Aug 26 18:33:45.182715: FIPS Product: YES
Aug 26 18:33:45.182797: FIPS Kernel: NO
Aug 26 18:33:45.182799: FIPS Mode: NO
Aug 26 18:33:45.182801: NSS DB directory: sql:/etc/ipsec.d
Aug 26 18:33:45.182905: Initializing NSS
Aug 26 18:33:45.182910: Opening NSS database "sql:/etc/ipsec.d" read-only
Aug 26 18:33:45.207335: NSS initialized
Aug 26 18:33:45.207347: NSS crypto library initialized
Aug 26 18:33:45.207350: FIPS HMAC integrity support [enabled]
Aug 26 18:33:45.207351: FIPS mode disabled for pluto daemon
Aug 26 18:33:45.233480: FIPS HMAC integrity verification self-test FAILED
Aug 26 18:33:45.233596: libcap-ng support [enabled]
Aug 26 18:33:45.233602: Linux audit support [enabled]
Aug 26 18:33:45.233633: Linux audit activated
Aug 26 18:33:45.233641: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:19462
Aug 26 18:33:45.233643: core dump dir: /tmp
Aug 26 18:33:45.233644: secrets file: /etc/ipsec.secrets
Aug 26 18:33:45.233646: leak-detective enabled
Aug 26 18:33:45.233647: NSS crypto [enabled]
Aug 26 18:33:45.233648: XAUTH PAM support [enabled]
Aug 26 18:33:45.233706: | libevent is using pluto's memory allocator
Aug 26 18:33:45.233712: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Aug 26 18:33:45.233727: | libevent_malloc: new ptr-libevent@0x563abb730ba8 size 40
Aug 26 18:33:45.233729: | libevent_malloc: new ptr-libevent@0x563abb730cd8 size 40
Aug 26 18:33:45.233732: | libevent_malloc: new ptr-libevent@0x563abb730dd8 size 40
Aug 26 18:33:45.233733: | creating event base
Aug 26 18:33:45.233735: | libevent_malloc: new ptr-libevent@0x563abb7b54c8 size 56
Aug 26 18:33:45.233738: | libevent_malloc: new ptr-libevent@0x563abb7594d8 size 664
Aug 26 18:33:45.233748: | libevent_malloc: new ptr-libevent@0x563abb7b5538 size 24
Aug 26 18:33:45.233750: | libevent_malloc: new ptr-libevent@0x563abb7b5588 size 384
Aug 26 18:33:45.233758: | libevent_malloc: new ptr-libevent@0x563abb7b5488 size 16
Aug 26 18:33:45.233760: | libevent_malloc: new ptr-libevent@0x563abb730908 size 40
Aug 26 18:33:45.233762: | libevent_malloc: new ptr-libevent@0x563abb730d38 size 48
Aug 26 18:33:45.233766: | libevent_realloc: new ptr-libevent@0x563abb759168 size 256
Aug 26 18:33:45.233768: | libevent_malloc: new ptr-libevent@0x563abb7b5738 size 16
Aug 26 18:33:45.233772: | libevent_free: release ptr-libevent@0x563abb7b54c8
Aug 26 18:33:45.233775: | libevent initialized
Aug 26 18:33:45.233777: | libevent_realloc: new ptr-libevent@0x563abb7b54c8 size 64
Aug 26 18:33:45.233782: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds
Aug 26 18:33:45.233793: | init_nat_traversal() initialized with keep_alive=0s
Aug 26 18:33:45.233795: NAT-Traversal support  [enabled]
Aug 26 18:33:45.233797: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
Aug 26 18:33:45.233803: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized
Aug 26 18:33:45.233805: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
Aug 26 18:33:45.233833: | global one-shot timer EVENT_REVIVE_CONNS initialized
Aug 26 18:33:45.233835: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
Aug 26 18:33:45.233837: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds
Aug 26 18:33:45.233870: Encryption algorithms:
Aug 26 18:33:45.233877:   AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
Aug 26 18:33:45.233880:   AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
Aug 26 18:33:45.233882:   AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
Aug 26 18:33:45.233884:   3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
Aug 26 18:33:45.233886:   CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
Aug 26 18:33:45.233896:   CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
Aug 26 18:33:45.233899:   AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
Aug 26 18:33:45.233901:   AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
Aug 26 18:33:45.233904:   AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
Aug 26 18:33:45.233906:   AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
Aug 26 18:33:45.233908:   AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
Aug 26 18:33:45.233910:   SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
Aug 26 18:33:45.233913:   TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
Aug 26 18:33:45.233915:   TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
Aug 26 18:33:45.233917:   NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_gmac
Aug 26 18:33:45.233919:   NULL                    IKEv1:     ESP     IKEv2:     ESP           []
Aug 26 18:33:45.233921:   CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
Aug 26 18:33:45.233926: Hash algorithms:
Aug 26 18:33:45.233928:   MD5                     IKEv1: IKE         IKEv2:                 
Aug 26 18:33:45.233930:   SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
Aug 26 18:33:45.233932:   SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
Aug 26 18:33:45.233934:   SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
Aug 26 18:33:45.233936:   SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
Aug 26 18:33:45.233944: PRF algorithms:
Aug 26 18:33:45.233946:   HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
Aug 26 18:33:45.233948:   HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
Aug 26 18:33:45.233951:   HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
Aug 26 18:33:45.233953:   HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
Aug 26 18:33:45.233955:   HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
Aug 26 18:33:45.233957:   AES_XCBC                IKEv1:             IKEv2: IKE               aes128_xcbc
Aug 26 18:33:45.233973: Integrity algorithms:
Aug 26 18:33:45.233975:   HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
Aug 26 18:33:45.233978:   HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
Aug 26 18:33:45.233980:   HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, sha2_512_256, hmac_sha2_512
Aug 26 18:33:45.233983:   HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, sha2_384_192, hmac_sha2_384
Aug 26 18:33:45.233985:   HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Aug 26 18:33:45.233987:   HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH      
Aug 26 18:33:45.233989:   AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH        aes_xcbc, aes128_xcbc, aes128_xcbc_96
Aug 26 18:33:45.233991:   AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
Aug 26 18:33:45.233993:   NONE                    IKEv1:     ESP     IKEv2: IKE ESP     FIPS  null
Aug 26 18:33:45.234001: DH algorithms:
Aug 26 18:33:45.234003:   NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
Aug 26 18:33:45.234005:   MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
Aug 26 18:33:45.234006:   MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
Aug 26 18:33:45.234010:   MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
Aug 26 18:33:45.234012:   MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
Aug 26 18:33:45.234014:   MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
Aug 26 18:33:45.234015:   MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
Aug 26 18:33:45.234017:   DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256, ecp256
Aug 26 18:33:45.234020:   DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384, ecp384
Aug 26 18:33:45.234021:   DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521, ecp521
Aug 26 18:33:45.234023:   DH31                    IKEv1: IKE         IKEv2: IKE ESP AH        curve25519
Aug 26 18:33:45.234025: testing CAMELLIA_CBC:
Aug 26 18:33:45.234027:   Camellia: 16 bytes with 128-bit key
Aug 26 18:33:45.234115:   Camellia: 16 bytes with 128-bit key
Aug 26 18:33:45.234134:   Camellia: 16 bytes with 256-bit key
Aug 26 18:33:45.234153:   Camellia: 16 bytes with 256-bit key
Aug 26 18:33:45.234170: testing AES_GCM_16:
Aug 26 18:33:45.234173:   empty string
Aug 26 18:33:45.234192:   one block
Aug 26 18:33:45.234210:   two blocks
Aug 26 18:33:45.234226:   two blocks with associated data
Aug 26 18:33:45.234243: testing AES_CTR:
Aug 26 18:33:45.234245:   Encrypting 16 octets using AES-CTR with 128-bit key
Aug 26 18:33:45.234261:   Encrypting 32 octets using AES-CTR with 128-bit key
Aug 26 18:33:45.234279:   Encrypting 36 octets using AES-CTR with 128-bit key
Aug 26 18:33:45.234307:   Encrypting 16 octets using AES-CTR with 192-bit key
Aug 26 18:33:45.234340:   Encrypting 32 octets using AES-CTR with 192-bit key
Aug 26 18:33:45.234357:   Encrypting 36 octets using AES-CTR with 192-bit key
Aug 26 18:33:45.234373:   Encrypting 16 octets using AES-CTR with 256-bit key
Aug 26 18:33:45.234389:   Encrypting 32 octets using AES-CTR with 256-bit key
Aug 26 18:33:45.234407:   Encrypting 36 octets using AES-CTR with 256-bit key
Aug 26 18:33:45.234424: testing AES_CBC:
Aug 26 18:33:45.234426:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Aug 26 18:33:45.234442:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Aug 26 18:33:45.234459:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Aug 26 18:33:45.234476:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Aug 26 18:33:45.234497: testing AES_XCBC:
Aug 26 18:33:45.234499:   RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input
Aug 26 18:33:45.234590:   RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input
Aug 26 18:33:45.234672:   RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input
Aug 26 18:33:45.234748:   RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input
Aug 26 18:33:45.234824:   RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input
Aug 26 18:33:45.234902:   RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input
Aug 26 18:33:45.234980:   RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input
Aug 26 18:33:45.235151:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Aug 26 18:33:45.235229:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Aug 26 18:33:45.235317:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Aug 26 18:33:45.235466: testing HMAC_MD5:
Aug 26 18:33:45.235473:   RFC 2104: MD5_HMAC test 1
Aug 26 18:33:45.235705:   RFC 2104: MD5_HMAC test 2
Aug 26 18:33:45.235802:   RFC 2104: MD5_HMAC test 3
Aug 26 18:33:45.235925: 8 CPU cores online
Aug 26 18:33:45.235928: starting up 7 crypto helpers
Aug 26 18:33:45.235962: started thread for crypto helper 0
Aug 26 18:33:45.235967: | starting up helper thread 0
Aug 26 18:33:45.235983: | status value returned by setting the priority of this thread (crypto helper 0) 22
Aug 26 18:33:45.235987: | crypto helper 0 waiting (nothing to do)
Aug 26 18:33:45.235987: started thread for crypto helper 1
Aug 26 18:33:45.236042: started thread for crypto helper 2
Aug 26 18:33:45.236045: | starting up helper thread 2
Aug 26 18:33:45.236059: | status value returned by setting the priority of this thread (crypto helper 2) 22
Aug 26 18:33:45.236062: | crypto helper 2 waiting (nothing to do)
Aug 26 18:33:45.236085: started thread for crypto helper 3
Aug 26 18:33:45.236046: | starting up helper thread 1
Aug 26 18:33:45.236120: | status value returned by setting the priority of this thread (crypto helper 1) 22
Aug 26 18:33:45.236105: | starting up helper thread 3
Aug 26 18:33:45.236123: | crypto helper 1 waiting (nothing to do)
Aug 26 18:33:45.236133: | status value returned by setting the priority of this thread (crypto helper 3) 22
Aug 26 18:33:45.236137: | crypto helper 3 waiting (nothing to do)
Aug 26 18:33:45.236115: started thread for crypto helper 4
Aug 26 18:33:45.236118: | starting up helper thread 4
Aug 26 18:33:45.236599: | status value returned by setting the priority of this thread (crypto helper 4) 22
Aug 26 18:33:45.236603: | crypto helper 4 waiting (nothing to do)
Aug 26 18:33:45.236626: started thread for crypto helper 5
Aug 26 18:33:45.236630: | starting up helper thread 5
Aug 26 18:33:45.236641: | status value returned by setting the priority of this thread (crypto helper 5) 22
Aug 26 18:33:45.236646: | starting up helper thread 6
Aug 26 18:33:45.236642: started thread for crypto helper 6
Aug 26 18:33:45.236654: | crypto helper 5 waiting (nothing to do)
Aug 26 18:33:45.236665: | checking IKEv1 state table
Aug 26 18:33:45.236655: | status value returned by setting the priority of this thread (crypto helper 6) 22
Aug 26 18:33:45.236673: |   MAIN_R0: category: half-open IKE SA flags: 0:
Aug 26 18:33:45.236675: | crypto helper 6 waiting (nothing to do)
Aug 26 18:33:45.236676: |     -> MAIN_R1 EVENT_SO_DISCARD
Aug 26 18:33:45.236684: |   MAIN_I1: category: half-open IKE SA flags: 0:
Aug 26 18:33:45.236686: |     -> MAIN_I2 EVENT_RETRANSMIT
Aug 26 18:33:45.236688: |   MAIN_R1: category: open IKE SA flags: 200:
Aug 26 18:33:45.236689: |     -> MAIN_R2 EVENT_RETRANSMIT
Aug 26 18:33:45.236691: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 18:33:45.236692: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 18:33:45.236694: |   MAIN_I2: category: open IKE SA flags: 0:
Aug 26 18:33:45.236696: |     -> MAIN_I3 EVENT_RETRANSMIT
Aug 26 18:33:45.236697: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 18:33:45.236699: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 18:33:45.236700: |   MAIN_R2: category: open IKE SA flags: 0:
Aug 26 18:33:45.236715: |     -> MAIN_R3 EVENT_SA_REPLACE
Aug 26 18:33:45.236716: |     -> MAIN_R3 EVENT_SA_REPLACE
Aug 26 18:33:45.236718: |     -> UNDEFINED EVENT_SA_REPLACE
Aug 26 18:33:45.236719: |   MAIN_I3: category: open IKE SA flags: 0:
Aug 26 18:33:45.236721: |     -> MAIN_I4 EVENT_SA_REPLACE
Aug 26 18:33:45.236722: |     -> MAIN_I4 EVENT_SA_REPLACE
Aug 26 18:33:45.236724: |     -> UNDEFINED EVENT_SA_REPLACE
Aug 26 18:33:45.236726: |   MAIN_R3: category: established IKE SA flags: 200:
Aug 26 18:33:45.236727: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:45.236729: |   MAIN_I4: category: established IKE SA flags: 0:
Aug 26 18:33:45.236730: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:45.236732: |   AGGR_R0: category: half-open IKE SA flags: 0:
Aug 26 18:33:45.236733: |     -> AGGR_R1 EVENT_SO_DISCARD
Aug 26 18:33:45.236735: |   AGGR_I1: category: half-open IKE SA flags: 0:
Aug 26 18:33:45.236737: |     -> AGGR_I2 EVENT_SA_REPLACE
Aug 26 18:33:45.236738: |     -> AGGR_I2 EVENT_SA_REPLACE
Aug 26 18:33:45.236740: |   AGGR_R1: category: open IKE SA flags: 200:
Aug 26 18:33:45.236741: |     -> AGGR_R2 EVENT_SA_REPLACE
Aug 26 18:33:45.236743: |     -> AGGR_R2 EVENT_SA_REPLACE
Aug 26 18:33:45.236744: |   AGGR_I2: category: established IKE SA flags: 200:
Aug 26 18:33:45.236746: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:45.236747: |   AGGR_R2: category: established IKE SA flags: 0:
Aug 26 18:33:45.236749: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:45.236751: |   QUICK_R0: category: established CHILD SA flags: 0:
Aug 26 18:33:45.236752: |     -> QUICK_R1 EVENT_RETRANSMIT
Aug 26 18:33:45.236756: |   QUICK_I1: category: established CHILD SA flags: 0:
Aug 26 18:33:45.236758: |     -> QUICK_I2 EVENT_SA_REPLACE
Aug 26 18:33:45.236760: |   QUICK_R1: category: established CHILD SA flags: 0:
Aug 26 18:33:45.236776: |     -> QUICK_R2 EVENT_SA_REPLACE
Aug 26 18:33:45.236778: |   QUICK_I2: category: established CHILD SA flags: 200:
Aug 26 18:33:45.236780: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:45.236781: |   QUICK_R2: category: established CHILD SA flags: 0:
Aug 26 18:33:45.236783: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:45.236784: |   INFO: category: informational flags: 0:
Aug 26 18:33:45.236786: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:45.236788: |   INFO_PROTECTED: category: informational flags: 0:
Aug 26 18:33:45.236789: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:45.236791: |   XAUTH_R0: category: established IKE SA flags: 0:
Aug 26 18:33:45.236792: |     -> XAUTH_R1 EVENT_NULL
Aug 26 18:33:45.236794: |   XAUTH_R1: category: established IKE SA flags: 0:
Aug 26 18:33:45.236796: |     -> MAIN_R3 EVENT_SA_REPLACE
Aug 26 18:33:45.236797: |   MODE_CFG_R0: category: informational flags: 0:
Aug 26 18:33:45.236799: |     -> MODE_CFG_R1 EVENT_SA_REPLACE
Aug 26 18:33:45.236801: |   MODE_CFG_R1: category: established IKE SA flags: 0:
Aug 26 18:33:45.236802: |     -> MODE_CFG_R2 EVENT_SA_REPLACE
Aug 26 18:33:45.236804: |   MODE_CFG_R2: category: established IKE SA flags: 0:
Aug 26 18:33:45.236806: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:45.236807: |   MODE_CFG_I1: category: established IKE SA flags: 0:
Aug 26 18:33:45.236809: |     -> MAIN_I4 EVENT_SA_REPLACE
Aug 26 18:33:45.236810: |   XAUTH_I0: category: established IKE SA flags: 0:
Aug 26 18:33:45.236812: |     -> XAUTH_I1 EVENT_RETRANSMIT
Aug 26 18:33:45.236814: |   XAUTH_I1: category: established IKE SA flags: 0:
Aug 26 18:33:45.236815: |     -> MAIN_I4 EVENT_RETRANSMIT
Aug 26 18:33:45.236820: | checking IKEv2 state table
Aug 26 18:33:45.236824: |   PARENT_I0: category: ignore flags: 0:
Aug 26 18:33:45.236826: |     -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT)
Aug 26 18:33:45.236828: |   PARENT_I1: category: half-open IKE SA flags: 0:
Aug 26 18:33:45.236830: |     -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification)
Aug 26 18:33:45.236832: |     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH)
Aug 26 18:33:45.236834: |   PARENT_I2: category: open IKE SA flags: 0:
Aug 26 18:33:45.236836: |     -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification)
Aug 26 18:33:45.236837: |     -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification)
Aug 26 18:33:45.236839: |     -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification)
Aug 26 18:33:45.236841: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response)
Aug 26 18:33:45.236843: |     -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification)
Aug 26 18:33:45.236845: |   PARENT_I3: category: established IKE SA flags: 0:
Aug 26 18:33:45.236846: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Request)
Aug 26 18:33:45.236848: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Response)
Aug 26 18:33:45.236850: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request)
Aug 26 18:33:45.236851: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response)
Aug 26 18:33:45.236853: |   PARENT_R0: category: half-open IKE SA flags: 0:
Aug 26 18:33:45.236855: |     -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT)
Aug 26 18:33:45.236857: |   PARENT_R1: category: half-open IKE SA flags: 0:
Aug 26 18:33:45.236858: |     -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED))
Aug 26 18:33:45.236860: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request)
Aug 26 18:33:45.236862: |   PARENT_R2: category: established IKE SA flags: 0:
Aug 26 18:33:45.236864: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request)
Aug 26 18:33:45.236867: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response)
Aug 26 18:33:45.236868: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request)
Aug 26 18:33:45.236870: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response)
Aug 26 18:33:45.236872: |   V2_CREATE_I0: category: established IKE SA flags: 0:
Aug 26 18:33:45.236874: |     -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA)
Aug 26 18:33:45.236875: |   V2_CREATE_I: category: established IKE SA flags: 0:
Aug 26 18:33:45.236877: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response)
Aug 26 18:33:45.236879: |   V2_REKEY_IKE_I0: category: established IKE SA flags: 0:
Aug 26 18:33:45.236881: |     -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey)
Aug 26 18:33:45.236883: |   V2_REKEY_IKE_I: category: established IKE SA flags: 0:
Aug 26 18:33:45.236885: |     -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response)
Aug 26 18:33:45.236886: |   V2_REKEY_CHILD_I0: category: established IKE SA flags: 0:
Aug 26 18:33:45.236888: |     -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA)
Aug 26 18:33:45.236890: |   V2_REKEY_CHILD_I: category: established IKE SA flags: 0: <none>
Aug 26 18:33:45.236892: |   V2_CREATE_R: category: established IKE SA flags: 0:
Aug 26 18:33:45.236894: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request)
Aug 26 18:33:45.236896: |   V2_REKEY_IKE_R: category: established IKE SA flags: 0:
Aug 26 18:33:45.236897: |     -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey)
Aug 26 18:33:45.236899: |   V2_REKEY_CHILD_R: category: established IKE SA flags: 0: <none>
Aug 26 18:33:45.236901: |   V2_IPSEC_I: category: established CHILD SA flags: 0: <none>
Aug 26 18:33:45.236903: |   V2_IPSEC_R: category: established CHILD SA flags: 0: <none>
Aug 26 18:33:45.236905: |   IKESA_DEL: category: established IKE SA flags: 0:
Aug 26 18:33:45.236906: |     -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
Aug 26 18:33:45.236908: |   CHILDSA_DEL: category: informational flags: 0: <none>
Aug 26 18:33:45.236918: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64
Aug 26 18:33:45.237239: | Hard-wiring algorithms
Aug 26 18:33:45.237243: | adding AES_CCM_16 to kernel algorithm db
Aug 26 18:33:45.237246: | adding AES_CCM_12 to kernel algorithm db
Aug 26 18:33:45.237248: | adding AES_CCM_8 to kernel algorithm db
Aug 26 18:33:45.237250: | adding 3DES_CBC to kernel algorithm db
Aug 26 18:33:45.237252: | adding CAMELLIA_CBC to kernel algorithm db
Aug 26 18:33:45.237253: | adding AES_GCM_16 to kernel algorithm db
Aug 26 18:33:45.237255: | adding AES_GCM_12 to kernel algorithm db
Aug 26 18:33:45.237257: | adding AES_GCM_8 to kernel algorithm db
Aug 26 18:33:45.237258: | adding AES_CTR to kernel algorithm db
Aug 26 18:33:45.237260: | adding AES_CBC to kernel algorithm db
Aug 26 18:33:45.237262: | adding SERPENT_CBC to kernel algorithm db
Aug 26 18:33:45.237264: | adding TWOFISH_CBC to kernel algorithm db
Aug 26 18:33:45.237265: | adding NULL_AUTH_AES_GMAC to kernel algorithm db
Aug 26 18:33:45.237267: | adding NULL to kernel algorithm db
Aug 26 18:33:45.237269: | adding CHACHA20_POLY1305 to kernel algorithm db
Aug 26 18:33:45.237271: | adding HMAC_MD5_96 to kernel algorithm db
Aug 26 18:33:45.237273: | adding HMAC_SHA1_96 to kernel algorithm db
Aug 26 18:33:45.237274: | adding HMAC_SHA2_512_256 to kernel algorithm db
Aug 26 18:33:45.237276: | adding HMAC_SHA2_384_192 to kernel algorithm db
Aug 26 18:33:45.237278: | adding HMAC_SHA2_256_128 to kernel algorithm db
Aug 26 18:33:45.237279: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
Aug 26 18:33:45.237281: | adding AES_XCBC_96 to kernel algorithm db
Aug 26 18:33:45.237283: | adding AES_CMAC_96 to kernel algorithm db
Aug 26 18:33:45.237284: | adding NONE to kernel algorithm db
Aug 26 18:33:45.237311: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes
Aug 26 18:33:45.237318: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
Aug 26 18:33:45.237321: | setup kernel fd callback
Aug 26 18:33:45.237323: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x563abb7ba078
Aug 26 18:33:45.237326: | libevent_malloc: new ptr-libevent@0x563abb79e508 size 128
Aug 26 18:33:45.237329: | libevent_malloc: new ptr-libevent@0x563abb7ba188 size 16
Aug 26 18:33:45.237334: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x563abb7babb8
Aug 26 18:33:45.237336: | libevent_malloc: new ptr-libevent@0x563abb75a978 size 128
Aug 26 18:33:45.237338: | libevent_malloc: new ptr-libevent@0x563abb7bab78 size 16
Aug 26 18:33:45.237485: | global one-shot timer EVENT_CHECK_CRLS initialized
Aug 26 18:33:45.237491: selinux support is enabled.
Aug 26 18:33:45.237898: | unbound context created - setting debug level to 5
Aug 26 18:33:45.237918: | /etc/hosts lookups activated
Aug 26 18:33:45.237929: | /etc/resolv.conf usage activated
Aug 26 18:33:45.237965: | outgoing-port-avoid set 0-65535
Aug 26 18:33:45.237982: | outgoing-port-permit set 32768-60999
Aug 26 18:33:45.237984: | Loading dnssec root key from:/var/lib/unbound/root.key
Aug 26 18:33:45.237986: | No additional dnssec trust anchors defined via dnssec-trusted= option
Aug 26 18:33:45.237988: | Setting up events, loop start
Aug 26 18:33:45.237990: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x563abb7bac28
Aug 26 18:33:45.237992: | libevent_malloc: new ptr-libevent@0x563abb7c6da8 size 128
Aug 26 18:33:45.237995: | libevent_malloc: new ptr-libevent@0x563abb7d2078 size 16
Aug 26 18:33:45.237999: | libevent_realloc: new ptr-libevent@0x563abb7d20b8 size 256
Aug 26 18:33:45.238001: | libevent_malloc: new ptr-libevent@0x563abb7d21e8 size 8
Aug 26 18:33:45.238003: | libevent_realloc: new ptr-libevent@0x563abb72c918 size 144
Aug 26 18:33:45.238005: | libevent_malloc: new ptr-libevent@0x563abb75a038 size 152
Aug 26 18:33:45.238008: | libevent_malloc: new ptr-libevent@0x563abb7d2228 size 16
Aug 26 18:33:45.238010: | signal event handler PLUTO_SIGCHLD installed
Aug 26 18:33:45.238012: | libevent_malloc: new ptr-libevent@0x563abb7d2268 size 8
Aug 26 18:33:45.238016: | libevent_malloc: new ptr-libevent@0x563abb75dfd8 size 152
Aug 26 18:33:45.238018: | signal event handler PLUTO_SIGTERM installed
Aug 26 18:33:45.238020: | libevent_malloc: new ptr-libevent@0x563abb7d22a8 size 8
Aug 26 18:33:45.238021: | libevent_malloc: new ptr-libevent@0x563abb7d22e8 size 152
Aug 26 18:33:45.238023: | signal event handler PLUTO_SIGHUP installed
Aug 26 18:33:45.238025: | libevent_malloc: new ptr-libevent@0x563abb7d23b8 size 8
Aug 26 18:33:45.238026: | libevent_realloc: release ptr-libevent@0x563abb72c918
Aug 26 18:33:45.238028: | libevent_realloc: new ptr-libevent@0x563abb7d23f8 size 256
Aug 26 18:33:45.238030: | libevent_malloc: new ptr-libevent@0x563abb7d2528 size 152
Aug 26 18:33:45.238032: | signal event handler PLUTO_SIGSYS installed
Aug 26 18:33:45.238313: | created addconn helper (pid:19495) using fork+execve
Aug 26 18:33:45.238332: | forked child 19495
Aug 26 18:33:45.240242: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:45.240264: listening for IKE messages
Aug 26 18:33:45.240353: | Inspecting interface lo 
Aug 26 18:33:45.240360: | found lo with address 127.0.0.1
Aug 26 18:33:45.240363: | Inspecting interface eth0 
Aug 26 18:33:45.240366: | found eth0 with address 192.0.2.254
Aug 26 18:33:45.240369: | Inspecting interface eth0 
Aug 26 18:33:45.240371: | found eth0 with address 192.0.200.254
Aug 26 18:33:45.240373: | Inspecting interface eth1 
Aug 26 18:33:45.240376: | found eth1 with address 192.1.2.23
Aug 26 18:33:45.240430: Kernel supports NIC esp-hw-offload
Aug 26 18:33:45.240439: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500
Aug 26 18:33:45.240486: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 18:33:45.240490: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 18:33:45.240497: adding interface eth1/eth1 192.1.2.23:4500
Aug 26 18:33:45.240517: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.200.254:500
Aug 26 18:33:45.240534: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 18:33:45.240537: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 18:33:45.240539: adding interface eth0/eth0 192.0.200.254:4500
Aug 26 18:33:45.240558: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500
Aug 26 18:33:45.240573: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 18:33:45.240576: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 18:33:45.240579: adding interface eth0/eth0 192.0.2.254:4500
Aug 26 18:33:45.240596: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
Aug 26 18:33:45.240611: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 18:33:45.240614: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 18:33:45.240616: adding interface lo/lo 127.0.0.1:4500
Aug 26 18:33:45.240689: | no interfaces to sort
Aug 26 18:33:45.240692: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Aug 26 18:33:45.240699: | add_fd_read_event_handler: new ethX-pe@0x563abb7d2b58
Aug 26 18:33:45.240701: | libevent_malloc: new ptr-libevent@0x563abb7c6cf8 size 128
Aug 26 18:33:45.240704: | libevent_malloc: new ptr-libevent@0x563abb7d2bc8 size 16
Aug 26 18:33:45.240710: | setup callback for interface lo 127.0.0.1:4500 fd 24
Aug 26 18:33:45.240712: | add_fd_read_event_handler: new ethX-pe@0x563abb7d2c08
Aug 26 18:33:45.240714: | libevent_malloc: new ptr-libevent@0x563abb75c5d8 size 128
Aug 26 18:33:45.240715: | libevent_malloc: new ptr-libevent@0x563abb7d2c78 size 16
Aug 26 18:33:45.240719: | setup callback for interface lo 127.0.0.1:500 fd 23
Aug 26 18:33:45.240720: | add_fd_read_event_handler: new ethX-pe@0x563abb7d2cb8
Aug 26 18:33:45.240722: | libevent_malloc: new ptr-libevent@0x563abb75c4d8 size 128
Aug 26 18:33:45.240724: | libevent_malloc: new ptr-libevent@0x563abb7d2d28 size 16
Aug 26 18:33:45.240727: | setup callback for interface eth0 192.0.2.254:4500 fd 22
Aug 26 18:33:45.240729: | add_fd_read_event_handler: new ethX-pe@0x563abb7d2d68
Aug 26 18:33:45.240732: | libevent_malloc: new ptr-libevent@0x563abb75db48 size 128
Aug 26 18:33:45.240734: | libevent_malloc: new ptr-libevent@0x563abb7d2dd8 size 16
Aug 26 18:33:45.240737: | setup callback for interface eth0 192.0.2.254:500 fd 21
Aug 26 18:33:45.240738: | add_fd_read_event_handler: new ethX-pe@0x563abb7d2e18
Aug 26 18:33:45.240741: | libevent_malloc: new ptr-libevent@0x563abb7314e8 size 128
Aug 26 18:33:45.240743: | libevent_malloc: new ptr-libevent@0x563abb7d2e88 size 16
Aug 26 18:33:45.240746: | setup callback for interface eth0 192.0.200.254:4500 fd 20
Aug 26 18:33:45.240747: | add_fd_read_event_handler: new ethX-pe@0x563abb7d2ec8
Aug 26 18:33:45.240749: | libevent_malloc: new ptr-libevent@0x563abb7311d8 size 128
Aug 26 18:33:45.240751: | libevent_malloc: new ptr-libevent@0x563abb7d2f38 size 16
Aug 26 18:33:45.240754: | setup callback for interface eth0 192.0.200.254:500 fd 19
Aug 26 18:33:45.240756: | add_fd_read_event_handler: new ethX-pe@0x563abb7d2f78
Aug 26 18:33:45.240758: | libevent_malloc: new ptr-libevent@0x563abb7d3598 size 128
Aug 26 18:33:45.240759: | libevent_malloc: new ptr-libevent@0x563abb7d2fe8 size 16
Aug 26 18:33:45.240762: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Aug 26 18:33:45.240764: | add_fd_read_event_handler: new ethX-pe@0x563abb7d3648
Aug 26 18:33:45.240766: | libevent_malloc: new ptr-libevent@0x563abb7d36b8 size 128
Aug 26 18:33:45.240768: | libevent_malloc: new ptr-libevent@0x563abb7d3768 size 16
Aug 26 18:33:45.240771: | setup callback for interface eth1 192.1.2.23:500 fd 17
Aug 26 18:33:45.240774: | certs and keys locked by 'free_preshared_secrets'
Aug 26 18:33:45.240776: | certs and keys unlocked by 'free_preshared_secrets'
Aug 26 18:33:45.240793: loading secrets from "/etc/ipsec.secrets"
Aug 26 18:33:45.240801: | id type added to secret(0x563abb72cb58) PKK_PSK: @west
Aug 26 18:33:45.240804: | id type added to secret(0x563abb72cb58) PKK_PSK: @east
Aug 26 18:33:45.240807: | Processing PSK at line 1: passed
Aug 26 18:33:45.240809: | certs and keys locked by 'process_secret'
Aug 26 18:33:45.240811: | certs and keys unlocked by 'process_secret'
Aug 26 18:33:45.240818: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:45.240824: | spent 0.582 milliseconds in whack
Aug 26 18:33:45.258144: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:45.258165: listening for IKE messages
Aug 26 18:33:45.258193: | Inspecting interface lo 
Aug 26 18:33:45.258199: | found lo with address 127.0.0.1
Aug 26 18:33:45.258201: | Inspecting interface eth0 
Aug 26 18:33:45.258204: | found eth0 with address 192.0.2.254
Aug 26 18:33:45.258205: | Inspecting interface eth0 
Aug 26 18:33:45.258208: | found eth0 with address 192.0.200.254
Aug 26 18:33:45.258210: | Inspecting interface eth1 
Aug 26 18:33:45.258212: | found eth1 with address 192.1.2.23
Aug 26 18:33:45.258262: | no interfaces to sort
Aug 26 18:33:45.258269: | libevent_free: release ptr-libevent@0x563abb7c6cf8
Aug 26 18:33:45.258271: | free_event_entry: release EVENT_NULL-pe@0x563abb7d2b58
Aug 26 18:33:45.258273: | add_fd_read_event_handler: new ethX-pe@0x563abb7d2b58
Aug 26 18:33:45.258276: | libevent_malloc: new ptr-libevent@0x563abb7c6cf8 size 128
Aug 26 18:33:45.258281: | setup callback for interface lo 127.0.0.1:4500 fd 24
Aug 26 18:33:45.258283: | libevent_free: release ptr-libevent@0x563abb75c5d8
Aug 26 18:33:45.258285: | free_event_entry: release EVENT_NULL-pe@0x563abb7d2c08
Aug 26 18:33:45.258287: | add_fd_read_event_handler: new ethX-pe@0x563abb7d2c08
Aug 26 18:33:45.258308: | libevent_malloc: new ptr-libevent@0x563abb75c5d8 size 128
Aug 26 18:33:45.258312: | setup callback for interface lo 127.0.0.1:500 fd 23
Aug 26 18:33:45.258316: | libevent_free: release ptr-libevent@0x563abb75c4d8
Aug 26 18:33:45.258318: | free_event_entry: release EVENT_NULL-pe@0x563abb7d2cb8
Aug 26 18:33:45.258320: | add_fd_read_event_handler: new ethX-pe@0x563abb7d2cb8
Aug 26 18:33:45.258322: | libevent_malloc: new ptr-libevent@0x563abb75c4d8 size 128
Aug 26 18:33:45.258325: | setup callback for interface eth0 192.0.2.254:4500 fd 22
Aug 26 18:33:45.258328: | libevent_free: release ptr-libevent@0x563abb75db48
Aug 26 18:33:45.258329: | free_event_entry: release EVENT_NULL-pe@0x563abb7d2d68
Aug 26 18:33:45.258331: | add_fd_read_event_handler: new ethX-pe@0x563abb7d2d68
Aug 26 18:33:45.258333: | libevent_malloc: new ptr-libevent@0x563abb75db48 size 128
Aug 26 18:33:45.258336: | setup callback for interface eth0 192.0.2.254:500 fd 21
Aug 26 18:33:45.258351: | libevent_free: release ptr-libevent@0x563abb7314e8
Aug 26 18:33:45.258353: | free_event_entry: release EVENT_NULL-pe@0x563abb7d2e18
Aug 26 18:33:45.258355: | add_fd_read_event_handler: new ethX-pe@0x563abb7d2e18
Aug 26 18:33:45.258356: | libevent_malloc: new ptr-libevent@0x563abb7314e8 size 128
Aug 26 18:33:45.258359: | setup callback for interface eth0 192.0.200.254:4500 fd 20
Aug 26 18:33:45.258362: | libevent_free: release ptr-libevent@0x563abb7311d8
Aug 26 18:33:45.258363: | free_event_entry: release EVENT_NULL-pe@0x563abb7d2ec8
Aug 26 18:33:45.258365: | add_fd_read_event_handler: new ethX-pe@0x563abb7d2ec8
Aug 26 18:33:45.258367: | libevent_malloc: new ptr-libevent@0x563abb7311d8 size 128
Aug 26 18:33:45.258370: | setup callback for interface eth0 192.0.200.254:500 fd 19
Aug 26 18:33:45.258372: | libevent_free: release ptr-libevent@0x563abb7d3598
Aug 26 18:33:45.258374: | free_event_entry: release EVENT_NULL-pe@0x563abb7d2f78
Aug 26 18:33:45.258375: | add_fd_read_event_handler: new ethX-pe@0x563abb7d2f78
Aug 26 18:33:45.258377: | libevent_malloc: new ptr-libevent@0x563abb7d3598 size 128
Aug 26 18:33:45.258380: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Aug 26 18:33:45.258386: | libevent_free: release ptr-libevent@0x563abb7d36b8
Aug 26 18:33:45.258388: | free_event_entry: release EVENT_NULL-pe@0x563abb7d3648
Aug 26 18:33:45.258389: | add_fd_read_event_handler: new ethX-pe@0x563abb7d3648
Aug 26 18:33:45.258391: | libevent_malloc: new ptr-libevent@0x563abb7d36b8 size 128
Aug 26 18:33:45.258394: | setup callback for interface eth1 192.1.2.23:500 fd 17
Aug 26 18:33:45.258396: | certs and keys locked by 'free_preshared_secrets'
Aug 26 18:33:45.258398: forgetting secrets
Aug 26 18:33:45.258403: | certs and keys unlocked by 'free_preshared_secrets'
Aug 26 18:33:45.258414: loading secrets from "/etc/ipsec.secrets"
Aug 26 18:33:45.258420: | id type added to secret(0x563abb72cb58) PKK_PSK: @west
Aug 26 18:33:45.258422: | id type added to secret(0x563abb72cb58) PKK_PSK: @east
Aug 26 18:33:45.258425: | Processing PSK at line 1: passed
Aug 26 18:33:45.258427: | certs and keys locked by 'process_secret'
Aug 26 18:33:45.258428: | certs and keys unlocked by 'process_secret'
Aug 26 18:33:45.258434: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:45.258439: | spent 0.299 milliseconds in whack
Aug 26 18:33:45.259064: | processing signal PLUTO_SIGCHLD
Aug 26 18:33:45.259076: | waitpid returned pid 19495 (exited with status 0)
Aug 26 18:33:45.259079: | reaped addconn helper child (status 0)
Aug 26 18:33:45.259082: | waitpid returned ECHILD (no child processes left)
Aug 26 18:33:45.259086: | spent 0.0135 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 18:33:45.316294: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:45.316330: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 18:33:45.316333: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 18:33:45.316350: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 18:33:45.316351: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 18:33:45.316355: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 18:33:45.316360: | Added new connection westnet-eastnet-ikev2a with policy PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 18:33:45.316411: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Aug 26 18:33:45.316414: | from whack: got --esp=
Aug 26 18:33:45.316438: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Aug 26 18:33:45.316442: | counting wild cards for @west is 0
Aug 26 18:33:45.316444: | counting wild cards for @east is 0
Aug 26 18:33:45.316451: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none
Aug 26 18:33:45.316453: | new hp@0x563abb7d5678
Aug 26 18:33:45.316456: added connection description "westnet-eastnet-ikev2a"
Aug 26 18:33:45.316463: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 18:33:45.316486: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24
Aug 26 18:33:45.316491: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:45.316497: | spent 0.211 milliseconds in whack
Aug 26 18:33:45.316584: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:45.316596: add keyid @west
Aug 26 18:33:45.316614: | add pubkey  01 03 a6 f5  d6 3f e3 8f  6c 01 6a fc  7b 7c 6d 57
Aug 26 18:33:45.316616: | add pubkey  8b 49 39 0d  77 f7 ac e2  85 f1 98 1e  4b 6d a5 3e
Aug 26 18:33:45.316618: | add pubkey  b3 96 9a d1  99 5a bc 10  f2 97 de f2  28 f9 5f 92
Aug 26 18:33:45.316624: | add pubkey  09 f0 c8 d4  12 e4 60 6e  9c 60 98 10  01 7d 26 b7
Aug 26 18:33:45.316625: | add pubkey  8f 95 62 2d  87 dd cd de  f6 d3 8f 35  b0 50 d0 18
Aug 26 18:33:45.316627: | add pubkey  f5 99 f8 04  f1 ff 61 5b  bc 7f 1f c0  04 d8 e4 8c
Aug 26 18:33:45.316629: | add pubkey  ac 34 ad 7a  c1 da 3c 2d  8c 30 ae d6  3c 59 b1 3a
Aug 26 18:33:45.316630: | add pubkey  94 d3 d5 2a  73 91 bd 59  5f 3e 72 bf  4a 1b 9d c5
Aug 26 18:33:45.316632: | add pubkey  b2 2b 4d e7  0d 24 3e 77  f9 7f 2d d6  9d 29 ef 70
Aug 26 18:33:45.316633: | add pubkey  7d 7a 6d a2  b8 61 0c 4b  09 4a 06 71  84 70 85 9a
Aug 26 18:33:45.316635: | add pubkey  8f 52 a1 80  06 fd c6 fc  3e 27 fa 16  fa 32 83 a9
Aug 26 18:33:45.316636: | add pubkey  ca 80 db 0f  4a bf f7 e9  55 8e bd 29  4d 23 a6 dc
Aug 26 18:33:45.316638: | add pubkey  2a b3 5d 62  a9 21 1e be  83 d8 69 3c  03 0a 48 8e
Aug 26 18:33:45.316639: | add pubkey  d3 3a 11 f2  86 5a d1 30  65 bd c8 f4  83 87 ff 04
Aug 26 18:33:45.316641: | add pubkey  87 33 05 4f  e0 d8 8c fe  b3 19 4c dd  85 40 f3 4d
Aug 26 18:33:45.316643: | add pubkey  6e e8 49 14  06 2c 1f 59  59 05 8f 20  b0 ca 46 3f
Aug 26 18:33:45.316644: | add pubkey  c9 20 7e 04  30 7d 9a 80  6c 3f 0a 89  f7 d3 af d8
Aug 26 18:33:45.316646: | add pubkey  15 04 37 f9
Aug 26 18:33:45.316674: | computed rsa CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Aug 26 18:33:45.316676: | computed rsa CKAID  7f 0f 03 50
Aug 26 18:33:45.316686: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:45.316690: | spent 0.124 milliseconds in whack
Aug 26 18:33:45.316762: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:45.316774: add keyid @east
Aug 26 18:33:45.316778: | add pubkey  01 03 bd 6c  96 eb df 78  89 b3 ed 77  0d a1 7f 7b
Aug 26 18:33:45.316780: | add pubkey  e5 16 c2 c9  e4 7d 92 0a  90 9d 55 43  b4 62 13 03
Aug 26 18:33:45.316781: | add pubkey  85 7a e0 26  7b 54 1f ca  09 93 cf ff  25 c9 02 4c
Aug 26 18:33:45.316783: | add pubkey  78 ca 94 e5  3e ac d1 f9  a8 e5 bb 7f  cc 20 84 e0
Aug 26 18:33:45.316784: | add pubkey  21 c9 f0 0d  c5 44 ba f3  48 64 61 58  f6 0f 63 0d
Aug 26 18:33:45.316786: | add pubkey  d2 67 1e 59  8b ec f3 50  39 71 fb 39  da 11 64 b6
Aug 26 18:33:45.316787: | add pubkey  62 cd 5f d3  8d 2e c1 50  ed 9c 6e 22  0c 39 a7 ce
Aug 26 18:33:45.316789: | add pubkey  62 b5 af 8a  80 0f 2e 4c  05 5c 82 c7  8d 29 02 2e
Aug 26 18:33:45.316791: | add pubkey  bb 23 5f db  f2 9e b5 7d  e2 20 70 1a  63 f3 8e 5d
Aug 26 18:33:45.316792: | add pubkey  ac 47 f0 5c  26 4e b1 d0  42 60 52 4a  b0 77 25 ce
Aug 26 18:33:45.316794: | add pubkey  e0 98 2b 43  f4 c7 59 1a  64 01 83 ea  4e e3 1a 2a
Aug 26 18:33:45.316795: | add pubkey  92 b8 55 ab  63 dd 4b 70  47 29 dc e9  b4 60 bf 43
Aug 26 18:33:45.316797: | add pubkey  4d 58 8f 64  73 95 70 ac  35 89 b2 c2  9c d4 62 c0
Aug 26 18:33:45.316798: | add pubkey  5f 56 5f ad  1b e5 dd 49  93 6a f5 23  82 ed d4 e7
Aug 26 18:33:45.316800: | add pubkey  d5 f1 55 f2  2d a2 26 a6  36 53 2f 94  fb 99 22 5c
Aug 26 18:33:45.316801: | add pubkey  47 cc 6d 80  30 88 96 38  0c f5 f2 ed  37 d0 09 d5
Aug 26 18:33:45.316803: | add pubkey  07 8f 69 ef  a9 99 ce 4d  1a 77 9e 39  c4 38 f3 c5
Aug 26 18:33:45.316804: | add pubkey  51 51 48 ef
Aug 26 18:33:45.316814: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Aug 26 18:33:45.316816: | computed rsa CKAID  8a 82 25 f1
Aug 26 18:33:45.316824: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:45.316828: | spent 0.0717 milliseconds in whack
Aug 26 18:33:45.391441: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:45.391459: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 18:33:45.391462: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 18:33:45.391464: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 18:33:45.391466: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 18:33:45.391474: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 18:33:45.391480: | Added new connection westnet-eastnet-ikev2b with policy PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 18:33:45.391517: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Aug 26 18:33:45.391520: | from whack: got --esp=
Aug 26 18:33:45.391541: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Aug 26 18:33:45.391545: | counting wild cards for @west is 0
Aug 26 18:33:45.391547: | counting wild cards for @east is 0
Aug 26 18:33:45.391553: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 18:33:45.391556: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@0x563abb7d5678: westnet-eastnet-ikev2a
Aug 26 18:33:45.391558: added connection description "westnet-eastnet-ikev2b"
Aug 26 18:33:45.391565: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 18:33:45.391572: | 192.0.211.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24
Aug 26 18:33:45.391578: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:45.391582: | spent 0.148 milliseconds in whack
Aug 26 18:33:45.391666: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:45.391677: add keyid @west
Aug 26 18:33:45.391682: | unreference key: 0x563abb72cc48 @west cnt 1--
Aug 26 18:33:45.391687: | add pubkey  01 03 a6 f5  d6 3f e3 8f  6c 01 6a fc  7b 7c 6d 57
Aug 26 18:33:45.391688: | add pubkey  8b 49 39 0d  77 f7 ac e2  85 f1 98 1e  4b 6d a5 3e
Aug 26 18:33:45.391690: | add pubkey  b3 96 9a d1  99 5a bc 10  f2 97 de f2  28 f9 5f 92
Aug 26 18:33:45.391691: | add pubkey  09 f0 c8 d4  12 e4 60 6e  9c 60 98 10  01 7d 26 b7
Aug 26 18:33:45.391693: | add pubkey  8f 95 62 2d  87 dd cd de  f6 d3 8f 35  b0 50 d0 18
Aug 26 18:33:45.391694: | add pubkey  f5 99 f8 04  f1 ff 61 5b  bc 7f 1f c0  04 d8 e4 8c
Aug 26 18:33:45.391696: | add pubkey  ac 34 ad 7a  c1 da 3c 2d  8c 30 ae d6  3c 59 b1 3a
Aug 26 18:33:45.391697: | add pubkey  94 d3 d5 2a  73 91 bd 59  5f 3e 72 bf  4a 1b 9d c5
Aug 26 18:33:45.391699: | add pubkey  b2 2b 4d e7  0d 24 3e 77  f9 7f 2d d6  9d 29 ef 70
Aug 26 18:33:45.391700: | add pubkey  7d 7a 6d a2  b8 61 0c 4b  09 4a 06 71  84 70 85 9a
Aug 26 18:33:45.391702: | add pubkey  8f 52 a1 80  06 fd c6 fc  3e 27 fa 16  fa 32 83 a9
Aug 26 18:33:45.391703: | add pubkey  ca 80 db 0f  4a bf f7 e9  55 8e bd 29  4d 23 a6 dc
Aug 26 18:33:45.391705: | add pubkey  2a b3 5d 62  a9 21 1e be  83 d8 69 3c  03 0a 48 8e
Aug 26 18:33:45.391706: | add pubkey  d3 3a 11 f2  86 5a d1 30  65 bd c8 f4  83 87 ff 04
Aug 26 18:33:45.391708: | add pubkey  87 33 05 4f  e0 d8 8c fe  b3 19 4c dd  85 40 f3 4d
Aug 26 18:33:45.391709: | add pubkey  6e e8 49 14  06 2c 1f 59  59 05 8f 20  b0 ca 46 3f
Aug 26 18:33:45.391711: | add pubkey  c9 20 7e 04  30 7d 9a 80  6c 3f 0a 89  f7 d3 af d8
Aug 26 18:33:45.391712: | add pubkey  15 04 37 f9
Aug 26 18:33:45.391728: | computed rsa CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Aug 26 18:33:45.391729: | computed rsa CKAID  7f 0f 03 50
Aug 26 18:33:45.391737: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:45.391741: | spent 0.0808 milliseconds in whack
Aug 26 18:33:45.391832: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:45.391844: add keyid @east
Aug 26 18:33:45.391851: | unreference key: 0x563abb7d5ab8 @east cnt 1--
Aug 26 18:33:45.391855: | add pubkey  01 03 bd 6c  96 eb df 78  89 b3 ed 77  0d a1 7f 7b
Aug 26 18:33:45.391856: | add pubkey  e5 16 c2 c9  e4 7d 92 0a  90 9d 55 43  b4 62 13 03
Aug 26 18:33:45.391858: | add pubkey  85 7a e0 26  7b 54 1f ca  09 93 cf ff  25 c9 02 4c
Aug 26 18:33:45.391859: | add pubkey  78 ca 94 e5  3e ac d1 f9  a8 e5 bb 7f  cc 20 84 e0
Aug 26 18:33:45.391861: | add pubkey  21 c9 f0 0d  c5 44 ba f3  48 64 61 58  f6 0f 63 0d
Aug 26 18:33:45.391862: | add pubkey  d2 67 1e 59  8b ec f3 50  39 71 fb 39  da 11 64 b6
Aug 26 18:33:45.391864: | add pubkey  62 cd 5f d3  8d 2e c1 50  ed 9c 6e 22  0c 39 a7 ce
Aug 26 18:33:45.391865: | add pubkey  62 b5 af 8a  80 0f 2e 4c  05 5c 82 c7  8d 29 02 2e
Aug 26 18:33:45.391867: | add pubkey  bb 23 5f db  f2 9e b5 7d  e2 20 70 1a  63 f3 8e 5d
Aug 26 18:33:45.391868: | add pubkey  ac 47 f0 5c  26 4e b1 d0  42 60 52 4a  b0 77 25 ce
Aug 26 18:33:45.391870: | add pubkey  e0 98 2b 43  f4 c7 59 1a  64 01 83 ea  4e e3 1a 2a
Aug 26 18:33:45.391871: | add pubkey  92 b8 55 ab  63 dd 4b 70  47 29 dc e9  b4 60 bf 43
Aug 26 18:33:45.391873: | add pubkey  4d 58 8f 64  73 95 70 ac  35 89 b2 c2  9c d4 62 c0
Aug 26 18:33:45.391874: | add pubkey  5f 56 5f ad  1b e5 dd 49  93 6a f5 23  82 ed d4 e7
Aug 26 18:33:45.391876: | add pubkey  d5 f1 55 f2  2d a2 26 a6  36 53 2f 94  fb 99 22 5c
Aug 26 18:33:45.391877: | add pubkey  47 cc 6d 80  30 88 96 38  0c f5 f2 ed  37 d0 09 d5
Aug 26 18:33:45.391879: | add pubkey  07 8f 69 ef  a9 99 ce 4d  1a 77 9e 39  c4 38 f3 c5
Aug 26 18:33:45.391880: | add pubkey  51 51 48 ef
Aug 26 18:33:45.391889: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Aug 26 18:33:45.391891: | computed rsa CKAID  8a 82 25 f1
Aug 26 18:33:45.391898: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:45.391902: | spent 0.0759 milliseconds in whack
Aug 26 18:33:45.467278: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:45.467318: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 18:33:45.467322: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 18:33:45.467324: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 18:33:45.467326: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 18:33:45.467345: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 18:33:45.467350: | Added new connection westnet-eastnet-ikev2c with policy PSK+ENCRYPT+TUNNEL+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 18:33:45.467386: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Aug 26 18:33:45.467389: | from whack: got --esp=
Aug 26 18:33:45.467411: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Aug 26 18:33:45.467414: | counting wild cards for @west is 0
Aug 26 18:33:45.467417: | counting wild cards for @east is 0
Aug 26 18:33:45.467422: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 18:33:45.467425: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@0x563abb7d5678: westnet-eastnet-ikev2b
Aug 26 18:33:45.467427: added connection description "westnet-eastnet-ikev2c"
Aug 26 18:33:45.467434: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 18:33:45.467442: | 192.0.212.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24
Aug 26 18:33:45.467447: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:45.467453: | spent 0.163 milliseconds in whack
Aug 26 18:33:45.467556: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:45.467567: add keyid @west
Aug 26 18:33:45.467572: | unreference key: 0x563abb72cc48 @west cnt 1--
Aug 26 18:33:45.467590: | add pubkey  01 03 a6 f5  d6 3f e3 8f  6c 01 6a fc  7b 7c 6d 57
Aug 26 18:33:45.467592: | add pubkey  8b 49 39 0d  77 f7 ac e2  85 f1 98 1e  4b 6d a5 3e
Aug 26 18:33:45.467594: | add pubkey  b3 96 9a d1  99 5a bc 10  f2 97 de f2  28 f9 5f 92
Aug 26 18:33:45.467595: | add pubkey  09 f0 c8 d4  12 e4 60 6e  9c 60 98 10  01 7d 26 b7
Aug 26 18:33:45.467597: | add pubkey  8f 95 62 2d  87 dd cd de  f6 d3 8f 35  b0 50 d0 18
Aug 26 18:33:45.467598: | add pubkey  f5 99 f8 04  f1 ff 61 5b  bc 7f 1f c0  04 d8 e4 8c
Aug 26 18:33:45.467600: | add pubkey  ac 34 ad 7a  c1 da 3c 2d  8c 30 ae d6  3c 59 b1 3a
Aug 26 18:33:45.467601: | add pubkey  94 d3 d5 2a  73 91 bd 59  5f 3e 72 bf  4a 1b 9d c5
Aug 26 18:33:45.467603: | add pubkey  b2 2b 4d e7  0d 24 3e 77  f9 7f 2d d6  9d 29 ef 70
Aug 26 18:33:45.467605: | add pubkey  7d 7a 6d a2  b8 61 0c 4b  09 4a 06 71  84 70 85 9a
Aug 26 18:33:45.467606: | add pubkey  8f 52 a1 80  06 fd c6 fc  3e 27 fa 16  fa 32 83 a9
Aug 26 18:33:45.467608: | add pubkey  ca 80 db 0f  4a bf f7 e9  55 8e bd 29  4d 23 a6 dc
Aug 26 18:33:45.467609: | add pubkey  2a b3 5d 62  a9 21 1e be  83 d8 69 3c  03 0a 48 8e
Aug 26 18:33:45.467611: | add pubkey  d3 3a 11 f2  86 5a d1 30  65 bd c8 f4  83 87 ff 04
Aug 26 18:33:45.467612: | add pubkey  87 33 05 4f  e0 d8 8c fe  b3 19 4c dd  85 40 f3 4d
Aug 26 18:33:45.467614: | add pubkey  6e e8 49 14  06 2c 1f 59  59 05 8f 20  b0 ca 46 3f
Aug 26 18:33:45.467615: | add pubkey  c9 20 7e 04  30 7d 9a 80  6c 3f 0a 89  f7 d3 af d8
Aug 26 18:33:45.467617: | add pubkey  15 04 37 f9
Aug 26 18:33:45.467628: | computed rsa CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Aug 26 18:33:45.467630: | computed rsa CKAID  7f 0f 03 50
Aug 26 18:33:45.467637: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:45.467641: | spent 0.104 milliseconds in whack
Aug 26 18:33:45.467713: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:45.467725: add keyid @east
Aug 26 18:33:45.467729: | unreference key: 0x563abb7d5ab8 @east cnt 1--
Aug 26 18:33:45.467732: | add pubkey  01 03 bd 6c  96 eb df 78  89 b3 ed 77  0d a1 7f 7b
Aug 26 18:33:45.467734: | add pubkey  e5 16 c2 c9  e4 7d 92 0a  90 9d 55 43  b4 62 13 03
Aug 26 18:33:45.467735: | add pubkey  85 7a e0 26  7b 54 1f ca  09 93 cf ff  25 c9 02 4c
Aug 26 18:33:45.467737: | add pubkey  78 ca 94 e5  3e ac d1 f9  a8 e5 bb 7f  cc 20 84 e0
Aug 26 18:33:45.467739: | add pubkey  21 c9 f0 0d  c5 44 ba f3  48 64 61 58  f6 0f 63 0d
Aug 26 18:33:45.467740: | add pubkey  d2 67 1e 59  8b ec f3 50  39 71 fb 39  da 11 64 b6
Aug 26 18:33:45.467742: | add pubkey  62 cd 5f d3  8d 2e c1 50  ed 9c 6e 22  0c 39 a7 ce
Aug 26 18:33:45.467743: | add pubkey  62 b5 af 8a  80 0f 2e 4c  05 5c 82 c7  8d 29 02 2e
Aug 26 18:33:45.467745: | add pubkey  bb 23 5f db  f2 9e b5 7d  e2 20 70 1a  63 f3 8e 5d
Aug 26 18:33:45.467746: | add pubkey  ac 47 f0 5c  26 4e b1 d0  42 60 52 4a  b0 77 25 ce
Aug 26 18:33:45.467748: | add pubkey  e0 98 2b 43  f4 c7 59 1a  64 01 83 ea  4e e3 1a 2a
Aug 26 18:33:45.467749: | add pubkey  92 b8 55 ab  63 dd 4b 70  47 29 dc e9  b4 60 bf 43
Aug 26 18:33:45.467751: | add pubkey  4d 58 8f 64  73 95 70 ac  35 89 b2 c2  9c d4 62 c0
Aug 26 18:33:45.467752: | add pubkey  5f 56 5f ad  1b e5 dd 49  93 6a f5 23  82 ed d4 e7
Aug 26 18:33:45.467754: | add pubkey  d5 f1 55 f2  2d a2 26 a6  36 53 2f 94  fb 99 22 5c
Aug 26 18:33:45.467755: | add pubkey  47 cc 6d 80  30 88 96 38  0c f5 f2 ed  37 d0 09 d5
Aug 26 18:33:45.467757: | add pubkey  07 8f 69 ef  a9 99 ce 4d  1a 77 9e 39  c4 38 f3 c5
Aug 26 18:33:45.467759: | add pubkey  51 51 48 ef
Aug 26 18:33:45.467766: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Aug 26 18:33:45.467770: | computed rsa CKAID  8a 82 25 f1
Aug 26 18:33:45.467778: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:45.467782: | spent 0.0747 milliseconds in whack
Aug 26 18:33:47.122522: | spent 0.00297 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 18:33:47.122562: | *received 828 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 18:33:47.122565: |   43 f1 0a 6c  96 6d 01 5c  00 00 00 00  00 00 00 00
Aug 26 18:33:47.122567: |   21 20 22 08  00 00 00 00  00 00 03 3c  22 00 01 b4
Aug 26 18:33:47.122569: |   02 00 00 64  01 01 00 0b  03 00 00 0c  01 00 00 14
Aug 26 18:33:47.122570: |   80 0e 01 00  03 00 00 08  02 00 00 07  03 00 00 08
Aug 26 18:33:47.122572: |   02 00 00 05  03 00 00 08  04 00 00 0e  03 00 00 08
Aug 26 18:33:47.122573: |   04 00 00 0f  03 00 00 08  04 00 00 10  03 00 00 08
Aug 26 18:33:47.122575: |   04 00 00 12  03 00 00 08  04 00 00 13  03 00 00 08
Aug 26 18:33:47.122576: |   04 00 00 14  03 00 00 08  04 00 00 15  00 00 00 08
Aug 26 18:33:47.122578: |   04 00 00 1f  02 00 00 64  02 01 00 0b  03 00 00 0c
Aug 26 18:33:47.122579: |   01 00 00 14  80 0e 00 80  03 00 00 08  02 00 00 07
Aug 26 18:33:47.122581: |   03 00 00 08  02 00 00 05  03 00 00 08  04 00 00 0e
Aug 26 18:33:47.122582: |   03 00 00 08  04 00 00 0f  03 00 00 08  04 00 00 10
Aug 26 18:33:47.122584: |   03 00 00 08  04 00 00 12  03 00 00 08  04 00 00 13
Aug 26 18:33:47.122585: |   03 00 00 08  04 00 00 14  03 00 00 08  04 00 00 15
Aug 26 18:33:47.122587: |   00 00 00 08  04 00 00 1f  02 00 00 74  03 01 00 0d
Aug 26 18:33:47.122588: |   03 00 00 0c  01 00 00 0c  80 0e 01 00  03 00 00 08
Aug 26 18:33:47.122589: |   02 00 00 07  03 00 00 08  02 00 00 05  03 00 00 08
Aug 26 18:33:47.122591: |   03 00 00 0e  03 00 00 08  03 00 00 0c  03 00 00 08
Aug 26 18:33:47.122592: |   04 00 00 0e  03 00 00 08  04 00 00 0f  03 00 00 08
Aug 26 18:33:47.122594: |   04 00 00 10  03 00 00 08  04 00 00 12  03 00 00 08
Aug 26 18:33:47.122595: |   04 00 00 13  03 00 00 08  04 00 00 14  03 00 00 08
Aug 26 18:33:47.122597: |   04 00 00 15  00 00 00 08  04 00 00 1f  00 00 00 74
Aug 26 18:33:47.122598: |   04 01 00 0d  03 00 00 0c  01 00 00 0c  80 0e 00 80
Aug 26 18:33:47.122600: |   03 00 00 08  02 00 00 07  03 00 00 08  02 00 00 05
Aug 26 18:33:47.122601: |   03 00 00 08  03 00 00 0e  03 00 00 08  03 00 00 0c
Aug 26 18:33:47.122603: |   03 00 00 08  04 00 00 0e  03 00 00 08  04 00 00 0f
Aug 26 18:33:47.122604: |   03 00 00 08  04 00 00 10  03 00 00 08  04 00 00 12
Aug 26 18:33:47.122606: |   03 00 00 08  04 00 00 13  03 00 00 08  04 00 00 14
Aug 26 18:33:47.122607: |   03 00 00 08  04 00 00 15  00 00 00 08  04 00 00 1f
Aug 26 18:33:47.122609: |   28 00 01 08  00 0e 00 00  d8 ed db 03  92 b5 14 e3
Aug 26 18:33:47.122610: |   a9 ec c1 07  20 a9 21 05  81 fb 37 d1  1c 8f b5 c6
Aug 26 18:33:47.122611: |   09 ce 19 57  b3 ea 60 52  ae 7f fd 53  05 e3 cf 81
Aug 26 18:33:47.122613: |   8d 95 b3 f7  c8 e3 c4 ae  13 a7 ec 24  f5 d5 07 56
Aug 26 18:33:47.122614: |   c5 6b d7 ba  a6 7c fe c8  e7 69 b3 78  d5 fe 0e c5
Aug 26 18:33:47.122616: |   01 19 8d fc  45 ac df 81  80 4a fe 44  ab 90 eb 2e
Aug 26 18:33:47.122617: |   51 b8 3f d1  6f 92 3c e8  66 5d 0f 20  83 5d d4 cd
Aug 26 18:33:47.122619: |   3c d0 65 42  96 59 20 bc  35 64 10 eb  65 79 5e 55
Aug 26 18:33:47.122620: |   bc e2 8a 50  a1 e1 77 5d  d7 b9 da f1  bd a8 e6 c1
Aug 26 18:33:47.122622: |   fd c1 ca f5  45 75 6d 1b  24 e6 b2 b7  d5 d7 d6 58
Aug 26 18:33:47.122623: |   33 6d 60 6d  c1 26 60 6f  89 01 b8 6b  55 3f 8d c4
Aug 26 18:33:47.122625: |   0c 63 52 2c  12 75 0b f0  a8 16 83 35  ea 60 d1 71
Aug 26 18:33:47.122626: |   d4 e2 74 4f  b6 2f bc bf  25 6b d2 ab  48 a8 4f f2
Aug 26 18:33:47.122628: |   5c 4c d2 1b  bb c2 ad 5f  f9 5c 5e 92  e6 2a 33 fd
Aug 26 18:33:47.122629: |   4d 8c 9a 37  0f eb f1 1b  2e 4b b9 58  00 e2 f5 7c
Aug 26 18:33:47.122631: |   89 f4 04 f1  e6 4a 39 73  92 34 0d 89  56 ba 9c ac
Aug 26 18:33:47.122632: |   34 8e 18 ed  54 e8 17 13  29 00 00 24  95 0e d0 43
Aug 26 18:33:47.122633: |   a0 ed 0b dc  84 f8 dc 05  92 f3 08 fc  48 d2 83 fa
Aug 26 18:33:47.122637: |   cc e4 83 78  d5 4d cf 2d  b4 9a 4e 59  29 00 00 08
Aug 26 18:33:47.122639: |   00 00 40 2e  29 00 00 1c  00 00 40 04  8d 13 fe 04
Aug 26 18:33:47.122640: |   84 04 fe 69  c7 c7 10 b5  c2 71 ca 50  5b 6b 16 28
Aug 26 18:33:47.122642: |   00 00 00 1c  00 00 40 05  b1 bc b6 82  09 5f 52 c0
Aug 26 18:33:47.122643: |   c8 6b c6 19  5d 79 d9 c4  f3 b0 06 f3
Aug 26 18:33:47.122649: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 18:33:47.122651: | **parse ISAKMP Message:
Aug 26 18:33:47.122653: |    initiator cookie:
Aug 26 18:33:47.122655: |   43 f1 0a 6c  96 6d 01 5c
Aug 26 18:33:47.122656: |    responder cookie:
Aug 26 18:33:47.122658: |   00 00 00 00  00 00 00 00
Aug 26 18:33:47.122660: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 18:33:47.122662: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:33:47.122663: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Aug 26 18:33:47.122665: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 18:33:47.122667: |    Message ID: 0 (0x0)
Aug 26 18:33:47.122668: |    length: 828 (0x33c)
Aug 26 18:33:47.122670: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34)
Aug 26 18:33:47.122673: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request 
Aug 26 18:33:47.122675: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi)
Aug 26 18:33:47.122677: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Aug 26 18:33:47.122680: | ***parse IKEv2 Security Association Payload:
Aug 26 18:33:47.122681: |    next payload type: ISAKMP_NEXT_v2KE (0x22)
Aug 26 18:33:47.122683: |    flags: none (0x0)
Aug 26 18:33:47.122684: |    length: 436 (0x1b4)
Aug 26 18:33:47.122686: | processing payload: ISAKMP_NEXT_v2SA (len=432)
Aug 26 18:33:47.122688: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Aug 26 18:33:47.122690: | ***parse IKEv2 Key Exchange Payload:
Aug 26 18:33:47.122691: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Aug 26 18:33:47.122693: |    flags: none (0x0)
Aug 26 18:33:47.122694: |    length: 264 (0x108)
Aug 26 18:33:47.122696: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:47.122697: | processing payload: ISAKMP_NEXT_v2KE (len=256)
Aug 26 18:33:47.122699: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Aug 26 18:33:47.122701: | ***parse IKEv2 Nonce Payload:
Aug 26 18:33:47.122702: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 18:33:47.122704: |    flags: none (0x0)
Aug 26 18:33:47.122705: |    length: 36 (0x24)
Aug 26 18:33:47.122707: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Aug 26 18:33:47.122708: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 26 18:33:47.122710: | ***parse IKEv2 Notify Payload:
Aug 26 18:33:47.122712: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 18:33:47.122713: |    flags: none (0x0)
Aug 26 18:33:47.122715: |    length: 8 (0x8)
Aug 26 18:33:47.122716: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:33:47.122718: |    SPI size: 0 (0x0)
Aug 26 18:33:47.122720: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Aug 26 18:33:47.122721: | processing payload: ISAKMP_NEXT_v2N (len=0)
Aug 26 18:33:47.122723: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 26 18:33:47.122724: | ***parse IKEv2 Notify Payload:
Aug 26 18:33:47.122726: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 18:33:47.122727: |    flags: none (0x0)
Aug 26 18:33:47.122729: |    length: 28 (0x1c)
Aug 26 18:33:47.122730: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:33:47.122732: |    SPI size: 0 (0x0)
Aug 26 18:33:47.122734: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Aug 26 18:33:47.122735: | processing payload: ISAKMP_NEXT_v2N (len=20)
Aug 26 18:33:47.122737: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 26 18:33:47.122738: | ***parse IKEv2 Notify Payload:
Aug 26 18:33:47.122740: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:47.122741: |    flags: none (0x0)
Aug 26 18:33:47.122743: |    length: 28 (0x1c)
Aug 26 18:33:47.122747: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:33:47.122748: |    SPI size: 0 (0x0)
Aug 26 18:33:47.122750: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Aug 26 18:33:47.122752: | processing payload: ISAKMP_NEXT_v2N (len=20)
Aug 26 18:33:47.122753: | DDOS disabled and no cookie sent, continuing
Aug 26 18:33:47.122757: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports
Aug 26 18:33:47.122760: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 18:33:47.122763: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Aug 26 18:33:47.122765: | found policy = PSK+ENCRYPT+TUNNEL+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2c)
Aug 26 18:33:47.122767: | found policy = PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2b)
Aug 26 18:33:47.122769: | found policy = PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2a)
Aug 26 18:33:47.122771: | find_next_host_connection returns empty
Aug 26 18:33:47.122774: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=ECDSA+IKEV2_ALLOW but ignoring ports
Aug 26 18:33:47.122776: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Aug 26 18:33:47.122777: | find_next_host_connection returns empty
Aug 26 18:33:47.122780: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW
Aug 26 18:33:47.122783: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports
Aug 26 18:33:47.122786: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 18:33:47.122787: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Aug 26 18:33:47.122789: | found policy = PSK+ENCRYPT+TUNNEL+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2c)
Aug 26 18:33:47.122791: | found policy = PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2b)
Aug 26 18:33:47.122793: | found policy = PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2a)
Aug 26 18:33:47.122794: | find_next_host_connection returns empty
Aug 26 18:33:47.122797: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=RSASIG+IKEV2_ALLOW but ignoring ports
Aug 26 18:33:47.122799: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Aug 26 18:33:47.122800: | find_next_host_connection returns empty
Aug 26 18:33:47.122802: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW
Aug 26 18:33:47.122805: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports
Aug 26 18:33:47.122808: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 18:33:47.122810: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Aug 26 18:33:47.122811: | found policy = PSK+ENCRYPT+TUNNEL+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2c)
Aug 26 18:33:47.122813: | find_next_host_connection returns westnet-eastnet-ikev2c
Aug 26 18:33:47.122815: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Aug 26 18:33:47.122816: | found policy = PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2b)
Aug 26 18:33:47.122818: | find_next_host_connection returns westnet-eastnet-ikev2b
Aug 26 18:33:47.122820: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Aug 26 18:33:47.122822: | found policy = PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2a)
Aug 26 18:33:47.122823: | find_next_host_connection returns westnet-eastnet-ikev2a
Aug 26 18:33:47.122825: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Aug 26 18:33:47.122826: | find_next_host_connection returns empty
Aug 26 18:33:47.122828: | found connection: westnet-eastnet-ikev2c with policy PSK+IKEV2_ALLOW
Aug 26 18:33:47.122845: | creating state object #1 at 0x563abb7db6c8
Aug 26 18:33:47.122847: | State DB: adding IKEv2 state #1 in UNDEFINED
Aug 26 18:33:47.122853: | pstats #1 ikev2.ike started
Aug 26 18:33:47.122855: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0
Aug 26 18:33:47.122857: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA)
Aug 26 18:33:47.122861: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1
Aug 26 18:33:47.122867: | start processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 18:33:47.122870: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 18:33:47.122873: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064)
Aug 26 18:33:47.122875: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000
Aug 26 18:33:47.122877: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1
Aug 26 18:33:47.122880: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0
Aug 26 18:33:47.122882: | #1 in state PARENT_R0: processing SA_INIT request
Aug 26 18:33:47.122884: | selected state microcode Respond to IKE_SA_INIT
Aug 26 18:33:47.122885: | Now let's proceed with state specific processing
Aug 26 18:33:47.122887: | calling processor Respond to IKE_SA_INIT
Aug 26 18:33:47.122895: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669)
Aug 26 18:33:47.122897: | constructing local IKE proposals for westnet-eastnet-ikev2c (IKE SA responder matching remote proposals)
Aug 26 18:33:47.122902: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 18:33:47.122907: | ...  ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:33:47.122909: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 18:33:47.122912: | ...  ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:33:47.122915: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 18:33:47.122918: | ...  ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:33:47.122920: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 18:33:47.122924: | ...  ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:33:47.122929: "westnet-eastnet-ikev2c": constructed local IKE proposals for westnet-eastnet-ikev2c (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:33:47.122933: | Comparing remote proposals against IKE responder 4 local proposals
Aug 26 18:33:47.122950: | local proposal 1 type ENCR has 1 transforms
Aug 26 18:33:47.122952: | local proposal 1 type PRF has 2 transforms
Aug 26 18:33:47.122954: | local proposal 1 type INTEG has 1 transforms
Aug 26 18:33:47.122955: | local proposal 1 type DH has 8 transforms
Aug 26 18:33:47.122957: | local proposal 1 type ESN has 0 transforms
Aug 26 18:33:47.122959: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
Aug 26 18:33:47.122961: | local proposal 2 type ENCR has 1 transforms
Aug 26 18:33:47.122963: | local proposal 2 type PRF has 2 transforms
Aug 26 18:33:47.122964: | local proposal 2 type INTEG has 1 transforms
Aug 26 18:33:47.122966: | local proposal 2 type DH has 8 transforms
Aug 26 18:33:47.122968: | local proposal 2 type ESN has 0 transforms
Aug 26 18:33:47.122969: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
Aug 26 18:33:47.122971: | local proposal 3 type ENCR has 1 transforms
Aug 26 18:33:47.122973: | local proposal 3 type PRF has 2 transforms
Aug 26 18:33:47.122974: | local proposal 3 type INTEG has 2 transforms
Aug 26 18:33:47.122989: | local proposal 3 type DH has 8 transforms
Aug 26 18:33:47.122990: | local proposal 3 type ESN has 0 transforms
Aug 26 18:33:47.122992: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Aug 26 18:33:47.122994: | local proposal 4 type ENCR has 1 transforms
Aug 26 18:33:47.122995: | local proposal 4 type PRF has 2 transforms
Aug 26 18:33:47.122997: | local proposal 4 type INTEG has 2 transforms
Aug 26 18:33:47.122999: | local proposal 4 type DH has 8 transforms
Aug 26 18:33:47.123000: | local proposal 4 type ESN has 0 transforms
Aug 26 18:33:47.123002: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Aug 26 18:33:47.123004: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:47.123006: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:47.123007: |    length: 100 (0x64)
Aug 26 18:33:47.123009: |    prop #: 1 (0x1)
Aug 26 18:33:47.123011: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:33:47.123012: |    spi size: 0 (0x0)
Aug 26 18:33:47.123014: |    # transforms: 11 (0xb)
Aug 26 18:33:47.123016: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals
Aug 26 18:33:47.123018: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123020: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123021: |    length: 12 (0xc)
Aug 26 18:33:47.123023: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:47.123025: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:47.123026: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:47.123041: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:47.123043: |    length/value: 256 (0x100)
Aug 26 18:33:47.123046: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Aug 26 18:33:47.123048: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123049: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123051: |    length: 8 (0x8)
Aug 26 18:33:47.123053: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:47.123054: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:33:47.123056: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
Aug 26 18:33:47.123071: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
Aug 26 18:33:47.123073: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
Aug 26 18:33:47.123075: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
Aug 26 18:33:47.123077: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123079: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123081: |    length: 8 (0x8)
Aug 26 18:33:47.123083: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:47.123084: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 18:33:47.123086: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123087: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123089: |    length: 8 (0x8)
Aug 26 18:33:47.123090: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123092: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:47.123094: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
Aug 26 18:33:47.123096: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0
Aug 26 18:33:47.123098: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0
Aug 26 18:33:47.123100: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0
Aug 26 18:33:47.123102: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123103: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123105: |    length: 8 (0x8)
Aug 26 18:33:47.123106: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123108: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 18:33:47.123110: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123111: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123113: |    length: 8 (0x8)
Aug 26 18:33:47.123114: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123116: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 18:33:47.123117: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123119: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123120: |    length: 8 (0x8)
Aug 26 18:33:47.123122: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123124: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 18:33:47.123125: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123127: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123128: |    length: 8 (0x8)
Aug 26 18:33:47.123130: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123131: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 18:33:47.123133: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123135: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123136: |    length: 8 (0x8)
Aug 26 18:33:47.123138: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123139: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 18:33:47.123141: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123143: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123144: |    length: 8 (0x8)
Aug 26 18:33:47.123146: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123147: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 18:33:47.123149: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123150: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:47.123152: |    length: 8 (0x8)
Aug 26 18:33:47.123153: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123155: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 18:33:47.123157: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
Aug 26 18:33:47.123160: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
Aug 26 18:33:47.123162: | remote proposal 1 matches local proposal 1
Aug 26 18:33:47.123164: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:47.123165: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:47.123167: |    length: 100 (0x64)
Aug 26 18:33:47.123168: |    prop #: 2 (0x2)
Aug 26 18:33:47.123170: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:33:47.123172: |    spi size: 0 (0x0)
Aug 26 18:33:47.123174: |    # transforms: 11 (0xb)
Aug 26 18:33:47.123176: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:47.123191: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123193: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123194: |    length: 12 (0xc)
Aug 26 18:33:47.123196: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:47.123197: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:47.123199: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:47.123201: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:47.123202: |    length/value: 128 (0x80)
Aug 26 18:33:47.123204: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123206: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123207: |    length: 8 (0x8)
Aug 26 18:33:47.123209: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:47.123211: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:33:47.123212: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123214: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123216: |    length: 8 (0x8)
Aug 26 18:33:47.123217: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:47.123219: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 18:33:47.123220: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123222: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123224: |    length: 8 (0x8)
Aug 26 18:33:47.123225: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123227: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:47.123229: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123230: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123232: |    length: 8 (0x8)
Aug 26 18:33:47.123233: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123235: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 18:33:47.123237: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123238: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123240: |    length: 8 (0x8)
Aug 26 18:33:47.123241: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123243: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 18:33:47.123245: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123246: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123248: |    length: 8 (0x8)
Aug 26 18:33:47.123249: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123251: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 18:33:47.123253: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123254: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123256: |    length: 8 (0x8)
Aug 26 18:33:47.123257: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123259: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 18:33:47.123261: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123262: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123264: |    length: 8 (0x8)
Aug 26 18:33:47.123265: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123267: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 18:33:47.123269: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123270: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123272: |    length: 8 (0x8)
Aug 26 18:33:47.123274: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123275: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 18:33:47.123277: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123278: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:47.123280: |    length: 8 (0x8)
Aug 26 18:33:47.123282: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123284: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 18:33:47.123286: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH
Aug 26 18:33:47.123293: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH
Aug 26 18:33:47.123299: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:47.123301: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:47.123302: |    length: 116 (0x74)
Aug 26 18:33:47.123304: |    prop #: 3 (0x3)
Aug 26 18:33:47.123306: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:33:47.123307: |    spi size: 0 (0x0)
Aug 26 18:33:47.123309: |    # transforms: 13 (0xd)
Aug 26 18:33:47.123311: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:47.123313: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123314: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123329: |    length: 12 (0xc)
Aug 26 18:33:47.123330: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:47.123332: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 18:33:47.123334: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:47.123335: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:47.123337: |    length/value: 256 (0x100)
Aug 26 18:33:47.123339: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123340: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123342: |    length: 8 (0x8)
Aug 26 18:33:47.123343: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:47.123345: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:33:47.123347: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123348: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123350: |    length: 8 (0x8)
Aug 26 18:33:47.123351: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:47.123353: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 18:33:47.123355: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123356: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123358: |    length: 8 (0x8)
Aug 26 18:33:47.123359: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:47.123361: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 18:33:47.123363: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123364: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123366: |    length: 8 (0x8)
Aug 26 18:33:47.123367: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:47.123369: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 18:33:47.123370: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123372: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123374: |    length: 8 (0x8)
Aug 26 18:33:47.123375: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123377: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:47.123378: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123380: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123381: |    length: 8 (0x8)
Aug 26 18:33:47.123383: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123385: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 18:33:47.123386: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123388: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123389: |    length: 8 (0x8)
Aug 26 18:33:47.123391: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123393: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 18:33:47.123394: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123396: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123398: |    length: 8 (0x8)
Aug 26 18:33:47.123400: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123402: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 18:33:47.123406: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123409: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123411: |    length: 8 (0x8)
Aug 26 18:33:47.123413: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123415: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 18:33:47.123418: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123420: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123422: |    length: 8 (0x8)
Aug 26 18:33:47.123425: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123427: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 18:33:47.123430: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123433: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123435: |    length: 8 (0x8)
Aug 26 18:33:47.123437: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123440: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 18:33:47.123443: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123445: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:47.123448: |    length: 8 (0x8)
Aug 26 18:33:47.123450: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123453: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 18:33:47.123458: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Aug 26 18:33:47.123461: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Aug 26 18:33:47.123464: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:47.123467: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 18:33:47.123469: |    length: 116 (0x74)
Aug 26 18:33:47.123472: |    prop #: 4 (0x4)
Aug 26 18:33:47.123474: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:33:47.123477: |    spi size: 0 (0x0)
Aug 26 18:33:47.123480: |    # transforms: 13 (0xd)
Aug 26 18:33:47.123483: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:47.123486: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123489: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123491: |    length: 12 (0xc)
Aug 26 18:33:47.123493: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:47.123495: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 18:33:47.123497: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:47.123499: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:47.123501: |    length/value: 128 (0x80)
Aug 26 18:33:47.123504: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123506: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123508: |    length: 8 (0x8)
Aug 26 18:33:47.123510: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:47.123512: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:33:47.123515: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123517: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123519: |    length: 8 (0x8)
Aug 26 18:33:47.123521: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:47.123523: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 18:33:47.123526: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123528: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123530: |    length: 8 (0x8)
Aug 26 18:33:47.123532: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:47.123535: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 18:33:47.123537: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123540: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123542: |    length: 8 (0x8)
Aug 26 18:33:47.123544: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:47.123546: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 18:33:47.123549: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123555: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123557: |    length: 8 (0x8)
Aug 26 18:33:47.123559: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123562: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:47.123565: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123567: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123569: |    length: 8 (0x8)
Aug 26 18:33:47.123572: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123574: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 18:33:47.123577: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123579: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123581: |    length: 8 (0x8)
Aug 26 18:33:47.123584: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123586: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 18:33:47.123589: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123591: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123594: |    length: 8 (0x8)
Aug 26 18:33:47.123596: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123598: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 18:33:47.123601: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123603: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123605: |    length: 8 (0x8)
Aug 26 18:33:47.123607: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123609: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 18:33:47.123612: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123614: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123616: |    length: 8 (0x8)
Aug 26 18:33:47.123618: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123620: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 18:33:47.123623: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123625: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.123627: |    length: 8 (0x8)
Aug 26 18:33:47.123630: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123632: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 18:33:47.123634: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.123637: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:47.123639: |    length: 8 (0x8)
Aug 26 18:33:47.123641: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.123643: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 18:33:47.123647: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Aug 26 18:33:47.123649: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Aug 26 18:33:47.123654: "westnet-eastnet-ikev2c" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519
Aug 26 18:33:47.123657: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048
Aug 26 18:33:47.123660: | converting proposal to internal trans attrs
Aug 26 18:33:47.123663: | natd_hash: rcookie is zero
Aug 26 18:33:47.123674: | natd_hash: hasher=0x563aba829800(20)
Aug 26 18:33:47.123679: | natd_hash: icookie=  43 f1 0a 6c  96 6d 01 5c
Aug 26 18:33:47.123682: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Aug 26 18:33:47.123684: | natd_hash: ip=  c0 01 02 17
Aug 26 18:33:47.123686: | natd_hash: port=500
Aug 26 18:33:47.123689: | natd_hash: hash=  b1 bc b6 82  09 5f 52 c0  c8 6b c6 19  5d 79 d9 c4
Aug 26 18:33:47.123691: | natd_hash: hash=  f3 b0 06 f3
Aug 26 18:33:47.123693: | natd_hash: rcookie is zero
Aug 26 18:33:47.123700: | natd_hash: hasher=0x563aba829800(20)
Aug 26 18:33:47.123703: | natd_hash: icookie=  43 f1 0a 6c  96 6d 01 5c
Aug 26 18:33:47.123705: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Aug 26 18:33:47.123707: | natd_hash: ip=  c0 01 02 2d
Aug 26 18:33:47.123710: | natd_hash: port=500
Aug 26 18:33:47.123712: | natd_hash: hash=  8d 13 fe 04  84 04 fe 69  c7 c7 10 b5  c2 71 ca 50
Aug 26 18:33:47.123714: | natd_hash: hash=  5b 6b 16 28
Aug 26 18:33:47.123717: | NAT_TRAVERSAL encaps using auto-detect
Aug 26 18:33:47.123719: | NAT_TRAVERSAL this end is NOT behind NAT
Aug 26 18:33:47.123721: | NAT_TRAVERSAL that end is NOT behind NAT
Aug 26 18:33:47.123724: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45
Aug 26 18:33:47.123728: | adding ikev2_inI1outR1 KE work-order 1 for state #1
Aug 26 18:33:47.123730: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563abb7d5758
Aug 26 18:33:47.123733: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Aug 26 18:33:47.123735: | libevent_malloc: new ptr-libevent@0x563abb7d7d68 size 128
Aug 26 18:33:47.123744: |   #1 spent 0.85 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet()
Aug 26 18:33:47.123764: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:33:47.123767: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND
Aug 26 18:33:47.123769: | suspending state #1 and saving MD
Aug 26 18:33:47.123771: | #1 is busy; has a suspended MD
Aug 26 18:33:47.123773: | crypto helper 0 resuming
Aug 26 18:33:47.123773: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269)
Aug 26 18:33:47.123788: | crypto helper 0 starting work-order 1 for state #1
Aug 26 18:33:47.123794: | "westnet-eastnet-ikev2c" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451
Aug 26 18:33:47.123801: | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1
Aug 26 18:33:47.123819: | stop processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 18:33:47.123824: | #1 spent 1.28 milliseconds in ikev2_process_packet()
Aug 26 18:33:47.123827: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 18:33:47.123844: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 18:33:47.123846: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 18:33:47.123849: | spent 1.31 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 18:33:47.124559: | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000759 seconds
Aug 26 18:33:47.124569: | (#1) spent 0.764 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr)
Aug 26 18:33:47.124572: | crypto helper 0 sending results from work-order 1 for state #1 to event queue
Aug 26 18:33:47.124574: | scheduling resume sending helper answer for #1
Aug 26 18:33:47.124576: | libevent_malloc: new ptr-libevent@0x7f0430002888 size 128
Aug 26 18:33:47.124582: | crypto helper 0 waiting (nothing to do)
Aug 26 18:33:47.124588: | processing resume sending helper answer for #1
Aug 26 18:33:47.124597: | start processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Aug 26 18:33:47.124601: | crypto helper 0 replies to request ID 1
Aug 26 18:33:47.124603: | calling continuation function 0x563aba754b50
Aug 26 18:33:47.124607: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1
Aug 26 18:33:47.124631: | **emit ISAKMP Message:
Aug 26 18:33:47.124634: |    initiator cookie:
Aug 26 18:33:47.124635: |   43 f1 0a 6c  96 6d 01 5c
Aug 26 18:33:47.124637: |    responder cookie:
Aug 26 18:33:47.124638: |   ba ec 53 8a  2f 8a 39 7b
Aug 26 18:33:47.124640: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 18:33:47.124642: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:33:47.124644: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Aug 26 18:33:47.124646: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 18:33:47.124648: |    Message ID: 0 (0x0)
Aug 26 18:33:47.124650: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 18:33:47.124652: | Emitting ikev2_proposal ...
Aug 26 18:33:47.124653: | ***emit IKEv2 Security Association Payload:
Aug 26 18:33:47.124655: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:47.124671: |    flags: none (0x0)
Aug 26 18:33:47.124674: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Aug 26 18:33:47.124676: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:47.124678: | ****emit IKEv2 Proposal Substructure Payload:
Aug 26 18:33:47.124680: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 18:33:47.124681: |    prop #: 1 (0x1)
Aug 26 18:33:47.124683: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:33:47.124684: |    spi size: 0 (0x0)
Aug 26 18:33:47.124686: |    # transforms: 3 (0x3)
Aug 26 18:33:47.124688: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Aug 26 18:33:47.124690: | *****emit IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.124692: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.124693: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:47.124695: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:47.124697: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:33:47.124699: | ******emit IKEv2 Attribute Substructure Payload:
Aug 26 18:33:47.124701: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:47.124702: |    length/value: 256 (0x100)
Aug 26 18:33:47.124704: | emitting length of IKEv2 Transform Substructure Payload: 12
Aug 26 18:33:47.124706: | *****emit IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.124708: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.124709: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:47.124711: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:33:47.124713: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.124715: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:33:47.124717: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 18:33:47.124718: | *****emit IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.124720: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:47.124722: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:47.124723: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:47.124725: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.124727: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:33:47.124729: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 18:33:47.124731: | emitting length of IKEv2 Proposal Substructure Payload: 36
Aug 26 18:33:47.124734: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Aug 26 18:33:47.124735: | emitting length of IKEv2 Security Association Payload: 40
Aug 26 18:33:47.124737: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Aug 26 18:33:47.124739: | ***emit IKEv2 Key Exchange Payload:
Aug 26 18:33:47.124741: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:47.124743: |    flags: none (0x0)
Aug 26 18:33:47.124744: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:47.124747: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
Aug 26 18:33:47.124748: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:47.124751: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
Aug 26 18:33:47.124752: | ikev2 g^x  35 f4 74 da  92 2f 81 67  4e 1c ad 8b  35 b3 23 32
Aug 26 18:33:47.124754: | ikev2 g^x  3a 69 ed 74  b8 38 22 c8  46 45 99 a4  20 47 77 26
Aug 26 18:33:47.124756: | ikev2 g^x  0e 6d 92 f2  5f e1 a3 e7  8f 68 16 b5  b7 96 88 0b
Aug 26 18:33:47.124757: | ikev2 g^x  5b 01 b7 eb  b4 8a 7d 78  16 65 4e 4e  49 7b d3 fb
Aug 26 18:33:47.124759: | ikev2 g^x  ff d1 a0 bd  53 21 0d 22  17 40 7c b8  dd ae cb a8
Aug 26 18:33:47.124760: | ikev2 g^x  a9 d4 1f 41  37 f5 7f 5f  b6 f0 58 22  f1 0e 93 e8
Aug 26 18:33:47.124762: | ikev2 g^x  c7 cb 8b 20  c1 0e 7d 88  32 0f 5f cf  c7 b3 cc 0d
Aug 26 18:33:47.124763: | ikev2 g^x  c9 8b b9 55  90 67 17 67  c8 6f 95 39  49 3d 2b c6
Aug 26 18:33:47.124765: | ikev2 g^x  7e dd 79 e8  b2 55 2a 38  03 7e 30 e5  5e c1 ff 33
Aug 26 18:33:47.124766: | ikev2 g^x  f0 90 4f 96  3e ac 9f 99  51 d0 e7 72  38 2c 5a 96
Aug 26 18:33:47.124768: | ikev2 g^x  57 5b 48 b1  b5 b2 47 1e  b6 4a 78 3a  5d a7 ea ed
Aug 26 18:33:47.124769: | ikev2 g^x  62 a9 39 f6  ff da e4 29  37 bb 80 e9  0e 34 8f 3f
Aug 26 18:33:47.124771: | ikev2 g^x  48 f7 3b fb  93 cd 0c d2  22 72 66 c4  e4 b4 53 9d
Aug 26 18:33:47.124773: | ikev2 g^x  6d 90 a2 64  1f 58 33 5f  55 e7 1d 7c  26 dd 7f a0
Aug 26 18:33:47.124774: | ikev2 g^x  30 41 19 dd  5a d1 67 6a  6e 05 55 a9  1a 7f 56 cd
Aug 26 18:33:47.124776: | ikev2 g^x  a1 35 e5 41  0f 59 be 9d  08 5d 56 c1  b2 52 08 de
Aug 26 18:33:47.124777: | emitting length of IKEv2 Key Exchange Payload: 264
Aug 26 18:33:47.124779: | ***emit IKEv2 Nonce Payload:
Aug 26 18:33:47.124781: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 18:33:47.124796: |    flags: none (0x0)
Aug 26 18:33:47.124798: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N
Aug 26 18:33:47.124800: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Aug 26 18:33:47.124802: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:47.124804: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Aug 26 18:33:47.124805: | IKEv2 nonce  62 b6 58 f1  64 a4 1b c6  38 6a 83 a0  e8 ca e7 b9
Aug 26 18:33:47.124807: | IKEv2 nonce  72 68 82 0e  29 f5 f4 05  27 63 e2 be  94 04 be 4f
Aug 26 18:33:47.124809: | emitting length of IKEv2 Nonce Payload: 36
Aug 26 18:33:47.124810: | Adding a v2N Payload
Aug 26 18:33:47.124812: | ***emit IKEv2 Notify Payload:
Aug 26 18:33:47.124814: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:47.124815: |    flags: none (0x0)
Aug 26 18:33:47.124817: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:33:47.124819: |    SPI size: 0 (0x0)
Aug 26 18:33:47.124820: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Aug 26 18:33:47.124822: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 18:33:47.124824: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:47.124827: | emitting length of IKEv2 Notify Payload: 8
Aug 26 18:33:47.124829: |  NAT-Traversal support  [enabled] add v2N payloads.
Aug 26 18:33:47.124836: | natd_hash: hasher=0x563aba829800(20)
Aug 26 18:33:47.124838: | natd_hash: icookie=  43 f1 0a 6c  96 6d 01 5c
Aug 26 18:33:47.124840: | natd_hash: rcookie=  ba ec 53 8a  2f 8a 39 7b
Aug 26 18:33:47.124841: | natd_hash: ip=  c0 01 02 17
Aug 26 18:33:47.124843: | natd_hash: port=500
Aug 26 18:33:47.124844: | natd_hash: hash=  e2 36 a1 ed  25 9d 49 f9  fe e4 ac 23  c0 09 4f c8
Aug 26 18:33:47.124846: | natd_hash: hash=  67 e6 32 b2
Aug 26 18:33:47.124847: | Adding a v2N Payload
Aug 26 18:33:47.124849: | ***emit IKEv2 Notify Payload:
Aug 26 18:33:47.124850: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:47.124852: |    flags: none (0x0)
Aug 26 18:33:47.124854: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:33:47.124855: |    SPI size: 0 (0x0)
Aug 26 18:33:47.124857: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Aug 26 18:33:47.124859: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 18:33:47.124860: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:47.124862: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Aug 26 18:33:47.124864: | Notify data  e2 36 a1 ed  25 9d 49 f9  fe e4 ac 23  c0 09 4f c8
Aug 26 18:33:47.124865: | Notify data  67 e6 32 b2
Aug 26 18:33:47.124867: | emitting length of IKEv2 Notify Payload: 28
Aug 26 18:33:47.124871: | natd_hash: hasher=0x563aba829800(20)
Aug 26 18:33:47.124872: | natd_hash: icookie=  43 f1 0a 6c  96 6d 01 5c
Aug 26 18:33:47.124874: | natd_hash: rcookie=  ba ec 53 8a  2f 8a 39 7b
Aug 26 18:33:47.124875: | natd_hash: ip=  c0 01 02 2d
Aug 26 18:33:47.124877: | natd_hash: port=500
Aug 26 18:33:47.124879: | natd_hash: hash=  31 e5 5d f6  f3 a6 65 7e  a7 19 1d 82  6e a8 6c 2d
Aug 26 18:33:47.124882: | natd_hash: hash=  80 18 57 53
Aug 26 18:33:47.124884: | Adding a v2N Payload
Aug 26 18:33:47.124886: | ***emit IKEv2 Notify Payload:
Aug 26 18:33:47.124889: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:47.124891: |    flags: none (0x0)
Aug 26 18:33:47.124893: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:33:47.124896: |    SPI size: 0 (0x0)
Aug 26 18:33:47.124898: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Aug 26 18:33:47.124901: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 18:33:47.124904: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:47.124907: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Aug 26 18:33:47.124910: | Notify data  31 e5 5d f6  f3 a6 65 7e  a7 19 1d 82  6e a8 6c 2d
Aug 26 18:33:47.124912: | Notify data  80 18 57 53
Aug 26 18:33:47.124915: | emitting length of IKEv2 Notify Payload: 28
Aug 26 18:33:47.124917: | emitting length of ISAKMP Message: 432
Aug 26 18:33:47.124924: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:33:47.124928: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK
Aug 26 18:33:47.124931: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1
Aug 26 18:33:47.124934: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA)
Aug 26 18:33:47.124936: | Message ID: updating counters for #1 to 0 after switching state
Aug 26 18:33:47.124939: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1
Aug 26 18:33:47.124942: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1
Aug 26 18:33:47.124946: "westnet-eastnet-ikev2c" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
Aug 26 18:33:47.124950: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Aug 26 18:33:47.124956: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Aug 26 18:33:47.124958: |   43 f1 0a 6c  96 6d 01 5c  ba ec 53 8a  2f 8a 39 7b
Aug 26 18:33:47.124960: |   21 20 22 20  00 00 00 00  00 00 01 b0  22 00 00 28
Aug 26 18:33:47.124961: |   00 00 00 24  01 01 00 03  03 00 00 0c  01 00 00 14
Aug 26 18:33:47.124962: |   80 0e 01 00  03 00 00 08  02 00 00 07  00 00 00 08
Aug 26 18:33:47.124964: |   04 00 00 0e  28 00 01 08  00 0e 00 00  35 f4 74 da
Aug 26 18:33:47.124965: |   92 2f 81 67  4e 1c ad 8b  35 b3 23 32  3a 69 ed 74
Aug 26 18:33:47.124967: |   b8 38 22 c8  46 45 99 a4  20 47 77 26  0e 6d 92 f2
Aug 26 18:33:47.124968: |   5f e1 a3 e7  8f 68 16 b5  b7 96 88 0b  5b 01 b7 eb
Aug 26 18:33:47.124970: |   b4 8a 7d 78  16 65 4e 4e  49 7b d3 fb  ff d1 a0 bd
Aug 26 18:33:47.124971: |   53 21 0d 22  17 40 7c b8  dd ae cb a8  a9 d4 1f 41
Aug 26 18:33:47.124973: |   37 f5 7f 5f  b6 f0 58 22  f1 0e 93 e8  c7 cb 8b 20
Aug 26 18:33:47.124974: |   c1 0e 7d 88  32 0f 5f cf  c7 b3 cc 0d  c9 8b b9 55
Aug 26 18:33:47.124976: |   90 67 17 67  c8 6f 95 39  49 3d 2b c6  7e dd 79 e8
Aug 26 18:33:47.124977: |   b2 55 2a 38  03 7e 30 e5  5e c1 ff 33  f0 90 4f 96
Aug 26 18:33:47.124979: |   3e ac 9f 99  51 d0 e7 72  38 2c 5a 96  57 5b 48 b1
Aug 26 18:33:47.124980: |   b5 b2 47 1e  b6 4a 78 3a  5d a7 ea ed  62 a9 39 f6
Aug 26 18:33:47.124982: |   ff da e4 29  37 bb 80 e9  0e 34 8f 3f  48 f7 3b fb
Aug 26 18:33:47.124983: |   93 cd 0c d2  22 72 66 c4  e4 b4 53 9d  6d 90 a2 64
Aug 26 18:33:47.124984: |   1f 58 33 5f  55 e7 1d 7c  26 dd 7f a0  30 41 19 dd
Aug 26 18:33:47.124986: |   5a d1 67 6a  6e 05 55 a9  1a 7f 56 cd  a1 35 e5 41
Aug 26 18:33:47.124987: |   0f 59 be 9d  08 5d 56 c1  b2 52 08 de  29 00 00 24
Aug 26 18:33:47.124989: |   62 b6 58 f1  64 a4 1b c6  38 6a 83 a0  e8 ca e7 b9
Aug 26 18:33:47.124990: |   72 68 82 0e  29 f5 f4 05  27 63 e2 be  94 04 be 4f
Aug 26 18:33:47.124992: |   29 00 00 08  00 00 40 2e  29 00 00 1c  00 00 40 04
Aug 26 18:33:47.124993: |   e2 36 a1 ed  25 9d 49 f9  fe e4 ac 23  c0 09 4f c8
Aug 26 18:33:47.124995: |   67 e6 32 b2  00 00 00 1c  00 00 40 05  31 e5 5d f6
Aug 26 18:33:47.124996: |   f3 a6 65 7e  a7 19 1d 82  6e a8 6c 2d  80 18 57 53
Aug 26 18:33:47.125038: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Aug 26 18:33:47.125041: | libevent_free: release ptr-libevent@0x563abb7d7d68
Aug 26 18:33:47.125043: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563abb7d5758
Aug 26 18:33:47.125046: | event_schedule: new EVENT_SO_DISCARD-pe@0x563abb7d5758
Aug 26 18:33:47.125048: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1
Aug 26 18:33:47.125050: | libevent_malloc: new ptr-libevent@0x563abb7db498 size 128
Aug 26 18:33:47.125053: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Aug 26 18:33:47.125070: | #1 spent 0.442 milliseconds in resume sending helper answer
Aug 26 18:33:47.125073: | stop processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Aug 26 18:33:47.125075: | libevent_free: release ptr-libevent@0x7f0430002888
Aug 26 18:33:47.128011: | spent 0.00271 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 18:33:47.128035: | *received 365 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 18:33:47.128040: |   43 f1 0a 6c  96 6d 01 5c  ba ec 53 8a  2f 8a 39 7b
Aug 26 18:33:47.128043: |   2e 20 23 08  00 00 00 01  00 00 01 6d  23 00 01 51
Aug 26 18:33:47.128046: |   73 2a 47 70  48 f4 fa 19  89 a8 01 f1  b1 8c a9 db
Aug 26 18:33:47.128048: |   81 30 87 d8  5b 05 60 a3  b2 13 85 0c  2f fd 2e 81
Aug 26 18:33:47.128051: |   6d 44 61 8c  19 27 79 ba  19 54 b3 b5  5a 66 42 c8
Aug 26 18:33:47.128053: |   51 67 73 d6  c2 ab dd d4  ba 68 b4 67  9d 69 d0 20
Aug 26 18:33:47.128059: |   75 5b 4a 04  75 15 a9 56  34 94 b1 fd  be 18 50 69
Aug 26 18:33:47.128062: |   0b bf 56 36  3d 77 14 9f  f8 34 f2 f3  d4 02 48 26
Aug 26 18:33:47.128064: |   02 84 32 77  b8 cc 5e 7b  1d bf 18 f8  ca c9 7f b8
Aug 26 18:33:47.128067: |   22 63 47 ab  c4 5d 6f a4  14 11 a4 8d  3b 48 f9 b5
Aug 26 18:33:47.128069: |   38 1e 26 b1  97 70 1a e7  45 dd e7 0a  be 57 99 d5
Aug 26 18:33:47.128072: |   0e d5 bd 59  58 e3 1c af  45 4b 46 01  de af 4a 11
Aug 26 18:33:47.128074: |   d2 20 9a 42  cb cc 80 fa  62 5f 5a 84  77 56 eb cc
Aug 26 18:33:47.128077: |   3f 3f 18 16  00 53 c7 77  fd b6 e6 e0  4e ec 2f 63
Aug 26 18:33:47.128079: |   f5 f9 11 d1  d1 f4 96 93  55 8a f9 74  26 3f 90 03
Aug 26 18:33:47.128082: |   31 d8 34 2f  c5 f8 c7 cd  d0 e2 e4 96  52 0c b6 a4
Aug 26 18:33:47.128085: |   8f 4d c5 f4  8f 93 c2 37  f6 80 6d f0  c7 d6 0a 18
Aug 26 18:33:47.128087: |   4f 08 1d dd  ec 48 e3 f1  53 7e fa e1  65 00 a9 d0
Aug 26 18:33:47.128090: |   c4 76 a4 65  1e 06 59 b0  8a 50 05 ea  14 5c 73 52
Aug 26 18:33:47.128092: |   36 99 d0 07  c5 24 9e f8  33 4e fb e0  3a 94 c8 c6
Aug 26 18:33:47.128094: |   84 ba ca 8d  18 03 b6 01  d0 f0 5d ea  32 c0 a8 a8
Aug 26 18:33:47.128097: |   af 83 8a fc  8b 84 64 7e  c9 b6 61 03  69 56 02 30
Aug 26 18:33:47.128099: |   71 f3 1b 5c  a8 1e 53 12  31 23 b8 4b  81
Aug 26 18:33:47.128105: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 18:33:47.128110: | **parse ISAKMP Message:
Aug 26 18:33:47.128113: |    initiator cookie:
Aug 26 18:33:47.128115: |   43 f1 0a 6c  96 6d 01 5c
Aug 26 18:33:47.128117: |    responder cookie:
Aug 26 18:33:47.128118: |   ba ec 53 8a  2f 8a 39 7b
Aug 26 18:33:47.128120: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Aug 26 18:33:47.128122: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:33:47.128124: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Aug 26 18:33:47.128126: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 18:33:47.128128: |    Message ID: 1 (0x1)
Aug 26 18:33:47.128129: |    length: 365 (0x16d)
Aug 26 18:33:47.128131: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Aug 26 18:33:47.128134: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request 
Aug 26 18:33:47.128137: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa)
Aug 26 18:33:47.128142: | start processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 18:33:47.128144: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 18:33:47.128147: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Aug 26 18:33:47.128149: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
Aug 26 18:33:47.128152: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0
Aug 26 18:33:47.128154: | unpacking clear payload
Aug 26 18:33:47.128157: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Aug 26 18:33:47.128160: | ***parse IKEv2 Encryption Payload:
Aug 26 18:33:47.128163: |    next payload type: ISAKMP_NEXT_v2IDi (0x23)
Aug 26 18:33:47.128166: |    flags: none (0x0)
Aug 26 18:33:47.128168: |    length: 337 (0x151)
Aug 26 18:33:47.128171: | processing payload: ISAKMP_NEXT_v2SK (len=333)
Aug 26 18:33:47.128176: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1
Aug 26 18:33:47.128179: | #1 in state PARENT_R1: received v2I1, sent v2R1
Aug 26 18:33:47.128182: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED)
Aug 26 18:33:47.128185: | Now let's proceed with state specific processing
Aug 26 18:33:47.128188: | calling processor Responder: process IKE_AUTH request (no SKEYSEED)
Aug 26 18:33:47.128191: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2
Aug 26 18:33:47.128196: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16
Aug 26 18:33:47.128202: | adding ikev2_inI2outR2 KE work-order 2 for state #1
Aug 26 18:33:47.128205: | state #1 requesting EVENT_SO_DISCARD to be deleted
Aug 26 18:33:47.128209: | libevent_free: release ptr-libevent@0x563abb7db498
Aug 26 18:33:47.128212: | free_event_entry: release EVENT_SO_DISCARD-pe@0x563abb7d5758
Aug 26 18:33:47.128216: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563abb7d5758
Aug 26 18:33:47.128220: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Aug 26 18:33:47.128223: | libevent_malloc: new ptr-libevent@0x7f0430002888 size 128
Aug 26 18:33:47.128235: |   #1 spent 0.0416 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet()
Aug 26 18:33:47.128240: | crypto helper 2 resuming
Aug 26 18:33:47.128241: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:33:47.128254: | crypto helper 2 starting work-order 2 for state #1
Aug 26 18:33:47.128260: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND
Aug 26 18:33:47.128266: | crypto helper 2 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2
Aug 26 18:33:47.128269: | suspending state #1 and saving MD
Aug 26 18:33:47.128275: | #1 is busy; has a suspended MD
Aug 26 18:33:47.128278: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269)
Aug 26 18:33:47.128280: | "westnet-eastnet-ikev2c" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451
Aug 26 18:33:47.128283: | stop processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 18:33:47.128287: | #1 spent 0.256 milliseconds in ikev2_process_packet()
Aug 26 18:33:47.128306: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 18:33:47.128309: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 18:33:47.128311: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 18:33:47.128314: | spent 0.272 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 18:33:47.129211: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4
Aug 26 18:33:47.129678: | crypto helper 2 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001411 seconds
Aug 26 18:33:47.129692: | (#1) spent 1.4 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr)
Aug 26 18:33:47.129696: | crypto helper 2 sending results from work-order 2 for state #1 to event queue
Aug 26 18:33:47.129699: | scheduling resume sending helper answer for #1
Aug 26 18:33:47.129703: | libevent_malloc: new ptr-libevent@0x7f0428000f48 size 128
Aug 26 18:33:47.129711: | crypto helper 2 waiting (nothing to do)
Aug 26 18:33:47.129719: | processing resume sending helper answer for #1
Aug 26 18:33:47.129728: | start processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Aug 26 18:33:47.129731: | crypto helper 2 replies to request ID 2
Aug 26 18:33:47.129733: | calling continuation function 0x563aba754b50
Aug 26 18:33:47.129735: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2
Aug 26 18:33:47.129737: | #1 in state PARENT_R1: received v2I1, sent v2R1
Aug 26 18:33:47.129749: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success
Aug 26 18:33:47.129752: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi)
Aug 26 18:33:47.129754: | **parse IKEv2 Identification - Initiator - Payload:
Aug 26 18:33:47.129756: |    next payload type: ISAKMP_NEXT_v2IDr (0x24)
Aug 26 18:33:47.129758: |    flags: none (0x0)
Aug 26 18:33:47.129760: |    length: 12 (0xc)
Aug 26 18:33:47.129762: |    ID type: ID_FQDN (0x2)
Aug 26 18:33:47.129763: | processing payload: ISAKMP_NEXT_v2IDi (len=4)
Aug 26 18:33:47.129765: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr)
Aug 26 18:33:47.129770: | **parse IKEv2 Identification - Responder - Payload:
Aug 26 18:33:47.129772: |    next payload type: ISAKMP_NEXT_v2AUTH (0x27)
Aug 26 18:33:47.129774: |    flags: none (0x0)
Aug 26 18:33:47.129775: |    length: 12 (0xc)
Aug 26 18:33:47.129777: |    ID type: ID_FQDN (0x2)
Aug 26 18:33:47.129778: | processing payload: ISAKMP_NEXT_v2IDr (len=4)
Aug 26 18:33:47.129780: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH)
Aug 26 18:33:47.129782: | **parse IKEv2 Authentication Payload:
Aug 26 18:33:47.129783: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 18:33:47.129785: |    flags: none (0x0)
Aug 26 18:33:47.129786: |    length: 72 (0x48)
Aug 26 18:33:47.129788: |    auth method: IKEv2_AUTH_SHARED (0x2)
Aug 26 18:33:47.129790: | processing payload: ISAKMP_NEXT_v2AUTH (len=64)
Aug 26 18:33:47.129791: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Aug 26 18:33:47.129793: | **parse IKEv2 Security Association Payload:
Aug 26 18:33:47.129795: |    next payload type: ISAKMP_NEXT_v2TSi (0x2c)
Aug 26 18:33:47.129796: |    flags: none (0x0)
Aug 26 18:33:47.129798: |    length: 164 (0xa4)
Aug 26 18:33:47.129800: | processing payload: ISAKMP_NEXT_v2SA (len=160)
Aug 26 18:33:47.129801: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi)
Aug 26 18:33:47.129803: | **parse IKEv2 Traffic Selector - Initiator - Payload:
Aug 26 18:33:47.129805: |    next payload type: ISAKMP_NEXT_v2TSr (0x2d)
Aug 26 18:33:47.129806: |    flags: none (0x0)
Aug 26 18:33:47.129808: |    length: 24 (0x18)
Aug 26 18:33:47.129809: |    number of TS: 1 (0x1)
Aug 26 18:33:47.129811: | processing payload: ISAKMP_NEXT_v2TSi (len=16)
Aug 26 18:33:47.129812: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr)
Aug 26 18:33:47.129814: | **parse IKEv2 Traffic Selector - Responder - Payload:
Aug 26 18:33:47.129816: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:47.129817: |    flags: none (0x0)
Aug 26 18:33:47.129819: |    length: 24 (0x18)
Aug 26 18:33:47.129820: |    number of TS: 1 (0x1)
Aug 26 18:33:47.129822: | processing payload: ISAKMP_NEXT_v2TSr (len=16)
Aug 26 18:33:47.129824: | selected state microcode Responder: process IKE_AUTH request
Aug 26 18:33:47.129825: | Now let's proceed with state specific processing
Aug 26 18:33:47.129827: | calling processor Responder: process IKE_AUTH request
Aug 26 18:33:47.129831: "westnet-eastnet-ikev2c" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr}
Aug 26 18:33:47.129836: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669)
Aug 26 18:33:47.129838: | received IDr payload - extracting our alleged ID
Aug 26 18:33:47.129840: | refine_host_connection for IKEv2: starting with "westnet-eastnet-ikev2c"
Aug 26 18:33:47.129844: |    match_id a=@west
Aug 26 18:33:47.129846: |             b=@west
Aug 26 18:33:47.129847: |    results  matched
Aug 26 18:33:47.129850: | refine_host_connection: checking "westnet-eastnet-ikev2c" against "westnet-eastnet-ikev2c", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0))
Aug 26 18:33:47.129852: | Warning: not switching back to template of current instance
Aug 26 18:33:47.129854: | Peer expects us to be @east (ID_FQDN) according to its IDr payload
Aug 26 18:33:47.129856: | This connection's local id is @east (ID_FQDN)
Aug 26 18:33:47.129858: | refine_host_connection: checked westnet-eastnet-ikev2c against westnet-eastnet-ikev2c, now for see if best
Aug 26 18:33:47.129860: | started looking for secret for @east->@west of kind PKK_PSK
Aug 26 18:33:47.129862: | actually looking for secret for @east->@west of kind PKK_PSK
Aug 26 18:33:47.129864: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Aug 26 18:33:47.129867: | 1: compared key @east to @east / @west -> 010
Aug 26 18:33:47.129869: | 2: compared key @west to @east / @west -> 014
Aug 26 18:33:47.129870: | line 1: match=014
Aug 26 18:33:47.129872: | match 014 beats previous best_match 000 match=0x563abb72cb58 (line=1)
Aug 26 18:33:47.129874: | concluding with best_match=014 best=0x563abb72cb58 (lineno=1)
Aug 26 18:33:47.129877: | returning because exact peer id match
Aug 26 18:33:47.129879: | offered CA: '%none'
Aug 26 18:33:47.129881: "westnet-eastnet-ikev2c" #1: IKEv2 mode peer ID is ID_FQDN: '@west'
Aug 26 18:33:47.129897: | verifying AUTH payload
Aug 26 18:33:47.129901: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret
Aug 26 18:33:47.129903: | started looking for secret for @east->@west of kind PKK_PSK
Aug 26 18:33:47.129905: | actually looking for secret for @east->@west of kind PKK_PSK
Aug 26 18:33:47.129907: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Aug 26 18:33:47.129909: | 1: compared key @east to @east / @west -> 010
Aug 26 18:33:47.129911: | 2: compared key @west to @east / @west -> 014
Aug 26 18:33:47.129912: | line 1: match=014
Aug 26 18:33:47.129914: | match 014 beats previous best_match 000 match=0x563abb72cb58 (line=1)
Aug 26 18:33:47.129916: | concluding with best_match=014 best=0x563abb72cb58 (lineno=1)
Aug 26 18:33:47.129955: "westnet-eastnet-ikev2c" #1: Authenticated using authby=secret
Aug 26 18:33:47.129959: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA)
Aug 26 18:33:47.129963: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key)
Aug 26 18:33:47.129965: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Aug 26 18:33:47.129967: | libevent_free: release ptr-libevent@0x7f0430002888
Aug 26 18:33:47.129969: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563abb7d5758
Aug 26 18:33:47.129971: | event_schedule: new EVENT_SA_REKEY-pe@0x563abb7d5758
Aug 26 18:33:47.129973: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1
Aug 26 18:33:47.129975: | libevent_malloc: new ptr-libevent@0x563abb7d7d68 size 128
Aug 26 18:33:47.130553: | pstats #1 ikev2.ike established
Aug 26 18:33:47.130565: | **emit ISAKMP Message:
Aug 26 18:33:47.130569: |    initiator cookie:
Aug 26 18:33:47.130573: |   43 f1 0a 6c  96 6d 01 5c
Aug 26 18:33:47.130575: |    responder cookie:
Aug 26 18:33:47.130578: |   ba ec 53 8a  2f 8a 39 7b
Aug 26 18:33:47.130581: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 18:33:47.130585: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:33:47.130588: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Aug 26 18:33:47.130591: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 18:33:47.130594: |    Message ID: 1 (0x1)
Aug 26 18:33:47.130598: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 18:33:47.130601: | IKEv2 CERT: send a certificate?
Aug 26 18:33:47.130604: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK
Aug 26 18:33:47.130608: | ***emit IKEv2 Encryption Payload:
Aug 26 18:33:47.130611: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:47.130614: |    flags: none (0x0)
Aug 26 18:33:47.130618: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Aug 26 18:33:47.130622: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:47.130626: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Aug 26 18:33:47.130634: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Aug 26 18:33:47.130661: | ****emit IKEv2 Identification - Responder - Payload:
Aug 26 18:33:47.130665: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:47.130668: |    flags: none (0x0)
Aug 26 18:33:47.130671: |    ID type: ID_FQDN (0x2)
Aug 26 18:33:47.130675: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr)
Aug 26 18:33:47.130679: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:47.130684: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload
Aug 26 18:33:47.130688: | my identity  65 61 73 74
Aug 26 18:33:47.130692: | emitting length of IKEv2 Identification - Responder - Payload: 12
Aug 26 18:33:47.130700: | assembled IDr payload
Aug 26 18:33:47.130703: | CHILD SA proposals received
Aug 26 18:33:47.130706: | going to assemble AUTH payload
Aug 26 18:33:47.130709: | ****emit IKEv2 Authentication Payload:
Aug 26 18:33:47.130712: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 18:33:47.130714: |    flags: none (0x0)
Aug 26 18:33:47.130717: |    auth method: IKEv2_AUTH_SHARED (0x2)
Aug 26 18:33:47.130721: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA
Aug 26 18:33:47.130725: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH)
Aug 26 18:33:47.130728: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:47.130733: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret
Aug 26 18:33:47.130737: | started looking for secret for @east->@west of kind PKK_PSK
Aug 26 18:33:47.130740: | actually looking for secret for @east->@west of kind PKK_PSK
Aug 26 18:33:47.130742: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Aug 26 18:33:47.130744: | 1: compared key @east to @east / @west -> 010
Aug 26 18:33:47.130746: | 2: compared key @west to @east / @west -> 014
Aug 26 18:33:47.130748: | line 1: match=014
Aug 26 18:33:47.130750: | match 014 beats previous best_match 000 match=0x563abb72cb58 (line=1)
Aug 26 18:33:47.130751: | concluding with best_match=014 best=0x563abb72cb58 (lineno=1)
Aug 26 18:33:47.130787: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload
Aug 26 18:33:47.130790: | PSK auth  fb 64 e3 bb  60 25 77 30  ed 27 bc 51  80 df 37 b2
Aug 26 18:33:47.130791: | PSK auth  b0 36 d6 c4  35 b5 89 1b  e4 17 76 91  16 55 6e 0e
Aug 26 18:33:47.130793: | PSK auth  da 71 69 da  6e 80 c7 23  6e b8 1c db  72 ea d9 08
Aug 26 18:33:47.130794: | PSK auth  f5 82 1b fe  7b c2 f2 6c  f6 af 93 b5  50 94 d2 4a
Aug 26 18:33:47.130796: | emitting length of IKEv2 Authentication Payload: 72
Aug 26 18:33:47.130800: | creating state object #2 at 0x563abb7df3c8
Aug 26 18:33:47.130802: | State DB: adding IKEv2 state #2 in UNDEFINED
Aug 26 18:33:47.130804: | pstats #2 ikev2.child started
Aug 26 18:33:47.130807: | duplicating state object #1 "westnet-eastnet-ikev2c" as #2 for IPSEC SA
Aug 26 18:33:47.130810: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484)
Aug 26 18:33:47.130815: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1
Aug 26 18:33:47.130817: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1
Aug 26 18:33:47.130820: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1
Aug 26 18:33:47.130822: | Child SA TS Request has ike->sa == md->st; so using parent connection
Aug 26 18:33:47.130824: | TSi: parsing 1 traffic selectors
Aug 26 18:33:47.130826: | ***parse IKEv2 Traffic Selector:
Aug 26 18:33:47.130828: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 18:33:47.130830: |    IP Protocol ID: 0 (0x0)
Aug 26 18:33:47.130831: |    length: 16 (0x10)
Aug 26 18:33:47.130833: |    start port: 0 (0x0)
Aug 26 18:33:47.130834: |    end port: 65535 (0xffff)
Aug 26 18:33:47.130836: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Aug 26 18:33:47.130838: | TS low  c0 00 01 00
Aug 26 18:33:47.130840: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Aug 26 18:33:47.130841: | TS high  c0 00 01 ff
Aug 26 18:33:47.130843: | TSi: parsed 1 traffic selectors
Aug 26 18:33:47.130844: | TSr: parsing 1 traffic selectors
Aug 26 18:33:47.130848: | ***parse IKEv2 Traffic Selector:
Aug 26 18:33:47.130849: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 18:33:47.130851: |    IP Protocol ID: 0 (0x0)
Aug 26 18:33:47.130852: |    length: 16 (0x10)
Aug 26 18:33:47.130854: |    start port: 0 (0x0)
Aug 26 18:33:47.130855: |    end port: 65535 (0xffff)
Aug 26 18:33:47.130857: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Aug 26 18:33:47.130858: | TS low  c0 00 02 00
Aug 26 18:33:47.130860: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Aug 26 18:33:47.130862: | TS high  c0 00 02 ff
Aug 26 18:33:47.130863: | TSr: parsed 1 traffic selectors
Aug 26 18:33:47.130865: | looking for best SPD in current connection
Aug 26 18:33:47.130868: | evaluating our conn="westnet-eastnet-ikev2c" I=192.0.1.0/24:0/0 R=192.0.212.0/24:0/0 to their:
Aug 26 18:33:47.130872: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:47.130876: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 18:33:47.130878: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 18:33:47.130879: |           TSi[0] port match: YES fitness 65536
Aug 26 18:33:47.130881: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 18:33:47.130883: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 18:33:47.130886: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:47.130889: |         match address end->client=192.0.212.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO
Aug 26 18:33:47.130891: | looking for better host pair
Aug 26 18:33:47.130894: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 18:33:47.130897: |   checking hostpair 192.0.212.0/24 -> 192.0.1.0/24 is found
Aug 26 18:33:47.130899: |   investigating connection "westnet-eastnet-ikev2c" as a better match
Aug 26 18:33:47.130901: |    match_id a=@west
Aug 26 18:33:47.130902: |             b=@west
Aug 26 18:33:47.130904: |    results  matched
Aug 26 18:33:47.130906: | evaluating our conn="westnet-eastnet-ikev2c" I=192.0.1.0/24:0/0 R=192.0.212.0/24:0/0 to their:
Aug 26 18:33:47.130909: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:47.130912: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 18:33:47.130914: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 18:33:47.130916: |           TSi[0] port match: YES fitness 65536
Aug 26 18:33:47.130917: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 18:33:47.130919: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 18:33:47.130922: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:47.130925: |         match address end->client=192.0.212.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO
Aug 26 18:33:47.130927: |   investigating connection "westnet-eastnet-ikev2b" as a better match
Aug 26 18:33:47.130929: |    match_id a=@west
Aug 26 18:33:47.130930: |             b=@west
Aug 26 18:33:47.130932: |    results  matched
Aug 26 18:33:47.130934: | evaluating our conn="westnet-eastnet-ikev2b" I=192.0.1.0/24:0/0 R=192.0.211.0/24:0/0 to their:
Aug 26 18:33:47.130937: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:47.130940: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 18:33:47.130942: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 18:33:47.130944: |           TSi[0] port match: YES fitness 65536
Aug 26 18:33:47.130945: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 18:33:47.130947: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 18:33:47.130950: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:47.130953: |         match address end->client=192.0.211.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO
Aug 26 18:33:47.130955: |   investigating connection "westnet-eastnet-ikev2a" as a better match
Aug 26 18:33:47.130958: |    match_id a=@west
Aug 26 18:33:47.130959: |             b=@west
Aug 26 18:33:47.130961: |    results  matched
Aug 26 18:33:47.130963: | evaluating our conn="westnet-eastnet-ikev2a" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their:
Aug 26 18:33:47.130966: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:47.130969: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 18:33:47.130971: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 18:33:47.130972: |           TSi[0] port match: YES fitness 65536
Aug 26 18:33:47.130974: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 18:33:47.130976: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 18:33:47.130978: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:47.130981: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Aug 26 18:33:47.130983: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Aug 26 18:33:47.130985: |           TSr[0] port match: YES fitness 65536
Aug 26 18:33:47.130987: |         narrow protocol end=*0 == TSr[0]=*0: 0
Aug 26 18:33:47.130988: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Aug 26 18:33:47.130990: | best fit so far: TSi[0] TSr[0]
Aug 26 18:33:47.130992: |     protocol fitness found better match d westnet-eastnet-ikev2a, TSi[0],TSr[0]
Aug 26 18:33:47.130996: | in connection_discard for connection westnet-eastnet-ikev2c
Aug 26 18:33:47.130997: | printing contents struct traffic_selector
Aug 26 18:33:47.130999: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Aug 26 18:33:47.131001: |   ipprotoid: 0
Aug 26 18:33:47.131002: |   port range: 0-65535
Aug 26 18:33:47.131004: |   ip range: 192.0.2.0-192.0.2.255
Aug 26 18:33:47.131006: | printing contents struct traffic_selector
Aug 26 18:33:47.131007: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Aug 26 18:33:47.131009: |   ipprotoid: 0
Aug 26 18:33:47.131010: |   port range: 0-65535
Aug 26 18:33:47.131012: |   ip range: 192.0.1.0-192.0.1.255
Aug 26 18:33:47.131015: | constructing ESP/AH proposals with all DH removed  for westnet-eastnet-ikev2a (IKE_AUTH responder matching remote ESP/AH proposals)
Aug 26 18:33:47.131020: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Aug 26 18:33:47.131024: | ...  ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED
Aug 26 18:33:47.131026: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Aug 26 18:33:47.131028: | ...  ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED
Aug 26 18:33:47.131030: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Aug 26 18:33:47.131033: | ...  ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 18:33:47.131035: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Aug 26 18:33:47.131037: | ...  ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 18:33:47.131042: "westnet-eastnet-ikev2a": constructed local ESP/AH proposals for westnet-eastnet-ikev2a (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 18:33:47.131044: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals
Aug 26 18:33:47.131048: | local proposal 1 type ENCR has 1 transforms
Aug 26 18:33:47.131049: | local proposal 1 type PRF has 0 transforms
Aug 26 18:33:47.131051: | local proposal 1 type INTEG has 1 transforms
Aug 26 18:33:47.131053: | local proposal 1 type DH has 1 transforms
Aug 26 18:33:47.131055: | local proposal 1 type ESN has 1 transforms
Aug 26 18:33:47.131058: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH
Aug 26 18:33:47.131059: | local proposal 2 type ENCR has 1 transforms
Aug 26 18:33:47.131061: | local proposal 2 type PRF has 0 transforms
Aug 26 18:33:47.131063: | local proposal 2 type INTEG has 1 transforms
Aug 26 18:33:47.131064: | local proposal 2 type DH has 1 transforms
Aug 26 18:33:47.131066: | local proposal 2 type ESN has 1 transforms
Aug 26 18:33:47.131067: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH
Aug 26 18:33:47.131069: | local proposal 3 type ENCR has 1 transforms
Aug 26 18:33:47.131071: | local proposal 3 type PRF has 0 transforms
Aug 26 18:33:47.131072: | local proposal 3 type INTEG has 2 transforms
Aug 26 18:33:47.131074: | local proposal 3 type DH has 1 transforms
Aug 26 18:33:47.131075: | local proposal 3 type ESN has 1 transforms
Aug 26 18:33:47.131077: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH
Aug 26 18:33:47.131079: | local proposal 4 type ENCR has 1 transforms
Aug 26 18:33:47.131080: | local proposal 4 type PRF has 0 transforms
Aug 26 18:33:47.131082: | local proposal 4 type INTEG has 2 transforms
Aug 26 18:33:47.131083: | local proposal 4 type DH has 1 transforms
Aug 26 18:33:47.131085: | local proposal 4 type ESN has 1 transforms
Aug 26 18:33:47.131087: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH
Aug 26 18:33:47.131089: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:47.131091: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:47.131092: |    length: 32 (0x20)
Aug 26 18:33:47.131094: |    prop #: 1 (0x1)
Aug 26 18:33:47.131095: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:33:47.131097: |    spi size: 4 (0x4)
Aug 26 18:33:47.131099: |    # transforms: 2 (0x2)
Aug 26 18:33:47.131101: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:33:47.131102: | remote SPI  0a 40 65 57
Aug 26 18:33:47.131104: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals
Aug 26 18:33:47.131106: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.131108: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.131109: |    length: 12 (0xc)
Aug 26 18:33:47.131111: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:47.131113: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:47.131114: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:47.131116: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:47.131118: |    length/value: 256 (0x100)
Aug 26 18:33:47.131120: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Aug 26 18:33:47.131122: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.131124: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:47.131125: |    length: 8 (0x8)
Aug 26 18:33:47.131127: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:33:47.131129: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:33:47.131131: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0
Aug 26 18:33:47.131133: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0
Aug 26 18:33:47.131135: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0
Aug 26 18:33:47.131137: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0
Aug 26 18:33:47.131139: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none
Aug 26 18:33:47.131141: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN
Aug 26 18:33:47.131143: | remote proposal 1 matches local proposal 1
Aug 26 18:33:47.131145: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:47.131148: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:47.131149: |    length: 32 (0x20)
Aug 26 18:33:47.131151: |    prop #: 2 (0x2)
Aug 26 18:33:47.131152: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:33:47.131154: |    spi size: 4 (0x4)
Aug 26 18:33:47.131155: |    # transforms: 2 (0x2)
Aug 26 18:33:47.131157: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:33:47.131159: | remote SPI  0a 40 65 57
Aug 26 18:33:47.131161: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:47.131162: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.131164: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.131165: |    length: 12 (0xc)
Aug 26 18:33:47.131167: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:47.131168: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:47.131170: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:47.131172: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:47.131173: |    length/value: 128 (0x80)
Aug 26 18:33:47.131175: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.131177: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:47.131178: |    length: 8 (0x8)
Aug 26 18:33:47.131180: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:33:47.131181: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:33:47.131183: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN
Aug 26 18:33:47.131185: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN
Aug 26 18:33:47.131187: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:47.131189: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:47.131190: |    length: 48 (0x30)
Aug 26 18:33:47.131192: |    prop #: 3 (0x3)
Aug 26 18:33:47.131193: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:33:47.131195: |    spi size: 4 (0x4)
Aug 26 18:33:47.131196: |    # transforms: 4 (0x4)
Aug 26 18:33:47.131198: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:33:47.131199: | remote SPI  0a 40 65 57
Aug 26 18:33:47.131201: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:47.131203: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.131204: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.131206: |    length: 12 (0xc)
Aug 26 18:33:47.131207: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:47.131209: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 18:33:47.131211: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:47.131212: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:47.131214: |    length/value: 256 (0x100)
Aug 26 18:33:47.131216: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.131217: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.131219: |    length: 8 (0x8)
Aug 26 18:33:47.131220: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:47.131222: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 18:33:47.131224: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.131225: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.131227: |    length: 8 (0x8)
Aug 26 18:33:47.131228: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:47.131230: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 18:33:47.131231: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.131233: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:47.131234: |    length: 8 (0x8)
Aug 26 18:33:47.131236: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:33:47.131238: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:33:47.131240: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Aug 26 18:33:47.131242: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Aug 26 18:33:47.131245: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:47.131247: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 18:33:47.131248: |    length: 48 (0x30)
Aug 26 18:33:47.131250: |    prop #: 4 (0x4)
Aug 26 18:33:47.131252: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:33:47.131253: |    spi size: 4 (0x4)
Aug 26 18:33:47.131254: |    # transforms: 4 (0x4)
Aug 26 18:33:47.131256: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:33:47.131258: | remote SPI  0a 40 65 57
Aug 26 18:33:47.131260: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:47.131261: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.131263: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.131264: |    length: 12 (0xc)
Aug 26 18:33:47.131266: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:47.131267: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 18:33:47.131269: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:47.131271: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:47.131272: |    length/value: 128 (0x80)
Aug 26 18:33:47.131274: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.131275: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.131277: |    length: 8 (0x8)
Aug 26 18:33:47.131278: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:47.131280: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 18:33:47.131282: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.131283: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.131285: |    length: 8 (0x8)
Aug 26 18:33:47.131286: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:47.131320: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 18:33:47.131324: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.131326: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:47.131327: |    length: 8 (0x8)
Aug 26 18:33:47.131329: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:33:47.131331: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:33:47.131333: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Aug 26 18:33:47.131335: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Aug 26 18:33:47.131338: "westnet-eastnet-ikev2c" #1: proposal 1:ESP:SPI=0a406557;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED
Aug 26 18:33:47.131341: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=0a406557;ENCR=AES_GCM_C_256;ESN=DISABLED
Aug 26 18:33:47.131343: | converting proposal to internal trans attrs
Aug 26 18:33:47.131371: | netlink_get_spi: allocated 0xb9d2e984 for esp.0@192.1.2.23
Aug 26 18:33:47.131373: | Emitting ikev2_proposal ...
Aug 26 18:33:47.131375: | ****emit IKEv2 Security Association Payload:
Aug 26 18:33:47.131377: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:47.131378: |    flags: none (0x0)
Aug 26 18:33:47.131380: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Aug 26 18:33:47.131382: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:47.131384: | *****emit IKEv2 Proposal Substructure Payload:
Aug 26 18:33:47.131386: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 18:33:47.131388: |    prop #: 1 (0x1)
Aug 26 18:33:47.131389: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:33:47.131391: |    spi size: 4 (0x4)
Aug 26 18:33:47.131392: |    # transforms: 2 (0x2)
Aug 26 18:33:47.131394: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Aug 26 18:33:47.131397: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Aug 26 18:33:47.131399: | our spi  b9 d2 e9 84
Aug 26 18:33:47.131401: | ******emit IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.131402: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.131404: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:47.131406: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:47.131407: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:33:47.131409: | *******emit IKEv2 Attribute Substructure Payload:
Aug 26 18:33:47.131411: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:47.131412: |    length/value: 256 (0x100)
Aug 26 18:33:47.131414: | emitting length of IKEv2 Transform Substructure Payload: 12
Aug 26 18:33:47.131416: | ******emit IKEv2 Transform Substructure Payload:
Aug 26 18:33:47.131417: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:47.131419: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:33:47.131421: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:33:47.131423: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:47.131424: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:33:47.131426: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 18:33:47.131428: | emitting length of IKEv2 Proposal Substructure Payload: 32
Aug 26 18:33:47.131430: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Aug 26 18:33:47.131431: | emitting length of IKEv2 Security Association Payload: 36
Aug 26 18:33:47.131433: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Aug 26 18:33:47.131435: | ****emit IKEv2 Traffic Selector - Initiator - Payload:
Aug 26 18:33:47.131437: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:47.131438: |    flags: none (0x0)
Aug 26 18:33:47.131440: |    number of TS: 1 (0x1)
Aug 26 18:33:47.131442: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi)
Aug 26 18:33:47.131444: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:47.131446: | *****emit IKEv2 Traffic Selector:
Aug 26 18:33:47.131447: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 18:33:47.131449: |    IP Protocol ID: 0 (0x0)
Aug 26 18:33:47.131450: |    start port: 0 (0x0)
Aug 26 18:33:47.131452: |    end port: 65535 (0xffff)
Aug 26 18:33:47.131454: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector
Aug 26 18:33:47.131456: | ipv4 start  c0 00 01 00
Aug 26 18:33:47.131457: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector
Aug 26 18:33:47.131459: | ipv4 end  c0 00 01 ff
Aug 26 18:33:47.131460: | emitting length of IKEv2 Traffic Selector: 16
Aug 26 18:33:47.131462: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24
Aug 26 18:33:47.131464: | ****emit IKEv2 Traffic Selector - Responder - Payload:
Aug 26 18:33:47.131465: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:47.131467: |    flags: none (0x0)
Aug 26 18:33:47.131468: |    number of TS: 1 (0x1)
Aug 26 18:33:47.131470: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr)
Aug 26 18:33:47.131472: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:47.131475: | *****emit IKEv2 Traffic Selector:
Aug 26 18:33:47.131476: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 18:33:47.131478: |    IP Protocol ID: 0 (0x0)
Aug 26 18:33:47.131479: |    start port: 0 (0x0)
Aug 26 18:33:47.131481: |    end port: 65535 (0xffff)
Aug 26 18:33:47.131483: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector
Aug 26 18:33:47.131484: | ipv4 start  c0 00 02 00
Aug 26 18:33:47.131486: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector
Aug 26 18:33:47.131487: | ipv4 end  c0 00 02 ff
Aug 26 18:33:47.131489: | emitting length of IKEv2 Traffic Selector: 16
Aug 26 18:33:47.131490: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24
Aug 26 18:33:47.131492: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Aug 26 18:33:47.131494: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36
Aug 26 18:33:47.131590: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established
Aug 26 18:33:47.131595: |     #1 spent 1.72 milliseconds
Aug 26 18:33:47.131597: | install_ipsec_sa() for #2: inbound and outbound
Aug 26 18:33:47.131599: | could_route called for westnet-eastnet-ikev2a (kind=CK_PERMANENT)
Aug 26 18:33:47.131601: | FOR_EACH_CONNECTION_... in route_owner
Aug 26 18:33:47.131603: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000 vs
Aug 26 18:33:47.131605: |  conn westnet-eastnet-ikev2c mark 0/00000000, 0/00000000
Aug 26 18:33:47.131607: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000 vs
Aug 26 18:33:47.131609: |  conn westnet-eastnet-ikev2b mark 0/00000000, 0/00000000
Aug 26 18:33:47.131610: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000 vs
Aug 26 18:33:47.131612: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000
Aug 26 18:33:47.131615: | route owner of "westnet-eastnet-ikev2a" unrouted: NULL; eroute owner: NULL
Aug 26 18:33:47.131617: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Aug 26 18:33:47.131619: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Aug 26 18:33:47.131621: | AES_GCM_16 requires 4 salt bytes
Aug 26 18:33:47.131623: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Aug 26 18:33:47.131625: | setting IPsec SA replay-window to 32
Aug 26 18:33:47.131628: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2a' not available on interface eth1
Aug 26 18:33:47.131630: | netlink: enabling tunnel mode
Aug 26 18:33:47.131632: | netlink: setting IPsec SA replay-window to 32 using old-style req
Aug 26 18:33:47.131633: | netlink: esp-hw-offload not set for IPsec SA
Aug 26 18:33:47.131708: | netlink response for Add SA esp.a406557@192.1.2.45 included non-error error
Aug 26 18:33:47.131713: | set up outgoing SA, ref=0/0
Aug 26 18:33:47.131718: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Aug 26 18:33:47.131721: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Aug 26 18:33:47.131724: | AES_GCM_16 requires 4 salt bytes
Aug 26 18:33:47.131728: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Aug 26 18:33:47.131732: | setting IPsec SA replay-window to 32
Aug 26 18:33:47.131736: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2a' not available on interface eth1
Aug 26 18:33:47.131739: | netlink: enabling tunnel mode
Aug 26 18:33:47.131742: | netlink: setting IPsec SA replay-window to 32 using old-style req
Aug 26 18:33:47.131745: | netlink: esp-hw-offload not set for IPsec SA
Aug 26 18:33:47.131794: | netlink response for Add SA esp.b9d2e984@192.1.2.23 included non-error error
Aug 26 18:33:47.131815: | priority calculation of connection "westnet-eastnet-ikev2a" is 0xfe7e7
Aug 26 18:33:47.131823: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute)
Aug 26 18:33:47.131827: | IPsec Sa SPD priority set to 1042407
Aug 26 18:33:47.131853: | raw_eroute result=success
Aug 26 18:33:47.131858: | set up incoming SA, ref=0/0
Aug 26 18:33:47.131861: | sr for #2: unrouted
Aug 26 18:33:47.131867: | route_and_eroute() for proto 0, and source port 0 dest port 0
Aug 26 18:33:47.131870: | FOR_EACH_CONNECTION_... in route_owner
Aug 26 18:33:47.131874: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000 vs
Aug 26 18:33:47.131878: |  conn westnet-eastnet-ikev2c mark 0/00000000, 0/00000000
Aug 26 18:33:47.131882: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000 vs
Aug 26 18:33:47.131885: |  conn westnet-eastnet-ikev2b mark 0/00000000, 0/00000000
Aug 26 18:33:47.131889: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000 vs
Aug 26 18:33:47.131892: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000
Aug 26 18:33:47.131910: | route owner of "westnet-eastnet-ikev2a" unrouted: NULL; eroute owner: NULL
Aug 26 18:33:47.131914: | route_and_eroute with c: westnet-eastnet-ikev2a (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2
Aug 26 18:33:47.131918: | priority calculation of connection "westnet-eastnet-ikev2a" is 0xfe7e7
Aug 26 18:33:47.131926: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute)
Aug 26 18:33:47.131930: | IPsec Sa SPD priority set to 1042407
Aug 26 18:33:47.131944: | raw_eroute result=success
Aug 26 18:33:47.131961: | running updown command "ipsec _updown" for verb up 
Aug 26 18:33:47.131965: | command executing up-client
Aug 26 18:33:47.131999: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN
Aug 26 18:33:47.132005: | popen cmd is 1044 chars long
Aug 26 18:33:47.132008: | cmd(   0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ike:
Aug 26 18:33:47.132012: | cmd(  80):v2a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PL:
Aug 26 18:33:47.132014: | cmd( 160):UTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0':
Aug 26 18:33:47.132016: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL:
Aug 26 18:33:47.132018: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID=':
Aug 26 18:33:47.132020: | cmd( 400):@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_:
Aug 26 18:33:47.132021: | cmd( 480):PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLU:
Aug 26 18:33:47.132023: | cmd( 560):TO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCR:
Aug 26 18:33:47.132025: | cmd( 640):YPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_:
Aug 26 18:33:47.132026: | cmd( 720):KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CI:
Aug 26 18:33:47.132028: | cmd( 800):SCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PL:
Aug 26 18:33:47.132030: | cmd( 880):UTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI:
Aug 26 18:33:47.132031: | cmd( 960):_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa406557 SPI_OUT=0xb9d2e984 ipsec _updown :
Aug 26 18:33:47.132033: | cmd(1040):2>&1:
Aug 26 18:33:47.140277: | route_and_eroute: firewall_notified: true
Aug 26 18:33:47.140302: | running updown command "ipsec _updown" for verb prepare 
Aug 26 18:33:47.140307: | command executing prepare-client
Aug 26 18:33:47.140332: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='
Aug 26 18:33:47.140334: | popen cmd is 1049 chars long
Aug 26 18:33:47.140336: | cmd(   0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne:
Aug 26 18:33:47.140338: | cmd(  80):t-ikev2a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.2:
Aug 26 18:33:47.140340: | cmd( 160):3' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0:
Aug 26 18:33:47.140342: | cmd( 240):.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=':
Aug 26 18:33:47.140343: | cmd( 320):0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER:
Aug 26 18:33:47.140345: | cmd( 400):_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' P:
Aug 26 18:33:47.140347: | cmd( 480):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0:
Aug 26 18:33:47.140348: | cmd( 560):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK:
Aug 26 18:33:47.140350: | cmd( 640):+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_:
Aug 26 18:33:47.140352: | cmd( 720):CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PE:
Aug 26 18:33:47.140353: | cmd( 800):ER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=:
Aug 26 18:33:47.140355: | cmd( 880):'' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=':
Aug 26 18:33:47.140357: | cmd( 960):' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa406557 SPI_OUT=0xb9d2e984 ipsec _up:
Aug 26 18:33:47.140358: | cmd(1040):down 2>&1:
Aug 26 18:33:47.148241: | running updown command "ipsec _updown" for verb route 
Aug 26 18:33:47.148258: | command executing route-client
Aug 26 18:33:47.148303: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' 
Aug 26 18:33:47.148310: | popen cmd is 1047 chars long
Aug 26 18:33:47.148314: | cmd(   0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-:
Aug 26 18:33:47.148320: | cmd(  80):ikev2a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23':
Aug 26 18:33:47.148324: | cmd( 160): PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2:
Aug 26 18:33:47.148326: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0':
Aug 26 18:33:47.148329: | cmd( 320): PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_I:
Aug 26 18:33:47.148332: | cmd( 400):D='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLU:
Aug 26 18:33:47.148334: | cmd( 480):TO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' :
Aug 26 18:33:47.148337: | cmd( 560):PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+E:
Aug 26 18:33:47.148353: | cmd( 640):NCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CO:
Aug 26 18:33:47.148356: | cmd( 720):NN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER:
Aug 26 18:33:47.148358: | cmd( 800):_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='':
Aug 26 18:33:47.148361: | cmd( 880): PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' :
Aug 26 18:33:47.148364: | cmd( 960):VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa406557 SPI_OUT=0xb9d2e984 ipsec _updo:
Aug 26 18:33:47.148366: | cmd(1040):wn 2>&1:
Aug 26 18:33:47.158004: | route_and_eroute: instance "westnet-eastnet-ikev2a", setting eroute_owner {spd=0x563abb7d3958,sr=0x563abb7d3958} to #2 (was #0) (newest_ipsec_sa=#0)
Aug 26 18:33:47.158074: |     #1 spent 1.66 milliseconds in install_ipsec_sa()
Aug 26 18:33:47.158081: | ISAKMP_v2_IKE_AUTH: instance westnet-eastnet-ikev2a[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1
Aug 26 18:33:47.158083: | adding 1 bytes of padding (including 1 byte padding-length)
Aug 26 18:33:47.158086: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Aug 26 18:33:47.158089: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Aug 26 18:33:47.158091: | emitting length of IKEv2 Encryption Payload: 197
Aug 26 18:33:47.158093: | emitting length of ISAKMP Message: 225
Aug 26 18:33:47.158135: | ikev2_parent_inI2outR2_continue_tail returned STF_OK
Aug 26 18:33:47.158139: |   #1 spent 3.45 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet()
Aug 26 18:33:47.158145: | suspend processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:33:47.158149: | start processing: state #2 connection "westnet-eastnet-ikev2a" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:33:47.158152: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK
Aug 26 18:33:47.158154: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R
Aug 26 18:33:47.158156: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA)
Aug 26 18:33:47.158159: | Message ID: updating counters for #2 to 1 after switching state
Aug 26 18:33:47.158163: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1
Aug 26 18:33:47.158166: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1
Aug 26 18:33:47.158168: | pstats #2 ikev2.child established
Aug 26 18:33:47.158174: "westnet-eastnet-ikev2a" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0]
Aug 26 18:33:47.158177: | NAT-T: encaps is 'auto'
Aug 26 18:33:47.158180: "westnet-eastnet-ikev2a" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x0a406557 <0xb9d2e984 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive}
Aug 26 18:33:47.158186: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Aug 26 18:33:47.158192: | sending 225 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Aug 26 18:33:47.158194: |   43 f1 0a 6c  96 6d 01 5c  ba ec 53 8a  2f 8a 39 7b
Aug 26 18:33:47.158196: |   2e 20 23 20  00 00 00 01  00 00 00 e1  24 00 00 c5
Aug 26 18:33:47.158197: |   e1 db 0a 35  35 e9 f6 bb  01 ad 3b e1  90 d8 1d 06
Aug 26 18:33:47.158199: |   5b 72 d1 e5  d6 2b ec 46  f9 35 b4 e5  ba 7b ed c9
Aug 26 18:33:47.158200: |   97 de 61 2d  3d 32 75 b7  1f e2 74 da  10 ce 60 87
Aug 26 18:33:47.158202: |   94 41 ac da  5d 96 d3 7b  72 d1 5d 40  cf a1 54 e9
Aug 26 18:33:47.158203: |   eb 20 4c f0  bf 54 d0 d8  d6 74 67 23  ae d8 82 ea
Aug 26 18:33:47.158205: |   c0 8c 7a 79  26 67 f5 7b  26 f7 80 4f  af 50 2d d1
Aug 26 18:33:47.158206: |   d5 32 5f f6  59 0c b7 2a  a7 04 ac 57  9f 7b 6c 60
Aug 26 18:33:47.158208: |   a4 2f 2a 2f  d3 47 a5 be  b9 23 ad 7f  ab 65 e9 e1
Aug 26 18:33:47.158209: |   be 10 68 20  59 7b 20 81  62 82 06 a3  47 68 6b e5
Aug 26 18:33:47.158211: |   e0 c6 46 b4  28 e6 5f d3  03 e5 c1 d0  7f 52 0b 5d
Aug 26 18:33:47.158212: |   4d 5f 06 12  96 4b 05 e0  12 fe fb e1  3b 2a e0 66
Aug 26 18:33:47.158214: |   ff 76 41 b4  26 8a fd 01  7b bd 79 49  b7 19 3f c3
Aug 26 18:33:47.158215: |   09
Aug 26 18:33:47.158251: | releasing whack for #2 (sock=fd@-1)
Aug 26 18:33:47.158253: | releasing whack and unpending for parent #1
Aug 26 18:33:47.158256: | unpending state #1 connection "westnet-eastnet-ikev2a"
Aug 26 18:33:47.158259: | #2 will expire in 28800 seconds (policy doesn't allow re-key)
Aug 26 18:33:47.158261: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7f0430002b78
Aug 26 18:33:47.158264: | inserting event EVENT_SA_EXPIRE, timeout in 28800 seconds for #2
Aug 26 18:33:47.158266: | libevent_malloc: new ptr-libevent@0x563abb7df318 size 128
Aug 26 18:33:47.158278: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Aug 26 18:33:47.158284: | #1 spent 3.67 milliseconds in resume sending helper answer
Aug 26 18:33:47.158287: | stop processing: state #2 connection "westnet-eastnet-ikev2a" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Aug 26 18:33:47.158305: | libevent_free: release ptr-libevent@0x7f0428000f48
Aug 26 18:33:47.158330: | processing signal PLUTO_SIGCHLD
Aug 26 18:33:47.158334: | waitpid returned ECHILD (no child processes left)
Aug 26 18:33:47.158338: | spent 0.00405 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 18:33:47.158339: | processing signal PLUTO_SIGCHLD
Aug 26 18:33:47.158342: | waitpid returned ECHILD (no child processes left)
Aug 26 18:33:47.158344: | spent 0.00238 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 18:33:47.158346: | processing signal PLUTO_SIGCHLD
Aug 26 18:33:47.158348: | waitpid returned ECHILD (no child processes left)
Aug 26 18:33:47.158350: | spent 0.00233 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 18:33:48.420171: | spent 0.00254 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 18:33:48.420195: | *received 305 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 18:33:48.420198: |   43 f1 0a 6c  96 6d 01 5c  ba ec 53 8a  2f 8a 39 7b
Aug 26 18:33:48.420200: |   2e 20 24 08  00 00 00 02  00 00 01 31  21 00 01 15
Aug 26 18:33:48.420201: |   c1 62 4e bd  c8 94 57 97  ae 97 d7 b3  24 a7 c7 0a
Aug 26 18:33:48.420203: |   a0 4c c3 c6  e6 b3 14 0f  db f8 3e f3  c6 db 1c 6d
Aug 26 18:33:48.420204: |   1e 6b 51 b2  4d 11 33 e4  e6 e9 9f 05  0d 83 4a f4
Aug 26 18:33:48.420206: |   c9 a4 8e 80  68 b6 57 3f  61 dd 29 47  1a 15 02 08
Aug 26 18:33:48.420207: |   d5 6f a9 6e  e0 ba 7b 6b  7b 2a c7 27  12 ed 0e da
Aug 26 18:33:48.420209: |   af f0 82 3b  3a 41 69 e0  92 57 5e da  51 2c 91 02
Aug 26 18:33:48.420210: |   bd f9 e0 14  73 17 6a ad  43 62 dd 65  f0 d7 c3 23
Aug 26 18:33:48.420212: |   1c 1a 47 5c  ca de 02 06  63 56 a7 0c  1f 7b 93 71
Aug 26 18:33:48.420213: |   ab 82 8a 5b  3f e2 2d e2  29 95 47 17  94 c3 9b f1
Aug 26 18:33:48.420217: |   53 ee 0e 7e  f7 ab 47 ee  5e f2 a5 18  54 ad 91 05
Aug 26 18:33:48.420219: |   7b 92 27 1e  74 c7 98 39  e6 8b fe 7d  b9 df 1d f1
Aug 26 18:33:48.420220: |   9d ed cc 88  91 a5 be 11  51 8d 5b 28  67 ef 07 93
Aug 26 18:33:48.420222: |   75 73 31 31  da 8a 43 cb  ba 37 6d ae  b0 15 e2 ff
Aug 26 18:33:48.420223: |   df f4 0f 1d  16 43 1e 5e  5e d5 86 c8  c5 52 c7 14
Aug 26 18:33:48.420225: |   2b be 5a b4  bb d4 b8 c8  82 e5 33 22  c7 22 30 66
Aug 26 18:33:48.420226: |   7d 16 69 0e  98 46 11 9f  68 7d cf 7f  1e 01 58 2f
Aug 26 18:33:48.420228: |   19 37 eb 4e  c1 93 01 8e  cb fc 64 73  c6 3c d5 f5
Aug 26 18:33:48.420229: |   7a
Aug 26 18:33:48.420233: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 18:33:48.420235: | **parse ISAKMP Message:
Aug 26 18:33:48.420237: |    initiator cookie:
Aug 26 18:33:48.420239: |   43 f1 0a 6c  96 6d 01 5c
Aug 26 18:33:48.420240: |    responder cookie:
Aug 26 18:33:48.420242: |   ba ec 53 8a  2f 8a 39 7b
Aug 26 18:33:48.420244: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Aug 26 18:33:48.420246: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:33:48.420247: |    exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24)
Aug 26 18:33:48.420252: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 18:33:48.420254: |    Message ID: 2 (0x2)
Aug 26 18:33:48.420255: |    length: 305 (0x131)
Aug 26 18:33:48.420257: |  processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36)
Aug 26 18:33:48.420260: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request 
Aug 26 18:33:48.420263: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa)
Aug 26 18:33:48.420267: | start processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 18:33:48.420269: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 18:33:48.420272: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Aug 26 18:33:48.420274: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002
Aug 26 18:33:48.420277: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1
Aug 26 18:33:48.420279: | unpacking clear payload
Aug 26 18:33:48.420281: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Aug 26 18:33:48.420283: | ***parse IKEv2 Encryption Payload:
Aug 26 18:33:48.420285: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 18:33:48.420286: |    flags: none (0x0)
Aug 26 18:33:48.420293: |    length: 277 (0x115)
Aug 26 18:33:48.420298: | processing payload: ISAKMP_NEXT_v2SK (len=273)
Aug 26 18:33:48.420302: | Message ID: start-responder #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2
Aug 26 18:33:48.420305: | #1 in state PARENT_R2: received v2I2, PARENT SA established
Aug 26 18:33:48.420321: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success
Aug 26 18:33:48.420323: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Aug 26 18:33:48.420325: | **parse IKEv2 Security Association Payload:
Aug 26 18:33:48.420327: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Aug 26 18:33:48.420328: |    flags: none (0x0)
Aug 26 18:33:48.420330: |    length: 164 (0xa4)
Aug 26 18:33:48.420332: | processing payload: ISAKMP_NEXT_v2SA (len=160)
Aug 26 18:33:48.420333: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Aug 26 18:33:48.420335: | **parse IKEv2 Nonce Payload:
Aug 26 18:33:48.420337: |    next payload type: ISAKMP_NEXT_v2TSi (0x2c)
Aug 26 18:33:48.420338: |    flags: none (0x0)
Aug 26 18:33:48.420340: |    length: 36 (0x24)
Aug 26 18:33:48.420341: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Aug 26 18:33:48.420343: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi)
Aug 26 18:33:48.420345: | **parse IKEv2 Traffic Selector - Initiator - Payload:
Aug 26 18:33:48.420347: |    next payload type: ISAKMP_NEXT_v2TSr (0x2d)
Aug 26 18:33:48.420350: |    flags: none (0x0)
Aug 26 18:33:48.420351: |    length: 24 (0x18)
Aug 26 18:33:48.420353: |    number of TS: 1 (0x1)
Aug 26 18:33:48.420355: | processing payload: ISAKMP_NEXT_v2TSi (len=16)
Aug 26 18:33:48.420356: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr)
Aug 26 18:33:48.420358: | **parse IKEv2 Traffic Selector - Responder - Payload:
Aug 26 18:33:48.420360: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:48.420361: |    flags: none (0x0)
Aug 26 18:33:48.420363: |    length: 24 (0x18)
Aug 26 18:33:48.420364: |    number of TS: 1 (0x1)
Aug 26 18:33:48.420366: | processing payload: ISAKMP_NEXT_v2TSr (len=16)
Aug 26 18:33:48.420368: | state #1 forced to match CREATE_CHILD_SA from V2_CREATE_R->V2_IPSEC_R by ignoring from state
Aug 26 18:33:48.420370: | selected state microcode Respond to CREATE_CHILD_SA IPsec SA Request
Aug 26 18:33:48.420374: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669)
Aug 26 18:33:48.420377: | creating state object #3 at 0x563abb7dd818
Aug 26 18:33:48.420379: | State DB: adding IKEv2 state #3 in UNDEFINED
Aug 26 18:33:48.420386: | pstats #3 ikev2.child started
Aug 26 18:33:48.420388: | duplicating state object #1 "westnet-eastnet-ikev2c" as #3 for IPSEC SA
Aug 26 18:33:48.420392: | #3 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484)
Aug 26 18:33:48.420400: | Message ID: init_child #1.#3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1
Aug 26 18:33:48.420403: | child state #3: UNDEFINED(ignore) => V2_CREATE_R(established IKE SA)
Aug 26 18:33:48.420406: | "westnet-eastnet-ikev2c" #1 received Child SA Request CREATE_CHILD_SA from 192.1.2.45:500 Child "westnet-eastnet-ikev2c" #3 in STATE_V2_CREATE_R will process it further
Aug 26 18:33:48.420409: | Message ID: switch-from #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2->-1
Aug 26 18:33:48.420412: | Message ID: switch-to #1.#3 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1->2
Aug 26 18:33:48.420414: | forcing ST #1 to CHILD #1.#3 in FSM processor
Aug 26 18:33:48.420415: | Now let's proceed with state specific processing
Aug 26 18:33:48.420417: | calling processor Respond to CREATE_CHILD_SA IPsec SA Request
Aug 26 18:33:48.420420: | create child proposal's DH changed from no-PFS to NONE, flushing
Aug 26 18:33:48.420424: | constructing ESP/AH proposals with default DH NONE  for westnet-eastnet-ikev2c (CREATE_CHILD_SA responder matching remote ESP/AH proposals)
Aug 26 18:33:48.420427: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Aug 26 18:33:48.420431: | ...  ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED
Aug 26 18:33:48.420434: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Aug 26 18:33:48.420436: | ...  ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED
Aug 26 18:33:48.420438: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Aug 26 18:33:48.420441: | ...  ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 18:33:48.420443: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Aug 26 18:33:48.420446: | ...  ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 18:33:48.420450: "westnet-eastnet-ikev2c": constructed local ESP/AH proposals for westnet-eastnet-ikev2c (CREATE_CHILD_SA responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 18:33:48.420454: | Comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 4 local proposals
Aug 26 18:33:48.420458: | local proposal 1 type ENCR has 1 transforms
Aug 26 18:33:48.420460: | local proposal 1 type PRF has 0 transforms
Aug 26 18:33:48.420462: | local proposal 1 type INTEG has 1 transforms
Aug 26 18:33:48.420463: | local proposal 1 type DH has 1 transforms
Aug 26 18:33:48.420465: | local proposal 1 type ESN has 1 transforms
Aug 26 18:33:48.420467: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH
Aug 26 18:33:48.420469: | local proposal 2 type ENCR has 1 transforms
Aug 26 18:33:48.420471: | local proposal 2 type PRF has 0 transforms
Aug 26 18:33:48.420472: | local proposal 2 type INTEG has 1 transforms
Aug 26 18:33:48.420474: | local proposal 2 type DH has 1 transforms
Aug 26 18:33:48.420476: | local proposal 2 type ESN has 1 transforms
Aug 26 18:33:48.420478: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH
Aug 26 18:33:48.420479: | local proposal 3 type ENCR has 1 transforms
Aug 26 18:33:48.420481: | local proposal 3 type PRF has 0 transforms
Aug 26 18:33:48.420483: | local proposal 3 type INTEG has 2 transforms
Aug 26 18:33:48.420484: | local proposal 3 type DH has 1 transforms
Aug 26 18:33:48.420486: | local proposal 3 type ESN has 1 transforms
Aug 26 18:33:48.420488: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH
Aug 26 18:33:48.420489: | local proposal 4 type ENCR has 1 transforms
Aug 26 18:33:48.420491: | local proposal 4 type PRF has 0 transforms
Aug 26 18:33:48.420493: | local proposal 4 type INTEG has 2 transforms
Aug 26 18:33:48.420494: | local proposal 4 type DH has 1 transforms
Aug 26 18:33:48.420496: | local proposal 4 type ESN has 1 transforms
Aug 26 18:33:48.420498: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH
Aug 26 18:33:48.420500: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:48.420502: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:48.420503: |    length: 32 (0x20)
Aug 26 18:33:48.420505: |    prop #: 1 (0x1)
Aug 26 18:33:48.420507: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:33:48.420509: |    spi size: 4 (0x4)
Aug 26 18:33:48.420510: |    # transforms: 2 (0x2)
Aug 26 18:33:48.420512: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:33:48.420514: | remote SPI  3b 38 e1 51
Aug 26 18:33:48.420516: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals
Aug 26 18:33:48.420518: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:48.420520: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:48.420522: |    length: 12 (0xc)
Aug 26 18:33:48.420523: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:48.420525: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:48.420527: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:48.420529: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:48.420530: |    length/value: 256 (0x100)
Aug 26 18:33:48.420533: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Aug 26 18:33:48.420535: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:48.420537: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:48.420539: |    length: 8 (0x8)
Aug 26 18:33:48.420540: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:33:48.420542: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:33:48.420544: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0
Aug 26 18:33:48.420546: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0
Aug 26 18:33:48.420548: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0
Aug 26 18:33:48.420550: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0
Aug 26 18:33:48.420555: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none
Aug 26 18:33:48.420558: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN
Aug 26 18:33:48.420560: | remote proposal 1 matches local proposal 1
Aug 26 18:33:48.420562: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:48.420564: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:48.420565: |    length: 32 (0x20)
Aug 26 18:33:48.420567: |    prop #: 2 (0x2)
Aug 26 18:33:48.420568: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:33:48.420570: |    spi size: 4 (0x4)
Aug 26 18:33:48.420571: |    # transforms: 2 (0x2)
Aug 26 18:33:48.420573: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:33:48.420575: | remote SPI  3b 38 e1 51
Aug 26 18:33:48.420577: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:48.420578: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:48.420580: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:48.420582: |    length: 12 (0xc)
Aug 26 18:33:48.420583: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:48.420585: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:48.420587: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:48.420588: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:48.420590: |    length/value: 128 (0x80)
Aug 26 18:33:48.420592: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:48.420593: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:48.420595: |    length: 8 (0x8)
Aug 26 18:33:48.420596: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:33:48.420598: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:33:48.420600: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN
Aug 26 18:33:48.420602: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN
Aug 26 18:33:48.420604: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:48.420606: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:48.420607: |    length: 48 (0x30)
Aug 26 18:33:48.420609: |    prop #: 3 (0x3)
Aug 26 18:33:48.420610: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:33:48.420612: |    spi size: 4 (0x4)
Aug 26 18:33:48.420613: |    # transforms: 4 (0x4)
Aug 26 18:33:48.420615: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:33:48.420617: | remote SPI  3b 38 e1 51
Aug 26 18:33:48.420618: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:48.420620: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:48.420622: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:48.420623: |    length: 12 (0xc)
Aug 26 18:33:48.420625: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:48.420626: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 18:33:48.420628: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:48.420630: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:48.420631: |    length/value: 256 (0x100)
Aug 26 18:33:48.420633: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:48.420635: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:48.420636: |    length: 8 (0x8)
Aug 26 18:33:48.420638: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:48.420640: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 18:33:48.420642: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:48.420643: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:48.420645: |    length: 8 (0x8)
Aug 26 18:33:48.420646: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:48.420648: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 18:33:48.420650: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:48.420651: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:48.420654: |    length: 8 (0x8)
Aug 26 18:33:48.420655: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:33:48.420657: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:33:48.420659: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Aug 26 18:33:48.420661: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Aug 26 18:33:48.420663: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:48.420665: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 18:33:48.420666: |    length: 48 (0x30)
Aug 26 18:33:48.420668: |    prop #: 4 (0x4)
Aug 26 18:33:48.420669: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:33:48.420671: |    spi size: 4 (0x4)
Aug 26 18:33:48.420672: |    # transforms: 4 (0x4)
Aug 26 18:33:48.420674: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:33:48.420676: | remote SPI  3b 38 e1 51
Aug 26 18:33:48.420677: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:48.420679: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:48.420681: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:48.420682: |    length: 12 (0xc)
Aug 26 18:33:48.420684: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:48.420685: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 18:33:48.420687: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:48.420689: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:48.420690: |    length/value: 128 (0x80)
Aug 26 18:33:48.420692: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:48.420694: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:48.420695: |    length: 8 (0x8)
Aug 26 18:33:48.420697: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:48.420699: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 18:33:48.420700: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:48.420702: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:48.420703: |    length: 8 (0x8)
Aug 26 18:33:48.420705: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:48.420707: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 18:33:48.420708: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:48.420710: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:48.420711: |    length: 8 (0x8)
Aug 26 18:33:48.420713: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:33:48.420715: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:33:48.420717: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Aug 26 18:33:48.420719: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Aug 26 18:33:48.420722: "westnet-eastnet-ikev2c" #1: proposal 1:ESP:SPI=3b38e151;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED
Aug 26 18:33:48.420725: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=3b38e151;ENCR=AES_GCM_C_256;ESN=DISABLED
Aug 26 18:33:48.420727: | converting proposal to internal trans attrs
Aug 26 18:33:48.420730: | Child SA TS Request has child->sa == md->st; so using child connection
Aug 26 18:33:48.420732: | TSi: parsing 1 traffic selectors
Aug 26 18:33:48.420734: | ***parse IKEv2 Traffic Selector:
Aug 26 18:33:48.420736: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 18:33:48.420737: |    IP Protocol ID: 0 (0x0)
Aug 26 18:33:48.420739: |    length: 16 (0x10)
Aug 26 18:33:48.420741: |    start port: 0 (0x0)
Aug 26 18:33:48.420742: |    end port: 65535 (0xffff)
Aug 26 18:33:48.420744: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Aug 26 18:33:48.420746: | TS low  c0 00 01 00
Aug 26 18:33:48.420748: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Aug 26 18:33:48.420750: | TS high  c0 00 01 ff
Aug 26 18:33:48.420752: | TSi: parsed 1 traffic selectors
Aug 26 18:33:48.420753: | TSr: parsing 1 traffic selectors
Aug 26 18:33:48.420755: | ***parse IKEv2 Traffic Selector:
Aug 26 18:33:48.420757: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 18:33:48.420758: |    IP Protocol ID: 0 (0x0)
Aug 26 18:33:48.420760: |    length: 16 (0x10)
Aug 26 18:33:48.420761: |    start port: 0 (0x0)
Aug 26 18:33:48.420763: |    end port: 65535 (0xffff)
Aug 26 18:33:48.420764: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Aug 26 18:33:48.420766: | TS low  c0 00 c8 00
Aug 26 18:33:48.420768: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Aug 26 18:33:48.420769: | TS high  c0 00 c8 ff
Aug 26 18:33:48.420771: | TSr: parsed 1 traffic selectors
Aug 26 18:33:48.420772: | looking for best SPD in current connection
Aug 26 18:33:48.420776: | evaluating our conn="westnet-eastnet-ikev2c" I=192.0.1.0/24:0/0 R=192.0.212.0/24:0/0 to their:
Aug 26 18:33:48.420779: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:48.420784: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 18:33:48.420786: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 18:33:48.420787: |           TSi[0] port match: YES fitness 65536
Aug 26 18:33:48.420789: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 18:33:48.420791: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 18:33:48.420794: |     TSr[0] .net=192.0.200.0-192.0.200.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:48.420798: |         match address end->client=192.0.212.0/24 == TSr[0]net=192.0.200.0-192.0.200.255: NO
Aug 26 18:33:48.420799: | looking for better host pair
Aug 26 18:33:48.420802: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 18:33:48.420805: |   checking hostpair 192.0.212.0/24 -> 192.0.1.0/24 is found
Aug 26 18:33:48.420807: |   investigating connection "westnet-eastnet-ikev2c" as a better match
Aug 26 18:33:48.420810: |    match_id a=@west
Aug 26 18:33:48.420811: |             b=@west
Aug 26 18:33:48.420813: |    results  matched
Aug 26 18:33:48.420816: | evaluating our conn="westnet-eastnet-ikev2c" I=192.0.1.0/24:0/0 R=192.0.212.0/24:0/0 to their:
Aug 26 18:33:48.420819: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:48.420822: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 18:33:48.420824: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 18:33:48.420825: |           TSi[0] port match: YES fitness 65536
Aug 26 18:33:48.420827: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 18:33:48.420829: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 18:33:48.420832: |     TSr[0] .net=192.0.200.0-192.0.200.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:48.420835: |         match address end->client=192.0.212.0/24 == TSr[0]net=192.0.200.0-192.0.200.255: NO
Aug 26 18:33:48.420837: |   investigating connection "westnet-eastnet-ikev2b" as a better match
Aug 26 18:33:48.420839: |    match_id a=@west
Aug 26 18:33:48.420840: |             b=@west
Aug 26 18:33:48.420842: |    results  matched
Aug 26 18:33:48.420845: | evaluating our conn="westnet-eastnet-ikev2b" I=192.0.1.0/24:0/0 R=192.0.211.0/24:0/0 to their:
Aug 26 18:33:48.420847: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:48.420850: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 18:33:48.420852: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 18:33:48.420854: |           TSi[0] port match: YES fitness 65536
Aug 26 18:33:48.420856: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 18:33:48.420857: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 18:33:48.420861: |     TSr[0] .net=192.0.200.0-192.0.200.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:48.420864: |         match address end->client=192.0.211.0/24 == TSr[0]net=192.0.200.0-192.0.200.255: NO
Aug 26 18:33:48.420866: |   investigating connection "westnet-eastnet-ikev2a" as a better match
Aug 26 18:33:48.420868: |    match_id a=@west
Aug 26 18:33:48.420869: |             b=@west
Aug 26 18:33:48.420871: |    results  matched
Aug 26 18:33:48.420874: | evaluating our conn="westnet-eastnet-ikev2a" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their:
Aug 26 18:33:48.420876: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:48.420879: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 18:33:48.420881: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 18:33:48.420883: |           TSi[0] port match: YES fitness 65536
Aug 26 18:33:48.420885: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 18:33:48.420886: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 18:33:48.420889: |     TSr[0] .net=192.0.200.0-192.0.200.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:48.420892: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.200.0-192.0.200.255: NO
Aug 26 18:33:48.420894: |   did not find a better connection using host pair
Aug 26 18:33:48.420896: | no best spd route; but the current CK_PERMANENT connection "westnet-eastnet-ikev2c" is not a CK_INSTANCE
Aug 26 18:33:48.420897: | giving up
Aug 26 18:33:48.420901: | #3 spent 0.48 milliseconds in processing: Respond to CREATE_CHILD_SA IPsec SA Request in ikev2_process_state_packet()
Aug 26 18:33:48.420904: | suspend processing: state #1 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:33:48.420907: | start processing: state #3 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:33:48.420910: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_FAIL+v2N_TS_UNACCEPTABLE
Aug 26 18:33:48.420961: | sending a notification reply
Aug 26 18:33:48.420966: "westnet-eastnet-ikev2c" #3: responding to CREATE_CHILD_SA message (ID 2) from 192.1.2.45:500 with encrypted notification TS_UNACCEPTABLE
Aug 26 18:33:48.420968: | Opening output PBS encrypted notification
Aug 26 18:33:48.420970: | **emit ISAKMP Message:
Aug 26 18:33:48.420972: |    initiator cookie:
Aug 26 18:33:48.420973: |   43 f1 0a 6c  96 6d 01 5c
Aug 26 18:33:48.420975: |    responder cookie:
Aug 26 18:33:48.420976: |   ba ec 53 8a  2f 8a 39 7b
Aug 26 18:33:48.420978: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 18:33:48.420980: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:33:48.420982: |    exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24)
Aug 26 18:33:48.420984: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 18:33:48.420985: |    Message ID: 2 (0x2)
Aug 26 18:33:48.420987: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 18:33:48.420989: | ***emit IKEv2 Encryption Payload:
Aug 26 18:33:48.420991: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:48.420993: |    flags: none (0x0)
Aug 26 18:33:48.420995: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Aug 26 18:33:48.421002: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'encrypted notification'
Aug 26 18:33:48.421007: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Aug 26 18:33:48.421021: | Adding a v2N Payload
Aug 26 18:33:48.421025: | ****emit IKEv2 Notify Payload:
Aug 26 18:33:48.421028: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:48.421031: |    flags: none (0x0)
Aug 26 18:33:48.421034: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:33:48.421039: |    SPI size: 0 (0x0)
Aug 26 18:33:48.421042: |    Notify Message Type: v2N_TS_UNACCEPTABLE (0x26)
Aug 26 18:33:48.421047: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 18:33:48.421051: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'encrypted notification'
Aug 26 18:33:48.421054: | emitting length of IKEv2 Notify Payload: 8
Aug 26 18:33:48.421058: | adding 1 bytes of padding (including 1 byte padding-length)
Aug 26 18:33:48.421061: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Aug 26 18:33:48.421065: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Aug 26 18:33:48.421068: | emitting length of IKEv2 Encryption Payload: 37
Aug 26 18:33:48.421071: | emitting length of ISAKMP Message: 65
Aug 26 18:33:48.421085: | sending 65 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Aug 26 18:33:48.421093: |   43 f1 0a 6c  96 6d 01 5c  ba ec 53 8a  2f 8a 39 7b
Aug 26 18:33:48.421096: |   2e 20 24 20  00 00 00 02  00 00 00 41  29 00 00 25
Aug 26 18:33:48.421099: |   00 3d a1 30  05 fd a4 48  5d 1a 1c 36  d0 b8 a3 25
Aug 26 18:33:48.421102: |   12 56 2d 69  b2 94 76 54  fb 54 18 d6  10 b9 b6 e1
Aug 26 18:33:48.421104: |   3a
Aug 26 18:33:48.421133: | forcing #3 to a discard event
Aug 26 18:33:48.421138: | event_schedule: new EVENT_SO_DISCARD-pe@0x563abb7e2e18
Aug 26 18:33:48.421143: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #3
Aug 26 18:33:48.421145: | libevent_malloc: new ptr-libevent@0x7f0428000f48 size 128
Aug 26 18:33:48.421148: | state transition function for STATE_V2_CREATE_R failed: v2N_TS_UNACCEPTABLE
Aug 26 18:33:48.421151: | stop processing: state #3 connection "westnet-eastnet-ikev2c" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 18:33:48.421155: | #1 spent 0.955 milliseconds in ikev2_process_packet()
Aug 26 18:33:48.421158: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 18:33:48.421161: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 18:33:48.421163: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 18:33:48.421165: | spent 0.965 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 18:34:05.256307: | processing global timer EVENT_SHUNT_SCAN
Aug 26 18:34:05.256326: | expiring aged bare shunts from shunt table
Aug 26 18:34:05.256332: | spent 0.00401 milliseconds in global timer EVENT_SHUNT_SCAN