.414245: | remote SPI  c8 b5 1e 46
Aug 26 18:33:55.414247: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:55.414248: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.414250: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.414252: |    length: 12 (0xc)
Aug 26 18:33:55.414254: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:55.414255: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:55.414257: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:55.414259: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:55.414261: |    length/value: 128 (0x80)
Aug 26 18:33:55.414263: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.414264: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:55.414266: |    length: 8 (0x8)
Aug 26 18:33:55.414268: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:33:55.414269: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:33:55.414272: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN
Aug 26 18:33:55.414274: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN
Aug 26 18:33:55.414276: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:55.414277: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:55.414279: |    length: 48 (0x30)
Aug 26 18:33:55.414281: |    prop #: 3 (0x3)
Aug 26 18:33:55.414282: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:33:55.414284: |    spi size: 4 (0x4)
Aug 26 18:33:55.414286: |    # transforms: 4 (0x4)
Aug 26 18:33:55.414302: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:33:55.414308: | remote SPI  c8 b5 1e 46
Aug 26 18:33:55.414310: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:55.414312: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.414314: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.414317: |    length: 12 (0xc)
Aug 26 18:33:55.414319: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:55.414321: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 18:33:55.414323: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:55.414325: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:55.414326: |    length/value: 256 (0x100)
Aug 26 18:33:55.414328: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.414330: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.414332: |    length: 8 (0x8)
Aug 26 18:33:55.414333: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:55.414335: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 18:33:55.414337: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.414339: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.414340: |    length: 8 (0x8)
Aug 26 18:33:55.414342: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:55.414344: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 18:33:55.414346: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.414348: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:55.414349: |    length: 8 (0x8)
Aug 26 18:33:55.414351: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:33:55.414353: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:33:55.414355: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Aug 26 18:33:55.414357: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Aug 26 18:33:55.414359: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:55.414361: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 18:33:55.414362: |    length: 48 (0x30)
Aug 26 18:33:55.414364: |    prop #: 4 (0x4)
Aug 26 18:33:55.414366: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:33:55.414367: |    spi size: 4 (0x4)
Aug 26 18:33:55.414369: |    # transforms: 4 (0x4)
Aug 26 18:33:55.414371: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:33:55.414373: | remote SPI  c8 b5 1e 46
Aug 26 18:33:55.414375: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:55.414376: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.414378: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.414380: |    length: 12 (0xc)
Aug 26 18:33:55.414382: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:55.414383: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 18:33:55.414385: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:55.414387: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:55.414388: |    length/value: 128 (0x80)
Aug 26 18:33:55.414390: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.414392: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.414394: |    length: 8 (0x8)
Aug 26 18:33:55.414395: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:55.414397: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 18:33:55.414399: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.414401: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.414402: |    length: 8 (0x8)
Aug 26 18:33:55.414404: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:55.414406: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 18:33:55.414408: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.414410: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:55.414411: |    length: 8 (0x8)
Aug 26 18:33:55.414413: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:33:55.414415: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:33:55.414417: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Aug 26 18:33:55.414419: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Aug 26 18:33:55.414422: "east" #1: proposal 1:ESP:SPI=c8b51e46;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED
Aug 26 18:33:55.414427: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=c8b51e46;ENCR=AES_GCM_C_256;ESN=DISABLED
Aug 26 18:33:55.414429: | converting proposal to internal trans attrs
Aug 26 18:33:55.414443: | netlink_get_spi: allocated 0x64bd39d4 for esp.0@192.1.2.23
Aug 26 18:33:55.414446: | Emitting ikev2_proposal ...
Aug 26 18:33:55.414448: | ****emit IKEv2 Security Association Payload:
Aug 26 18:33:55.414449: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:55.414451: |    flags: none (0x0)
Aug 26 18:33:55.414454: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Aug 26 18:33:55.414456: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:55.414458: | *****emit IKEv2 Proposal Substructure Payload:
Aug 26 18:33:55.414460: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 18:33:55.414462: |    prop #: 1 (0x1)
Aug 26 18:33:55.414463: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:33:55.414465: |    spi size: 4 (0x4)
Aug 26 18:33:55.414467: |    # transforms: 2 (0x2)
Aug 26 18:33:55.414469: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Aug 26 18:33:55.414471: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Aug 26 18:33:55.414473: | our spi  64 bd 39 d4
Aug 26 18:33:55.414475: | ******emit IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.414477: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.414478: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:55.414480: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:55.414482: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:33:55.414484: | *******emit IKEv2 Attribute Substructure Payload:
Aug 26 18:33:55.414486: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:55.414488: |    length/value: 256 (0x100)
Aug 26 18:33:55.414490: | emitting length of IKEv2 Transform Substructure Payload: 12
Aug 26 18:33:55.414492: | ******emit IKEv2 Transform Substructure Payload:
Aug 26 18:33:55.414494: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:55.414495: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:33:55.414497: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:33:55.414499: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:55.414501: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:33:55.414503: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 18:33:55.414505: | emitting length of IKEv2 Proposal Substructure Payload: 32
Aug 26 18:33:55.414507: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Aug 26 18:33:55.414509: | emitting length of IKEv2 Security Association Payload: 36
Aug 26 18:33:55.414511: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Aug 26 18:33:55.414513: | ****emit IKEv2 Traffic Selector - Initiator - Payload:
Aug 26 18:33:55.414515: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:55.414517: |    flags: none (0x0)
Aug 26 18:33:55.414518: |    number of TS: 1 (0x1)
Aug 26 18:33:55.414521: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi)
Aug 26 18:33:55.414524: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:55.414526: | *****emit IKEv2 Traffic Selector:
Aug 26 18:33:55.414528: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 18:33:55.414530: |    IP Protocol ID: 0 (0x0)
Aug 26 18:33:55.414531: |    start port: 0 (0x0)
Aug 26 18:33:55.414533: |    end port: 65535 (0xffff)
Aug 26 18:33:55.414535: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector
Aug 26 18:33:55.414537: | ipv4 start  c0 00 01 00
Aug 26 18:33:55.414539: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector
Aug 26 18:33:55.414540: | ipv4 end  c0 00 01 ff
Aug 26 18:33:55.414542: | emitting length of IKEv2 Traffic Selector: 16
Aug 26 18:33:55.414544: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24
Aug 26 18:33:55.414546: | ****emit IKEv2 Traffic Selector - Responder - Payload:
Aug 26 18:33:55.414548: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:55.414549: |    flags: none (0x0)
Aug 26 18:33:55.414551: |    number of TS: 1 (0x1)
Aug 26 18:33:55.414553: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr)
Aug 26 18:33:55.414555: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:55.414557: | *****emit IKEv2 Traffic Selector:
Aug 26 18:33:55.414559: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 18:33:55.414560: |    IP Protocol ID: 0 (0x0)
Aug 26 18:33:55.414562: |    start port: 0 (0x0)
Aug 26 18:33:55.414564: |    end port: 65535 (0xffff)
Aug 26 18:33:55.414566: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector
Aug 26 18:33:55.414567: | ipv4 start  c0 00 02 00
Aug 26 18:33:55.414569: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector
Aug 26 18:33:55.414571: | ipv4 end  c0 00 02 ff
Aug 26 18:33:55.414573: | emitting length of IKEv2 Traffic Selector: 16
Aug 26 18:33:55.414574: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24
Aug 26 18:33:55.414576: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Aug 26 18:33:55.414579: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36
Aug 26 18:33:55.414681: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established
Aug 26 18:33:55.414688: |     #1 spent 1.16 milliseconds
Aug 26 18:33:55.414690: | install_ipsec_sa() for #2: inbound and outbound
Aug 26 18:33:55.414692: | could_route called for east (kind=CK_PERMANENT)
Aug 26 18:33:55.414694: | FOR_EACH_CONNECTION_... in route_owner
Aug 26 18:33:55.414696: |  conn east mark 0/00000000, 0/00000000 vs
Aug 26 18:33:55.414698: |  conn east mark 0/00000000, 0/00000000
Aug 26 18:33:55.414701: | route owner of "east" unrouted: NULL; eroute owner: NULL
Aug 26 18:33:55.414704: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Aug 26 18:33:55.414706: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Aug 26 18:33:55.414708: | AES_GCM_16 requires 4 salt bytes
Aug 26 18:33:55.414710: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Aug 26 18:33:55.414713: | setting IPsec SA replay-window to 32
Aug 26 18:33:55.414715: | NIC esp-hw-offload not for connection 'east' not available on interface eth1
Aug 26 18:33:55.414717: | netlink: enabling tunnel mode
Aug 26 18:33:55.414719: | netlink: setting IPsec SA replay-window to 32 using old-style req
Aug 26 18:33:55.414721: | netlink: esp-hw-offload not set for IPsec SA
Aug 26 18:33:55.414778: | netlink response for Add SA esp.c8b51e46@192.1.2.45 included non-error error
Aug 26 18:33:55.414781: | set up outgoing SA, ref=0/0
Aug 26 18:33:55.414783: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Aug 26 18:33:55.414786: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Aug 26 18:33:55.414789: | AES_GCM_16 requires 4 salt bytes
Aug 26 18:33:55.414791: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Aug 26 18:33:55.414794: | setting IPsec SA replay-window to 32
Aug 26 18:33:55.414795: | NIC esp-hw-offload not for connection 'east' not available on interface eth1
Aug 26 18:33:55.414797: | netlink: enabling tunnel mode
Aug 26 18:33:55.414799: | netlink: setting IPsec SA replay-window to 32 using old-style req
Aug 26 18:33:55.414801: | netlink: esp-hw-offload not set for IPsec SA
Aug 26 18:33:55.414827: | netlink response for Add SA esp.64bd39d4@192.1.2.23 included non-error error
Aug 26 18:33:55.414831: | priority calculation of connection "east" is 0xfe7e7
Aug 26 18:33:55.414835: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute)
Aug 26 18:33:55.414838: | IPsec Sa SPD priority set to 1042407
Aug 26 18:33:55.414857: | raw_eroute result=success
Aug 26 18:33:55.414860: | set up incoming SA, ref=0/0
Aug 26 18:33:55.414862: | sr for #2: unrouted
Aug 26 18:33:55.414864: | route_and_eroute() for proto 0, and source port 0 dest port 0
Aug 26 18:33:55.414866: | FOR_EACH_CONNECTION_... in route_owner
Aug 26 18:33:55.414868: |  conn east mark 0/00000000, 0/00000000 vs
Aug 26 18:33:55.414870: |  conn east mark 0/00000000, 0/00000000
Aug 26 18:33:55.414872: | route owner of "east" unrouted: NULL; eroute owner: NULL
Aug 26 18:33:55.414875: | route_and_eroute with c: east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2
Aug 26 18:33:55.414877: | priority calculation of connection "east" is 0xfe7e7
Aug 26 18:33:55.414882: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute)
Aug 26 18:33:55.414884: | IPsec Sa SPD priority set to 1042407
Aug 26 18:33:55.414892: | raw_eroute result=success
Aug 26 18:33:55.414895: | running updown command "ipsec _updown" for verb up 
Aug 26 18:33:55.414897: | command executing up-client
Aug 26 18:33:55.414915: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xc8b51e46 SPI_OUT=0x64b
Aug 26 18:33:55.414917: | popen cmd is 1020 chars long
Aug 26 18:33:55.414920: | cmd(   0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA:
Aug 26 18:33:55.414922: | cmd(  80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' :
Aug 26 18:33:55.414923: | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M:
Aug 26 18:33:55.414925: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638:
Aug 26 18:33:55.414927: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_:
Aug 26 18:33:55.414929: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=':
Aug 26 18:33:55.414931: | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT:
Aug 26 18:33:55.414933: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE:
Aug 26 18:33:55.414936: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO:
Aug 26 18:33:55.414938: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN:
Aug 26 18:33:55.414940: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_:
Aug 26 18:33:55.414942: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=:
Aug 26 18:33:55.414944: | cmd( 960):'no' SPI_IN=0xc8b51e46 SPI_OUT=0x64bd39d4 ipsec _updown 2>&1:
Aug 26 18:33:55.423351: | route_and_eroute: firewall_notified: true
Aug 26 18:33:55.423367: | running updown command "ipsec _updown" for verb prepare 
Aug 26 18:33:55.423370: | command executing prepare-client
Aug 26 18:33:55.423395: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xc8b51e46 SPI
Aug 26 18:33:55.423398: | popen cmd is 1025 chars long
Aug 26 18:33:55.423400: | cmd(   0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_IN:
Aug 26 18:33:55.423402: | cmd(  80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@e:
Aug 26 18:33:55.423404: | cmd( 160):ast' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLI:
Aug 26 18:33:55.423406: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=:
Aug 26 18:33:55.423408: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_:
Aug 26 18:33:55.423409: | cmd( 400):PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_M:
Aug 26 18:33:55.423411: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='':
Aug 26 18:33:55.423413: | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF:
Aug 26 18:33:55.423415: | cmd( 640):S+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' :
Aug 26 18:33:55.423417: | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D:
Aug 26 18:33:55.423418: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P:
Aug 26 18:33:55.423420: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH:
Aug 26 18:33:55.423422: | cmd( 960):ARED='no' SPI_IN=0xc8b51e46 SPI_OUT=0x64bd39d4 ipsec _updown 2>&1:
Aug 26 18:33:55.432467: | running updown command "ipsec _updown" for verb route 
Aug 26 18:33:55.432494: | command executing route-client
Aug 26 18:33:55.432533: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xc8b51e46 SPI_OUT
Aug 26 18:33:55.432542: | popen cmd is 1023 chars long
Aug 26 18:33:55.432547: | cmd(   0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTE:
Aug 26 18:33:55.432550: | cmd(  80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@eas:
Aug 26 18:33:55.432553: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIEN:
Aug 26 18:33:55.432556: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1:
Aug 26 18:33:55.432559: | cmd( 320):6388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PE:
Aug 26 18:33:55.432562: | cmd( 400):ER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MAS:
Aug 26 18:33:55.432565: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P:
Aug 26 18:33:55.432568: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+:
Aug 26 18:33:55.432571: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL:
Aug 26 18:33:55.432574: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS:
Aug 26 18:33:55.432577: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU:
Aug 26 18:33:55.432579: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR:
Aug 26 18:33:55.432583: | cmd( 960):ED='no' SPI_IN=0xc8b51e46 SPI_OUT=0x64bd39d4 ipsec _updown 2>&1:
Aug 26 18:33:55.446593: | route_and_eroute: instance "east", setting eroute_owner {spd=0x55f1356f7848,sr=0x55f1356f7848} to #2 (was #0) (newest_ipsec_sa=#0)
Aug 26 18:33:55.447283: |     #1 spent 2.16 milliseconds in install_ipsec_sa()
Aug 26 18:33:55.447297: | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1
Aug 26 18:33:55.447305: | adding 1 bytes of padding (including 1 byte padding-length)
Aug 26 18:33:55.447310: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Aug 26 18:33:55.447314: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Aug 26 18:33:55.447318: | emitting length of IKEv2 Encryption Payload: 197
Aug 26 18:33:55.447321: | emitting length of ISAKMP Message: 225
Aug 26 18:33:55.447355: | ikev2_parent_inI2outR2_continue_tail returned STF_OK
Aug 26 18:33:55.447361: |   #1 spent 3.4 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet()
Aug 26 18:33:55.447370: | suspend processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:33:55.447376: | start processing: state #2 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:33:55.447381: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK
Aug 26 18:33:55.447385: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R
Aug 26 18:33:55.447389: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA)
Aug 26 18:33:55.447394: | Message ID: updating counters for #2 to 1 after switching state
Aug 26 18:33:55.447400: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1
Aug 26 18:33:55.447405: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1
Aug 26 18:33:55.447411: | pstats #2 ikev2.child established
Aug 26 18:33:55.447421: "east" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0]
Aug 26 18:33:55.447426: | NAT-T: encaps is 'auto'
Aug 26 18:33:55.447431: "east" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xc8b51e46 <0x64bd39d4 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive}
Aug 26 18:33:55.447436: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Aug 26 18:33:55.447445: | sending 225 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Aug 26 18:33:55.447448: |   6f f2 57 49  83 43 c8 1b  d5 48 a5 73  23 24 0f 25
Aug 26 18:33:55.447451: |   2e 20 23 20  00 00 00 01  00 00 00 e1  24 00 00 c5
Aug 26 18:33:55.447453: |   2d 42 cd 8d  2b 1b 89 50  c9 fd f8 f2  d6 b6 3b 60
Aug 26 18:33:55.447456: |   60 fd 7b 78  6a 13 e8 4d  25 ff 0b 4e  0d a9 fa a1
Aug 26 18:33:55.447459: |   80 df 85 15  d7 de a8 44  36 bf 1d 30  10 78 dc 80
Aug 26 18:33:55.447461: |   a6 d4 f1 72  46 cc c0 29  50 16 f9 25  dd 70 d3 c0
Aug 26 18:33:55.447464: |   af b5 1e 58  16 ee e7 80  17 3a bc 1f  2a c0 1c f5
Aug 26 18:33:55.447467: |   ea ea 06 f0  ce 1f 97 f3  90 b0 5f d1  a9 93 2d be
Aug 26 18:33:55.447469: |   a1 32 77 1b  b7 a5 21 a0  4f 84 2b 1e  d2 e1 9e 25
Aug 26 18:33:55.447472: |   57 7a dc 94  c2 b4 92 76  4b 9a 7f 82  9e ce 5a 7b
Aug 26 18:33:55.447475: |   ed 7f 86 47  d1 b3 d6 00  76 23 86 e6  fc 69 d8 b2
Aug 26 18:33:55.447477: |   13 a3 6f 0c  fe 60 82 25  02 57 45 fb  da 29 11 95
Aug 26 18:33:55.447480: |   84 fd 9a 96  33 f5 f9 9d  c7 e6 7d 6e  cb 0b 50 d0
Aug 26 18:33:55.447483: |   1c ee df 2b  b2 43 d9 33  13 83 51 a4  87 e9 3c bd
Aug 26 18:33:55.447485: |   ff
Aug 26 18:33:55.447525: | releasing whack for #2 (sock=fd@-1)
Aug 26 18:33:55.447529: | releasing whack and unpending for parent #1
Aug 26 18:33:55.447532: | unpending state #1 connection "east"
Aug 26 18:33:55.447537: | #2 will start re-keying in 28 seconds with margin of 2 seconds (attempting re-key)
Aug 26 18:33:55.447541: | event_schedule: new EVENT_SA_REKEY-pe@0x7fae24002b78
Aug 26 18:33:55.447545: | inserting event EVENT_SA_REKEY, timeout in 28 seconds for #2
Aug 26 18:33:55.447549: | libevent_malloc: new ptr-libevent@0x55f1356ff598 size 128
Aug 26 18:33:55.447565: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Aug 26 18:33:55.447572: | #1 spent 3.69 milliseconds in resume sending helper answer
Aug 26 18:33:55.447578: | stop processing: state #2 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Aug 26 18:33:55.447583: | libevent_free: release ptr-libevent@0x7fae1c000f48
Aug 26 18:33:55.447597: | processing signal PLUTO_SIGCHLD
Aug 26 18:33:55.447603: | waitpid returned ECHILD (no child processes left)
Aug 26 18:33:55.447608: | spent 0.00552 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 18:33:55.447611: | processing signal PLUTO_SIGCHLD
Aug 26 18:33:55.447615: | waitpid returned ECHILD (no child processes left)
Aug 26 18:33:55.447618: | spent 0.00372 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 18:33:55.447621: | processing signal PLUTO_SIGCHLD
Aug 26 18:33:55.447625: | waitpid returned ECHILD (no child processes left)
Aug 26 18:33:55.447629: | spent 0.00368 milliseconds in signal handler PLUTO_SIGCHLD