Aug 26 18:34:01.254114: FIPS Product: YES
Aug 26 18:34:01.254210: FIPS Kernel: NO
Aug 26 18:34:01.254214: FIPS Mode: NO
Aug 26 18:34:01.254217: NSS DB directory: sql:/etc/ipsec.d
Aug 26 18:34:01.254380: Initializing NSS
Aug 26 18:34:01.254403: Opening NSS database "sql:/etc/ipsec.d" read-only
Aug 26 18:34:01.279418: NSS initialized
Aug 26 18:34:01.279432: NSS crypto library initialized
Aug 26 18:34:01.279434: FIPS HMAC integrity support [enabled]
Aug 26 18:34:01.279436: FIPS mode disabled for pluto daemon
Aug 26 18:34:01.309579: FIPS HMAC integrity verification self-test FAILED
Aug 26 18:34:01.310042: libcap-ng support [enabled]
Aug 26 18:34:01.310050: Linux audit support [enabled]
Aug 26 18:34:01.310070: Linux audit activated
Aug 26 18:34:01.310074: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2987
Aug 26 18:34:01.310076: core dump dir: /tmp
Aug 26 18:34:01.310078: secrets file: /etc/ipsec.secrets
Aug 26 18:34:01.310079: leak-detective enabled
Aug 26 18:34:01.310081: NSS crypto [enabled]
Aug 26 18:34:01.310082: XAUTH PAM support [enabled]
Aug 26 18:34:01.310137: | libevent is using pluto's memory allocator
Aug 26 18:34:01.310142: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Aug 26 18:34:01.310154: | libevent_malloc: new ptr-libevent@0x55fc3ef21b38 size 40
Aug 26 18:34:01.310160: | libevent_malloc: new ptr-libevent@0x55fc3eef8cd8 size 40
Aug 26 18:34:01.310162: | libevent_malloc: new ptr-libevent@0x55fc3eef8dd8 size 40
Aug 26 18:34:01.310164: | creating event base
Aug 26 18:34:01.310166: | libevent_malloc: new ptr-libevent@0x55fc3ef7d548 size 56
Aug 26 18:34:01.310168: | libevent_malloc: new ptr-libevent@0x55fc3ef215c8 size 664
Aug 26 18:34:01.310177: | libevent_malloc: new ptr-libevent@0x55fc3ef7d5b8 size 24
Aug 26 18:34:01.310179: | libevent_malloc: new ptr-libevent@0x55fc3ef7d608 size 384
Aug 26 18:34:01.310186: | libevent_malloc: new ptr-libevent@0x55fc3ef7d508 size 16
Aug 26 18:34:01.310187: | libevent_malloc: new ptr-libevent@0x55fc3eef8908 size 40
Aug 26 18:34:01.310189: | libevent_malloc: new ptr-libevent@0x55fc3eef8d38 size 48
Aug 26 18:34:01.310192: | libevent_realloc: new ptr-libevent@0x55fc3ef21258 size 256
Aug 26 18:34:01.310194: | libevent_malloc: new ptr-libevent@0x55fc3ef7d7b8 size 16
Aug 26 18:34:01.310198: | libevent_free: release ptr-libevent@0x55fc3ef7d548
Aug 26 18:34:01.310201: | libevent initialized
Aug 26 18:34:01.310203: | libevent_realloc: new ptr-libevent@0x55fc3ef7d548 size 64
Aug 26 18:34:01.310207: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds
Aug 26 18:34:01.310219: | init_nat_traversal() initialized with keep_alive=0s
Aug 26 18:34:01.310221: NAT-Traversal support  [enabled]
Aug 26 18:34:01.310223: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
Aug 26 18:34:01.310227: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized
Aug 26 18:34:01.310229: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
Aug 26 18:34:01.310258: | global one-shot timer EVENT_REVIVE_CONNS initialized
Aug 26 18:34:01.310260: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
Aug 26 18:34:01.310262: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds
Aug 26 18:34:01.310316: Encryption algorithms:
Aug 26 18:34:01.310323:   AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
Aug 26 18:34:01.310326:   AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
Aug 26 18:34:01.310328:   AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
Aug 26 18:34:01.310330:   3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
Aug 26 18:34:01.310332:   CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
Aug 26 18:34:01.310352:   CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
Aug 26 18:34:01.310355:   AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
Aug 26 18:34:01.310357:   AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
Aug 26 18:34:01.310359:   AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
Aug 26 18:34:01.310362:   AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
Aug 26 18:34:01.310364:   AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
Aug 26 18:34:01.310366:   SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
Aug 26 18:34:01.310368:   TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
Aug 26 18:34:01.310371:   TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
Aug 26 18:34:01.310373:   NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_gmac
Aug 26 18:34:01.310375:   NULL                    IKEv1:     ESP     IKEv2:     ESP           []
Aug 26 18:34:01.310377:   CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
Aug 26 18:34:01.310384: Hash algorithms:
Aug 26 18:34:01.310386:   MD5                     IKEv1: IKE         IKEv2:                 
Aug 26 18:34:01.310388:   SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
Aug 26 18:34:01.310390:   SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
Aug 26 18:34:01.310392:   SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
Aug 26 18:34:01.310393:   SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
Aug 26 18:34:01.310402: PRF algorithms:
Aug 26 18:34:01.310404:   HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
Aug 26 18:34:01.310405:   HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
Aug 26 18:34:01.310408:   HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
Aug 26 18:34:01.310410:   HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
Aug 26 18:34:01.310412:   HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
Aug 26 18:34:01.310413:   AES_XCBC                IKEv1:             IKEv2: IKE               aes128_xcbc
Aug 26 18:34:01.310430: Integrity algorithms:
Aug 26 18:34:01.310432:   HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
Aug 26 18:34:01.310434:   HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
Aug 26 18:34:01.310436:   HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, sha2_512_256, hmac_sha2_512
Aug 26 18:34:01.310439:   HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, sha2_384_192, hmac_sha2_384
Aug 26 18:34:01.310441:   HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Aug 26 18:34:01.310443:   HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH      
Aug 26 18:34:01.310445:   AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH        aes_xcbc, aes128_xcbc, aes128_xcbc_96
Aug 26 18:34:01.310447:   AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
Aug 26 18:34:01.310449:   NONE                    IKEv1:     ESP     IKEv2: IKE ESP     FIPS  null
Aug 26 18:34:01.310471: DH algorithms:
Aug 26 18:34:01.310474:   NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
Aug 26 18:34:01.310475:   MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
Aug 26 18:34:01.310477:   MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
Aug 26 18:34:01.310481:   MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
Aug 26 18:34:01.310483:   MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
Aug 26 18:34:01.310485:   MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
Aug 26 18:34:01.310487:   MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
Aug 26 18:34:01.310501:   DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256, ecp256
Aug 26 18:34:01.310503:   DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384, ecp384
Aug 26 18:34:01.310505:   DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521, ecp521
Aug 26 18:34:01.310507:   DH31                    IKEv1: IKE         IKEv2: IKE ESP AH        curve25519
Aug 26 18:34:01.310509: testing CAMELLIA_CBC:
Aug 26 18:34:01.310511:   Camellia: 16 bytes with 128-bit key
Aug 26 18:34:01.310629:   Camellia: 16 bytes with 128-bit key
Aug 26 18:34:01.310648:   Camellia: 16 bytes with 256-bit key
Aug 26 18:34:01.310666:   Camellia: 16 bytes with 256-bit key
Aug 26 18:34:01.310684: testing AES_GCM_16:
Aug 26 18:34:01.310686:   empty string
Aug 26 18:34:01.310704:   one block
Aug 26 18:34:01.310720:   two blocks
Aug 26 18:34:01.310736:   two blocks with associated data
Aug 26 18:34:01.310751: testing AES_CTR:
Aug 26 18:34:01.310753:   Encrypting 16 octets using AES-CTR with 128-bit key
Aug 26 18:34:01.310770:   Encrypting 32 octets using AES-CTR with 128-bit key
Aug 26 18:34:01.310786:   Encrypting 36 octets using AES-CTR with 128-bit key
Aug 26 18:34:01.310805:   Encrypting 16 octets using AES-CTR with 192-bit key
Aug 26 18:34:01.310821:   Encrypting 32 octets using AES-CTR with 192-bit key
Aug 26 18:34:01.310838:   Encrypting 36 octets using AES-CTR with 192-bit key
Aug 26 18:34:01.310854:   Encrypting 16 octets using AES-CTR with 256-bit key
Aug 26 18:34:01.310870:   Encrypting 32 octets using AES-CTR with 256-bit key
Aug 26 18:34:01.310887:   Encrypting 36 octets using AES-CTR with 256-bit key
Aug 26 18:34:01.310904: testing AES_CBC:
Aug 26 18:34:01.310906:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Aug 26 18:34:01.310922:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Aug 26 18:34:01.310939:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Aug 26 18:34:01.310956:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Aug 26 18:34:01.310975: testing AES_XCBC:
Aug 26 18:34:01.310978:   RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input
Aug 26 18:34:01.311050:   RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input
Aug 26 18:34:01.311128:   RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input
Aug 26 18:34:01.311201:   RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input
Aug 26 18:34:01.311312:   RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input
Aug 26 18:34:01.311497:   RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input
Aug 26 18:34:01.311717:   RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input
Aug 26 18:34:01.312034:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Aug 26 18:34:01.312149:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Aug 26 18:34:01.312266:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Aug 26 18:34:01.312513: testing HMAC_MD5:
Aug 26 18:34:01.312519:   RFC 2104: MD5_HMAC test 1
Aug 26 18:34:01.312629:   RFC 2104: MD5_HMAC test 2
Aug 26 18:34:01.312737:   RFC 2104: MD5_HMAC test 3
Aug 26 18:34:01.312901: 8 CPU cores online
Aug 26 18:34:01.312905: starting up 7 crypto helpers
Aug 26 18:34:01.312934: started thread for crypto helper 0
Aug 26 18:34:01.312960: | starting up helper thread 0
Aug 26 18:34:01.312971: | starting up helper thread 1
Aug 26 18:34:01.312982: | status value returned by setting the priority of this thread (crypto helper 1) 22
Aug 26 18:34:01.312982: | status value returned by setting the priority of this thread (crypto helper 0) 22
Aug 26 18:34:01.312990: | crypto helper 1 waiting (nothing to do)
Aug 26 18:34:01.312966: started thread for crypto helper 1
Aug 26 18:34:01.313031: | crypto helper 0 waiting (nothing to do)
Aug 26 18:34:01.313063: started thread for crypto helper 2
Aug 26 18:34:01.313065: | starting up helper thread 2
Aug 26 18:34:01.313075: | status value returned by setting the priority of this thread (crypto helper 2) 22
Aug 26 18:34:01.313078: | crypto helper 2 waiting (nothing to do)
Aug 26 18:34:01.313086: started thread for crypto helper 3
Aug 26 18:34:01.313088: | starting up helper thread 3
Aug 26 18:34:01.313095: | status value returned by setting the priority of this thread (crypto helper 3) 22
Aug 26 18:34:01.313096: | crypto helper 3 waiting (nothing to do)
Aug 26 18:34:01.313105: started thread for crypto helper 4
Aug 26 18:34:01.313108: | starting up helper thread 4
Aug 26 18:34:01.313117: | status value returned by setting the priority of this thread (crypto helper 4) 22
Aug 26 18:34:01.313120: | crypto helper 4 waiting (nothing to do)
Aug 26 18:34:01.313131: started thread for crypto helper 5
Aug 26 18:34:01.313145: started thread for crypto helper 6
Aug 26 18:34:01.313147: | starting up helper thread 6
Aug 26 18:34:01.313151: | status value returned by setting the priority of this thread (crypto helper 6) 22
Aug 26 18:34:01.313151: | checking IKEv1 state table
Aug 26 18:34:01.313162: | starting up helper thread 5
Aug 26 18:34:01.313167: | status value returned by setting the priority of this thread (crypto helper 5) 22
Aug 26 18:34:01.313154: | crypto helper 6 waiting (nothing to do)
Aug 26 18:34:01.313168: |   MAIN_R0: category: half-open IKE SA flags: 0:
Aug 26 18:34:01.313184: |     -> MAIN_R1 EVENT_SO_DISCARD
Aug 26 18:34:01.313184: | crypto helper 5 waiting (nothing to do)
Aug 26 18:34:01.313188: |   MAIN_I1: category: half-open IKE SA flags: 0:
Aug 26 18:34:01.313194: |     -> MAIN_I2 EVENT_RETRANSMIT
Aug 26 18:34:01.313196: |   MAIN_R1: category: open IKE SA flags: 200:
Aug 26 18:34:01.313198: |     -> MAIN_R2 EVENT_RETRANSMIT
Aug 26 18:34:01.313200: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 18:34:01.313201: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 18:34:01.313203: |   MAIN_I2: category: open IKE SA flags: 0:
Aug 26 18:34:01.313204: |     -> MAIN_I3 EVENT_RETRANSMIT
Aug 26 18:34:01.313206: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 18:34:01.313207: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 18:34:01.313209: |   MAIN_R2: category: open IKE SA flags: 0:
Aug 26 18:34:01.313210: |     -> MAIN_R3 EVENT_SA_REPLACE
Aug 26 18:34:01.313212: |     -> MAIN_R3 EVENT_SA_REPLACE
Aug 26 18:34:01.313213: |     -> UNDEFINED EVENT_SA_REPLACE
Aug 26 18:34:01.313215: |   MAIN_I3: category: open IKE SA flags: 0:
Aug 26 18:34:01.313217: |     -> MAIN_I4 EVENT_SA_REPLACE
Aug 26 18:34:01.313218: |     -> MAIN_I4 EVENT_SA_REPLACE
Aug 26 18:34:01.313219: |     -> UNDEFINED EVENT_SA_REPLACE
Aug 26 18:34:01.313221: |   MAIN_R3: category: established IKE SA flags: 200:
Aug 26 18:34:01.313223: |     -> UNDEFINED EVENT_NULL
Aug 26 18:34:01.313225: |   MAIN_I4: category: established IKE SA flags: 0:
Aug 26 18:34:01.313226: |     -> UNDEFINED EVENT_NULL
Aug 26 18:34:01.313228: |   AGGR_R0: category: half-open IKE SA flags: 0:
Aug 26 18:34:01.313229: |     -> AGGR_R1 EVENT_SO_DISCARD
Aug 26 18:34:01.313231: |   AGGR_I1: category: half-open IKE SA flags: 0:
Aug 26 18:34:01.313232: |     -> AGGR_I2 EVENT_SA_REPLACE
Aug 26 18:34:01.313234: |     -> AGGR_I2 EVENT_SA_REPLACE
Aug 26 18:34:01.313236: |   AGGR_R1: category: open IKE SA flags: 200:
Aug 26 18:34:01.313237: |     -> AGGR_R2 EVENT_SA_REPLACE
Aug 26 18:34:01.313239: |     -> AGGR_R2 EVENT_SA_REPLACE
Aug 26 18:34:01.313240: |   AGGR_I2: category: established IKE SA flags: 200:
Aug 26 18:34:01.313242: |     -> UNDEFINED EVENT_NULL
Aug 26 18:34:01.313243: |   AGGR_R2: category: established IKE SA flags: 0:
Aug 26 18:34:01.313245: |     -> UNDEFINED EVENT_NULL
Aug 26 18:34:01.313247: |   QUICK_R0: category: established CHILD SA flags: 0:
Aug 26 18:34:01.313248: |     -> QUICK_R1 EVENT_RETRANSMIT
Aug 26 18:34:01.313253: |   QUICK_I1: category: established CHILD SA flags: 0:
Aug 26 18:34:01.313254: |     -> QUICK_I2 EVENT_SA_REPLACE
Aug 26 18:34:01.313256: |   QUICK_R1: category: established CHILD SA flags: 0:
Aug 26 18:34:01.313258: |     -> QUICK_R2 EVENT_SA_REPLACE
Aug 26 18:34:01.313259: |   QUICK_I2: category: established CHILD SA flags: 200:
Aug 26 18:34:01.313261: |     -> UNDEFINED EVENT_NULL
Aug 26 18:34:01.313262: |   QUICK_R2: category: established CHILD SA flags: 0:
Aug 26 18:34:01.313264: |     -> UNDEFINED EVENT_NULL
Aug 26 18:34:01.313266: |   INFO: category: informational flags: 0:
Aug 26 18:34:01.313267: |     -> UNDEFINED EVENT_NULL
Aug 26 18:34:01.313269: |   INFO_PROTECTED: category: informational flags: 0:
Aug 26 18:34:01.313270: |     -> UNDEFINED EVENT_NULL
Aug 26 18:34:01.313272: |   XAUTH_R0: category: established IKE SA flags: 0:
Aug 26 18:34:01.313274: |     -> XAUTH_R1 EVENT_NULL
Aug 26 18:34:01.313275: |   XAUTH_R1: category: established IKE SA flags: 0:
Aug 26 18:34:01.313277: |     -> MAIN_R3 EVENT_SA_REPLACE
Aug 26 18:34:01.313278: |   MODE_CFG_R0: category: informational flags: 0:
Aug 26 18:34:01.313280: |     -> MODE_CFG_R1 EVENT_SA_REPLACE
Aug 26 18:34:01.313282: |   MODE_CFG_R1: category: established IKE SA flags: 0:
Aug 26 18:34:01.313283: |     -> MODE_CFG_R2 EVENT_SA_REPLACE
Aug 26 18:34:01.313285: |   MODE_CFG_R2: category: established IKE SA flags: 0:
Aug 26 18:34:01.313286: |     -> UNDEFINED EVENT_NULL
Aug 26 18:34:01.313316: |   MODE_CFG_I1: category: established IKE SA flags: 0:
Aug 26 18:34:01.313321: |     -> MAIN_I4 EVENT_SA_REPLACE
Aug 26 18:34:01.313323: |   XAUTH_I0: category: established IKE SA flags: 0:
Aug 26 18:34:01.313324: |     -> XAUTH_I1 EVENT_RETRANSMIT
Aug 26 18:34:01.313326: |   XAUTH_I1: category: established IKE SA flags: 0:
Aug 26 18:34:01.313328: |     -> MAIN_I4 EVENT_RETRANSMIT
Aug 26 18:34:01.313332: | checking IKEv2 state table
Aug 26 18:34:01.313338: |   PARENT_I0: category: ignore flags: 0:
Aug 26 18:34:01.313341: |     -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT)
Aug 26 18:34:01.313344: |   PARENT_I1: category: half-open IKE SA flags: 0:
Aug 26 18:34:01.313346: |     -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification)
Aug 26 18:34:01.313349: |     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH)
Aug 26 18:34:01.313351: |   PARENT_I2: category: open IKE SA flags: 0:
Aug 26 18:34:01.313354: |     -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification)
Aug 26 18:34:01.313357: |     -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification)
Aug 26 18:34:01.313360: |     -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification)
Aug 26 18:34:01.313362: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response)
Aug 26 18:34:01.313365: |     -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification)
Aug 26 18:34:01.313368: |   PARENT_I3: category: established IKE SA flags: 0:
Aug 26 18:34:01.313371: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Request)
Aug 26 18:34:01.313373: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Response)
Aug 26 18:34:01.313376: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request)
Aug 26 18:34:01.313378: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response)
Aug 26 18:34:01.313379: |   PARENT_R0: category: half-open IKE SA flags: 0:
Aug 26 18:34:01.313381: |     -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT)
Aug 26 18:34:01.313383: |   PARENT_R1: category: half-open IKE SA flags: 0:
Aug 26 18:34:01.313385: |     -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED))
Aug 26 18:34:01.313387: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request)
Aug 26 18:34:01.313389: |   PARENT_R2: category: established IKE SA flags: 0:
Aug 26 18:34:01.313392: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request)
Aug 26 18:34:01.313397: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response)
Aug 26 18:34:01.313400: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request)
Aug 26 18:34:01.313403: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response)
Aug 26 18:34:01.313406: |   V2_CREATE_I0: category: established IKE SA flags: 0:
Aug 26 18:34:01.313408: |     -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA)
Aug 26 18:34:01.313413: |   V2_CREATE_I: category: established IKE SA flags: 0:
Aug 26 18:34:01.313415: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response)
Aug 26 18:34:01.313418: |   V2_REKEY_IKE_I0: category: established IKE SA flags: 0:
Aug 26 18:34:01.313421: |     -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey)
Aug 26 18:34:01.313423: |   V2_REKEY_IKE_I: category: established IKE SA flags: 0:
Aug 26 18:34:01.313426: |     -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response)
Aug 26 18:34:01.313429: |   V2_REKEY_CHILD_I0: category: established IKE SA flags: 0:
Aug 26 18:34:01.313432: |     -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA)
Aug 26 18:34:01.313435: |   V2_REKEY_CHILD_I: category: established IKE SA flags: 0: <none>
Aug 26 18:34:01.313438: |   V2_CREATE_R: category: established IKE SA flags: 0:
Aug 26 18:34:01.313440: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request)
Aug 26 18:34:01.313443: |   V2_REKEY_IKE_R: category: established IKE SA flags: 0:
Aug 26 18:34:01.313446: |     -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey)
Aug 26 18:34:01.313449: |   V2_REKEY_CHILD_R: category: established IKE SA flags: 0: <none>
Aug 26 18:34:01.313452: |   V2_IPSEC_I: category: established CHILD SA flags: 0: <none>
Aug 26 18:34:01.313454: |   V2_IPSEC_R: category: established CHILD SA flags: 0: <none>
Aug 26 18:34:01.313457: |   IKESA_DEL: category: established IKE SA flags: 0:
Aug 26 18:34:01.313460: |     -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
Aug 26 18:34:01.313463: |   CHILDSA_DEL: category: informational flags: 0: <none>
Aug 26 18:34:01.313474: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64
Aug 26 18:34:01.313835: | Hard-wiring algorithms
Aug 26 18:34:01.313843: | adding AES_CCM_16 to kernel algorithm db
Aug 26 18:34:01.313849: | adding AES_CCM_12 to kernel algorithm db
Aug 26 18:34:01.313853: | adding AES_CCM_8 to kernel algorithm db
Aug 26 18:34:01.313856: | adding 3DES_CBC to kernel algorithm db
Aug 26 18:34:01.313860: | adding CAMELLIA_CBC to kernel algorithm db
Aug 26 18:34:01.313864: | adding AES_GCM_16 to kernel algorithm db
Aug 26 18:34:01.313867: | adding AES_GCM_12 to kernel algorithm db
Aug 26 18:34:01.313870: | adding AES_GCM_8 to kernel algorithm db
Aug 26 18:34:01.313873: | adding AES_CTR to kernel algorithm db
Aug 26 18:34:01.313877: | adding AES_CBC to kernel algorithm db
Aug 26 18:34:01.313880: | adding SERPENT_CBC to kernel algorithm db
Aug 26 18:34:01.313884: | adding TWOFISH_CBC to kernel algorithm db
Aug 26 18:34:01.313887: | adding NULL_AUTH_AES_GMAC to kernel algorithm db
Aug 26 18:34:01.313891: | adding NULL to kernel algorithm db
Aug 26 18:34:01.313894: | adding CHACHA20_POLY1305 to kernel algorithm db
Aug 26 18:34:01.313898: | adding HMAC_MD5_96 to kernel algorithm db
Aug 26 18:34:01.313901: | adding HMAC_SHA1_96 to kernel algorithm db
Aug 26 18:34:01.313905: | adding HMAC_SHA2_512_256 to kernel algorithm db
Aug 26 18:34:01.313908: | adding HMAC_SHA2_384_192 to kernel algorithm db
Aug 26 18:34:01.313911: | adding HMAC_SHA2_256_128 to kernel algorithm db
Aug 26 18:34:01.313915: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
Aug 26 18:34:01.313918: | adding AES_XCBC_96 to kernel algorithm db
Aug 26 18:34:01.313921: | adding AES_CMAC_96 to kernel algorithm db
Aug 26 18:34:01.313924: | adding NONE to kernel algorithm db
Aug 26 18:34:01.313949: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes
Aug 26 18:34:01.313957: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
Aug 26 18:34:01.313961: | setup kernel fd callback
Aug 26 18:34:01.313966: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55fc3ef820c8
Aug 26 18:34:01.313971: | libevent_malloc: new ptr-libevent@0x55fc3ef66648 size 128
Aug 26 18:34:01.313976: | libevent_malloc: new ptr-libevent@0x55fc3ef821d8 size 16
Aug 26 18:34:01.313983: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55fc3ef82c08
Aug 26 18:34:01.313987: | libevent_malloc: new ptr-libevent@0x55fc3ef247c8 size 128
Aug 26 18:34:01.313991: | libevent_malloc: new ptr-libevent@0x55fc3ef82bc8 size 16
Aug 26 18:34:01.314295: | global one-shot timer EVENT_CHECK_CRLS initialized
Aug 26 18:34:01.314312: selinux support is enabled.
Aug 26 18:34:01.315067: | unbound context created - setting debug level to 5
Aug 26 18:34:01.315098: | /etc/hosts lookups activated
Aug 26 18:34:01.315116: | /etc/resolv.conf usage activated
Aug 26 18:34:01.315190: | outgoing-port-avoid set 0-65535
Aug 26 18:34:01.315224: | outgoing-port-permit set 32768-60999
Aug 26 18:34:01.315227: | Loading dnssec root key from:/var/lib/unbound/root.key
Aug 26 18:34:01.315231: | No additional dnssec trust anchors defined via dnssec-trusted= option
Aug 26 18:34:01.315234: | Setting up events, loop start
Aug 26 18:34:01.315238: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55fc3ef82c78
Aug 26 18:34:01.315242: | libevent_malloc: new ptr-libevent@0x55fc3ef8ef08 size 128
Aug 26 18:34:01.315247: | libevent_malloc: new ptr-libevent@0x55fc3ef9a1d8 size 16
Aug 26 18:34:01.315254: | libevent_realloc: new ptr-libevent@0x55fc3ef9a218 size 256
Aug 26 18:34:01.315258: | libevent_malloc: new ptr-libevent@0x55fc3ef9a348 size 8
Aug 26 18:34:01.315263: | libevent_realloc: new ptr-libevent@0x55fc3ef22d78 size 144
Aug 26 18:34:01.315267: | libevent_malloc: new ptr-libevent@0x55fc3ef25ef8 size 152
Aug 26 18:34:01.315271: | libevent_malloc: new ptr-libevent@0x55fc3ef9a388 size 16
Aug 26 18:34:01.315275: | signal event handler PLUTO_SIGCHLD installed
Aug 26 18:34:01.315279: | libevent_malloc: new ptr-libevent@0x55fc3ef9a3c8 size 8
Aug 26 18:34:01.315282: | libevent_malloc: new ptr-libevent@0x55fc3ef9a408 size 152
Aug 26 18:34:01.315285: | signal event handler PLUTO_SIGTERM installed
Aug 26 18:34:01.315303: | libevent_malloc: new ptr-libevent@0x55fc3ef9a4d8 size 8
Aug 26 18:34:01.315310: | libevent_malloc: new ptr-libevent@0x55fc3ef9a518 size 152
Aug 26 18:34:01.315314: | signal event handler PLUTO_SIGHUP installed
Aug 26 18:34:01.315317: | libevent_malloc: new ptr-libevent@0x55fc3ef9a5e8 size 8
Aug 26 18:34:01.315320: | libevent_realloc: release ptr-libevent@0x55fc3ef22d78
Aug 26 18:34:01.315323: | libevent_realloc: new ptr-libevent@0x55fc3ef9a628 size 256
Aug 26 18:34:01.315326: | libevent_malloc: new ptr-libevent@0x55fc3ef9a758 size 152
Aug 26 18:34:01.315329: | signal event handler PLUTO_SIGSYS installed
Aug 26 18:34:01.315642: | created addconn helper (pid:3034) using fork+execve
Aug 26 18:34:01.315656: | forked child 3034
Aug 26 18:34:01.315921: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:34:01.315933: listening for IKE messages
Aug 26 18:34:01.334520: | Inspecting interface lo 
Aug 26 18:34:01.334542: | found lo with address 127.0.0.1
Aug 26 18:34:01.334547: | Inspecting interface eth0 
Aug 26 18:34:01.334552: | found eth0 with address 192.0.2.254
Aug 26 18:34:01.334555: | Inspecting interface eth1 
Aug 26 18:34:01.334560: | found eth1 with address 192.1.2.23
Aug 26 18:34:01.334661: Kernel supports NIC esp-hw-offload
Aug 26 18:34:01.334691: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500
Aug 26 18:34:01.334781: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 18:34:01.334790: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 18:34:01.334796: adding interface eth1/eth1 192.1.2.23:4500
Aug 26 18:34:01.334834: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500
Aug 26 18:34:01.334860: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 18:34:01.334866: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 18:34:01.334871: adding interface eth0/eth0 192.0.2.254:4500
Aug 26 18:34:01.334899: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
Aug 26 18:34:01.334922: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 18:34:01.334928: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 18:34:01.334932: adding interface lo/lo 127.0.0.1:4500
Aug 26 18:34:01.335022: | no interfaces to sort
Aug 26 18:34:01.335029: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Aug 26 18:34:01.335038: | add_fd_read_event_handler: new ethX-pe@0x55fc3ef9aca8
Aug 26 18:34:01.335043: | libevent_malloc: new ptr-libevent@0x55fc3ef8ee58 size 128
Aug 26 18:34:01.335048: | libevent_malloc: new ptr-libevent@0x55fc3ef9ad18 size 16
Aug 26 18:34:01.335057: | setup callback for interface lo 127.0.0.1:4500 fd 22
Aug 26 18:34:01.335061: | add_fd_read_event_handler: new ethX-pe@0x55fc3ef9ad58
Aug 26 18:34:01.335065: | libevent_malloc: new ptr-libevent@0x55fc3ef219b8 size 128
Aug 26 18:34:01.335069: | libevent_malloc: new ptr-libevent@0x55fc3ef9adc8 size 16
Aug 26 18:34:01.335075: | setup callback for interface lo 127.0.0.1:500 fd 21
Aug 26 18:34:01.335079: | add_fd_read_event_handler: new ethX-pe@0x55fc3ef9ae08
Aug 26 18:34:01.335083: | libevent_malloc: new ptr-libevent@0x55fc3ef24e48 size 128
Aug 26 18:34:01.335087: | libevent_malloc: new ptr-libevent@0x55fc3ef9ae78 size 16
Aug 26 18:34:01.335093: | setup callback for interface eth0 192.0.2.254:4500 fd 20
Aug 26 18:34:01.335097: | add_fd_read_event_handler: new ethX-pe@0x55fc3ef9aeb8
Aug 26 18:34:01.335102: | libevent_malloc: new ptr-libevent@0x55fc3ef25a68 size 128
Aug 26 18:34:01.335105: | libevent_malloc: new ptr-libevent@0x55fc3ef9af28 size 16
Aug 26 18:34:01.335110: | setup callback for interface eth0 192.0.2.254:500 fd 19
Aug 26 18:34:01.335114: | add_fd_read_event_handler: new ethX-pe@0x55fc3ef9af68
Aug 26 18:34:01.335119: | libevent_malloc: new ptr-libevent@0x55fc3eef94e8 size 128
Aug 26 18:34:01.335123: | libevent_malloc: new ptr-libevent@0x55fc3ef9afd8 size 16
Aug 26 18:34:01.335129: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Aug 26 18:34:01.335133: | add_fd_read_event_handler: new ethX-pe@0x55fc3ef9b018
Aug 26 18:34:01.335137: | libevent_malloc: new ptr-libevent@0x55fc3eef91d8 size 128
Aug 26 18:34:01.335141: | libevent_malloc: new ptr-libevent@0x55fc3ef9b088 size 16
Aug 26 18:34:01.335147: | setup callback for interface eth1 192.1.2.23:500 fd 17
Aug 26 18:34:01.335153: | certs and keys locked by 'free_preshared_secrets'
Aug 26 18:34:01.335157: | certs and keys unlocked by 'free_preshared_secrets'
Aug 26 18:34:01.335179: loading secrets from "/etc/ipsec.secrets"
Aug 26 18:34:01.335193: | id type added to secret(0x55fc3eef4b58) PKK_PSK: @west
Aug 26 18:34:01.335199: | id type added to secret(0x55fc3eef4b58) PKK_PSK: @east
Aug 26 18:34:01.335205: | Processing PSK at line 1: passed
Aug 26 18:34:01.335209: | certs and keys locked by 'process_secret'
Aug 26 18:34:01.335213: | certs and keys unlocked by 'process_secret'
Aug 26 18:34:01.335225: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:34:01.335233: | spent 1.07 milliseconds in whack
Aug 26 18:34:01.340898: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:34:01.340924: listening for IKE messages
Aug 26 18:34:01.340959: | Inspecting interface lo 
Aug 26 18:34:01.340967: | found lo with address 127.0.0.1
Aug 26 18:34:01.340970: | Inspecting interface eth0 
Aug 26 18:34:01.340975: | found eth0 with address 192.0.2.254
Aug 26 18:34:01.340978: | Inspecting interface eth1 
Aug 26 18:34:01.340983: | found eth1 with address 192.1.2.23
Aug 26 18:34:01.341039: | no interfaces to sort
Aug 26 18:34:01.341052: | libevent_free: release ptr-libevent@0x55fc3ef8ee58
Aug 26 18:34:01.341054: | free_event_entry: release EVENT_NULL-pe@0x55fc3ef9aca8
Aug 26 18:34:01.341057: | add_fd_read_event_handler: new ethX-pe@0x55fc3ef9aca8
Aug 26 18:34:01.341059: | libevent_malloc: new ptr-libevent@0x55fc3ef8ee58 size 128
Aug 26 18:34:01.341064: | setup callback for interface lo 127.0.0.1:4500 fd 22
Aug 26 18:34:01.341066: | libevent_free: release ptr-libevent@0x55fc3ef219b8
Aug 26 18:34:01.341068: | free_event_entry: release EVENT_NULL-pe@0x55fc3ef9ad58
Aug 26 18:34:01.341070: | add_fd_read_event_handler: new ethX-pe@0x55fc3ef9ad58
Aug 26 18:34:01.341071: | libevent_malloc: new ptr-libevent@0x55fc3ef219b8 size 128
Aug 26 18:34:01.341075: | setup callback for interface lo 127.0.0.1:500 fd 21
Aug 26 18:34:01.341077: | libevent_free: release ptr-libevent@0x55fc3ef24e48
Aug 26 18:34:01.341079: | free_event_entry: release EVENT_NULL-pe@0x55fc3ef9ae08
Aug 26 18:34:01.341081: | add_fd_read_event_handler: new ethX-pe@0x55fc3ef9ae08
Aug 26 18:34:01.341083: | libevent_malloc: new ptr-libevent@0x55fc3ef24e48 size 128
Aug 26 18:34:01.341086: | setup callback for interface eth0 192.0.2.254:4500 fd 20
Aug 26 18:34:01.341088: | libevent_free: release ptr-libevent@0x55fc3ef25a68
Aug 26 18:34:01.341090: | free_event_entry: release EVENT_NULL-pe@0x55fc3ef9aeb8
Aug 26 18:34:01.341092: | add_fd_read_event_handler: new ethX-pe@0x55fc3ef9aeb8
Aug 26 18:34:01.341093: | libevent_malloc: new ptr-libevent@0x55fc3ef25a68 size 128
Aug 26 18:34:01.341096: | setup callback for interface eth0 192.0.2.254:500 fd 19
Aug 26 18:34:01.341099: | libevent_free: release ptr-libevent@0x55fc3eef94e8
Aug 26 18:34:01.341100: | free_event_entry: release EVENT_NULL-pe@0x55fc3ef9af68
Aug 26 18:34:01.341102: | add_fd_read_event_handler: new ethX-pe@0x55fc3ef9af68
Aug 26 18:34:01.341104: | libevent_malloc: new ptr-libevent@0x55fc3eef94e8 size 128
Aug 26 18:34:01.341107: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Aug 26 18:34:01.341109: | libevent_free: release ptr-libevent@0x55fc3eef91d8
Aug 26 18:34:01.341111: | free_event_entry: release EVENT_NULL-pe@0x55fc3ef9b018
Aug 26 18:34:01.341113: | add_fd_read_event_handler: new ethX-pe@0x55fc3ef9b018
Aug 26 18:34:01.341114: | libevent_malloc: new ptr-libevent@0x55fc3eef91d8 size 128
Aug 26 18:34:01.341117: | setup callback for interface eth1 192.1.2.23:500 fd 17
Aug 26 18:34:01.341120: | certs and keys locked by 'free_preshared_secrets'
Aug 26 18:34:01.341121: forgetting secrets
Aug 26 18:34:01.341127: | certs and keys unlocked by 'free_preshared_secrets'
Aug 26 18:34:01.341138: loading secrets from "/etc/ipsec.secrets"
Aug 26 18:34:01.341145: | id type added to secret(0x55fc3eef4b58) PKK_PSK: @west
Aug 26 18:34:01.341147: | id type added to secret(0x55fc3eef4b58) PKK_PSK: @east
Aug 26 18:34:01.341150: | Processing PSK at line 1: passed
Aug 26 18:34:01.341152: | certs and keys locked by 'process_secret'
Aug 26 18:34:01.341154: | certs and keys unlocked by 'process_secret'
Aug 26 18:34:01.341161: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:34:01.341165: | spent 0.277 milliseconds in whack
Aug 26 18:34:01.341792: | processing signal PLUTO_SIGCHLD
Aug 26 18:34:01.341810: | waitpid returned pid 3034 (exited with status 0)
Aug 26 18:34:01.341815: | reaped addconn helper child (status 0)
Aug 26 18:34:01.341821: | waitpid returned ECHILD (no child processes left)
Aug 26 18:34:01.341827: | spent 0.0205 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 18:34:01.411227: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:34:01.411247: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 18:34:01.411249: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 18:34:01.411251: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 18:34:01.411253: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 18:34:01.411256: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 18:34:01.411262: | Added new connection east with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 18:34:01.411322: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Aug 26 18:34:01.411327: | from whack: got --esp=
Aug 26 18:34:01.411352: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Aug 26 18:34:01.411356: | counting wild cards for @west is 0
Aug 26 18:34:01.411358: | counting wild cards for @east is 0
Aug 26 18:34:01.411366: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none
Aug 26 18:34:01.411368: | new hp@0x55fc3ef9d368
Aug 26 18:34:01.411370: added connection description "east"
Aug 26 18:34:01.411380: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 5s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 18:34:01.411387: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24
Aug 26 18:34:01.411395: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:34:01.411401: | spent 0.167 milliseconds in whack
Aug 26 18:34:01.411439: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:34:01.411447: add keyid @west
Aug 26 18:34:01.411450: | add pubkey  01 03 a6 f5  d6 3f e3 8f  6c 01 6a fc  7b 7c 6d 57
Aug 26 18:34:01.411451: | add pubkey  8b 49 39 0d  77 f7 ac e2  85 f1 98 1e  4b 6d a5 3e
Aug 26 18:34:01.411453: | add pubkey  b3 96 9a d1  99 5a bc 10  f2 97 de f2  28 f9 5f 92
Aug 26 18:34:01.411454: | add pubkey  09 f0 c8 d4  12 e4 60 6e  9c 60 98 10  01 7d 26 b7
Aug 26 18:34:01.411456: | add pubkey  8f 95 62 2d  87 dd cd de  f6 d3 8f 35  b0 50 d0 18
Aug 26 18:34:01.411457: | add pubkey  f5 99 f8 04  f1 ff 61 5b  bc 7f 1f c0  04 d8 e4 8c
Aug 26 18:34:01.411459: | add pubkey  ac 34 ad 7a  c1 da 3c 2d  8c 30 ae d6  3c 59 b1 3a
Aug 26 18:34:01.411461: | add pubkey  94 d3 d5 2a  73 91 bd 59  5f 3e 72 bf  4a 1b 9d c5
Aug 26 18:34:01.411462: | add pubkey  b2 2b 4d e7  0d 24 3e 77  f9 7f 2d d6  9d 29 ef 70
Aug 26 18:34:01.411464: | add pubkey  7d 7a 6d a2  b8 61 0c 4b  09 4a 06 71  84 70 85 9a
Aug 26 18:34:01.411465: | add pubkey  8f 52 a1 80  06 fd c6 fc  3e 27 fa 16  fa 32 83 a9
Aug 26 18:34:01.411467: | add pubkey  ca 80 db 0f  4a bf f7 e9  55 8e bd 29  4d 23 a6 dc
Aug 26 18:34:01.411468: | add pubkey  2a b3 5d 62  a9 21 1e be  83 d8 69 3c  03 0a 48 8e
Aug 26 18:34:01.411470: | add pubkey  d3 3a 11 f2  86 5a d1 30  65 bd c8 f4  83 87 ff 04
Aug 26 18:34:01.411471: | add pubkey  87 33 05 4f  e0 d8 8c fe  b3 19 4c dd  85 40 f3 4d
Aug 26 18:34:01.411473: | add pubkey  6e e8 49 14  06 2c 1f 59  59 05 8f 20  b0 ca 46 3f
Aug 26 18:34:01.411474: | add pubkey  c9 20 7e 04  30 7d 9a 80  6c 3f 0a 89  f7 d3 af d8
Aug 26 18:34:01.411476: | add pubkey  15 04 37 f9
Aug 26 18:34:01.411507: | computed rsa CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Aug 26 18:34:01.411509: | computed rsa CKAID  7f 0f 03 50
Aug 26 18:34:01.411518: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:34:01.411521: | spent 0.086 milliseconds in whack
Aug 26 18:34:01.411552: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:34:01.411558: add keyid @east
Aug 26 18:34:01.411561: | add pubkey  01 03 bd 6c  96 eb df 78  89 b3 ed 77  0d a1 7f 7b
Aug 26 18:34:01.411562: | add pubkey  e5 16 c2 c9  e4 7d 92 0a  90 9d 55 43  b4 62 13 03
Aug 26 18:34:01.411564: | add pubkey  85 7a e0 26  7b 54 1f ca  09 93 cf ff  25 c9 02 4c
Aug 26 18:34:01.411566: | add pubkey  78 ca 94 e5  3e ac d1 f9  a8 e5 bb 7f  cc 20 84 e0
Aug 26 18:34:01.411570: | add pubkey  21 c9 f0 0d  c5 44 ba f3  48 64 61 58  f6 0f 63 0d
Aug 26 18:34:01.411571: | add pubkey  d2 67 1e 59  8b ec f3 50  39 71 fb 39  da 11 64 b6
Aug 26 18:34:01.411573: | add pubkey  62 cd 5f d3  8d 2e c1 50  ed 9c 6e 22  0c 39 a7 ce
Aug 26 18:34:01.411575: | add pubkey  62 b5 af 8a  80 0f 2e 4c  05 5c 82 c7  8d 29 02 2e
Aug 26 18:34:01.411576: | add pubkey  bb 23 5f db  f2 9e b5 7d  e2 20 70 1a  63 f3 8e 5d
Aug 26 18:34:01.411578: | add pubkey  ac 47 f0 5c  26 4e b1 d0  42 60 52 4a  b0 77 25 ce
Aug 26 18:34:01.411579: | add pubkey  e0 98 2b 43  f4 c7 59 1a  64 01 83 ea  4e e3 1a 2a
Aug 26 18:34:01.411581: | add pubkey  92 b8 55 ab  63 dd 4b 70  47 29 dc e9  b4 60 bf 43
Aug 26 18:34:01.411582: | add pubkey  4d 58 8f 64  73 95 70 ac  35 89 b2 c2  9c d4 62 c0
Aug 26 18:34:01.411584: | add pubkey  5f 56 5f ad  1b e5 dd 49  93 6a f5 23  82 ed d4 e7
Aug 26 18:34:01.411585: | add pubkey  d5 f1 55 f2  2d a2 26 a6  36 53 2f 94  fb 99 22 5c
Aug 26 18:34:01.411587: | add pubkey  47 cc 6d 80  30 88 96 38  0c f5 f2 ed  37 d0 09 d5
Aug 26 18:34:01.411588: | add pubkey  07 8f 69 ef  a9 99 ce 4d  1a 77 9e 39  c4 38 f3 c5
Aug 26 18:34:01.411590: | add pubkey  51 51 48 ef
Aug 26 18:34:01.411597: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Aug 26 18:34:01.411599: | computed rsa CKAID  8a 82 25 f1
Aug 26 18:34:01.411605: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:34:01.411608: | spent 0.0591 milliseconds in whack
Aug 26 18:34:02.771107: | spent 0.00301 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 18:34:02.771139: | *received 828 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 18:34:02.771143: |   b8 89 6f 25  5d 59 0f 4a  00 00 00 00  00 00 00 00
Aug 26 18:34:02.771145: |   21 20 22 08  00 00 00 00  00 00 03 3c  22 00 01 b4
Aug 26 18:34:02.771148: |   02 00 00 64  01 01 00 0b  03 00 00 0c  01 00 00 14
Aug 26 18:34:02.771150: |   80 0e 01 00  03 00 00 08  02 00 00 07  03 00 00 08
Aug 26 18:34:02.771152: |   02 00 00 05  03 00 00 08  04 00 00 0e  03 00 00 08
Aug 26 18:34:02.771154: |   04 00 00 0f  03 00 00 08  04 00 00 10  03 00 00 08
Aug 26 18:34:02.771156: |   04 00 00 12  03 00 00 08  04 00 00 13  03 00 00 08
Aug 26 18:34:02.771158: |   04 00 00 14  03 00 00 08  04 00 00 15  00 00 00 08
Aug 26 18:34:02.771161: |   04 00 00 1f  02 00 00 64  02 01 00 0b  03 00 00 0c
Aug 26 18:34:02.771163: |   01 00 00 14  80 0e 00 80  03 00 00 08  02 00 00 07
Aug 26 18:34:02.771166: |   03 00 00 08  02 00 00 05  03 00 00 08  04 00 00 0e
Aug 26 18:34:02.771168: |   03 00 00 08  04 00 00 0f  03 00 00 08  04 00 00 10
Aug 26 18:34:02.771170: |   03 00 00 08  04 00 00 12  03 00 00 08  04 00 00 13
Aug 26 18:34:02.771172: |   03 00 00 08  04 00 00 14  03 00 00 08  04 00 00 15
Aug 26 18:34:02.771174: |   00 00 00 08  04 00 00 1f  02 00 00 74  03 01 00 0d
Aug 26 18:34:02.771177: |   03 00 00 0c  01 00 00 0c  80 0e 01 00  03 00 00 08
Aug 26 18:34:02.771179: |   02 00 00 07  03 00 00 08  02 00 00 05  03 00 00 08
Aug 26 18:34:02.771181: |   03 00 00 0e  03 00 00 08  03 00 00 0c  03 00 00 08
Aug 26 18:34:02.771183: |   04 00 00 0e  03 00 00 08  04 00 00 0f  03 00 00 08
Aug 26 18:34:02.771185: |   04 00 00 10  03 00 00 08  04 00 00 12  03 00 00 08
Aug 26 18:34:02.771188: |   04 00 00 13  03 00 00 08  04 00 00 14  03 00 00 08
Aug 26 18:34:02.771190: |   04 00 00 15  00 00 00 08  04 00 00 1f  00 00 00 74
Aug 26 18:34:02.771192: |   04 01 00 0d  03 00 00 0c  01 00 00 0c  80 0e 00 80
Aug 26 18:34:02.771194: |   03 00 00 08  02 00 00 07  03 00 00 08  02 00 00 05
Aug 26 18:34:02.771197: |   03 00 00 08  03 00 00 0e  03 00 00 08  03 00 00 0c
Aug 26 18:34:02.771199: |   03 00 00 08  04 00 00 0e  03 00 00 08  04 00 00 0f
Aug 26 18:34:02.771201: |   03 00 00 08  04 00 00 10  03 00 00 08  04 00 00 12
Aug 26 18:34:02.771203: |   03 00 00 08  04 00 00 13  03 00 00 08  04 00 00 14
Aug 26 18:34:02.771206: |   03 00 00 08  04 00 00 15  00 00 00 08  04 00 00 1f
Aug 26 18:34:02.771208: |   28 00 01 08  00 0e 00 00  b6 d2 06 dd  3c d2 0e 46
Aug 26 18:34:02.771214: |   ca e9 ae 08  77 fd 2e f1  50 86 24 29  69 be 85 34
Aug 26 18:34:02.771217: |   54 c0 9a 7e  84 16 f7 db  56 69 75 3b  c2 6e 50 02
Aug 26 18:34:02.771219: |   2a de 42 57  55 b5 c4 a1  b2 b6 74 aa  76 aa b6 0d
Aug 26 18:34:02.771221: |   45 fb 4e 1e  26 3a 5a fb  c4 c1 a3 f0  58 77 4b c3
Aug 26 18:34:02.771223: |   91 56 07 83  0b 0e cd 58  02 8b 32 9a  47 e9 fb db
Aug 26 18:34:02.771226: |   fa 02 a7 a2  81 a7 aa 46  dc 94 8c 01  77 d0 fa 30
Aug 26 18:34:02.771228: |   9c b8 25 10  88 68 8a 51  aa c2 d3 4e  bf 85 a6 d1
Aug 26 18:34:02.771231: |   a0 ca 72 dc  54 58 34 5b  e0 db 8f 2b  e7 fb 60 5e
Aug 26 18:34:02.771233: |   3d a0 0f ad  d8 89 70 f8  b5 97 16 70  c2 4a 96 7e
Aug 26 18:34:02.771235: |   0f e6 e1 c0  58 50 f2 8b  96 ac 62 c7  2f 06 81 e6
Aug 26 18:34:02.771237: |   5b a0 e1 9e  41 fc 90 2b  52 15 5b 29  0d ee 54 bd
Aug 26 18:34:02.771240: |   d7 2a 41 e2  00 54 24 77  77 37 2b d8  f6 79 e5 15
Aug 26 18:34:02.771242: |   24 ba 42 bd  d1 42 30 89  4a f2 ec 4b  4a 34 a1 67
Aug 26 18:34:02.771244: |   30 f6 14 88  f1 8c 92 75  f3 2c ac 3c  c8 4e d8 cd
Aug 26 18:34:02.771246: |   c8 ed 3e c6  06 22 8f 5c  fa 1e 3b 8c  22 ff e6 41
Aug 26 18:34:02.771249: |   66 5e 14 c3  ad 55 9f e1  29 00 00 24  fb 97 40 c6
Aug 26 18:34:02.771251: |   72 27 56 dd  69 4a fd 29  1b 0a 65 1c  56 3a 80 71
Aug 26 18:34:02.771254: |   85 20 66 ef  31 a0 17 ca  1d 76 50 95  29 00 00 08
Aug 26 18:34:02.771256: |   00 00 40 2e  29 00 00 1c  00 00 40 04  70 3d e3 22
Aug 26 18:34:02.771258: |   dd 40 d7 0f  33 26 f6 28  ef 12 03 45  e1 95 e9 29
Aug 26 18:34:02.771261: |   00 00 00 1c  00 00 40 05  92 a4 8e 26  3b 07 0f 3d
Aug 26 18:34:02.771263: |   f8 db aa 48  c2 23 d0 b0  a1 68 5d af
Aug 26 18:34:02.771270: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 18:34:02.771274: | **parse ISAKMP Message:
Aug 26 18:34:02.771277: |    initiator cookie:
Aug 26 18:34:02.771279: |   b8 89 6f 25  5d 59 0f 4a
Aug 26 18:34:02.771282: |    responder cookie:
Aug 26 18:34:02.771284: |   00 00 00 00  00 00 00 00
Aug 26 18:34:02.771286: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 18:34:02.771307: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:34:02.771311: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Aug 26 18:34:02.771313: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 18:34:02.771316: |    Message ID: 0 (0x0)
Aug 26 18:34:02.771319: |    length: 828 (0x33c)
Aug 26 18:34:02.771322: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34)
Aug 26 18:34:02.771326: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request 
Aug 26 18:34:02.771329: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi)
Aug 26 18:34:02.771332: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Aug 26 18:34:02.771336: | ***parse IKEv2 Security Association Payload:
Aug 26 18:34:02.771339: |    next payload type: ISAKMP_NEXT_v2KE (0x22)
Aug 26 18:34:02.771342: |    flags: none (0x0)
Aug 26 18:34:02.771344: |    length: 436 (0x1b4)
Aug 26 18:34:02.771347: | processing payload: ISAKMP_NEXT_v2SA (len=432)
Aug 26 18:34:02.771350: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Aug 26 18:34:02.771352: | ***parse IKEv2 Key Exchange Payload:
Aug 26 18:34:02.771355: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Aug 26 18:34:02.771358: |    flags: none (0x0)
Aug 26 18:34:02.771361: |    length: 264 (0x108)
Aug 26 18:34:02.771363: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:34:02.771366: | processing payload: ISAKMP_NEXT_v2KE (len=256)
Aug 26 18:34:02.771369: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Aug 26 18:34:02.771371: | ***parse IKEv2 Nonce Payload:
Aug 26 18:34:02.771374: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 18:34:02.771376: |    flags: none (0x0)
Aug 26 18:34:02.771379: |    length: 36 (0x24)
Aug 26 18:34:02.771381: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Aug 26 18:34:02.771384: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 26 18:34:02.771387: | ***parse IKEv2 Notify Payload:
Aug 26 18:34:02.771393: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 18:34:02.771396: |    flags: none (0x0)
Aug 26 18:34:02.771399: |    length: 8 (0x8)
Aug 26 18:34:02.771401: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:34:02.771404: |    SPI size: 0 (0x0)
Aug 26 18:34:02.771407: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Aug 26 18:34:02.771410: | processing payload: ISAKMP_NEXT_v2N (len=0)
Aug 26 18:34:02.771413: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 26 18:34:02.771416: | ***parse IKEv2 Notify Payload:
Aug 26 18:34:02.771419: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 18:34:02.771422: |    flags: none (0x0)
Aug 26 18:34:02.771424: |    length: 28 (0x1c)
Aug 26 18:34:02.771427: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:34:02.771430: |    SPI size: 0 (0x0)
Aug 26 18:34:02.771433: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Aug 26 18:34:02.771436: | processing payload: ISAKMP_NEXT_v2N (len=20)
Aug 26 18:34:02.771438: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 26 18:34:02.771441: | ***parse IKEv2 Notify Payload:
Aug 26 18:34:02.771444: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:34:02.771447: |    flags: none (0x0)
Aug 26 18:34:02.771449: |    length: 28 (0x1c)
Aug 26 18:34:02.771452: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:34:02.771455: |    SPI size: 0 (0x0)
Aug 26 18:34:02.771458: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Aug 26 18:34:02.771460: | processing payload: ISAKMP_NEXT_v2N (len=20)
Aug 26 18:34:02.771464: | DDOS disabled and no cookie sent, continuing
Aug 26 18:34:02.771471: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports
Aug 26 18:34:02.771477: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 18:34:02.771481: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Aug 26 18:34:02.771485: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east)
Aug 26 18:34:02.771488: | find_next_host_connection returns empty
Aug 26 18:34:02.771493: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=ECDSA+IKEV2_ALLOW but ignoring ports
Aug 26 18:34:02.771496: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Aug 26 18:34:02.771499: | find_next_host_connection returns empty
Aug 26 18:34:02.771504: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW
Aug 26 18:34:02.771509: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports
Aug 26 18:34:02.771527: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 18:34:02.771529: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Aug 26 18:34:02.771533: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east)
Aug 26 18:34:02.771536: | find_next_host_connection returns empty
Aug 26 18:34:02.771540: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=RSASIG+IKEV2_ALLOW but ignoring ports
Aug 26 18:34:02.771543: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Aug 26 18:34:02.771546: | find_next_host_connection returns empty
Aug 26 18:34:02.771549: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW
Aug 26 18:34:02.771554: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports
Aug 26 18:34:02.771559: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 18:34:02.771562: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Aug 26 18:34:02.771565: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east)
Aug 26 18:34:02.771567: | find_next_host_connection returns east
Aug 26 18:34:02.771570: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Aug 26 18:34:02.771575: | find_next_host_connection returns empty
Aug 26 18:34:02.771578: | found connection: east with policy PSK+IKEV2_ALLOW
Aug 26 18:34:02.771620: | creating state object #1 at 0x55fc3ef9f5c8
Aug 26 18:34:02.771624: | State DB: adding IKEv2 state #1 in UNDEFINED
Aug 26 18:34:02.771632: | pstats #1 ikev2.ike started
Aug 26 18:34:02.771649: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0
Aug 26 18:34:02.771652: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA)
Aug 26 18:34:02.771658: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1
Aug 26 18:34:02.771667: | start processing: state #1 connection "east" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 18:34:02.771671: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 18:34:02.771676: | [RE]START processing: state #1 connection "east" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064)
Aug 26 18:34:02.771680: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000
Aug 26 18:34:02.771685: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1
Aug 26 18:34:02.771690: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0
Aug 26 18:34:02.771693: | #1 in state PARENT_R0: processing SA_INIT request
Aug 26 18:34:02.771696: | selected state microcode Respond to IKE_SA_INIT
Aug 26 18:34:02.771699: | Now let's proceed with state specific processing
Aug 26 18:34:02.771701: | calling processor Respond to IKE_SA_INIT
Aug 26 18:34:02.771708: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669)
Aug 26 18:34:02.771711: | constructing local IKE proposals for east (IKE SA responder matching remote proposals)
Aug 26 18:34:02.771719: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 18:34:02.771727: | ...  ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:34:02.771731: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 18:34:02.771736: | ...  ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:34:02.771741: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 18:34:02.771746: | ...  ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:34:02.771750: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 18:34:02.771755: | ...  ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:34:02.771766: "east": constructed local IKE proposals for east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:34:02.771773: | Comparing remote proposals against IKE responder 4 local proposals
Aug 26 18:34:02.771777: | local proposal 1 type ENCR has 1 transforms
Aug 26 18:34:02.771780: | local proposal 1 type PRF has 2 transforms
Aug 26 18:34:02.771783: | local proposal 1 type INTEG has 1 transforms
Aug 26 18:34:02.771785: | local proposal 1 type DH has 8 transforms
Aug 26 18:34:02.771788: | local proposal 1 type ESN has 0 transforms
Aug 26 18:34:02.771791: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
Aug 26 18:34:02.771794: | local proposal 2 type ENCR has 1 transforms
Aug 26 18:34:02.771797: | local proposal 2 type PRF has 2 transforms
Aug 26 18:34:02.771799: | local proposal 2 type INTEG has 1 transforms
Aug 26 18:34:02.771802: | local proposal 2 type DH has 8 transforms
Aug 26 18:34:02.771804: | local proposal 2 type ESN has 0 transforms
Aug 26 18:34:02.771807: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
Aug 26 18:34:02.771810: | local proposal 3 type ENCR has 1 transforms
Aug 26 18:34:02.771812: | local proposal 3 type PRF has 2 transforms
Aug 26 18:34:02.771815: | local proposal 3 type INTEG has 2 transforms
Aug 26 18:34:02.771817: | local proposal 3 type DH has 8 transforms
Aug 26 18:34:02.771820: | local proposal 3 type ESN has 0 transforms
Aug 26 18:34:02.771823: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Aug 26 18:34:02.771826: | local proposal 4 type ENCR has 1 transforms
Aug 26 18:34:02.771829: | local proposal 4 type PRF has 2 transforms
Aug 26 18:34:02.771831: | local proposal 4 type INTEG has 2 transforms
Aug 26 18:34:02.771834: | local proposal 4 type DH has 8 transforms
Aug 26 18:34:02.771836: | local proposal 4 type ESN has 0 transforms
Aug 26 18:34:02.771839: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Aug 26 18:34:02.771843: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 18:34:02.771846: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:34:02.771849: |    length: 100 (0x64)
Aug 26 18:34:02.771851: |    prop #: 1 (0x1)
Aug 26 18:34:02.771854: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:34:02.771857: |    spi size: 0 (0x0)
Aug 26 18:34:02.771859: |    # transforms: 11 (0xb)
Aug 26 18:34:02.771863: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals
Aug 26 18:34:02.771866: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.771869: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.771871: |    length: 12 (0xc)
Aug 26 18:34:02.771874: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:34:02.771877: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:34:02.771880: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 18:34:02.771883: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:34:02.771886: |    length/value: 256 (0x100)
Aug 26 18:34:02.771890: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Aug 26 18:34:02.771894: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.771896: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.771899: |    length: 8 (0x8)
Aug 26 18:34:02.771902: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:34:02.771905: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:34:02.771908: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
Aug 26 18:34:02.771912: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
Aug 26 18:34:02.771916: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
Aug 26 18:34:02.771919: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
Aug 26 18:34:02.771922: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.771928: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.771931: |    length: 8 (0x8)
Aug 26 18:34:02.771934: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:34:02.771936: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 18:34:02.771940: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.771943: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.771945: |    length: 8 (0x8)
Aug 26 18:34:02.771948: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.771950: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:34:02.771955: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
Aug 26 18:34:02.771958: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0
Aug 26 18:34:02.771962: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0
Aug 26 18:34:02.771965: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0
Aug 26 18:34:02.771968: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.771971: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.771974: |    length: 8 (0x8)
Aug 26 18:34:02.771976: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.771979: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 18:34:02.771982: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.771985: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.771988: |    length: 8 (0x8)
Aug 26 18:34:02.771990: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.771993: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 18:34:02.771996: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.771999: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772002: |    length: 8 (0x8)
Aug 26 18:34:02.772004: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772007: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 18:34:02.772010: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772013: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772016: |    length: 8 (0x8)
Aug 26 18:34:02.772019: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772021: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 18:34:02.772024: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772027: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772030: |    length: 8 (0x8)
Aug 26 18:34:02.772033: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772035: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 18:34:02.772039: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772041: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772044: |    length: 8 (0x8)
Aug 26 18:34:02.772047: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772049: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 18:34:02.772052: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772055: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:34:02.772058: |    length: 8 (0x8)
Aug 26 18:34:02.772060: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772063: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 18:34:02.772067: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
Aug 26 18:34:02.772072: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
Aug 26 18:34:02.772075: | remote proposal 1 matches local proposal 1
Aug 26 18:34:02.772078: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 18:34:02.772080: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:34:02.772083: |    length: 100 (0x64)
Aug 26 18:34:02.772086: |    prop #: 2 (0x2)
Aug 26 18:34:02.772089: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:34:02.772096: |    spi size: 0 (0x0)
Aug 26 18:34:02.772099: |    # transforms: 11 (0xb)
Aug 26 18:34:02.772102: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:34:02.772105: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772108: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772110: |    length: 12 (0xc)
Aug 26 18:34:02.772113: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:34:02.772116: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:34:02.772119: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 18:34:02.772122: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:34:02.772124: |    length/value: 128 (0x80)
Aug 26 18:34:02.772127: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772130: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772132: |    length: 8 (0x8)
Aug 26 18:34:02.772135: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:34:02.772138: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:34:02.772141: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772143: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772145: |    length: 8 (0x8)
Aug 26 18:34:02.772148: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:34:02.772150: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 18:34:02.772154: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772156: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772158: |    length: 8 (0x8)
Aug 26 18:34:02.772161: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772164: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:34:02.772167: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772169: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772172: |    length: 8 (0x8)
Aug 26 18:34:02.772174: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772177: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 18:34:02.772180: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772182: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772185: |    length: 8 (0x8)
Aug 26 18:34:02.772187: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772190: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 18:34:02.772192: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772195: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772197: |    length: 8 (0x8)
Aug 26 18:34:02.772200: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772202: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 18:34:02.772205: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772207: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772210: |    length: 8 (0x8)
Aug 26 18:34:02.772212: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772215: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 18:34:02.772218: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772221: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772223: |    length: 8 (0x8)
Aug 26 18:34:02.772226: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772228: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 18:34:02.772231: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772234: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772236: |    length: 8 (0x8)
Aug 26 18:34:02.772239: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772241: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 18:34:02.772244: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772246: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:34:02.772249: |    length: 8 (0x8)
Aug 26 18:34:02.772251: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772256: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 18:34:02.772260: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH
Aug 26 18:34:02.772263: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH
Aug 26 18:34:02.772266: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 18:34:02.772269: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:34:02.772271: |    length: 116 (0x74)
Aug 26 18:34:02.772274: |    prop #: 3 (0x3)
Aug 26 18:34:02.772276: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:34:02.772279: |    spi size: 0 (0x0)
Aug 26 18:34:02.772281: |    # transforms: 13 (0xd)
Aug 26 18:34:02.772285: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:34:02.772292: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772312: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772315: |    length: 12 (0xc)
Aug 26 18:34:02.772317: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:34:02.772320: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 18:34:02.772323: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 18:34:02.772326: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:34:02.772328: |    length/value: 256 (0x100)
Aug 26 18:34:02.772331: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772334: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772336: |    length: 8 (0x8)
Aug 26 18:34:02.772339: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:34:02.772342: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:34:02.772357: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772359: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772362: |    length: 8 (0x8)
Aug 26 18:34:02.772364: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:34:02.772367: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 18:34:02.772370: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772372: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772375: |    length: 8 (0x8)
Aug 26 18:34:02.772377: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:34:02.772379: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 18:34:02.772382: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772385: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772387: |    length: 8 (0x8)
Aug 26 18:34:02.772389: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:34:02.772392: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 18:34:02.772395: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772398: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772400: |    length: 8 (0x8)
Aug 26 18:34:02.772402: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772405: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:34:02.772407: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772409: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772411: |    length: 8 (0x8)
Aug 26 18:34:02.772413: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772415: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 18:34:02.772418: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772420: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772422: |    length: 8 (0x8)
Aug 26 18:34:02.772424: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772426: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 18:34:02.772428: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772430: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772432: |    length: 8 (0x8)
Aug 26 18:34:02.772434: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772436: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 18:34:02.772440: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772443: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772445: |    length: 8 (0x8)
Aug 26 18:34:02.772447: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772449: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 18:34:02.772451: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772453: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772455: |    length: 8 (0x8)
Aug 26 18:34:02.772457: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772460: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 18:34:02.772462: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772464: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772466: |    length: 8 (0x8)
Aug 26 18:34:02.772468: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772470: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 18:34:02.772472: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772474: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:34:02.772476: |    length: 8 (0x8)
Aug 26 18:34:02.772478: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772481: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 18:34:02.772499: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Aug 26 18:34:02.772501: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Aug 26 18:34:02.772504: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 18:34:02.772506: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 18:34:02.772509: |    length: 116 (0x74)
Aug 26 18:34:02.772511: |    prop #: 4 (0x4)
Aug 26 18:34:02.772514: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:34:02.772516: |    spi size: 0 (0x0)
Aug 26 18:34:02.772518: |    # transforms: 13 (0xd)
Aug 26 18:34:02.772522: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:34:02.772524: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772527: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772529: |    length: 12 (0xc)
Aug 26 18:34:02.772531: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:34:02.772533: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 18:34:02.772534: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 18:34:02.772536: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:34:02.772538: |    length/value: 128 (0x80)
Aug 26 18:34:02.772540: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772541: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772543: |    length: 8 (0x8)
Aug 26 18:34:02.772545: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:34:02.772546: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:34:02.772548: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772549: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772551: |    length: 8 (0x8)
Aug 26 18:34:02.772552: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:34:02.772554: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 18:34:02.772556: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772557: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772559: |    length: 8 (0x8)
Aug 26 18:34:02.772560: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:34:02.772562: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 18:34:02.772564: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772565: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772567: |    length: 8 (0x8)
Aug 26 18:34:02.772568: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:34:02.772570: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 18:34:02.772572: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772575: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772576: |    length: 8 (0x8)
Aug 26 18:34:02.772578: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772580: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:34:02.772581: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772583: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772584: |    length: 8 (0x8)
Aug 26 18:34:02.772586: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772587: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 18:34:02.772589: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772591: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772592: |    length: 8 (0x8)
Aug 26 18:34:02.772595: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772597: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 18:34:02.772600: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772602: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772604: |    length: 8 (0x8)
Aug 26 18:34:02.772606: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772608: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 18:34:02.772610: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772613: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772615: |    length: 8 (0x8)
Aug 26 18:34:02.772617: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772619: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 18:34:02.772622: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772624: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772626: |    length: 8 (0x8)
Aug 26 18:34:02.772628: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772631: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 18:34:02.772633: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772635: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.772637: |    length: 8 (0x8)
Aug 26 18:34:02.772640: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772642: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 18:34:02.772644: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.772647: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:34:02.772649: |    length: 8 (0x8)
Aug 26 18:34:02.772651: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.772653: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 18:34:02.772657: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Aug 26 18:34:02.772660: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Aug 26 18:34:02.772665: "east" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519
Aug 26 18:34:02.772670: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048
Aug 26 18:34:02.772673: | converting proposal to internal trans attrs
Aug 26 18:34:02.772677: | natd_hash: rcookie is zero
Aug 26 18:34:02.772690: | natd_hash: hasher=0x55fc3e425800(20)
Aug 26 18:34:02.772693: | natd_hash: icookie=  b8 89 6f 25  5d 59 0f 4a
Aug 26 18:34:02.772697: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Aug 26 18:34:02.772700: | natd_hash: ip=  c0 01 02 17
Aug 26 18:34:02.772702: | natd_hash: port=500
Aug 26 18:34:02.772705: | natd_hash: hash=  92 a4 8e 26  3b 07 0f 3d  f8 db aa 48  c2 23 d0 b0
Aug 26 18:34:02.772707: | natd_hash: hash=  a1 68 5d af
Aug 26 18:34:02.772710: | natd_hash: rcookie is zero
Aug 26 18:34:02.772716: | natd_hash: hasher=0x55fc3e425800(20)
Aug 26 18:34:02.772719: | natd_hash: icookie=  b8 89 6f 25  5d 59 0f 4a
Aug 26 18:34:02.772721: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Aug 26 18:34:02.772723: | natd_hash: ip=  c0 01 02 2d
Aug 26 18:34:02.772725: | natd_hash: port=500
Aug 26 18:34:02.772728: | natd_hash: hash=  70 3d e3 22  dd 40 d7 0f  33 26 f6 28  ef 12 03 45
Aug 26 18:34:02.772730: | natd_hash: hash=  e1 95 e9 29
Aug 26 18:34:02.772732: | NAT_TRAVERSAL encaps using auto-detect
Aug 26 18:34:02.772735: | NAT_TRAVERSAL this end is NOT behind NAT
Aug 26 18:34:02.772737: | NAT_TRAVERSAL that end is NOT behind NAT
Aug 26 18:34:02.772741: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45
Aug 26 18:34:02.772747: | adding ikev2_inI1outR1 KE work-order 1 for state #1
Aug 26 18:34:02.772750: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55fc3ef9d448
Aug 26 18:34:02.772753: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Aug 26 18:34:02.772755: | libevent_malloc: new ptr-libevent@0x55fc3efa16c8 size 128
Aug 26 18:34:02.772765: |   #1 spent 1.06 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet()
Aug 26 18:34:02.772771: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:34:02.772771: | crypto helper 1 resuming
Aug 26 18:34:02.772773: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND
Aug 26 18:34:02.772790: | crypto helper 1 starting work-order 1 for state #1
Aug 26 18:34:02.772790: | suspending state #1 and saving MD
Aug 26 18:34:02.772800: | crypto helper 1 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1
Aug 26 18:34:02.772802: | #1 is busy; has a suspended MD
Aug 26 18:34:02.772810: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269)
Aug 26 18:34:02.772813: | "east" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451
Aug 26 18:34:02.772816: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 18:34:02.772819: | #1 spent 1.67 milliseconds in ikev2_process_packet()
Aug 26 18:34:02.772822: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 18:34:02.772824: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 18:34:02.772826: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 18:34:02.772829: | spent 1.68 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 18:34:02.773761: | crypto helper 1 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000946 seconds
Aug 26 18:34:02.773776: | (#1) spent 0.97 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr)
Aug 26 18:34:02.773779: | crypto helper 1 sending results from work-order 1 for state #1 to event queue
Aug 26 18:34:02.773783: | scheduling resume sending helper answer for #1
Aug 26 18:34:02.773785: | libevent_malloc: new ptr-libevent@0x7fa640002888 size 128
Aug 26 18:34:02.773792: | crypto helper 1 waiting (nothing to do)
Aug 26 18:34:02.773817: | processing resume sending helper answer for #1
Aug 26 18:34:02.773839: | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Aug 26 18:34:02.773843: | crypto helper 1 replies to request ID 1
Aug 26 18:34:02.773845: | calling continuation function 0x55fc3e350b50
Aug 26 18:34:02.773847: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1
Aug 26 18:34:02.773875: | **emit ISAKMP Message:
Aug 26 18:34:02.773877: |    initiator cookie:
Aug 26 18:34:02.773879: |   b8 89 6f 25  5d 59 0f 4a
Aug 26 18:34:02.773880: |    responder cookie:
Aug 26 18:34:02.773882: |   14 e0 1a 45  c1 22 4c 09
Aug 26 18:34:02.773884: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 18:34:02.773886: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:34:02.773888: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Aug 26 18:34:02.773889: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 18:34:02.773891: |    Message ID: 0 (0x0)
Aug 26 18:34:02.773893: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 18:34:02.773895: | Emitting ikev2_proposal ...
Aug 26 18:34:02.773897: | ***emit IKEv2 Security Association Payload:
Aug 26 18:34:02.773898: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:34:02.773900: |    flags: none (0x0)
Aug 26 18:34:02.773902: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Aug 26 18:34:02.773904: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Aug 26 18:34:02.773907: | ****emit IKEv2 Proposal Substructure Payload:
Aug 26 18:34:02.773908: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 18:34:02.773910: |    prop #: 1 (0x1)
Aug 26 18:34:02.773911: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:34:02.773913: |    spi size: 0 (0x0)
Aug 26 18:34:02.773915: |    # transforms: 3 (0x3)
Aug 26 18:34:02.773916: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Aug 26 18:34:02.773918: | *****emit IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.773920: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.773921: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:34:02.773923: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:34:02.773925: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:34:02.773927: | ******emit IKEv2 Attribute Substructure Payload:
Aug 26 18:34:02.773929: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:34:02.773930: |    length/value: 256 (0x100)
Aug 26 18:34:02.773932: | emitting length of IKEv2 Transform Substructure Payload: 12
Aug 26 18:34:02.773934: | *****emit IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.773935: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.773937: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:34:02.773939: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:34:02.773941: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.773942: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:34:02.773944: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 18:34:02.773946: | *****emit IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.773947: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:34:02.773949: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:34:02.773950: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:34:02.773952: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.773954: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:34:02.773956: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 18:34:02.773957: | emitting length of IKEv2 Proposal Substructure Payload: 36
Aug 26 18:34:02.773959: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Aug 26 18:34:02.773962: | emitting length of IKEv2 Security Association Payload: 40
Aug 26 18:34:02.773964: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Aug 26 18:34:02.773966: | ***emit IKEv2 Key Exchange Payload:
Aug 26 18:34:02.773968: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:34:02.773969: |    flags: none (0x0)
Aug 26 18:34:02.773971: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:34:02.773973: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
Aug 26 18:34:02.773975: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
Aug 26 18:34:02.773977: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
Aug 26 18:34:02.773979: | ikev2 g^x  55 20 a3 f8  87 ce 88 29  1a 1c a5 7d  41 a2 7c 77
Aug 26 18:34:02.773980: | ikev2 g^x  59 aa 66 51  e9 d4 76 fe  4c 42 60 f9  fd 6c 5f f2
Aug 26 18:34:02.773982: | ikev2 g^x  19 56 33 5b  1c 6c 19 89  8f 99 ee b3  e3 f7 83 c8
Aug 26 18:34:02.773983: | ikev2 g^x  e7 8a 2d c0  79 c7 56 e9  74 d0 a1 3c  b7 39 e7 c4
Aug 26 18:34:02.773985: | ikev2 g^x  61 9f 87 c8  48 7e 30 d1  45 1d 89 98  d1 c1 6c 5c
Aug 26 18:34:02.773986: | ikev2 g^x  5f 24 0b ec  a5 2a dc 7a  5f be 76 c7  f9 98 b2 22
Aug 26 18:34:02.773988: | ikev2 g^x  f7 f8 2e a8  59 83 5f e2  c7 a0 41 58  eb 1a 03 4b
Aug 26 18:34:02.773989: | ikev2 g^x  45 29 43 de  ff 83 b9 5d  68 4c cf 5f  23 ca 37 74
Aug 26 18:34:02.773991: | ikev2 g^x  86 f9 f2 21  cf 52 5f 5c  73 f4 e7 03  08 2c 76 e3
Aug 26 18:34:02.773992: | ikev2 g^x  66 85 99 b1  49 53 74 ed  74 16 73 09  7a e0 00 d0
Aug 26 18:34:02.773994: | ikev2 g^x  34 a1 c7 d3  36 f2 5b ad  46 b1 a5 d8  40 46 d5 e5
Aug 26 18:34:02.773995: | ikev2 g^x  c0 6f 9e 92  7a e1 3f 78  1f ef 87 cd  fd 6d 85 8e
Aug 26 18:34:02.773997: | ikev2 g^x  85 41 0f 7d  cd 67 98 3b  34 a7 19 e1  24 3d ff 39
Aug 26 18:34:02.773998: | ikev2 g^x  e7 17 f1 54  6b 81 09 dc  08 2d 3e 54  ff 68 15 87
Aug 26 18:34:02.773999: | ikev2 g^x  11 2d 12 c4  fe 42 fb c5  4c b9 15 9d  56 32 0b a7
Aug 26 18:34:02.774001: | ikev2 g^x  69 f2 5e 04  10 77 08 4c  a6 01 6c ad  68 e7 97 4e
Aug 26 18:34:02.774003: | emitting length of IKEv2 Key Exchange Payload: 264
Aug 26 18:34:02.774004: | ***emit IKEv2 Nonce Payload:
Aug 26 18:34:02.774006: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 18:34:02.774007: |    flags: none (0x0)
Aug 26 18:34:02.774009: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N
Aug 26 18:34:02.774011: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Aug 26 18:34:02.774013: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Aug 26 18:34:02.774015: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Aug 26 18:34:02.774016: | IKEv2 nonce  a7 f3 42 87  7d 75 0d d2  44 ec 32 91  f2 38 ea 9b
Aug 26 18:34:02.774018: | IKEv2 nonce  08 69 fb dd  32 4a 83 72  c7 fc 35 04  13 53 9f ec
Aug 26 18:34:02.774019: | emitting length of IKEv2 Nonce Payload: 36
Aug 26 18:34:02.774021: | Adding a v2N Payload
Aug 26 18:34:02.774023: | ***emit IKEv2 Notify Payload:
Aug 26 18:34:02.774024: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:34:02.774026: |    flags: none (0x0)
Aug 26 18:34:02.774028: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:34:02.774029: |    SPI size: 0 (0x0)
Aug 26 18:34:02.774031: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Aug 26 18:34:02.774033: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 18:34:02.774035: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Aug 26 18:34:02.774037: | emitting length of IKEv2 Notify Payload: 8
Aug 26 18:34:02.774039: |  NAT-Traversal support  [enabled] add v2N payloads.
Aug 26 18:34:02.774047: | natd_hash: hasher=0x55fc3e425800(20)
Aug 26 18:34:02.774049: | natd_hash: icookie=  b8 89 6f 25  5d 59 0f 4a
Aug 26 18:34:02.774051: | natd_hash: rcookie=  14 e0 1a 45  c1 22 4c 09
Aug 26 18:34:02.774052: | natd_hash: ip=  c0 01 02 17
Aug 26 18:34:02.774054: | natd_hash: port=500
Aug 26 18:34:02.774056: | natd_hash: hash=  7a 43 fd 2a  ca 0b 51 e0  bc fb 08 67  88 cc 62 8e
Aug 26 18:34:02.774057: | natd_hash: hash=  87 1b 7a 47
Aug 26 18:34:02.774059: | Adding a v2N Payload
Aug 26 18:34:02.774060: | ***emit IKEv2 Notify Payload:
Aug 26 18:34:02.774062: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:34:02.774063: |    flags: none (0x0)
Aug 26 18:34:02.774065: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:34:02.774066: |    SPI size: 0 (0x0)
Aug 26 18:34:02.774068: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Aug 26 18:34:02.774070: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 18:34:02.774072: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Aug 26 18:34:02.774074: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Aug 26 18:34:02.774076: | Notify data  7a 43 fd 2a  ca 0b 51 e0  bc fb 08 67  88 cc 62 8e
Aug 26 18:34:02.774077: | Notify data  87 1b 7a 47
Aug 26 18:34:02.774079: | emitting length of IKEv2 Notify Payload: 28
Aug 26 18:34:02.774083: | natd_hash: hasher=0x55fc3e425800(20)
Aug 26 18:34:02.774084: | natd_hash: icookie=  b8 89 6f 25  5d 59 0f 4a
Aug 26 18:34:02.774086: | natd_hash: rcookie=  14 e0 1a 45  c1 22 4c 09
Aug 26 18:34:02.774087: | natd_hash: ip=  c0 01 02 2d
Aug 26 18:34:02.774089: | natd_hash: port=500
Aug 26 18:34:02.774090: | natd_hash: hash=  e9 a7 fe 41  1a 2f 26 e2  44 0f 7d 1c  8d ff 94 4e
Aug 26 18:34:02.774105: | natd_hash: hash=  55 27 38 aa
Aug 26 18:34:02.774106: | Adding a v2N Payload
Aug 26 18:34:02.774108: | ***emit IKEv2 Notify Payload:
Aug 26 18:34:02.774109: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:34:02.774111: |    flags: none (0x0)
Aug 26 18:34:02.774112: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:34:02.774114: |    SPI size: 0 (0x0)
Aug 26 18:34:02.774115: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Aug 26 18:34:02.774117: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 18:34:02.774119: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Aug 26 18:34:02.774121: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Aug 26 18:34:02.774123: | Notify data  e9 a7 fe 41  1a 2f 26 e2  44 0f 7d 1c  8d ff 94 4e
Aug 26 18:34:02.774124: | Notify data  55 27 38 aa
Aug 26 18:34:02.774126: | emitting length of IKEv2 Notify Payload: 28
Aug 26 18:34:02.774127: | emitting length of ISAKMP Message: 432
Aug 26 18:34:02.774132: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:34:02.774135: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK
Aug 26 18:34:02.774136: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1
Aug 26 18:34:02.774139: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA)
Aug 26 18:34:02.774141: | Message ID: updating counters for #1 to 0 after switching state
Aug 26 18:34:02.774144: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1
Aug 26 18:34:02.774147: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1
Aug 26 18:34:02.774151: "east" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
Aug 26 18:34:02.774156: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Aug 26 18:34:02.774167: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Aug 26 18:34:02.774170: |   b8 89 6f 25  5d 59 0f 4a  14 e0 1a 45  c1 22 4c 09
Aug 26 18:34:02.774172: |   21 20 22 20  00 00 00 00  00 00 01 b0  22 00 00 28
Aug 26 18:34:02.774174: |   00 00 00 24  01 01 00 03  03 00 00 0c  01 00 00 14
Aug 26 18:34:02.774177: |   80 0e 01 00  03 00 00 08  02 00 00 07  00 00 00 08
Aug 26 18:34:02.774179: |   04 00 00 0e  28 00 01 08  00 0e 00 00  55 20 a3 f8
Aug 26 18:34:02.774182: |   87 ce 88 29  1a 1c a5 7d  41 a2 7c 77  59 aa 66 51
Aug 26 18:34:02.774184: |   e9 d4 76 fe  4c 42 60 f9  fd 6c 5f f2  19 56 33 5b
Aug 26 18:34:02.774187: |   1c 6c 19 89  8f 99 ee b3  e3 f7 83 c8  e7 8a 2d c0
Aug 26 18:34:02.774190: |   79 c7 56 e9  74 d0 a1 3c  b7 39 e7 c4  61 9f 87 c8
Aug 26 18:34:02.774192: |   48 7e 30 d1  45 1d 89 98  d1 c1 6c 5c  5f 24 0b ec
Aug 26 18:34:02.774195: |   a5 2a dc 7a  5f be 76 c7  f9 98 b2 22  f7 f8 2e a8
Aug 26 18:34:02.774197: |   59 83 5f e2  c7 a0 41 58  eb 1a 03 4b  45 29 43 de
Aug 26 18:34:02.774198: |   ff 83 b9 5d  68 4c cf 5f  23 ca 37 74  86 f9 f2 21
Aug 26 18:34:02.774200: |   cf 52 5f 5c  73 f4 e7 03  08 2c 76 e3  66 85 99 b1
Aug 26 18:34:02.774201: |   49 53 74 ed  74 16 73 09  7a e0 00 d0  34 a1 c7 d3
Aug 26 18:34:02.774203: |   36 f2 5b ad  46 b1 a5 d8  40 46 d5 e5  c0 6f 9e 92
Aug 26 18:34:02.774204: |   7a e1 3f 78  1f ef 87 cd  fd 6d 85 8e  85 41 0f 7d
Aug 26 18:34:02.774206: |   cd 67 98 3b  34 a7 19 e1  24 3d ff 39  e7 17 f1 54
Aug 26 18:34:02.774207: |   6b 81 09 dc  08 2d 3e 54  ff 68 15 87  11 2d 12 c4
Aug 26 18:34:02.774209: |   fe 42 fb c5  4c b9 15 9d  56 32 0b a7  69 f2 5e 04
Aug 26 18:34:02.774210: |   10 77 08 4c  a6 01 6c ad  68 e7 97 4e  29 00 00 24
Aug 26 18:34:02.774212: |   a7 f3 42 87  7d 75 0d d2  44 ec 32 91  f2 38 ea 9b
Aug 26 18:34:02.774213: |   08 69 fb dd  32 4a 83 72  c7 fc 35 04  13 53 9f ec
Aug 26 18:34:02.774215: |   29 00 00 08  00 00 40 2e  29 00 00 1c  00 00 40 04
Aug 26 18:34:02.774216: |   7a 43 fd 2a  ca 0b 51 e0  bc fb 08 67  88 cc 62 8e
Aug 26 18:34:02.774218: |   87 1b 7a 47  00 00 00 1c  00 00 40 05  e9 a7 fe 41
Aug 26 18:34:02.774219: |   1a 2f 26 e2  44 0f 7d 1c  8d ff 94 4e  55 27 38 aa
Aug 26 18:34:02.774257: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Aug 26 18:34:02.774261: | libevent_free: release ptr-libevent@0x55fc3efa16c8
Aug 26 18:34:02.774263: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55fc3ef9d448
Aug 26 18:34:02.774265: | event_schedule: new EVENT_SO_DISCARD-pe@0x55fc3ef9d448
Aug 26 18:34:02.774268: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1
Aug 26 18:34:02.774270: | libevent_malloc: new ptr-libevent@0x55fc3efa27b8 size 128
Aug 26 18:34:02.774272: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Aug 26 18:34:02.774277: | #1 spent 0.415 milliseconds in resume sending helper answer
Aug 26 18:34:02.774280: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Aug 26 18:34:02.774282: | libevent_free: release ptr-libevent@0x7fa640002888
Aug 26 18:34:02.776980: | spent 0.00236 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 18:34:02.776998: | *received 365 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 18:34:02.777001: |   b8 89 6f 25  5d 59 0f 4a  14 e0 1a 45  c1 22 4c 09
Aug 26 18:34:02.777003: |   2e 20 23 08  00 00 00 01  00 00 01 6d  23 00 01 51
Aug 26 18:34:02.777004: |   3d d8 e1 57  ea fa 19 c0  91 68 e8 de  66 e1 9c a2
Aug 26 18:34:02.777006: |   3b 21 4d b7  75 37 75 f0  cd 3f 8f 26  d7 fc 75 2b
Aug 26 18:34:02.777007: |   62 30 4b 2c  70 ff 02 f9  6b 4d 05 ec  72 40 a1 12
Aug 26 18:34:02.777009: |   fd 10 89 12  2a d9 16 c2  a7 35 ae 18  12 22 40 10
Aug 26 18:34:02.777010: |   0d 6e 80 66  bb 11 f4 00  6e b2 9b db  f2 d4 80 80
Aug 26 18:34:02.777012: |   1e 39 75 df  f9 5b 00 ee  28 9f 70 59  53 dd da a9
Aug 26 18:34:02.777015: |   6a 22 e7 a1  12 f1 a8 fe  9f 84 cb c1  7c 8e 44 32
Aug 26 18:34:02.777017: |   55 f0 d7 69  5a 17 44 9a  68 9c 54 13  c7 21 6f 88
Aug 26 18:34:02.777019: |   79 da 47 df  5d db 12 5f  1d 97 3d 0f  50 3d 76 2c
Aug 26 18:34:02.777020: |   0e 37 9d 18  f6 b8 2a e3  83 62 77 ff  44 91 68 84
Aug 26 18:34:02.777022: |   f9 d9 cb 29  ab 0d 7b 41  1d 37 45 1a  54 f4 93 d9
Aug 26 18:34:02.777023: |   3c 4b 25 74  0b 45 8f 27  27 52 41 73  46 4a 23 2f
Aug 26 18:34:02.777025: |   32 61 1f e7  75 41 6f 06  8c a0 24 11  8a 2f b8 7c
Aug 26 18:34:02.777026: |   b8 29 b6 1c  d6 3e 1b c8  81 35 ee 56  1b 8b 35 e7
Aug 26 18:34:02.777028: |   d6 40 0e 71  a9 dd dd c1  25 86 bb 68  71 14 52 19
Aug 26 18:34:02.777029: |   ea c1 97 cb  5c 81 cd 96  61 62 0c 2d  d8 f1 44 4d
Aug 26 18:34:02.777031: |   40 37 d8 92  cb 7c 29 6b  dd e9 bb ef  7c 40 5e 2a
Aug 26 18:34:02.777032: |   6d f2 47 a8  45 bd bf aa  52 db 8f e4  c3 fd 53 18
Aug 26 18:34:02.777034: |   f6 8a 4f e4  5b 5b e8 86  5c 02 72 c6  bf 3f 46 9f
Aug 26 18:34:02.777035: |   87 c0 6b 85  fc 33 36 45  e3 aa 68 7c  20 c3 11 18
Aug 26 18:34:02.777037: |   45 4d 8a 8c  24 22 3b d0  49 f9 74 fe  de
Aug 26 18:34:02.777040: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 18:34:02.777042: | **parse ISAKMP Message:
Aug 26 18:34:02.777044: |    initiator cookie:
Aug 26 18:34:02.777046: |   b8 89 6f 25  5d 59 0f 4a
Aug 26 18:34:02.777047: |    responder cookie:
Aug 26 18:34:02.777049: |   14 e0 1a 45  c1 22 4c 09
Aug 26 18:34:02.777051: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Aug 26 18:34:02.777052: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:34:02.777054: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Aug 26 18:34:02.777056: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 18:34:02.777058: |    Message ID: 1 (0x1)
Aug 26 18:34:02.777059: |    length: 365 (0x16d)
Aug 26 18:34:02.777061: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Aug 26 18:34:02.777064: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request 
Aug 26 18:34:02.777067: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa)
Aug 26 18:34:02.777071: | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 18:34:02.777073: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 18:34:02.777076: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Aug 26 18:34:02.777078: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
Aug 26 18:34:02.777081: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0
Aug 26 18:34:02.777083: | unpacking clear payload
Aug 26 18:34:02.777084: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Aug 26 18:34:02.777086: | ***parse IKEv2 Encryption Payload:
Aug 26 18:34:02.777088: |    next payload type: ISAKMP_NEXT_v2IDi (0x23)
Aug 26 18:34:02.777090: |    flags: none (0x0)
Aug 26 18:34:02.777091: |    length: 337 (0x151)
Aug 26 18:34:02.777093: | processing payload: ISAKMP_NEXT_v2SK (len=333)
Aug 26 18:34:02.777096: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1
Aug 26 18:34:02.777098: | #1 in state PARENT_R1: received v2I1, sent v2R1
Aug 26 18:34:02.777100: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED)
Aug 26 18:34:02.777102: | Now let's proceed with state specific processing
Aug 26 18:34:02.777104: | calling processor Responder: process IKE_AUTH request (no SKEYSEED)
Aug 26 18:34:02.777110: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2
Aug 26 18:34:02.777113: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16
Aug 26 18:34:02.777116: | adding ikev2_inI2outR2 KE work-order 2 for state #1
Aug 26 18:34:02.777118: | state #1 requesting EVENT_SO_DISCARD to be deleted
Aug 26 18:34:02.777121: | libevent_free: release ptr-libevent@0x55fc3efa27b8
Aug 26 18:34:02.777124: | free_event_entry: release EVENT_SO_DISCARD-pe@0x55fc3ef9d448
Aug 26 18:34:02.777128: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55fc3ef9d448
Aug 26 18:34:02.777131: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Aug 26 18:34:02.777134: | libevent_malloc: new ptr-libevent@0x7fa640002888 size 128
Aug 26 18:34:02.777144: |   #1 spent 0.0325 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet()
Aug 26 18:34:02.777149: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:34:02.777152: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND
Aug 26 18:34:02.777150: | crypto helper 0 resuming
Aug 26 18:34:02.777160: | suspending state #1 and saving MD
Aug 26 18:34:02.777169: | crypto helper 0 starting work-order 2 for state #1
Aug 26 18:34:02.777171: | #1 is busy; has a suspended MD
Aug 26 18:34:02.777177: | crypto helper 0 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2
Aug 26 18:34:02.777181: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269)
Aug 26 18:34:02.777185: | "east" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451
Aug 26 18:34:02.777189: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 18:34:02.777194: | #1 spent 0.194 milliseconds in ikev2_process_packet()
Aug 26 18:34:02.777198: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 18:34:02.777201: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 18:34:02.777204: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 18:34:02.777207: | spent 0.208 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 18:34:02.778176: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4
Aug 26 18:34:02.778644: | crypto helper 0 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001466 seconds
Aug 26 18:34:02.778656: | (#1) spent 1.45 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr)
Aug 26 18:34:02.778660: | crypto helper 0 sending results from work-order 2 for state #1 to event queue
Aug 26 18:34:02.778663: | scheduling resume sending helper answer for #1
Aug 26 18:34:02.778667: | libevent_malloc: new ptr-libevent@0x7fa638000f48 size 128
Aug 26 18:34:02.778677: | crypto helper 0 waiting (nothing to do)
Aug 26 18:34:02.778713: | processing resume sending helper answer for #1
Aug 26 18:34:02.778722: | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Aug 26 18:34:02.778726: | crypto helper 0 replies to request ID 2
Aug 26 18:34:02.778728: | calling continuation function 0x55fc3e350b50
Aug 26 18:34:02.778730: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2
Aug 26 18:34:02.778747: | #1 in state PARENT_R1: received v2I1, sent v2R1
Aug 26 18:34:02.778758: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success
Aug 26 18:34:02.778760: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi)
Aug 26 18:34:02.778763: | **parse IKEv2 Identification - Initiator - Payload:
Aug 26 18:34:02.778766: |    next payload type: ISAKMP_NEXT_v2IDr (0x24)
Aug 26 18:34:02.778769: |    flags: none (0x0)
Aug 26 18:34:02.778771: |    length: 12 (0xc)
Aug 26 18:34:02.778774: |    ID type: ID_FQDN (0x2)
Aug 26 18:34:02.778776: | processing payload: ISAKMP_NEXT_v2IDi (len=4)
Aug 26 18:34:02.778778: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr)
Aug 26 18:34:02.778781: | **parse IKEv2 Identification - Responder - Payload:
Aug 26 18:34:02.778783: |    next payload type: ISAKMP_NEXT_v2AUTH (0x27)
Aug 26 18:34:02.778785: |    flags: none (0x0)
Aug 26 18:34:02.778787: |    length: 12 (0xc)
Aug 26 18:34:02.778792: |    ID type: ID_FQDN (0x2)
Aug 26 18:34:02.778794: | processing payload: ISAKMP_NEXT_v2IDr (len=4)
Aug 26 18:34:02.778796: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH)
Aug 26 18:34:02.778799: | **parse IKEv2 Authentication Payload:
Aug 26 18:34:02.778801: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 18:34:02.778803: |    flags: none (0x0)
Aug 26 18:34:02.778805: |    length: 72 (0x48)
Aug 26 18:34:02.778808: |    auth method: IKEv2_AUTH_SHARED (0x2)
Aug 26 18:34:02.778810: | processing payload: ISAKMP_NEXT_v2AUTH (len=64)
Aug 26 18:34:02.778812: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Aug 26 18:34:02.778814: | **parse IKEv2 Security Association Payload:
Aug 26 18:34:02.778816: |    next payload type: ISAKMP_NEXT_v2TSi (0x2c)
Aug 26 18:34:02.778819: |    flags: none (0x0)
Aug 26 18:34:02.778821: |    length: 164 (0xa4)
Aug 26 18:34:02.778823: | processing payload: ISAKMP_NEXT_v2SA (len=160)
Aug 26 18:34:02.778825: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi)
Aug 26 18:34:02.778827: | **parse IKEv2 Traffic Selector - Initiator - Payload:
Aug 26 18:34:02.778830: |    next payload type: ISAKMP_NEXT_v2TSr (0x2d)
Aug 26 18:34:02.778832: |    flags: none (0x0)
Aug 26 18:34:02.778834: |    length: 24 (0x18)
Aug 26 18:34:02.778837: |    number of TS: 1 (0x1)
Aug 26 18:34:02.778839: | processing payload: ISAKMP_NEXT_v2TSi (len=16)
Aug 26 18:34:02.778842: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr)
Aug 26 18:34:02.778844: | **parse IKEv2 Traffic Selector - Responder - Payload:
Aug 26 18:34:02.778847: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:34:02.778849: |    flags: none (0x0)
Aug 26 18:34:02.778852: |    length: 24 (0x18)
Aug 26 18:34:02.778854: |    number of TS: 1 (0x1)
Aug 26 18:34:02.778856: | processing payload: ISAKMP_NEXT_v2TSr (len=16)
Aug 26 18:34:02.778859: | selected state microcode Responder: process IKE_AUTH request
Aug 26 18:34:02.778862: | Now let's proceed with state specific processing
Aug 26 18:34:02.778864: | calling processor Responder: process IKE_AUTH request
Aug 26 18:34:02.778870: "east" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr}
Aug 26 18:34:02.778877: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669)
Aug 26 18:34:02.778881: | received IDr payload - extracting our alleged ID
Aug 26 18:34:02.778884: | refine_host_connection for IKEv2: starting with "east"
Aug 26 18:34:02.778889: |    match_id a=@west
Aug 26 18:34:02.778892: |             b=@west
Aug 26 18:34:02.778894: |    results  matched
Aug 26 18:34:02.778898: | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0))
Aug 26 18:34:02.778901: | Warning: not switching back to template of current instance
Aug 26 18:34:02.778904: | Peer expects us to be @east (ID_FQDN) according to its IDr payload
Aug 26 18:34:02.778907: | This connection's local id is @east (ID_FQDN)
Aug 26 18:34:02.778911: | refine_host_connection: checked east against east, now for see if best
Aug 26 18:34:02.778915: | started looking for secret for @east->@west of kind PKK_PSK
Aug 26 18:34:02.778918: | actually looking for secret for @east->@west of kind PKK_PSK
Aug 26 18:34:02.778922: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Aug 26 18:34:02.778925: | 1: compared key @east to @east / @west -> 010
Aug 26 18:34:02.778928: | 2: compared key @west to @east / @west -> 014
Aug 26 18:34:02.778931: | line 1: match=014
Aug 26 18:34:02.778935: | match 014 beats previous best_match 000 match=0x55fc3eef4b58 (line=1)
Aug 26 18:34:02.778938: | concluding with best_match=014 best=0x55fc3eef4b58 (lineno=1)
Aug 26 18:34:02.778940: | returning because exact peer id match
Aug 26 18:34:02.778944: | offered CA: '%none'
Aug 26 18:34:02.778947: "east" #1: IKEv2 mode peer ID is ID_FQDN: '@west'
Aug 26 18:34:02.778972: | verifying AUTH payload
Aug 26 18:34:02.778977: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret
Aug 26 18:34:02.778982: | started looking for secret for @east->@west of kind PKK_PSK
Aug 26 18:34:02.778986: | actually looking for secret for @east->@west of kind PKK_PSK
Aug 26 18:34:02.778989: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Aug 26 18:34:02.778992: | 1: compared key @east to @east / @west -> 010
Aug 26 18:34:02.778996: | 2: compared key @west to @east / @west -> 014
Aug 26 18:34:02.778999: | line 1: match=014
Aug 26 18:34:02.779002: | match 014 beats previous best_match 000 match=0x55fc3eef4b58 (line=1)
Aug 26 18:34:02.779004: | concluding with best_match=014 best=0x55fc3eef4b58 (lineno=1)
Aug 26 18:34:02.779071: "east" #1: Authenticated using authby=secret
Aug 26 18:34:02.779077: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA)
Aug 26 18:34:02.779082: | #1 will start re-keying in 3598 seconds with margin of 2 seconds (attempting re-key)
Aug 26 18:34:02.779086: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Aug 26 18:34:02.779090: | libevent_free: release ptr-libevent@0x7fa640002888
Aug 26 18:34:02.779093: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55fc3ef9d448
Aug 26 18:34:02.779096: | event_schedule: new EVENT_SA_REKEY-pe@0x55fc3ef9d448
Aug 26 18:34:02.779100: | inserting event EVENT_SA_REKEY, timeout in 3598 seconds for #1
Aug 26 18:34:02.779103: | libevent_malloc: new ptr-libevent@0x55fc3efa27b8 size 128
Aug 26 18:34:02.779199: | pstats #1 ikev2.ike established
Aug 26 18:34:02.779207: | **emit ISAKMP Message:
Aug 26 18:34:02.779210: |    initiator cookie:
Aug 26 18:34:02.779212: |   b8 89 6f 25  5d 59 0f 4a
Aug 26 18:34:02.779215: |    responder cookie:
Aug 26 18:34:02.779217: |   14 e0 1a 45  c1 22 4c 09
Aug 26 18:34:02.779220: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 18:34:02.779223: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:34:02.779226: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Aug 26 18:34:02.779229: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 18:34:02.779232: |    Message ID: 1 (0x1)
Aug 26 18:34:02.779235: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 18:34:02.779238: | IKEv2 CERT: send a certificate?
Aug 26 18:34:02.779242: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK
Aug 26 18:34:02.779245: | ***emit IKEv2 Encryption Payload:
Aug 26 18:34:02.779248: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:34:02.779250: |    flags: none (0x0)
Aug 26 18:34:02.779254: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Aug 26 18:34:02.779257: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Aug 26 18:34:02.779260: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Aug 26 18:34:02.779270: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Aug 26 18:34:02.779285: | ****emit IKEv2 Identification - Responder - Payload:
Aug 26 18:34:02.779293: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:34:02.779300: |    flags: none (0x0)
Aug 26 18:34:02.779302: |    ID type: ID_FQDN (0x2)
Aug 26 18:34:02.779306: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr)
Aug 26 18:34:02.779309: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet'
Aug 26 18:34:02.779313: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload
Aug 26 18:34:02.779315: | my identity  65 61 73 74
Aug 26 18:34:02.779330: | emitting length of IKEv2 Identification - Responder - Payload: 12
Aug 26 18:34:02.779338: | assembled IDr payload
Aug 26 18:34:02.779341: | CHILD SA proposals received
Aug 26 18:34:02.779344: | going to assemble AUTH payload
Aug 26 18:34:02.779347: | ****emit IKEv2 Authentication Payload:
Aug 26 18:34:02.779349: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 18:34:02.779354: |    flags: none (0x0)
Aug 26 18:34:02.779357: |    auth method: IKEv2_AUTH_SHARED (0x2)
Aug 26 18:34:02.779360: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA
Aug 26 18:34:02.779363: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH)
Aug 26 18:34:02.779366: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet'
Aug 26 18:34:02.779369: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret
Aug 26 18:34:02.779372: | started looking for secret for @east->@west of kind PKK_PSK
Aug 26 18:34:02.779375: | actually looking for secret for @east->@west of kind PKK_PSK
Aug 26 18:34:02.779378: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Aug 26 18:34:02.779382: | 1: compared key @east to @east / @west -> 010
Aug 26 18:34:02.779384: | 2: compared key @west to @east / @west -> 014
Aug 26 18:34:02.779387: | line 1: match=014
Aug 26 18:34:02.779390: | match 014 beats previous best_match 000 match=0x55fc3eef4b58 (line=1)
Aug 26 18:34:02.779393: | concluding with best_match=014 best=0x55fc3eef4b58 (lineno=1)
Aug 26 18:34:02.779466: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload
Aug 26 18:34:02.779471: | PSK auth  04 40 ff 64  1d cb 8b 76  88 74 97 87  ad b5 4d cb
Aug 26 18:34:02.779474: | PSK auth  7a ef de 26  e9 cb b8 b3  37 b3 d0 a2  06 49 ee 7c
Aug 26 18:34:02.779477: | PSK auth  a7 c5 ee 73  fd d5 6f bc  32 3f 52 bc  79 88 5b 88
Aug 26 18:34:02.779479: | PSK auth  e7 6e 3f be  8c 38 38 7e  2a 9d 48 a3  12 ee 8a de
Aug 26 18:34:02.779482: | emitting length of IKEv2 Authentication Payload: 72
Aug 26 18:34:02.779487: | creating state object #2 at 0x55fc3efa34d8
Aug 26 18:34:02.779491: | State DB: adding IKEv2 state #2 in UNDEFINED
Aug 26 18:34:02.779496: | pstats #2 ikev2.child started
Aug 26 18:34:02.779499: | duplicating state object #1 "east" as #2 for IPSEC SA
Aug 26 18:34:02.779505: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484)
Aug 26 18:34:02.779512: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1
Aug 26 18:34:02.779517: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1
Aug 26 18:34:02.779522: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1
Aug 26 18:34:02.779525: | Child SA TS Request has ike->sa == md->st; so using parent connection
Aug 26 18:34:02.779529: | TSi: parsing 1 traffic selectors
Aug 26 18:34:02.779532: | ***parse IKEv2 Traffic Selector:
Aug 26 18:34:02.779536: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 18:34:02.779539: |    IP Protocol ID: 0 (0x0)
Aug 26 18:34:02.779542: |    length: 16 (0x10)
Aug 26 18:34:02.779545: |    start port: 0 (0x0)
Aug 26 18:34:02.779548: |    end port: 65535 (0xffff)
Aug 26 18:34:02.779551: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Aug 26 18:34:02.779554: | TS low  c0 00 01 00
Aug 26 18:34:02.779557: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Aug 26 18:34:02.779559: | TS high  c0 00 01 ff
Aug 26 18:34:02.779562: | TSi: parsed 1 traffic selectors
Aug 26 18:34:02.779565: | TSr: parsing 1 traffic selectors
Aug 26 18:34:02.779568: | ***parse IKEv2 Traffic Selector:
Aug 26 18:34:02.779570: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 18:34:02.779572: |    IP Protocol ID: 0 (0x0)
Aug 26 18:34:02.779575: |    length: 16 (0x10)
Aug 26 18:34:02.779577: |    start port: 0 (0x0)
Aug 26 18:34:02.779580: |    end port: 65535 (0xffff)
Aug 26 18:34:02.779583: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Aug 26 18:34:02.779586: | TS low  c0 00 02 00
Aug 26 18:34:02.779591: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Aug 26 18:34:02.779594: | TS high  c0 00 02 ff
Aug 26 18:34:02.779597: | TSr: parsed 1 traffic selectors
Aug 26 18:34:02.779599: | looking for best SPD in current connection
Aug 26 18:34:02.779606: | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their:
Aug 26 18:34:02.779612: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:34:02.779619: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 18:34:02.779623: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 18:34:02.779626: |           TSi[0] port match: YES fitness 65536
Aug 26 18:34:02.779629: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 18:34:02.779632: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 18:34:02.779637: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:34:02.779644: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Aug 26 18:34:02.779647: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Aug 26 18:34:02.779650: |           TSr[0] port match: YES fitness 65536
Aug 26 18:34:02.779653: |         narrow protocol end=*0 == TSr[0]=*0: 0
Aug 26 18:34:02.779657: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Aug 26 18:34:02.779659: | best fit so far: TSi[0] TSr[0]
Aug 26 18:34:02.779662: |     found better spd route for TSi[0],TSr[0]
Aug 26 18:34:02.779664: | looking for better host pair
Aug 26 18:34:02.779670: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 18:34:02.779675: |   checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found
Aug 26 18:34:02.779678: |   investigating connection "east" as a better match
Aug 26 18:34:02.779681: |    match_id a=@west
Aug 26 18:34:02.779683: |             b=@west
Aug 26 18:34:02.779686: |    results  matched
Aug 26 18:34:02.779691: | evaluating our conn="east" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their:
Aug 26 18:34:02.779695: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:34:02.779701: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 18:34:02.779705: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 18:34:02.779707: |           TSi[0] port match: YES fitness 65536
Aug 26 18:34:02.779710: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 18:34:02.779713: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 18:34:02.779717: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:34:02.779723: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Aug 26 18:34:02.779726: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Aug 26 18:34:02.779729: |           TSr[0] port match: YES fitness 65536
Aug 26 18:34:02.779731: |         narrow protocol end=*0 == TSr[0]=*0: 0
Aug 26 18:34:02.779734: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Aug 26 18:34:02.779736: | best fit so far: TSi[0] TSr[0]
Aug 26 18:34:02.779739: |   did not find a better connection using host pair
Aug 26 18:34:02.779742: | printing contents struct traffic_selector
Aug 26 18:34:02.779744: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Aug 26 18:34:02.779747: |   ipprotoid: 0
Aug 26 18:34:02.779749: |   port range: 0-65535
Aug 26 18:34:02.779753: |   ip range: 192.0.2.0-192.0.2.255
Aug 26 18:34:02.779755: | printing contents struct traffic_selector
Aug 26 18:34:02.779758: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Aug 26 18:34:02.779760: |   ipprotoid: 0
Aug 26 18:34:02.779763: |   port range: 0-65535
Aug 26 18:34:02.779767: |   ip range: 192.0.1.0-192.0.1.255
Aug 26 18:34:02.779771: | constructing ESP/AH proposals with all DH removed  for east (IKE_AUTH responder matching remote ESP/AH proposals)
Aug 26 18:34:02.779782: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Aug 26 18:34:02.779787: | ...  ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED
Aug 26 18:34:02.779789: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Aug 26 18:34:02.779792: | ...  ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED
Aug 26 18:34:02.779794: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Aug 26 18:34:02.779796: | ...  ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 18:34:02.779798: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Aug 26 18:34:02.779801: | ...  ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 18:34:02.779806: "east": constructed local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 18:34:02.779808: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals
Aug 26 18:34:02.779812: | local proposal 1 type ENCR has 1 transforms
Aug 26 18:34:02.779814: | local proposal 1 type PRF has 0 transforms
Aug 26 18:34:02.779815: | local proposal 1 type INTEG has 1 transforms
Aug 26 18:34:02.779817: | local proposal 1 type DH has 1 transforms
Aug 26 18:34:02.779819: | local proposal 1 type ESN has 1 transforms
Aug 26 18:34:02.779821: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH
Aug 26 18:34:02.779822: | local proposal 2 type ENCR has 1 transforms
Aug 26 18:34:02.779824: | local proposal 2 type PRF has 0 transforms
Aug 26 18:34:02.779826: | local proposal 2 type INTEG has 1 transforms
Aug 26 18:34:02.779827: | local proposal 2 type DH has 1 transforms
Aug 26 18:34:02.779829: | local proposal 2 type ESN has 1 transforms
Aug 26 18:34:02.779831: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH
Aug 26 18:34:02.779832: | local proposal 3 type ENCR has 1 transforms
Aug 26 18:34:02.779834: | local proposal 3 type PRF has 0 transforms
Aug 26 18:34:02.779836: | local proposal 3 type INTEG has 2 transforms
Aug 26 18:34:02.779837: | local proposal 3 type DH has 1 transforms
Aug 26 18:34:02.779839: | local proposal 3 type ESN has 1 transforms
Aug 26 18:34:02.779841: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH
Aug 26 18:34:02.779842: | local proposal 4 type ENCR has 1 transforms
Aug 26 18:34:02.779844: | local proposal 4 type PRF has 0 transforms
Aug 26 18:34:02.779845: | local proposal 4 type INTEG has 2 transforms
Aug 26 18:34:02.779847: | local proposal 4 type DH has 1 transforms
Aug 26 18:34:02.779849: | local proposal 4 type ESN has 1 transforms
Aug 26 18:34:02.779850: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH
Aug 26 18:34:02.779853: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:34:02.779855: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:34:02.779856: |    length: 32 (0x20)
Aug 26 18:34:02.779858: |    prop #: 1 (0x1)
Aug 26 18:34:02.779860: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:34:02.779861: |    spi size: 4 (0x4)
Aug 26 18:34:02.779863: |    # transforms: 2 (0x2)
Aug 26 18:34:02.779865: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:34:02.779866: | remote SPI  35 67 97 a5
Aug 26 18:34:02.779868: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals
Aug 26 18:34:02.779870: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.779872: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.779874: |    length: 12 (0xc)
Aug 26 18:34:02.779875: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:34:02.779879: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:34:02.779881: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:34:02.779883: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:34:02.779884: |    length/value: 256 (0x100)
Aug 26 18:34:02.779887: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Aug 26 18:34:02.779889: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.779891: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:34:02.779892: |    length: 8 (0x8)
Aug 26 18:34:02.779894: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:34:02.779895: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:34:02.779898: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0
Aug 26 18:34:02.779900: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0
Aug 26 18:34:02.779902: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0
Aug 26 18:34:02.779903: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0
Aug 26 18:34:02.779906: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none
Aug 26 18:34:02.779908: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN
Aug 26 18:34:02.779910: | remote proposal 1 matches local proposal 1
Aug 26 18:34:02.779912: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:34:02.779914: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:34:02.779915: |    length: 32 (0x20)
Aug 26 18:34:02.779917: |    prop #: 2 (0x2)
Aug 26 18:34:02.779918: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:34:02.779920: |    spi size: 4 (0x4)
Aug 26 18:34:02.779921: |    # transforms: 2 (0x2)
Aug 26 18:34:02.779923: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:34:02.779925: | remote SPI  35 67 97 a5
Aug 26 18:34:02.779927: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:34:02.779929: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.779930: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.779932: |    length: 12 (0xc)
Aug 26 18:34:02.779933: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:34:02.779935: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:34:02.779937: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:34:02.779938: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:34:02.779940: |    length/value: 128 (0x80)
Aug 26 18:34:02.779942: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.779943: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:34:02.779945: |    length: 8 (0x8)
Aug 26 18:34:02.779946: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:34:02.779948: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:34:02.779950: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN
Aug 26 18:34:02.779952: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN
Aug 26 18:34:02.779954: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:34:02.779955: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:34:02.779957: |    length: 48 (0x30)
Aug 26 18:34:02.779958: |    prop #: 3 (0x3)
Aug 26 18:34:02.779960: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:34:02.779961: |    spi size: 4 (0x4)
Aug 26 18:34:02.779963: |    # transforms: 4 (0x4)
Aug 26 18:34:02.779965: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:34:02.779966: | remote SPI  35 67 97 a5
Aug 26 18:34:02.779968: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:34:02.779970: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.779972: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.779974: |    length: 12 (0xc)
Aug 26 18:34:02.779976: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:34:02.779978: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 18:34:02.779979: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:34:02.779981: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:34:02.779983: |    length/value: 256 (0x100)
Aug 26 18:34:02.779984: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.779986: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.779988: |    length: 8 (0x8)
Aug 26 18:34:02.779989: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:34:02.779991: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 18:34:02.779993: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.779994: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.779996: |    length: 8 (0x8)
Aug 26 18:34:02.779997: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:34:02.779999: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 18:34:02.780001: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.780002: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:34:02.780004: |    length: 8 (0x8)
Aug 26 18:34:02.780006: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:34:02.780007: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:34:02.780009: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Aug 26 18:34:02.780011: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Aug 26 18:34:02.780013: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:34:02.780015: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 18:34:02.780016: |    length: 48 (0x30)
Aug 26 18:34:02.780018: |    prop #: 4 (0x4)
Aug 26 18:34:02.780019: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:34:02.780021: |    spi size: 4 (0x4)
Aug 26 18:34:02.780022: |    # transforms: 4 (0x4)
Aug 26 18:34:02.780024: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:34:02.780026: | remote SPI  35 67 97 a5
Aug 26 18:34:02.780027: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:34:02.780029: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.780031: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.780032: |    length: 12 (0xc)
Aug 26 18:34:02.780034: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:34:02.780035: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 18:34:02.780037: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:34:02.780039: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:34:02.780040: |    length/value: 128 (0x80)
Aug 26 18:34:02.780042: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.780044: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.780045: |    length: 8 (0x8)
Aug 26 18:34:02.780047: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:34:02.780049: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 18:34:02.780050: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.780052: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.780053: |    length: 8 (0x8)
Aug 26 18:34:02.780055: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:34:02.780057: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 18:34:02.780058: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.780060: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:34:02.780061: |    length: 8 (0x8)
Aug 26 18:34:02.780063: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:34:02.780065: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:34:02.780067: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Aug 26 18:34:02.780069: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Aug 26 18:34:02.780072: "east" #1: proposal 1:ESP:SPI=356797a5;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED
Aug 26 18:34:02.780076: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=356797a5;ENCR=AES_GCM_C_256;ESN=DISABLED
Aug 26 18:34:02.780078: | converting proposal to internal trans attrs
Aug 26 18:34:02.780339: | netlink_get_spi: allocated 0xbc9a55de for esp.0@192.1.2.23
Aug 26 18:34:02.780345: | Emitting ikev2_proposal ...
Aug 26 18:34:02.780347: | ****emit IKEv2 Security Association Payload:
Aug 26 18:34:02.780349: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:34:02.780351: |    flags: none (0x0)
Aug 26 18:34:02.780353: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Aug 26 18:34:02.780355: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Aug 26 18:34:02.780357: | *****emit IKEv2 Proposal Substructure Payload:
Aug 26 18:34:02.780359: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 18:34:02.780360: |    prop #: 1 (0x1)
Aug 26 18:34:02.780362: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:34:02.780363: |    spi size: 4 (0x4)
Aug 26 18:34:02.780365: |    # transforms: 2 (0x2)
Aug 26 18:34:02.780367: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Aug 26 18:34:02.780369: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Aug 26 18:34:02.780371: | our spi  bc 9a 55 de
Aug 26 18:34:02.780373: | ******emit IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.780374: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.780376: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:34:02.780378: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:34:02.780380: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:34:02.780381: | *******emit IKEv2 Attribute Substructure Payload:
Aug 26 18:34:02.780383: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:34:02.780385: |    length/value: 256 (0x100)
Aug 26 18:34:02.780387: | emitting length of IKEv2 Transform Substructure Payload: 12
Aug 26 18:34:02.780390: | ******emit IKEv2 Transform Substructure Payload:
Aug 26 18:34:02.780393: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:34:02.780395: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:34:02.780397: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:34:02.780401: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:34:02.780404: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:34:02.780407: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 18:34:02.780409: | emitting length of IKEv2 Proposal Substructure Payload: 32
Aug 26 18:34:02.780412: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Aug 26 18:34:02.780415: | emitting length of IKEv2 Security Association Payload: 36
Aug 26 18:34:02.780418: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Aug 26 18:34:02.780421: | ****emit IKEv2 Traffic Selector - Initiator - Payload:
Aug 26 18:34:02.780424: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:34:02.780427: |    flags: none (0x0)
Aug 26 18:34:02.780429: |    number of TS: 1 (0x1)
Aug 26 18:34:02.780433: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi)
Aug 26 18:34:02.780438: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet'
Aug 26 18:34:02.780441: | *****emit IKEv2 Traffic Selector:
Aug 26 18:34:02.780444: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 18:34:02.780447: |    IP Protocol ID: 0 (0x0)
Aug 26 18:34:02.780449: |    start port: 0 (0x0)
Aug 26 18:34:02.780452: |    end port: 65535 (0xffff)
Aug 26 18:34:02.780456: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector
Aug 26 18:34:02.780459: | ipv4 start  c0 00 01 00
Aug 26 18:34:02.780462: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector
Aug 26 18:34:02.780464: | ipv4 end  c0 00 01 ff
Aug 26 18:34:02.780467: | emitting length of IKEv2 Traffic Selector: 16
Aug 26 18:34:02.780470: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24
Aug 26 18:34:02.780473: | ****emit IKEv2 Traffic Selector - Responder - Payload:
Aug 26 18:34:02.780475: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:34:02.780478: |    flags: none (0x0)
Aug 26 18:34:02.780481: |    number of TS: 1 (0x1)
Aug 26 18:34:02.780484: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr)
Aug 26 18:34:02.780488: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet'
Aug 26 18:34:02.780491: | *****emit IKEv2 Traffic Selector:
Aug 26 18:34:02.780493: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 18:34:02.780496: |    IP Protocol ID: 0 (0x0)
Aug 26 18:34:02.780499: |    start port: 0 (0x0)
Aug 26 18:34:02.780502: |    end port: 65535 (0xffff)
Aug 26 18:34:02.780505: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector
Aug 26 18:34:02.780507: | ipv4 start  c0 00 02 00
Aug 26 18:34:02.780510: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector
Aug 26 18:34:02.780512: | ipv4 end  c0 00 02 ff
Aug 26 18:34:02.780515: | emitting length of IKEv2 Traffic Selector: 16
Aug 26 18:34:02.780518: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24
Aug 26 18:34:02.780521: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Aug 26 18:34:02.780525: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36
Aug 26 18:34:02.780694: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established
Aug 26 18:34:02.780704: |     #1 spent 1.82 milliseconds
Aug 26 18:34:02.780708: | install_ipsec_sa() for #2: inbound and outbound
Aug 26 18:34:02.780710: | could_route called for east (kind=CK_PERMANENT)
Aug 26 18:34:02.780713: | FOR_EACH_CONNECTION_... in route_owner
Aug 26 18:34:02.780716: |  conn east mark 0/00000000, 0/00000000 vs
Aug 26 18:34:02.780719: |  conn east mark 0/00000000, 0/00000000
Aug 26 18:34:02.780722: | route owner of "east" unrouted: NULL; eroute owner: NULL
Aug 26 18:34:02.780726: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Aug 26 18:34:02.780729: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Aug 26 18:34:02.780732: | AES_GCM_16 requires 4 salt bytes
Aug 26 18:34:02.780735: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Aug 26 18:34:02.780739: | setting IPsec SA replay-window to 32
Aug 26 18:34:02.780742: | NIC esp-hw-offload not for connection 'east' not available on interface eth1
Aug 26 18:34:02.780745: | netlink: enabling tunnel mode
Aug 26 18:34:02.780748: | netlink: setting IPsec SA replay-window to 32 using old-style req
Aug 26 18:34:02.780751: | netlink: esp-hw-offload not set for IPsec SA
Aug 26 18:34:02.780821: | netlink response for Add SA esp.356797a5@192.1.2.45 included non-error error
Aug 26 18:34:02.780827: | set up outgoing SA, ref=0/0
Aug 26 18:34:02.780830: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Aug 26 18:34:02.780834: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Aug 26 18:34:02.780838: | AES_GCM_16 requires 4 salt bytes
Aug 26 18:34:02.780842: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Aug 26 18:34:02.780845: | setting IPsec SA replay-window to 32
Aug 26 18:34:02.780848: | NIC esp-hw-offload not for connection 'east' not available on interface eth1
Aug 26 18:34:02.780851: | netlink: enabling tunnel mode
Aug 26 18:34:02.780854: | netlink: setting IPsec SA replay-window to 32 using old-style req
Aug 26 18:34:02.780857: | netlink: esp-hw-offload not set for IPsec SA
Aug 26 18:34:02.780898: | netlink response for Add SA esp.bc9a55de@192.1.2.23 included non-error error
Aug 26 18:34:02.780904: | priority calculation of connection "east" is 0xfe7e7
Aug 26 18:34:02.780911: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute)
Aug 26 18:34:02.780915: | IPsec Sa SPD priority set to 1042407
Aug 26 18:34:02.780940: | raw_eroute result=success
Aug 26 18:34:02.780945: | set up incoming SA, ref=0/0
Aug 26 18:34:02.780948: | sr for #2: unrouted
Aug 26 18:34:02.780951: | route_and_eroute() for proto 0, and source port 0 dest port 0
Aug 26 18:34:02.780954: | FOR_EACH_CONNECTION_... in route_owner
Aug 26 18:34:02.780957: |  conn east mark 0/00000000, 0/00000000 vs
Aug 26 18:34:02.780960: |  conn east mark 0/00000000, 0/00000000
Aug 26 18:34:02.780964: | route owner of "east" unrouted: NULL; eroute owner: NULL
Aug 26 18:34:02.780967: | route_and_eroute with c: east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2
Aug 26 18:34:02.780971: | priority calculation of connection "east" is 0xfe7e7
Aug 26 18:34:02.780978: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute)
Aug 26 18:34:02.780981: | IPsec Sa SPD priority set to 1042407
Aug 26 18:34:02.780996: | raw_eroute result=success
Aug 26 18:34:02.781000: | running updown command "ipsec _updown" for verb up 
Aug 26 18:34:02.781004: | command executing up-client
Aug 26 18:34:02.781034: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x356797a5 SPI_OUT=0xbc9
Aug 26 18:34:02.781038: | popen cmd is 1020 chars long
Aug 26 18:34:02.781041: | cmd(   0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA:
Aug 26 18:34:02.781045: | cmd(  80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' :
Aug 26 18:34:02.781048: | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M:
Aug 26 18:34:02.781050: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638:
Aug 26 18:34:02.781053: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_:
Aug 26 18:34:02.781055: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=':
Aug 26 18:34:02.781058: | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT:
Aug 26 18:34:02.781061: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE:
Aug 26 18:34:02.781066: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO:
Aug 26 18:34:02.781070: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN:
Aug 26 18:34:02.781073: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_:
Aug 26 18:34:02.781076: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=:
Aug 26 18:34:02.781078: | cmd( 960):'no' SPI_IN=0x356797a5 SPI_OUT=0xbc9a55de ipsec _updown 2>&1:
Aug 26 18:34:02.789469: | route_and_eroute: firewall_notified: true
Aug 26 18:34:02.789493: | running updown command "ipsec _updown" for verb prepare 
Aug 26 18:34:02.789498: | command executing prepare-client
Aug 26 18:34:02.789530: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x356797a5 SPI
Aug 26 18:34:02.789535: | popen cmd is 1025 chars long
Aug 26 18:34:02.789539: | cmd(   0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_IN:
Aug 26 18:34:02.789542: | cmd(  80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@e:
Aug 26 18:34:02.789545: | cmd( 160):ast' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLI:
Aug 26 18:34:02.789547: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=:
Aug 26 18:34:02.789550: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_:
Aug 26 18:34:02.789552: | cmd( 400):PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_M:
Aug 26 18:34:02.789555: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='':
Aug 26 18:34:02.789558: | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF:
Aug 26 18:34:02.789562: | cmd( 640):S+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' :
Aug 26 18:34:02.789564: | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D:
Aug 26 18:34:02.789567: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P:
Aug 26 18:34:02.789570: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH:
Aug 26 18:34:02.789573: | cmd( 960):ARED='no' SPI_IN=0x356797a5 SPI_OUT=0xbc9a55de ipsec _updown 2>&1:
Aug 26 18:34:02.797560: | running updown command "ipsec _updown" for verb route 
Aug 26 18:34:02.797577: | command executing route-client
Aug 26 18:34:02.797601: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x356797a5 SPI_OUT
Aug 26 18:34:02.797607: | popen cmd is 1023 chars long
Aug 26 18:34:02.797609: | cmd(   0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTE:
Aug 26 18:34:02.797611: | cmd(  80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@eas:
Aug 26 18:34:02.797613: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIEN:
Aug 26 18:34:02.797614: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1:
Aug 26 18:34:02.797616: | cmd( 320):6388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PE:
Aug 26 18:34:02.797617: | cmd( 400):ER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MAS:
Aug 26 18:34:02.797619: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P:
Aug 26 18:34:02.797621: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+:
Aug 26 18:34:02.797622: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL:
Aug 26 18:34:02.797624: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS:
Aug 26 18:34:02.797625: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU:
Aug 26 18:34:02.797627: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR:
Aug 26 18:34:02.797629: | cmd( 960):ED='no' SPI_IN=0x356797a5 SPI_OUT=0xbc9a55de ipsec _updown 2>&1:
Aug 26 18:34:02.809280: | route_and_eroute: instance "east", setting eroute_owner {spd=0x55fc3ef9b748,sr=0x55fc3ef9b748} to #2 (was #0) (newest_ipsec_sa=#0)
Aug 26 18:34:02.809713: |     #1 spent 2.17 milliseconds in install_ipsec_sa()
Aug 26 18:34:02.809726: | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1
Aug 26 18:34:02.809732: | adding 1 bytes of padding (including 1 byte padding-length)
Aug 26 18:34:02.809737: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Aug 26 18:34:02.809742: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Aug 26 18:34:02.809745: | emitting length of IKEv2 Encryption Payload: 197
Aug 26 18:34:02.809748: | emitting length of ISAKMP Message: 225
Aug 26 18:34:02.809785: | ikev2_parent_inI2outR2_continue_tail returned STF_OK
Aug 26 18:34:02.809792: |   #1 spent 4.07 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet()
Aug 26 18:34:02.809801: | suspend processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:34:02.809807: | start processing: state #2 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:34:02.809812: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK
Aug 26 18:34:02.809816: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R
Aug 26 18:34:02.809820: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA)
Aug 26 18:34:02.809824: | Message ID: updating counters for #2 to 1 after switching state
Aug 26 18:34:02.809831: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1
Aug 26 18:34:02.809836: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1
Aug 26 18:34:02.809843: | pstats #2 ikev2.child established
Aug 26 18:34:02.809853: "east" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0]
Aug 26 18:34:02.809857: | NAT-T: encaps is 'auto'
Aug 26 18:34:02.809862: "east" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x356797a5 <0xbc9a55de xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive}
Aug 26 18:34:02.809868: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Aug 26 18:34:02.809876: | sending 225 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Aug 26 18:34:02.809880: |   b8 89 6f 25  5d 59 0f 4a  14 e0 1a 45  c1 22 4c 09
Aug 26 18:34:02.809882: |   2e 20 23 20  00 00 00 01  00 00 00 e1  24 00 00 c5
Aug 26 18:34:02.809885: |   c3 8d af 28  59 2c 95 df  12 64 7e 14  c9 3d 31 cc
Aug 26 18:34:02.809888: |   67 e6 47 a2  17 50 b8 6c  4d d6 9a bc  ce ce 22 54
Aug 26 18:34:02.809890: |   af 78 13 bc  a6 01 3e 6f  d7 21 a2 ae  b3 ca 13 7f
Aug 26 18:34:02.809893: |   e5 04 fa d1  91 4f c8 a9  06 a4 31 c7  0c 45 3d ff
Aug 26 18:34:02.809895: |   5d 7e 7a ee  bd 9e 57 e1  71 7d 9d c4  f8 6d 96 e9
Aug 26 18:34:02.809898: |   83 63 65 ca  35 d4 a4 6e  11 10 71 b5  5d 9f a9 40
Aug 26 18:34:02.809901: |   df 57 72 fd  96 1d 49 cd  85 36 20 ac  f6 6a a5 82
Aug 26 18:34:02.809903: |   f1 b7 be ba  9a 60 3b 93  87 47 0a 53  a9 a5 d9 01
Aug 26 18:34:02.809906: |   7d 75 96 61  dc 2b 42 1f  83 e9 b6 bf  b2 39 4d c6
Aug 26 18:34:02.809908: |   07 9e 6f 60  71 33 04 50  05 a2 ef 6e  24 09 6d 53
Aug 26 18:34:02.809911: |   b7 47 85 e9  b8 98 5f df  32 53 08 f5  30 0d 8e 29
Aug 26 18:34:02.809914: |   0f 1d 67 08  43 54 90 bb  fd 84 5a fe  ef 1e 11 31
Aug 26 18:34:02.809916: |   dc
Aug 26 18:34:02.809962: | releasing whack for #2 (sock=fd@-1)
Aug 26 18:34:02.809966: | releasing whack and unpending for parent #1
Aug 26 18:34:02.809970: | unpending state #1 connection "east"
Aug 26 18:34:02.809975: | #2 will start re-keying in 28798 seconds with margin of 2 seconds (attempting re-key)
Aug 26 18:34:02.809979: | event_schedule: new EVENT_SA_REKEY-pe@0x7fa640002b78
Aug 26 18:34:02.809983: | inserting event EVENT_SA_REKEY, timeout in 28798 seconds for #2
Aug 26 18:34:02.809987: | libevent_malloc: new ptr-libevent@0x55fc3efa3428 size 128
Aug 26 18:34:02.810004: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Aug 26 18:34:02.810011: | #1 spent 4.41 milliseconds in resume sending helper answer
Aug 26 18:34:02.810017: | stop processing: state #2 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Aug 26 18:34:02.810023: | libevent_free: release ptr-libevent@0x7fa638000f48
Aug 26 18:34:02.810038: | processing signal PLUTO_SIGCHLD
Aug 26 18:34:02.810044: | waitpid returned ECHILD (no child processes left)
Aug 26 18:34:02.810049: | spent 0.00562 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 18:34:02.810052: | processing signal PLUTO_SIGCHLD
Aug 26 18:34:02.810056: | waitpid returned ECHILD (no child processes left)
Aug 26 18:34:02.810060: | spent 0.0037 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 18:34:02.810063: | processing signal PLUTO_SIGCHLD
Aug 26 18:34:02.810067: | waitpid returned ECHILD (no child processes left)
Aug 26 18:34:02.810071: | spent 0.0038 milliseconds in signal handler PLUTO_SIGCHLD