Aug 26 18:33:00.355287: FIPS Product: YES
Aug 26 18:33:00.355404: FIPS Kernel: NO
Aug 26 18:33:00.355407: FIPS Mode: NO
Aug 26 18:33:00.355408: NSS DB directory: sql:/etc/ipsec.d
Aug 26 18:33:00.355532: Initializing NSS
Aug 26 18:33:00.355536: Opening NSS database "sql:/etc/ipsec.d" read-only
Aug 26 18:33:00.385058: NSS initialized
Aug 26 18:33:00.385070: NSS crypto library initialized
Aug 26 18:33:00.385073: FIPS HMAC integrity support [enabled]
Aug 26 18:33:00.385074: FIPS mode disabled for pluto daemon
Aug 26 18:33:00.411790: FIPS HMAC integrity verification self-test FAILED
Aug 26 18:33:00.412161: libcap-ng support [enabled]
Aug 26 18:33:00.412169: Linux audit support [enabled]
Aug 26 18:33:00.412452: Linux audit activated
Aug 26 18:33:00.412461: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:25291
Aug 26 18:33:00.412463: core dump dir: /var/tmp
Aug 26 18:33:00.412465: secrets file: /etc/ipsec.secrets
Aug 26 18:33:00.412466: leak-detective enabled
Aug 26 18:33:00.412468: NSS crypto [enabled]
Aug 26 18:33:00.412469: XAUTH PAM support [enabled]
Aug 26 18:33:00.412533: | libevent is using pluto's memory allocator
Aug 26 18:33:00.412538: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Aug 26 18:33:00.412551: | libevent_malloc: new ptr-libevent@0x557387fad5a8 size 40
Aug 26 18:33:00.412557: | libevent_malloc: new ptr-libevent@0x557387fa8cd8 size 40
Aug 26 18:33:00.412559: | libevent_malloc: new ptr-libevent@0x557387fa8dd8 size 40
Aug 26 18:33:00.412560: | creating event base
Aug 26 18:33:00.412562: | libevent_malloc: new ptr-libevent@0x55738802d618 size 56
Aug 26 18:33:00.412566: | libevent_malloc: new ptr-libevent@0x557387fd1d18 size 664
Aug 26 18:33:00.412574: | libevent_malloc: new ptr-libevent@0x55738802d688 size 24
Aug 26 18:33:00.412576: | libevent_malloc: new ptr-libevent@0x55738802d6d8 size 384
Aug 26 18:33:00.412583: | libevent_malloc: new ptr-libevent@0x55738802d5d8 size 16
Aug 26 18:33:00.412585: | libevent_malloc: new ptr-libevent@0x557387fa8908 size 40
Aug 26 18:33:00.412587: | libevent_malloc: new ptr-libevent@0x557387fa8d38 size 48
Aug 26 18:33:00.412590: | libevent_realloc: new ptr-libevent@0x557387fd19a8 size 256
Aug 26 18:33:00.412592: | libevent_malloc: new ptr-libevent@0x55738802d888 size 16
Aug 26 18:33:00.412596: | libevent_free: release ptr-libevent@0x55738802d618
Aug 26 18:33:00.412599: | libevent initialized
Aug 26 18:33:00.412601: | libevent_realloc: new ptr-libevent@0x55738802d618 size 64
Aug 26 18:33:00.412605: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds
Aug 26 18:33:00.412616: | init_nat_traversal() initialized with keep_alive=0s
Aug 26 18:33:00.412618: NAT-Traversal support  [enabled]
Aug 26 18:33:00.412620: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
Aug 26 18:33:00.412626: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized
Aug 26 18:33:00.412628: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
Aug 26 18:33:00.412657: | global one-shot timer EVENT_REVIVE_CONNS initialized
Aug 26 18:33:00.412659: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
Aug 26 18:33:00.412661: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds
Aug 26 18:33:00.412695: Encryption algorithms:
Aug 26 18:33:00.412700:   AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
Aug 26 18:33:00.412703:   AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
Aug 26 18:33:00.412705:   AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
Aug 26 18:33:00.412707:   3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
Aug 26 18:33:00.412710:   CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
Aug 26 18:33:00.412717:   CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
Aug 26 18:33:00.412720:   AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
Aug 26 18:33:00.412722:   AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
Aug 26 18:33:00.412724:   AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
Aug 26 18:33:00.412727:   AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
Aug 26 18:33:00.412729:   AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
Aug 26 18:33:00.412732:   SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
Aug 26 18:33:00.412734:   TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
Aug 26 18:33:00.412736:   TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
Aug 26 18:33:00.412739:   NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_gmac
Aug 26 18:33:00.412741:   NULL                    IKEv1:     ESP     IKEv2:     ESP           []
Aug 26 18:33:00.412743:   CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
Aug 26 18:33:00.412750: Hash algorithms:
Aug 26 18:33:00.412752:   MD5                     IKEv1: IKE         IKEv2:                 
Aug 26 18:33:00.412754:   SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
Aug 26 18:33:00.412756:   SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
Aug 26 18:33:00.412758:   SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
Aug 26 18:33:00.412760:   SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
Aug 26 18:33:00.412769: PRF algorithms:
Aug 26 18:33:00.412771:   HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
Aug 26 18:33:00.412773:   HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
Aug 26 18:33:00.412775:   HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
Aug 26 18:33:00.412777:   HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
Aug 26 18:33:00.412779:   HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
Aug 26 18:33:00.412781:   AES_XCBC                IKEv1:             IKEv2: IKE               aes128_xcbc
Aug 26 18:33:00.412797: Integrity algorithms:
Aug 26 18:33:00.412799:   HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
Aug 26 18:33:00.412801:   HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
Aug 26 18:33:00.412804:   HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, sha2_512_256, hmac_sha2_512
Aug 26 18:33:00.412806:   HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, sha2_384_192, hmac_sha2_384
Aug 26 18:33:00.412808:   HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Aug 26 18:33:00.412810:   HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH      
Aug 26 18:33:00.412812:   AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH        aes_xcbc, aes128_xcbc, aes128_xcbc_96
Aug 26 18:33:00.412814:   AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
Aug 26 18:33:00.412816:   NONE                    IKEv1:     ESP     IKEv2: IKE ESP     FIPS  null
Aug 26 18:33:00.412824: DH algorithms:
Aug 26 18:33:00.412826:   NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
Aug 26 18:33:00.412828:   MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
Aug 26 18:33:00.412829:   MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
Aug 26 18:33:00.412833:   MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
Aug 26 18:33:00.412835:   MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
Aug 26 18:33:00.412837:   MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
Aug 26 18:33:00.412838:   MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
Aug 26 18:33:00.412840:   DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256, ecp256
Aug 26 18:33:00.412842:   DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384, ecp384
Aug 26 18:33:00.412844:   DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521, ecp521
Aug 26 18:33:00.412846:   DH31                    IKEv1: IKE         IKEv2: IKE ESP AH        curve25519
Aug 26 18:33:00.412848: testing CAMELLIA_CBC:
Aug 26 18:33:00.412850:   Camellia: 16 bytes with 128-bit key
Aug 26 18:33:00.412956:   Camellia: 16 bytes with 128-bit key
Aug 26 18:33:00.412975:   Camellia: 16 bytes with 256-bit key
Aug 26 18:33:00.412993:   Camellia: 16 bytes with 256-bit key
Aug 26 18:33:00.413011: testing AES_GCM_16:
Aug 26 18:33:00.413013:   empty string
Aug 26 18:33:00.413034:   one block
Aug 26 18:33:00.413051:   two blocks
Aug 26 18:33:00.413067:   two blocks with associated data
Aug 26 18:33:00.413083: testing AES_CTR:
Aug 26 18:33:00.413085:   Encrypting 16 octets using AES-CTR with 128-bit key
Aug 26 18:33:00.413102:   Encrypting 32 octets using AES-CTR with 128-bit key
Aug 26 18:33:00.413120:   Encrypting 36 octets using AES-CTR with 128-bit key
Aug 26 18:33:00.413138:   Encrypting 16 octets using AES-CTR with 192-bit key
Aug 26 18:33:00.413154:   Encrypting 32 octets using AES-CTR with 192-bit key
Aug 26 18:33:00.413171:   Encrypting 36 octets using AES-CTR with 192-bit key
Aug 26 18:33:00.413188:   Encrypting 16 octets using AES-CTR with 256-bit key
Aug 26 18:33:00.413205:   Encrypting 32 octets using AES-CTR with 256-bit key
Aug 26 18:33:00.413223:   Encrypting 36 octets using AES-CTR with 256-bit key
Aug 26 18:33:00.413240: testing AES_CBC:
Aug 26 18:33:00.413242:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Aug 26 18:33:00.413258:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Aug 26 18:33:00.413276:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Aug 26 18:33:00.413301:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Aug 26 18:33:00.413327: testing AES_XCBC:
Aug 26 18:33:00.413342:   RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input
Aug 26 18:33:00.413417:   RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input
Aug 26 18:33:00.413496:   RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input
Aug 26 18:33:00.413568:   RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input
Aug 26 18:33:00.413642:   RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input
Aug 26 18:33:00.413716:   RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input
Aug 26 18:33:00.413792:   RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input
Aug 26 18:33:00.413958:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Aug 26 18:33:00.414034:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Aug 26 18:33:00.414114:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Aug 26 18:33:00.414254: testing HMAC_MD5:
Aug 26 18:33:00.414257:   RFC 2104: MD5_HMAC test 1
Aug 26 18:33:00.414399:   RFC 2104: MD5_HMAC test 2
Aug 26 18:33:00.414521:   RFC 2104: MD5_HMAC test 3
Aug 26 18:33:00.414673: 8 CPU cores online
Aug 26 18:33:00.414676: starting up 7 crypto helpers
Aug 26 18:33:00.414706: started thread for crypto helper 0
Aug 26 18:33:00.414723: started thread for crypto helper 1
Aug 26 18:33:00.414754: | starting up helper thread 0
Aug 26 18:33:00.414762: | starting up helper thread 1
Aug 26 18:33:00.414763: started thread for crypto helper 2
Aug 26 18:33:00.414777: | status value returned by setting the priority of this thread (crypto helper 1) 22
Aug 26 18:33:00.414770: | status value returned by setting the priority of this thread (crypto helper 0) 22
Aug 26 18:33:00.414784: | crypto helper 1 waiting (nothing to do)
Aug 26 18:33:00.414767: | starting up helper thread 2
Aug 26 18:33:00.414794: | status value returned by setting the priority of this thread (crypto helper 2) 22
Aug 26 18:33:00.414799: started thread for crypto helper 3
Aug 26 18:33:00.414794: | crypto helper 0 waiting (nothing to do)
Aug 26 18:33:00.414831: started thread for crypto helper 4
Aug 26 18:33:00.414829: | starting up helper thread 3
Aug 26 18:33:00.414838: | starting up helper thread 4
Aug 26 18:33:00.414829: | crypto helper 2 waiting (nothing to do)
Aug 26 18:33:00.414841: | status value returned by setting the priority of this thread (crypto helper 3) 22
Aug 26 18:33:00.414869: | starting up helper thread 5
Aug 26 18:33:00.414864: | status value returned by setting the priority of this thread (crypto helper 4) 22
Aug 26 18:33:00.414881: | crypto helper 3 waiting (nothing to do)
Aug 26 18:33:00.414865: started thread for crypto helper 5
Aug 26 18:33:00.414882: | status value returned by setting the priority of this thread (crypto helper 5) 22
Aug 26 18:33:00.414893: | crypto helper 4 waiting (nothing to do)
Aug 26 18:33:00.414921: | crypto helper 5 waiting (nothing to do)
Aug 26 18:33:00.414927: started thread for crypto helper 6
Aug 26 18:33:00.414933: | checking IKEv1 state table
Aug 26 18:33:00.414938: |   MAIN_R0: category: half-open IKE SA flags: 0:
Aug 26 18:33:00.414940: |     -> MAIN_R1 EVENT_SO_DISCARD
Aug 26 18:33:00.414942: |   MAIN_I1: category: half-open IKE SA flags: 0:
Aug 26 18:33:00.414943: |     -> MAIN_I2 EVENT_RETRANSMIT
Aug 26 18:33:00.414945: |   MAIN_R1: category: open IKE SA flags: 200:
Aug 26 18:33:00.414947: |     -> MAIN_R2 EVENT_RETRANSMIT
Aug 26 18:33:00.414948: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 18:33:00.414950: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 18:33:00.414951: |   MAIN_I2: category: open IKE SA flags: 0:
Aug 26 18:33:00.414953: |     -> MAIN_I3 EVENT_RETRANSMIT
Aug 26 18:33:00.414954: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 18:33:00.414956: |     -> UNDEFINED EVENT_RETRANSMIT
Aug 26 18:33:00.414957: |   MAIN_R2: category: open IKE SA flags: 0:
Aug 26 18:33:00.414959: |     -> MAIN_R3 EVENT_SA_REPLACE
Aug 26 18:33:00.414960: |     -> MAIN_R3 EVENT_SA_REPLACE
Aug 26 18:33:00.414962: |     -> UNDEFINED EVENT_SA_REPLACE
Aug 26 18:33:00.414963: |   MAIN_I3: category: open IKE SA flags: 0:
Aug 26 18:33:00.414965: |     -> MAIN_I4 EVENT_SA_REPLACE
Aug 26 18:33:00.414966: |     -> MAIN_I4 EVENT_SA_REPLACE
Aug 26 18:33:00.414968: |     -> UNDEFINED EVENT_SA_REPLACE
Aug 26 18:33:00.414969: |   MAIN_R3: category: established IKE SA flags: 200:
Aug 26 18:33:00.414971: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:00.414973: |   MAIN_I4: category: established IKE SA flags: 0:
Aug 26 18:33:00.414974: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:00.414976: |   AGGR_R0: category: half-open IKE SA flags: 0:
Aug 26 18:33:00.414977: |     -> AGGR_R1 EVENT_SO_DISCARD
Aug 26 18:33:00.414979: |   AGGR_I1: category: half-open IKE SA flags: 0:
Aug 26 18:33:00.414980: |     -> AGGR_I2 EVENT_SA_REPLACE
Aug 26 18:33:00.414982: |     -> AGGR_I2 EVENT_SA_REPLACE
Aug 26 18:33:00.414983: |   AGGR_R1: category: open IKE SA flags: 200:
Aug 26 18:33:00.414985: |     -> AGGR_R2 EVENT_SA_REPLACE
Aug 26 18:33:00.414986: |     -> AGGR_R2 EVENT_SA_REPLACE
Aug 26 18:33:00.414988: |   AGGR_I2: category: established IKE SA flags: 200:
Aug 26 18:33:00.414989: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:00.414991: |   AGGR_R2: category: established IKE SA flags: 0:
Aug 26 18:33:00.414992: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:00.414994: |   QUICK_R0: category: established CHILD SA flags: 0:
Aug 26 18:33:00.414996: |     -> QUICK_R1 EVENT_RETRANSMIT
Aug 26 18:33:00.414997: |   QUICK_I1: category: established CHILD SA flags: 0:
Aug 26 18:33:00.414999: |     -> QUICK_I2 EVENT_SA_REPLACE
Aug 26 18:33:00.415001: |   QUICK_R1: category: established CHILD SA flags: 0:
Aug 26 18:33:00.415004: |     -> QUICK_R2 EVENT_SA_REPLACE
Aug 26 18:33:00.415006: |   QUICK_I2: category: established CHILD SA flags: 200:
Aug 26 18:33:00.415008: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:00.415009: |   QUICK_R2: category: established CHILD SA flags: 0:
Aug 26 18:33:00.415011: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:00.415012: |   INFO: category: informational flags: 0:
Aug 26 18:33:00.415014: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:00.415016: |   INFO_PROTECTED: category: informational flags: 0:
Aug 26 18:33:00.415017: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:00.415019: |   XAUTH_R0: category: established IKE SA flags: 0:
Aug 26 18:33:00.415020: |     -> XAUTH_R1 EVENT_NULL
Aug 26 18:33:00.415022: |   XAUTH_R1: category: established IKE SA flags: 0:
Aug 26 18:33:00.415023: |     -> MAIN_R3 EVENT_SA_REPLACE
Aug 26 18:33:00.415025: |   MODE_CFG_R0: category: informational flags: 0:
Aug 26 18:33:00.415027: |     -> MODE_CFG_R1 EVENT_SA_REPLACE
Aug 26 18:33:00.415028: |   MODE_CFG_R1: category: established IKE SA flags: 0:
Aug 26 18:33:00.415030: |     -> MODE_CFG_R2 EVENT_SA_REPLACE
Aug 26 18:33:00.415031: |   MODE_CFG_R2: category: established IKE SA flags: 0:
Aug 26 18:33:00.415033: |     -> UNDEFINED EVENT_NULL
Aug 26 18:33:00.415035: |   MODE_CFG_I1: category: established IKE SA flags: 0:
Aug 26 18:33:00.415036: |     -> MAIN_I4 EVENT_SA_REPLACE
Aug 26 18:33:00.415038: |   XAUTH_I0: category: established IKE SA flags: 0:
Aug 26 18:33:00.415039: |     -> XAUTH_I1 EVENT_RETRANSMIT
Aug 26 18:33:00.415041: |   XAUTH_I1: category: established IKE SA flags: 0:
Aug 26 18:33:00.415042: |     -> MAIN_I4 EVENT_RETRANSMIT
Aug 26 18:33:00.415047: | checking IKEv2 state table
Aug 26 18:33:00.415051: |   PARENT_I0: category: ignore flags: 0:
Aug 26 18:33:00.415053: |     -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT)
Aug 26 18:33:00.415055: |   PARENT_I1: category: half-open IKE SA flags: 0:
Aug 26 18:33:00.415057: |     -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification)
Aug 26 18:33:00.415058: |     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH)
Aug 26 18:33:00.415060: |   PARENT_I2: category: open IKE SA flags: 0:
Aug 26 18:33:00.415062: |     -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification)
Aug 26 18:33:00.415064: |     -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification)
Aug 26 18:33:00.415066: |     -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification)
Aug 26 18:33:00.415067: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response)
Aug 26 18:33:00.415069: |     -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification)
Aug 26 18:33:00.415071: |   PARENT_I3: category: established IKE SA flags: 0:
Aug 26 18:33:00.415072: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Request)
Aug 26 18:33:00.415074: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Response)
Aug 26 18:33:00.415076: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request)
Aug 26 18:33:00.415077: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response)
Aug 26 18:33:00.415079: |   PARENT_R0: category: half-open IKE SA flags: 0:
Aug 26 18:33:00.415081: |     -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT)
Aug 26 18:33:00.415082: |   PARENT_R1: category: half-open IKE SA flags: 0:
Aug 26 18:33:00.415084: |     -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED))
Aug 26 18:33:00.415086: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request)
Aug 26 18:33:00.415088: |   PARENT_R2: category: established IKE SA flags: 0:
Aug 26 18:33:00.415089: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request)
Aug 26 18:33:00.415091: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response)
Aug 26 18:33:00.415093: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request)
Aug 26 18:33:00.415096: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response)
Aug 26 18:33:00.415097: |   V2_CREATE_I0: category: established IKE SA flags: 0:
Aug 26 18:33:00.415099: |     -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA)
Aug 26 18:33:00.415101: |   V2_CREATE_I: category: established IKE SA flags: 0:
Aug 26 18:33:00.415103: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response)
Aug 26 18:33:00.415104: |   V2_REKEY_IKE_I0: category: established IKE SA flags: 0:
Aug 26 18:33:00.415106: |     -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey)
Aug 26 18:33:00.415108: |   V2_REKEY_IKE_I: category: established IKE SA flags: 0:
Aug 26 18:33:00.415110: |     -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response)
Aug 26 18:33:00.415112: |   V2_REKEY_CHILD_I0: category: established IKE SA flags: 0:
Aug 26 18:33:00.415113: |     -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA)
Aug 26 18:33:00.415115: |   V2_REKEY_CHILD_I: category: established IKE SA flags: 0: <none>
Aug 26 18:33:00.415117: |   V2_CREATE_R: category: established IKE SA flags: 0:
Aug 26 18:33:00.415119: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request)
Aug 26 18:33:00.415120: |   V2_REKEY_IKE_R: category: established IKE SA flags: 0:
Aug 26 18:33:00.415122: |     -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey)
Aug 26 18:33:00.415124: |   V2_REKEY_CHILD_R: category: established IKE SA flags: 0: <none>
Aug 26 18:33:00.415126: |   V2_IPSEC_I: category: established CHILD SA flags: 0: <none>
Aug 26 18:33:00.415127: |   V2_IPSEC_R: category: established CHILD SA flags: 0: <none>
Aug 26 18:33:00.415129: |   IKESA_DEL: category: established IKE SA flags: 0:
Aug 26 18:33:00.415131: |     -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
Aug 26 18:33:00.415133: |   CHILDSA_DEL: category: informational flags: 0: <none>
Aug 26 18:33:00.415180: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64
Aug 26 18:33:00.415495: | Hard-wiring algorithms
Aug 26 18:33:00.415501: | adding AES_CCM_16 to kernel algorithm db
Aug 26 18:33:00.415504: | adding AES_CCM_12 to kernel algorithm db
Aug 26 18:33:00.415506: | adding AES_CCM_8 to kernel algorithm db
Aug 26 18:33:00.415508: | adding 3DES_CBC to kernel algorithm db
Aug 26 18:33:00.415509: | adding CAMELLIA_CBC to kernel algorithm db
Aug 26 18:33:00.415511: | adding AES_GCM_16 to kernel algorithm db
Aug 26 18:33:00.415512: | adding AES_GCM_12 to kernel algorithm db
Aug 26 18:33:00.415514: | adding AES_GCM_8 to kernel algorithm db
Aug 26 18:33:00.415516: | adding AES_CTR to kernel algorithm db
Aug 26 18:33:00.415517: | adding AES_CBC to kernel algorithm db
Aug 26 18:33:00.415519: | adding SERPENT_CBC to kernel algorithm db
Aug 26 18:33:00.415520: | adding TWOFISH_CBC to kernel algorithm db
Aug 26 18:33:00.415522: | adding NULL_AUTH_AES_GMAC to kernel algorithm db
Aug 26 18:33:00.415524: | adding NULL to kernel algorithm db
Aug 26 18:33:00.415525: | adding CHACHA20_POLY1305 to kernel algorithm db
Aug 26 18:33:00.415527: | adding HMAC_MD5_96 to kernel algorithm db
Aug 26 18:33:00.415529: | adding HMAC_SHA1_96 to kernel algorithm db
Aug 26 18:33:00.415530: | adding HMAC_SHA2_512_256 to kernel algorithm db
Aug 26 18:33:00.415532: | adding HMAC_SHA2_384_192 to kernel algorithm db
Aug 26 18:33:00.415533: | adding HMAC_SHA2_256_128 to kernel algorithm db
Aug 26 18:33:00.415535: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
Aug 26 18:33:00.415537: | adding AES_XCBC_96 to kernel algorithm db
Aug 26 18:33:00.415538: | adding AES_CMAC_96 to kernel algorithm db
Aug 26 18:33:00.415540: | adding NONE to kernel algorithm db
Aug 26 18:33:00.415554: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes
Aug 26 18:33:00.415558: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
Aug 26 18:33:00.415560: | setup kernel fd callback
Aug 26 18:33:00.415564: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x557388032228
Aug 26 18:33:00.415568: | libevent_malloc: new ptr-libevent@0x5573880166a8 size 128
Aug 26 18:33:00.415570: | libevent_malloc: new ptr-libevent@0x557388032338 size 16
Aug 26 18:33:00.415575: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x557388032d68
Aug 26 18:33:00.415576: | libevent_malloc: new ptr-libevent@0x557387fd4bb8 size 128
Aug 26 18:33:00.415578: | libevent_malloc: new ptr-libevent@0x557388032d28 size 16
Aug 26 18:33:00.415715: | global one-shot timer EVENT_CHECK_CRLS initialized
Aug 26 18:33:00.415721: selinux support is enabled.
Aug 26 18:33:00.416166: | unbound context created - setting debug level to 5
Aug 26 18:33:00.416186: | /etc/hosts lookups activated
Aug 26 18:33:00.416196: | /etc/resolv.conf usage activated
Aug 26 18:33:00.416234: | outgoing-port-avoid set 0-65535
Aug 26 18:33:00.416251: | outgoing-port-permit set 32768-60999
Aug 26 18:33:00.416253: | Loading dnssec root key from:/var/lib/unbound/root.key
Aug 26 18:33:00.416255: | No additional dnssec trust anchors defined via dnssec-trusted= option
Aug 26 18:33:00.416257: | Setting up events, loop start
Aug 26 18:33:00.416259: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x557388032dd8
Aug 26 18:33:00.416261: | libevent_malloc: new ptr-libevent@0x55738803efe8 size 128
Aug 26 18:33:00.416263: | libevent_malloc: new ptr-libevent@0x55738804a2b8 size 16
Aug 26 18:33:00.416267: | libevent_realloc: new ptr-libevent@0x55738804a2f8 size 256
Aug 26 18:33:00.416269: | libevent_malloc: new ptr-libevent@0x55738804a428 size 8
Aug 26 18:33:00.416273: | libevent_realloc: new ptr-libevent@0x557387fd34c8 size 144
Aug 26 18:33:00.416274: | libevent_malloc: new ptr-libevent@0x557387fdd6c8 size 152
Aug 26 18:33:00.416277: | libevent_malloc: new ptr-libevent@0x55738804a468 size 16
Aug 26 18:33:00.416279: | signal event handler PLUTO_SIGCHLD installed
Aug 26 18:33:00.416281: | libevent_malloc: new ptr-libevent@0x55738804a4a8 size 8
Aug 26 18:33:00.416283: | libevent_malloc: new ptr-libevent@0x557387fcab08 size 152
Aug 26 18:33:00.416285: | signal event handler PLUTO_SIGTERM installed
Aug 26 18:33:00.416286: | libevent_malloc: new ptr-libevent@0x55738804a4e8 size 8
Aug 26 18:33:00.416292: | libevent_malloc: new ptr-libevent@0x557387fd5318 size 152
Aug 26 18:33:00.416294: | signal event handler PLUTO_SIGHUP installed
Aug 26 18:33:00.416296: | libevent_malloc: new ptr-libevent@0x55738804a528 size 8
Aug 26 18:33:00.416298: | libevent_realloc: release ptr-libevent@0x557387fd34c8
Aug 26 18:33:00.416300: | libevent_realloc: new ptr-libevent@0x55738804a568 size 256
Aug 26 18:33:00.416301: | libevent_malloc: new ptr-libevent@0x55738804a698 size 152
Aug 26 18:33:00.416303: | signal event handler PLUTO_SIGSYS installed
Aug 26 18:33:00.416343: | starting up helper thread 6
Aug 26 18:33:00.416360: | status value returned by setting the priority of this thread (crypto helper 6) 22
Aug 26 18:33:00.416599: | created addconn helper (pid:25329) using fork+execve
Aug 26 18:33:00.416611: | forked child 25329
Aug 26 18:33:00.416623: | crypto helper 6 waiting (nothing to do)
Aug 26 18:33:00.416666: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:00.416888: listening for IKE messages
Aug 26 18:33:00.417253: | Inspecting interface lo 
Aug 26 18:33:00.417263: | found lo with address 127.0.0.1
Aug 26 18:33:00.417267: | Inspecting interface eth0 
Aug 26 18:33:00.417271: | found eth0 with address 192.0.2.254
Aug 26 18:33:00.417275: | Inspecting interface eth1 
Aug 26 18:33:00.417280: | found eth1 with address 192.1.2.23
Aug 26 18:33:00.418928: Kernel supports NIC esp-hw-offload
Aug 26 18:33:00.418954: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500
Aug 26 18:33:00.419024: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 18:33:00.419028: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 18:33:00.419031: adding interface eth1/eth1 192.1.2.23:4500
Aug 26 18:33:00.419064: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500
Aug 26 18:33:00.419080: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 18:33:00.419083: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 18:33:00.419086: adding interface eth0/eth0 192.0.2.254:4500
Aug 26 18:33:00.419109: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
Aug 26 18:33:00.419124: | NAT-Traversal: Trying sockopt style NAT-T
Aug 26 18:33:00.419127: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Aug 26 18:33:00.419129: adding interface lo/lo 127.0.0.1:4500
Aug 26 18:33:00.419201: | no interfaces to sort
Aug 26 18:33:00.419205: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Aug 26 18:33:00.419211: | add_fd_read_event_handler: new ethX-pe@0x55738804aae8
Aug 26 18:33:00.419213: | libevent_malloc: new ptr-libevent@0x55738803ef38 size 128
Aug 26 18:33:00.419216: | libevent_malloc: new ptr-libevent@0x55738804ab58 size 16
Aug 26 18:33:00.419223: | setup callback for interface lo 127.0.0.1:4500 fd 22
Aug 26 18:33:00.419225: | add_fd_read_event_handler: new ethX-pe@0x55738804ab98
Aug 26 18:33:00.419227: | libevent_malloc: new ptr-libevent@0x557387fd4b08 size 128
Aug 26 18:33:00.419229: | libevent_malloc: new ptr-libevent@0x55738804ac08 size 16
Aug 26 18:33:00.419232: | setup callback for interface lo 127.0.0.1:500 fd 21
Aug 26 18:33:00.419234: | add_fd_read_event_handler: new ethX-pe@0x55738804ac48
Aug 26 18:33:00.419237: | libevent_malloc: new ptr-libevent@0x557387fd2108 size 128
Aug 26 18:33:00.419239: | libevent_malloc: new ptr-libevent@0x55738804acb8 size 16
Aug 26 18:33:00.419244: | setup callback for interface eth0 192.0.2.254:4500 fd 20
Aug 26 18:33:00.419247: | add_fd_read_event_handler: new ethX-pe@0x55738804acf8
Aug 26 18:33:00.419251: | libevent_malloc: new ptr-libevent@0x557387fd5178 size 128
Aug 26 18:33:00.419254: | libevent_malloc: new ptr-libevent@0x55738804ad68 size 16
Aug 26 18:33:00.419258: | setup callback for interface eth0 192.0.2.254:500 fd 19
Aug 26 18:33:00.419259: | add_fd_read_event_handler: new ethX-pe@0x55738804ada8
Aug 26 18:33:00.419262: | libevent_malloc: new ptr-libevent@0x557387faeb78 size 128
Aug 26 18:33:00.419264: | libevent_malloc: new ptr-libevent@0x55738804ae18 size 16
Aug 26 18:33:00.419267: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Aug 26 18:33:00.419268: | add_fd_read_event_handler: new ethX-pe@0x55738804ae58
Aug 26 18:33:00.419271: | libevent_malloc: new ptr-libevent@0x557387fa91d8 size 128
Aug 26 18:33:00.419273: | libevent_malloc: new ptr-libevent@0x55738804aec8 size 16
Aug 26 18:33:00.419276: | setup callback for interface eth1 192.1.2.23:500 fd 17
Aug 26 18:33:00.419279: | certs and keys locked by 'free_preshared_secrets'
Aug 26 18:33:00.419281: | certs and keys unlocked by 'free_preshared_secrets'
Aug 26 18:33:00.419316: loading secrets from "/etc/ipsec.secrets"
Aug 26 18:33:00.419334: | saving Modulus
Aug 26 18:33:00.419338: | saving PublicExponent
Aug 26 18:33:00.419340: | ignoring PrivateExponent
Aug 26 18:33:00.419342: | ignoring Prime1
Aug 26 18:33:00.419344: | ignoring Prime2
Aug 26 18:33:00.419346: | ignoring Exponent1
Aug 26 18:33:00.419348: | ignoring Exponent2
Aug 26 18:33:00.419350: | ignoring Coefficient
Aug 26 18:33:00.419352: | ignoring CKAIDNSS
Aug 26 18:33:00.419384: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Aug 26 18:33:00.419386: | computed rsa CKAID  8a 82 25 f1
Aug 26 18:33:00.419389: loaded private key for keyid: PKK_RSA:AQO9bJbr3
Aug 26 18:33:00.419394: | certs and keys locked by 'process_secret'
Aug 26 18:33:00.419396: | certs and keys unlocked by 'process_secret'
Aug 26 18:33:00.419404: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:00.419411: | spent 1.18 milliseconds in whack
Aug 26 18:33:00.447055: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:00.447091: listening for IKE messages
Aug 26 18:33:00.447138: | Inspecting interface lo 
Aug 26 18:33:00.447144: | found lo with address 127.0.0.1
Aug 26 18:33:00.447147: | Inspecting interface eth0 
Aug 26 18:33:00.447150: | found eth0 with address 192.0.2.254
Aug 26 18:33:00.447151: | Inspecting interface eth1 
Aug 26 18:33:00.447154: | found eth1 with address 192.1.2.23
Aug 26 18:33:00.447208: | no interfaces to sort
Aug 26 18:33:00.447217: | libevent_free: release ptr-libevent@0x55738803ef38
Aug 26 18:33:00.447220: | free_event_entry: release EVENT_NULL-pe@0x55738804aae8
Aug 26 18:33:00.447223: | add_fd_read_event_handler: new ethX-pe@0x55738804aae8
Aug 26 18:33:00.447227: | libevent_malloc: new ptr-libevent@0x55738803ef38 size 128
Aug 26 18:33:00.447232: | setup callback for interface lo 127.0.0.1:4500 fd 22
Aug 26 18:33:00.447235: | libevent_free: release ptr-libevent@0x557387fd4b08
Aug 26 18:33:00.447237: | free_event_entry: release EVENT_NULL-pe@0x55738804ab98
Aug 26 18:33:00.447238: | add_fd_read_event_handler: new ethX-pe@0x55738804ab98
Aug 26 18:33:00.447240: | libevent_malloc: new ptr-libevent@0x557387fd4b08 size 128
Aug 26 18:33:00.447243: | setup callback for interface lo 127.0.0.1:500 fd 21
Aug 26 18:33:00.447246: | libevent_free: release ptr-libevent@0x557387fd2108
Aug 26 18:33:00.447248: | free_event_entry: release EVENT_NULL-pe@0x55738804ac48
Aug 26 18:33:00.447249: | add_fd_read_event_handler: new ethX-pe@0x55738804ac48
Aug 26 18:33:00.447251: | libevent_malloc: new ptr-libevent@0x557387fd2108 size 128
Aug 26 18:33:00.447254: | setup callback for interface eth0 192.0.2.254:4500 fd 20
Aug 26 18:33:00.447257: | libevent_free: release ptr-libevent@0x557387fd5178
Aug 26 18:33:00.447259: | free_event_entry: release EVENT_NULL-pe@0x55738804acf8
Aug 26 18:33:00.447260: | add_fd_read_event_handler: new ethX-pe@0x55738804acf8
Aug 26 18:33:00.447262: | libevent_malloc: new ptr-libevent@0x557387fd5178 size 128
Aug 26 18:33:00.447265: | setup callback for interface eth0 192.0.2.254:500 fd 19
Aug 26 18:33:00.447267: | libevent_free: release ptr-libevent@0x557387faeb78
Aug 26 18:33:00.447269: | free_event_entry: release EVENT_NULL-pe@0x55738804ada8
Aug 26 18:33:00.447271: | add_fd_read_event_handler: new ethX-pe@0x55738804ada8
Aug 26 18:33:00.447273: | libevent_malloc: new ptr-libevent@0x557387faeb78 size 128
Aug 26 18:33:00.447276: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Aug 26 18:33:00.447278: | libevent_free: release ptr-libevent@0x557387fa91d8
Aug 26 18:33:00.447280: | free_event_entry: release EVENT_NULL-pe@0x55738804ae58
Aug 26 18:33:00.447282: | add_fd_read_event_handler: new ethX-pe@0x55738804ae58
Aug 26 18:33:00.447283: | libevent_malloc: new ptr-libevent@0x557387fa91d8 size 128
Aug 26 18:33:00.447286: | setup callback for interface eth1 192.1.2.23:500 fd 17
Aug 26 18:33:00.447294: | certs and keys locked by 'free_preshared_secrets'
Aug 26 18:33:00.447300: forgetting secrets
Aug 26 18:33:00.447308: | certs and keys unlocked by 'free_preshared_secrets'
Aug 26 18:33:00.447320: loading secrets from "/etc/ipsec.secrets"
Aug 26 18:33:00.447330: | saving Modulus
Aug 26 18:33:00.447345: | saving PublicExponent
Aug 26 18:33:00.447348: | ignoring PrivateExponent
Aug 26 18:33:00.447350: | ignoring Prime1
Aug 26 18:33:00.447352: | ignoring Prime2
Aug 26 18:33:00.447368: | ignoring Exponent1
Aug 26 18:33:00.447370: | ignoring Exponent2
Aug 26 18:33:00.447372: | ignoring Coefficient
Aug 26 18:33:00.447374: | ignoring CKAIDNSS
Aug 26 18:33:00.447394: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Aug 26 18:33:00.447396: | computed rsa CKAID  8a 82 25 f1
Aug 26 18:33:00.447399: loaded private key for keyid: PKK_RSA:AQO9bJbr3
Aug 26 18:33:00.447416: | certs and keys locked by 'process_secret'
Aug 26 18:33:00.447418: | certs and keys unlocked by 'process_secret'
Aug 26 18:33:00.447439: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:00.447445: | spent 0.392 milliseconds in whack
Aug 26 18:33:00.447927: | processing signal PLUTO_SIGCHLD
Aug 26 18:33:00.447939: | waitpid returned pid 25329 (exited with status 0)
Aug 26 18:33:00.447945: | reaped addconn helper child (status 0)
Aug 26 18:33:00.447949: | waitpid returned ECHILD (no child processes left)
Aug 26 18:33:00.447952: | spent 0.0167 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 18:33:00.495478: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:00.495496: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 18:33:00.495514: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 18:33:00.495516: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 18:33:00.495517: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Aug 26 18:33:00.495520: | FOR_EACH_CONNECTION_... in conn_by_name
Aug 26 18:33:00.495526: | Added new connection westnet-eastnet-ikev2 with policy ENCRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 18:33:00.495528: | No AUTH policy was set - defaulting to RSASIG
Aug 26 18:33:00.495576: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Aug 26 18:33:00.495579: | from whack: got --esp=
Aug 26 18:33:00.495604: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Aug 26 18:33:00.495608: | counting wild cards for @west is 0
Aug 26 18:33:00.495610: | counting wild cards for @east is 0
Aug 26 18:33:00.495617: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none
Aug 26 18:33:00.495620: | new hp@0x55738804d638
Aug 26 18:33:00.495622: added connection description "westnet-eastnet-ikev2"
Aug 26 18:33:00.495629: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Aug 26 18:33:00.495651: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24
Aug 26 18:33:00.495656: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:00.495662: | spent 0.203 milliseconds in whack
Aug 26 18:33:00.495742: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:00.495754: add keyid @west
Aug 26 18:33:00.495758: | add pubkey  01 03 a6 f5  d6 3f e3 8f  6c 01 6a fc  7b 7c 6d 57
Aug 26 18:33:00.495759: | add pubkey  8b 49 39 0d  77 f7 ac e2  85 f1 98 1e  4b 6d a5 3e
Aug 26 18:33:00.495761: | add pubkey  b3 96 9a d1  99 5a bc 10  f2 97 de f2  28 f9 5f 92
Aug 26 18:33:00.495762: | add pubkey  09 f0 c8 d4  12 e4 60 6e  9c 60 98 10  01 7d 26 b7
Aug 26 18:33:00.495764: | add pubkey  8f 95 62 2d  87 dd cd de  f6 d3 8f 35  b0 50 d0 18
Aug 26 18:33:00.495766: | add pubkey  f5 99 f8 04  f1 ff 61 5b  bc 7f 1f c0  04 d8 e4 8c
Aug 26 18:33:00.495767: | add pubkey  ac 34 ad 7a  c1 da 3c 2d  8c 30 ae d6  3c 59 b1 3a
Aug 26 18:33:00.495769: | add pubkey  94 d3 d5 2a  73 91 bd 59  5f 3e 72 bf  4a 1b 9d c5
Aug 26 18:33:00.495770: | add pubkey  b2 2b 4d e7  0d 24 3e 77  f9 7f 2d d6  9d 29 ef 70
Aug 26 18:33:00.495772: | add pubkey  7d 7a 6d a2  b8 61 0c 4b  09 4a 06 71  84 70 85 9a
Aug 26 18:33:00.495773: | add pubkey  8f 52 a1 80  06 fd c6 fc  3e 27 fa 16  fa 32 83 a9
Aug 26 18:33:00.495775: | add pubkey  ca 80 db 0f  4a bf f7 e9  55 8e bd 29  4d 23 a6 dc
Aug 26 18:33:00.495776: | add pubkey  2a b3 5d 62  a9 21 1e be  83 d8 69 3c  03 0a 48 8e
Aug 26 18:33:00.495778: | add pubkey  d3 3a 11 f2  86 5a d1 30  65 bd c8 f4  83 87 ff 04
Aug 26 18:33:00.495779: | add pubkey  87 33 05 4f  e0 d8 8c fe  b3 19 4c dd  85 40 f3 4d
Aug 26 18:33:00.495781: | add pubkey  6e e8 49 14  06 2c 1f 59  59 05 8f 20  b0 ca 46 3f
Aug 26 18:33:00.495786: | add pubkey  c9 20 7e 04  30 7d 9a 80  6c 3f 0a 89  f7 d3 af d8
Aug 26 18:33:00.495788: | add pubkey  15 04 37 f9
Aug 26 18:33:00.495808: | computed rsa CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Aug 26 18:33:00.495810: | computed rsa CKAID  7f 0f 03 50
Aug 26 18:33:00.495818: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:00.495822: | spent 0.0857 milliseconds in whack
Aug 26 18:33:00.495850: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
Aug 26 18:33:00.495856: add keyid @east
Aug 26 18:33:00.495858: | add pubkey  01 03 bd 6c  96 eb df 78  89 b3 ed 77  0d a1 7f 7b
Aug 26 18:33:00.495860: | add pubkey  e5 16 c2 c9  e4 7d 92 0a  90 9d 55 43  b4 62 13 03
Aug 26 18:33:00.495861: | add pubkey  85 7a e0 26  7b 54 1f ca  09 93 cf ff  25 c9 02 4c
Aug 26 18:33:00.495863: | add pubkey  78 ca 94 e5  3e ac d1 f9  a8 e5 bb 7f  cc 20 84 e0
Aug 26 18:33:00.495864: | add pubkey  21 c9 f0 0d  c5 44 ba f3  48 64 61 58  f6 0f 63 0d
Aug 26 18:33:00.495866: | add pubkey  d2 67 1e 59  8b ec f3 50  39 71 fb 39  da 11 64 b6
Aug 26 18:33:00.495867: | add pubkey  62 cd 5f d3  8d 2e c1 50  ed 9c 6e 22  0c 39 a7 ce
Aug 26 18:33:00.495869: | add pubkey  62 b5 af 8a  80 0f 2e 4c  05 5c 82 c7  8d 29 02 2e
Aug 26 18:33:00.495870: | add pubkey  bb 23 5f db  f2 9e b5 7d  e2 20 70 1a  63 f3 8e 5d
Aug 26 18:33:00.495872: | add pubkey  ac 47 f0 5c  26 4e b1 d0  42 60 52 4a  b0 77 25 ce
Aug 26 18:33:00.495873: | add pubkey  e0 98 2b 43  f4 c7 59 1a  64 01 83 ea  4e e3 1a 2a
Aug 26 18:33:00.495875: | add pubkey  92 b8 55 ab  63 dd 4b 70  47 29 dc e9  b4 60 bf 43
Aug 26 18:33:00.495876: | add pubkey  4d 58 8f 64  73 95 70 ac  35 89 b2 c2  9c d4 62 c0
Aug 26 18:33:00.495878: | add pubkey  5f 56 5f ad  1b e5 dd 49  93 6a f5 23  82 ed d4 e7
Aug 26 18:33:00.495879: | add pubkey  d5 f1 55 f2  2d a2 26 a6  36 53 2f 94  fb 99 22 5c
Aug 26 18:33:00.495881: | add pubkey  47 cc 6d 80  30 88 96 38  0c f5 f2 ed  37 d0 09 d5
Aug 26 18:33:00.495882: | add pubkey  07 8f 69 ef  a9 99 ce 4d  1a 77 9e 39  c4 38 f3 c5
Aug 26 18:33:00.495884: | add pubkey  51 51 48 ef
Aug 26 18:33:00.495889: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Aug 26 18:33:00.495891: | computed rsa CKAID  8a 82 25 f1
Aug 26 18:33:00.495897: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Aug 26 18:33:00.495900: | spent 0.0524 milliseconds in whack
Aug 26 18:33:01.702939: | spent 0.00273 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 18:33:01.702968: | *received 828 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 18:33:01.702971: |   83 fa 44 51  3a d7 00 16  00 00 00 00  00 00 00 00
Aug 26 18:33:01.702973: |   21 20 22 08  00 00 00 00  00 00 03 3c  22 00 01 b4
Aug 26 18:33:01.702975: |   02 00 00 64  01 01 00 0b  03 00 00 0c  01 00 00 14
Aug 26 18:33:01.702976: |   80 0e 01 00  03 00 00 08  02 00 00 07  03 00 00 08
Aug 26 18:33:01.702978: |   02 00 00 05  03 00 00 08  04 00 00 0e  03 00 00 08
Aug 26 18:33:01.702979: |   04 00 00 0f  03 00 00 08  04 00 00 10  03 00 00 08
Aug 26 18:33:01.702981: |   04 00 00 12  03 00 00 08  04 00 00 13  03 00 00 08
Aug 26 18:33:01.702982: |   04 00 00 14  03 00 00 08  04 00 00 15  00 00 00 08
Aug 26 18:33:01.702984: |   04 00 00 1f  02 00 00 64  02 01 00 0b  03 00 00 0c
Aug 26 18:33:01.702985: |   01 00 00 14  80 0e 00 80  03 00 00 08  02 00 00 07
Aug 26 18:33:01.702987: |   03 00 00 08  02 00 00 05  03 00 00 08  04 00 00 0e
Aug 26 18:33:01.702988: |   03 00 00 08  04 00 00 0f  03 00 00 08  04 00 00 10
Aug 26 18:33:01.702990: |   03 00 00 08  04 00 00 12  03 00 00 08  04 00 00 13
Aug 26 18:33:01.702991: |   03 00 00 08  04 00 00 14  03 00 00 08  04 00 00 15
Aug 26 18:33:01.702993: |   00 00 00 08  04 00 00 1f  02 00 00 74  03 01 00 0d
Aug 26 18:33:01.702994: |   03 00 00 0c  01 00 00 0c  80 0e 01 00  03 00 00 08
Aug 26 18:33:01.702996: |   02 00 00 07  03 00 00 08  02 00 00 05  03 00 00 08
Aug 26 18:33:01.702997: |   03 00 00 0e  03 00 00 08  03 00 00 0c  03 00 00 08
Aug 26 18:33:01.703001: |   04 00 00 0e  03 00 00 08  04 00 00 0f  03 00 00 08
Aug 26 18:33:01.703003: |   04 00 00 10  03 00 00 08  04 00 00 12  03 00 00 08
Aug 26 18:33:01.703004: |   04 00 00 13  03 00 00 08  04 00 00 14  03 00 00 08
Aug 26 18:33:01.703006: |   04 00 00 15  00 00 00 08  04 00 00 1f  00 00 00 74
Aug 26 18:33:01.703007: |   04 01 00 0d  03 00 00 0c  01 00 00 0c  80 0e 00 80
Aug 26 18:33:01.703009: |   03 00 00 08  02 00 00 07  03 00 00 08  02 00 00 05
Aug 26 18:33:01.703010: |   03 00 00 08  03 00 00 0e  03 00 00 08  03 00 00 0c
Aug 26 18:33:01.703012: |   03 00 00 08  04 00 00 0e  03 00 00 08  04 00 00 0f
Aug 26 18:33:01.703013: |   03 00 00 08  04 00 00 10  03 00 00 08  04 00 00 12
Aug 26 18:33:01.703015: |   03 00 00 08  04 00 00 13  03 00 00 08  04 00 00 14
Aug 26 18:33:01.703016: |   03 00 00 08  04 00 00 15  00 00 00 08  04 00 00 1f
Aug 26 18:33:01.703018: |   28 00 01 08  00 0e 00 00  36 7d c6 23  0a f4 b5 8d
Aug 26 18:33:01.703019: |   fe 9f 55 6c  e9 17 1b 03  68 c8 a8 f0  8f 2c e2 8e
Aug 26 18:33:01.703021: |   0b 2a 75 eb  66 1a c5 b6  cb 2f d0 e7  6f 38 9c e5
Aug 26 18:33:01.703022: |   66 28 83 a8  f7 7e c0 d1  64 ee 95 d6  d1 90 fc d8
Aug 26 18:33:01.703024: |   3a 4a a8 fc  c8 46 b5 c3  cd 08 eb ba  18 be 3b 07
Aug 26 18:33:01.703025: |   e9 86 08 be  a8 15 97 bd  65 fa c0 82  5b cb ff bf
Aug 26 18:33:01.703027: |   4f 02 10 e9  20 8f 5a e9  a3 91 a4 50  be 69 6c d1
Aug 26 18:33:01.703028: |   5f ba 29 f7  4b 72 75 21  91 51 31 34  3d b0 46 ec
Aug 26 18:33:01.703030: |   fe e0 d4 e0  e3 fe 75 be  4c f1 17 f1  b3 9f c1 db
Aug 26 18:33:01.703031: |   76 22 13 13  29 28 24 05  b1 e9 92 ca  7d e5 c5 e4
Aug 26 18:33:01.703033: |   e8 37 bc 48  19 76 02 4c  9d 6d d5 ef  77 90 10 f7
Aug 26 18:33:01.703034: |   41 7d 4e 73  df 6b 0d ec  9e df 8a 50  9b 5d 7b 63
Aug 26 18:33:01.703036: |   69 4a 6d 6e  81 2a c7 64  c6 22 16 03  8e 4e 9c ef
Aug 26 18:33:01.703037: |   fd e3 7f 52  83 f0 4d e8  9e a3 6d b0  55 9c 41 49
Aug 26 18:33:01.703039: |   27 ba 43 30  26 ca 4a d9  c8 05 56 d3  02 e7 6f e0
Aug 26 18:33:01.703040: |   92 c6 c7 77  be 23 1f 9b  af cf 91 b5  11 64 0a ab
Aug 26 18:33:01.703042: |   45 d2 b5 34  f9 17 f0 b7  29 00 00 24  80 d6 ee 3c
Aug 26 18:33:01.703043: |   63 d2 eb e8  bf b7 3d 4c  79 75 30 f9  a1 cd 8f 0a
Aug 26 18:33:01.703045: |   33 36 bf 0b  9e 26 34 83  bb cf 54 de  29 00 00 08
Aug 26 18:33:01.703046: |   00 00 40 2e  29 00 00 1c  00 00 40 04  85 40 1a 57
Aug 26 18:33:01.703048: |   e7 4a cf aa  29 fd f9 40  4b 9b 98 6e  1c 5e 54 49
Aug 26 18:33:01.703049: |   00 00 00 1c  00 00 40 05  9e 4c 62 b4  91 42 72 ce
Aug 26 18:33:01.703051: |   48 dc 14 83  18 b4 86 4b  9c a1 96 49
Aug 26 18:33:01.703059: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 18:33:01.703062: | **parse ISAKMP Message:
Aug 26 18:33:01.703065: |    initiator cookie:
Aug 26 18:33:01.703066: |   83 fa 44 51  3a d7 00 16
Aug 26 18:33:01.703068: |    responder cookie:
Aug 26 18:33:01.703069: |   00 00 00 00  00 00 00 00
Aug 26 18:33:01.703071: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 18:33:01.703073: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:33:01.703075: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Aug 26 18:33:01.703077: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 18:33:01.703078: |    Message ID: 0 (0x0)
Aug 26 18:33:01.703080: |    length: 828 (0x33c)
Aug 26 18:33:01.703082: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34)
Aug 26 18:33:01.703084: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request 
Aug 26 18:33:01.703087: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi)
Aug 26 18:33:01.703089: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Aug 26 18:33:01.703091: | ***parse IKEv2 Security Association Payload:
Aug 26 18:33:01.703093: |    next payload type: ISAKMP_NEXT_v2KE (0x22)
Aug 26 18:33:01.703095: |    flags: none (0x0)
Aug 26 18:33:01.703096: |    length: 436 (0x1b4)
Aug 26 18:33:01.703098: | processing payload: ISAKMP_NEXT_v2SA (len=432)
Aug 26 18:33:01.703101: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Aug 26 18:33:01.703103: | ***parse IKEv2 Key Exchange Payload:
Aug 26 18:33:01.703105: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Aug 26 18:33:01.703107: |    flags: none (0x0)
Aug 26 18:33:01.703108: |    length: 264 (0x108)
Aug 26 18:33:01.703110: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:01.703111: | processing payload: ISAKMP_NEXT_v2KE (len=256)
Aug 26 18:33:01.703113: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Aug 26 18:33:01.703115: | ***parse IKEv2 Nonce Payload:
Aug 26 18:33:01.703116: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 18:33:01.703118: |    flags: none (0x0)
Aug 26 18:33:01.703119: |    length: 36 (0x24)
Aug 26 18:33:01.703121: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Aug 26 18:33:01.703122: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 26 18:33:01.703124: | ***parse IKEv2 Notify Payload:
Aug 26 18:33:01.703126: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 18:33:01.703127: |    flags: none (0x0)
Aug 26 18:33:01.703129: |    length: 8 (0x8)
Aug 26 18:33:01.703131: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:33:01.703132: |    SPI size: 0 (0x0)
Aug 26 18:33:01.703134: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Aug 26 18:33:01.703136: | processing payload: ISAKMP_NEXT_v2N (len=0)
Aug 26 18:33:01.703137: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 26 18:33:01.703139: | ***parse IKEv2 Notify Payload:
Aug 26 18:33:01.703140: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 18:33:01.703142: |    flags: none (0x0)
Aug 26 18:33:01.703143: |    length: 28 (0x1c)
Aug 26 18:33:01.703145: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:33:01.703146: |    SPI size: 0 (0x0)
Aug 26 18:33:01.703148: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Aug 26 18:33:01.703150: | processing payload: ISAKMP_NEXT_v2N (len=20)
Aug 26 18:33:01.703151: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 26 18:33:01.703153: | ***parse IKEv2 Notify Payload:
Aug 26 18:33:01.703154: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:01.703156: |    flags: none (0x0)
Aug 26 18:33:01.703157: |    length: 28 (0x1c)
Aug 26 18:33:01.703159: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:33:01.703160: |    SPI size: 0 (0x0)
Aug 26 18:33:01.703162: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Aug 26 18:33:01.703164: | processing payload: ISAKMP_NEXT_v2N (len=20)
Aug 26 18:33:01.703166: | DDOS disabled and no cookie sent, continuing
Aug 26 18:33:01.703169: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports
Aug 26 18:33:01.703173: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 18:33:01.703175: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Aug 26 18:33:01.703178: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2)
Aug 26 18:33:01.703179: | find_next_host_connection returns empty
Aug 26 18:33:01.703182: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=ECDSA+IKEV2_ALLOW but ignoring ports
Aug 26 18:33:01.703184: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Aug 26 18:33:01.703186: | find_next_host_connection returns empty
Aug 26 18:33:01.703188: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW
Aug 26 18:33:01.703191: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports
Aug 26 18:33:01.703193: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 18:33:01.703195: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Aug 26 18:33:01.703197: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2)
Aug 26 18:33:01.703199: | find_next_host_connection returns westnet-eastnet-ikev2
Aug 26 18:33:01.703202: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Aug 26 18:33:01.703204: | find_next_host_connection returns empty
Aug 26 18:33:01.703206: | found connection: westnet-eastnet-ikev2 with policy RSASIG+IKEV2_ALLOW
Aug 26 18:33:01.703224: | creating state object #1 at 0x55738804f6d8
Aug 26 18:33:01.703226: | State DB: adding IKEv2 state #1 in UNDEFINED
Aug 26 18:33:01.703232: | pstats #1 ikev2.ike started
Aug 26 18:33:01.703235: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0
Aug 26 18:33:01.703237: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA)
Aug 26 18:33:01.703241: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1
Aug 26 18:33:01.703247: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 18:33:01.703249: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 18:33:01.703252: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064)
Aug 26 18:33:01.703255: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000
Aug 26 18:33:01.703257: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1
Aug 26 18:33:01.703260: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0
Aug 26 18:33:01.703262: | #1 in state PARENT_R0: processing SA_INIT request
Aug 26 18:33:01.703264: | selected state microcode Respond to IKE_SA_INIT
Aug 26 18:33:01.703266: | Now let's proceed with state specific processing
Aug 26 18:33:01.703267: | calling processor Respond to IKE_SA_INIT
Aug 26 18:33:01.703271: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669)
Aug 26 18:33:01.703273: | constructing local IKE proposals for westnet-eastnet-ikev2 (IKE SA responder matching remote proposals)
Aug 26 18:33:01.703279: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 18:33:01.703284: | ...  ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:33:01.703287: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 18:33:01.703304: | ...  ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:33:01.703307: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 18:33:01.703311: | ...  ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:33:01.703313: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Aug 26 18:33:01.703316: | ...  ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:33:01.703323: "westnet-eastnet-ikev2": constructed local IKE proposals for westnet-eastnet-ikev2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Aug 26 18:33:01.703327: | Comparing remote proposals against IKE responder 4 local proposals
Aug 26 18:33:01.703330: | local proposal 1 type ENCR has 1 transforms
Aug 26 18:33:01.703332: | local proposal 1 type PRF has 2 transforms
Aug 26 18:33:01.703333: | local proposal 1 type INTEG has 1 transforms
Aug 26 18:33:01.703335: | local proposal 1 type DH has 8 transforms
Aug 26 18:33:01.703336: | local proposal 1 type ESN has 0 transforms
Aug 26 18:33:01.703339: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
Aug 26 18:33:01.703340: | local proposal 2 type ENCR has 1 transforms
Aug 26 18:33:01.703342: | local proposal 2 type PRF has 2 transforms
Aug 26 18:33:01.703344: | local proposal 2 type INTEG has 1 transforms
Aug 26 18:33:01.703345: | local proposal 2 type DH has 8 transforms
Aug 26 18:33:01.703347: | local proposal 2 type ESN has 0 transforms
Aug 26 18:33:01.703349: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
Aug 26 18:33:01.703350: | local proposal 3 type ENCR has 1 transforms
Aug 26 18:33:01.703352: | local proposal 3 type PRF has 2 transforms
Aug 26 18:33:01.703354: | local proposal 3 type INTEG has 2 transforms
Aug 26 18:33:01.703355: | local proposal 3 type DH has 8 transforms
Aug 26 18:33:01.703357: | local proposal 3 type ESN has 0 transforms
Aug 26 18:33:01.703359: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Aug 26 18:33:01.703360: | local proposal 4 type ENCR has 1 transforms
Aug 26 18:33:01.703362: | local proposal 4 type PRF has 2 transforms
Aug 26 18:33:01.703363: | local proposal 4 type INTEG has 2 transforms
Aug 26 18:33:01.703365: | local proposal 4 type DH has 8 transforms
Aug 26 18:33:01.703367: | local proposal 4 type ESN has 0 transforms
Aug 26 18:33:01.703369: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Aug 26 18:33:01.703371: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:01.703373: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:01.703374: |    length: 100 (0x64)
Aug 26 18:33:01.703376: |    prop #: 1 (0x1)
Aug 26 18:33:01.703377: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:33:01.703379: |    spi size: 0 (0x0)
Aug 26 18:33:01.703381: |    # transforms: 11 (0xb)
Aug 26 18:33:01.703383: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals
Aug 26 18:33:01.703385: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703387: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703388: |    length: 12 (0xc)
Aug 26 18:33:01.703390: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:01.703391: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:01.703393: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:01.703395: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:01.703396: |    length/value: 256 (0x100)
Aug 26 18:33:01.703399: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Aug 26 18:33:01.703401: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703403: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703404: |    length: 8 (0x8)
Aug 26 18:33:01.703406: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:01.703407: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:33:01.703410: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
Aug 26 18:33:01.703412: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
Aug 26 18:33:01.703414: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
Aug 26 18:33:01.703417: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
Aug 26 18:33:01.703419: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703421: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703422: |    length: 8 (0x8)
Aug 26 18:33:01.703424: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:01.703425: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 18:33:01.703427: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703429: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703430: |    length: 8 (0x8)
Aug 26 18:33:01.703432: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703433: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:01.703435: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
Aug 26 18:33:01.703437: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0
Aug 26 18:33:01.703439: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0
Aug 26 18:33:01.703441: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0
Aug 26 18:33:01.703443: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703444: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703446: |    length: 8 (0x8)
Aug 26 18:33:01.703448: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703449: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 18:33:01.703451: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703452: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703454: |    length: 8 (0x8)
Aug 26 18:33:01.703456: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703457: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 18:33:01.703459: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703460: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703462: |    length: 8 (0x8)
Aug 26 18:33:01.703463: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703465: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 18:33:01.703467: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703468: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703470: |    length: 8 (0x8)
Aug 26 18:33:01.703471: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703473: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 18:33:01.703475: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703476: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703478: |    length: 8 (0x8)
Aug 26 18:33:01.703479: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703481: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 18:33:01.703483: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703484: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703486: |    length: 8 (0x8)
Aug 26 18:33:01.703487: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703489: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 18:33:01.703491: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703492: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:01.703494: |    length: 8 (0x8)
Aug 26 18:33:01.703495: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703497: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 18:33:01.703499: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
Aug 26 18:33:01.703502: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
Aug 26 18:33:01.703504: | remote proposal 1 matches local proposal 1
Aug 26 18:33:01.703506: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:01.703510: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:01.703512: |    length: 100 (0x64)
Aug 26 18:33:01.703514: |    prop #: 2 (0x2)
Aug 26 18:33:01.703515: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:33:01.703517: |    spi size: 0 (0x0)
Aug 26 18:33:01.703518: |    # transforms: 11 (0xb)
Aug 26 18:33:01.703521: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:01.703522: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703524: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703525: |    length: 12 (0xc)
Aug 26 18:33:01.703527: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:01.703528: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:01.703530: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:01.703532: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:01.703535: |    length/value: 128 (0x80)
Aug 26 18:33:01.703538: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703541: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703543: |    length: 8 (0x8)
Aug 26 18:33:01.703545: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:01.703548: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:33:01.703551: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703554: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703569: |    length: 8 (0x8)
Aug 26 18:33:01.703572: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:01.703574: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 18:33:01.703577: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703580: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703582: |    length: 8 (0x8)
Aug 26 18:33:01.703585: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703587: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:01.703590: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703593: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703595: |    length: 8 (0x8)
Aug 26 18:33:01.703598: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703601: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 18:33:01.703603: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703606: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703608: |    length: 8 (0x8)
Aug 26 18:33:01.703611: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703613: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 18:33:01.703616: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703619: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703621: |    length: 8 (0x8)
Aug 26 18:33:01.703624: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703626: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 18:33:01.703629: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703631: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703633: |    length: 8 (0x8)
Aug 26 18:33:01.703636: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703638: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 18:33:01.703641: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703644: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703646: |    length: 8 (0x8)
Aug 26 18:33:01.703649: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703651: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 18:33:01.703654: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703656: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703659: |    length: 8 (0x8)
Aug 26 18:33:01.703661: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703664: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 18:33:01.703669: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703671: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:01.703673: |    length: 8 (0x8)
Aug 26 18:33:01.703675: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703677: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 18:33:01.703681: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH
Aug 26 18:33:01.703684: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH
Aug 26 18:33:01.703687: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:01.703690: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:01.703693: |    length: 116 (0x74)
Aug 26 18:33:01.703695: |    prop #: 3 (0x3)
Aug 26 18:33:01.703696: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:33:01.703698: |    spi size: 0 (0x0)
Aug 26 18:33:01.703699: |    # transforms: 13 (0xd)
Aug 26 18:33:01.703702: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:01.703703: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703705: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703706: |    length: 12 (0xc)
Aug 26 18:33:01.703708: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:01.703709: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 18:33:01.703711: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:01.703712: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:01.703714: |    length/value: 256 (0x100)
Aug 26 18:33:01.703716: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703717: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703719: |    length: 8 (0x8)
Aug 26 18:33:01.703720: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:01.703722: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:33:01.703724: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703725: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703727: |    length: 8 (0x8)
Aug 26 18:33:01.703728: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:01.703730: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 18:33:01.703731: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703733: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703734: |    length: 8 (0x8)
Aug 26 18:33:01.703736: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:01.703737: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 18:33:01.703739: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703740: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703742: |    length: 8 (0x8)
Aug 26 18:33:01.703743: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:01.703745: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 18:33:01.703747: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703748: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703750: |    length: 8 (0x8)
Aug 26 18:33:01.703751: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703753: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:01.703754: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703756: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703757: |    length: 8 (0x8)
Aug 26 18:33:01.703759: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703760: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 18:33:01.703762: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703764: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703765: |    length: 8 (0x8)
Aug 26 18:33:01.703767: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703768: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 18:33:01.703770: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703771: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703774: |    length: 8 (0x8)
Aug 26 18:33:01.703776: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703777: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 18:33:01.703779: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703780: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703782: |    length: 8 (0x8)
Aug 26 18:33:01.703783: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703785: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 18:33:01.703787: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703788: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703790: |    length: 8 (0x8)
Aug 26 18:33:01.703791: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703793: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 18:33:01.703794: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703796: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703797: |    length: 8 (0x8)
Aug 26 18:33:01.703799: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703800: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 18:33:01.703802: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703804: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:01.703805: |    length: 8 (0x8)
Aug 26 18:33:01.703806: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703808: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 18:33:01.703810: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Aug 26 18:33:01.703812: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Aug 26 18:33:01.703814: | ****parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:01.703816: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 18:33:01.703817: |    length: 116 (0x74)
Aug 26 18:33:01.703818: |    prop #: 4 (0x4)
Aug 26 18:33:01.703820: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:33:01.703821: |    spi size: 0 (0x0)
Aug 26 18:33:01.703823: |    # transforms: 13 (0xd)
Aug 26 18:33:01.703825: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:01.703826: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703828: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703829: |    length: 12 (0xc)
Aug 26 18:33:01.703831: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:01.703833: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 18:33:01.703834: | ******parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:01.703836: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:01.703837: |    length/value: 128 (0x80)
Aug 26 18:33:01.703839: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703841: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703842: |    length: 8 (0x8)
Aug 26 18:33:01.703844: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:01.703845: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:33:01.703847: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703848: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703850: |    length: 8 (0x8)
Aug 26 18:33:01.703851: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:01.703853: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Aug 26 18:33:01.703855: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703856: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703858: |    length: 8 (0x8)
Aug 26 18:33:01.703859: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:01.703861: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 18:33:01.703862: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703864: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703865: |    length: 8 (0x8)
Aug 26 18:33:01.703868: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:01.703869: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 18:33:01.703871: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703873: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703874: |    length: 8 (0x8)
Aug 26 18:33:01.703875: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703877: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:01.703879: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703880: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703882: |    length: 8 (0x8)
Aug 26 18:33:01.703883: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703885: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Aug 26 18:33:01.703886: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703888: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703889: |    length: 8 (0x8)
Aug 26 18:33:01.703891: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703892: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Aug 26 18:33:01.703894: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703896: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703897: |    length: 8 (0x8)
Aug 26 18:33:01.703898: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703900: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Aug 26 18:33:01.703902: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703903: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703905: |    length: 8 (0x8)
Aug 26 18:33:01.703906: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703908: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 26 18:33:01.703909: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703911: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703912: |    length: 8 (0x8)
Aug 26 18:33:01.703914: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703915: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Aug 26 18:33:01.703917: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703918: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.703920: |    length: 8 (0x8)
Aug 26 18:33:01.703921: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703923: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 26 18:33:01.703925: | *****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.703926: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:01.703928: |    length: 8 (0x8)
Aug 26 18:33:01.703929: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.703931: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Aug 26 18:33:01.703933: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Aug 26 18:33:01.703935: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Aug 26 18:33:01.703938: "westnet-eastnet-ikev2" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519
Aug 26 18:33:01.703941: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048
Aug 26 18:33:01.703944: | converting proposal to internal trans attrs
Aug 26 18:33:01.703947: | natd_hash: rcookie is zero
Aug 26 18:33:01.703955: | natd_hash: hasher=0x557386d55800(20)
Aug 26 18:33:01.703957: | natd_hash: icookie=  83 fa 44 51  3a d7 00 16
Aug 26 18:33:01.703958: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Aug 26 18:33:01.703960: | natd_hash: ip=  c0 01 02 17
Aug 26 18:33:01.703961: | natd_hash: port=500
Aug 26 18:33:01.703963: | natd_hash: hash=  9e 4c 62 b4  91 42 72 ce  48 dc 14 83  18 b4 86 4b
Aug 26 18:33:01.703965: | natd_hash: hash=  9c a1 96 49
Aug 26 18:33:01.703966: | natd_hash: rcookie is zero
Aug 26 18:33:01.703969: | natd_hash: hasher=0x557386d55800(20)
Aug 26 18:33:01.703971: | natd_hash: icookie=  83 fa 44 51  3a d7 00 16
Aug 26 18:33:01.703972: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Aug 26 18:33:01.703974: | natd_hash: ip=  c0 01 02 2d
Aug 26 18:33:01.703975: | natd_hash: port=500
Aug 26 18:33:01.703977: | natd_hash: hash=  85 40 1a 57  e7 4a cf aa  29 fd f9 40  4b 9b 98 6e
Aug 26 18:33:01.703978: | natd_hash: hash=  1c 5e 54 49
Aug 26 18:33:01.703980: | NAT_TRAVERSAL encaps using auto-detect
Aug 26 18:33:01.703981: | NAT_TRAVERSAL this end is NOT behind NAT
Aug 26 18:33:01.703983: | NAT_TRAVERSAL that end is NOT behind NAT
Aug 26 18:33:01.703985: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45
Aug 26 18:33:01.703989: | adding ikev2_inI1outR1 KE work-order 1 for state #1
Aug 26 18:33:01.703992: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55738804d718
Aug 26 18:33:01.703994: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Aug 26 18:33:01.703997: | libevent_malloc: new ptr-libevent@0x55738804da98 size 128
Aug 26 18:33:01.704005: |   #1 spent 0.724 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet()
Aug 26 18:33:01.704011: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:33:01.704036: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND
Aug 26 18:33:01.704038: | suspending state #1 and saving MD
Aug 26 18:33:01.704039: | #1 is busy; has a suspended MD
Aug 26 18:33:01.704042: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269)
Aug 26 18:33:01.704044: | "westnet-eastnet-ikev2" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451
Aug 26 18:33:01.704060: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 18:33:01.704060: | crypto helper 1 resuming
Aug 26 18:33:01.704063: | #1 spent 1.1 milliseconds in ikev2_process_packet()
Aug 26 18:33:01.704073: | crypto helper 1 starting work-order 1 for state #1
Aug 26 18:33:01.704075: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 18:33:01.704078: | crypto helper 1 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1
Aug 26 18:33:01.704078: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 18:33:01.704085: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 18:33:01.704088: | spent 1.12 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 18:33:01.704710: | crypto helper 1 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000632 seconds
Aug 26 18:33:01.704721: | (#1) spent 0.618 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr)
Aug 26 18:33:01.704723: | crypto helper 1 sending results from work-order 1 for state #1 to event queue
Aug 26 18:33:01.704726: | scheduling resume sending helper answer for #1
Aug 26 18:33:01.704728: | libevent_malloc: new ptr-libevent@0x7fd868002888 size 128
Aug 26 18:33:01.704734: | crypto helper 1 waiting (nothing to do)
Aug 26 18:33:01.704743: | processing resume sending helper answer for #1
Aug 26 18:33:01.704757: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Aug 26 18:33:01.704778: | crypto helper 1 replies to request ID 1
Aug 26 18:33:01.704781: | calling continuation function 0x557386c80b50
Aug 26 18:33:01.704785: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1
Aug 26 18:33:01.704821: | **emit ISAKMP Message:
Aug 26 18:33:01.704825: |    initiator cookie:
Aug 26 18:33:01.704828: |   83 fa 44 51  3a d7 00 16
Aug 26 18:33:01.704831: |    responder cookie:
Aug 26 18:33:01.704833: |   70 57 ce f3  8c cb 40 70
Aug 26 18:33:01.704835: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 18:33:01.704838: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:33:01.704841: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Aug 26 18:33:01.704844: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 18:33:01.704846: |    Message ID: 0 (0x0)
Aug 26 18:33:01.704849: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 18:33:01.704852: | Emitting ikev2_proposal ...
Aug 26 18:33:01.704855: | ***emit IKEv2 Security Association Payload:
Aug 26 18:33:01.704858: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:01.704860: |    flags: none (0x0)
Aug 26 18:33:01.704864: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Aug 26 18:33:01.704867: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:01.704871: | ****emit IKEv2 Proposal Substructure Payload:
Aug 26 18:33:01.704873: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 18:33:01.704875: |    prop #: 1 (0x1)
Aug 26 18:33:01.704878: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 26 18:33:01.704881: |    spi size: 0 (0x0)
Aug 26 18:33:01.704883: |    # transforms: 3 (0x3)
Aug 26 18:33:01.704886: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Aug 26 18:33:01.704889: | *****emit IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.704892: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.704894: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:01.704897: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:01.704900: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:33:01.704903: | ******emit IKEv2 Attribute Substructure Payload:
Aug 26 18:33:01.704906: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:01.704909: |    length/value: 256 (0x100)
Aug 26 18:33:01.704912: | emitting length of IKEv2 Transform Substructure Payload: 12
Aug 26 18:33:01.704914: | *****emit IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.704917: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.704919: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 26 18:33:01.704922: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 26 18:33:01.704925: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.704928: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:33:01.704931: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 18:33:01.704933: | *****emit IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.704936: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:01.704938: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 26 18:33:01.704940: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:01.704943: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.704945: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:33:01.704949: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 18:33:01.704951: | emitting length of IKEv2 Proposal Substructure Payload: 36
Aug 26 18:33:01.704954: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Aug 26 18:33:01.704956: | emitting length of IKEv2 Security Association Payload: 40
Aug 26 18:33:01.704958: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Aug 26 18:33:01.704961: | ***emit IKEv2 Key Exchange Payload:
Aug 26 18:33:01.704964: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:01.704966: |    flags: none (0x0)
Aug 26 18:33:01.704968: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Aug 26 18:33:01.704971: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
Aug 26 18:33:01.704973: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:01.704976: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
Aug 26 18:33:01.704979: | ikev2 g^x  1a 6f 78 74  05 0e 5c 42  ba f6 0c 8f  5f 6f 88 7d
Aug 26 18:33:01.704982: | ikev2 g^x  57 89 c3 86  3d bf 52 8b  9d 47 ea 16  bf a4 05 01
Aug 26 18:33:01.704984: | ikev2 g^x  3b f3 51 4f  a3 fd 88 be  c9 02 0c f7  bb da a3 89
Aug 26 18:33:01.704986: | ikev2 g^x  39 43 79 8d  87 05 44 6e  ba e7 6d 0b  87 f1 ce 9b
Aug 26 18:33:01.704988: | ikev2 g^x  d7 86 c1 36  bb 16 3a 3d  f0 55 aa ef  f8 1f ca 14
Aug 26 18:33:01.704990: | ikev2 g^x  46 18 b5 f0  03 87 e4 6c  a1 d0 8e e3  2e 08 c9 2c
Aug 26 18:33:01.704993: | ikev2 g^x  bf 96 e8 fe  20 65 62 df  df 42 15 c0  5a 83 cd 3b
Aug 26 18:33:01.704995: | ikev2 g^x  6e 3f e8 bc  b9 c8 5a ff  65 5b 4e cf  32 6b 25 eb
Aug 26 18:33:01.704997: | ikev2 g^x  4a df f3 da  34 cb fd ea  80 08 fb 6d  4c 97 e3 4f
Aug 26 18:33:01.705000: | ikev2 g^x  2c 2c 11 9b  f6 cc 32 6b  b2 e2 0c 8f  8c 44 cf 9e
Aug 26 18:33:01.705002: | ikev2 g^x  17 bb 71 1d  e8 07 2b 4b  36 f6 2c 5a  66 eb 0a 70
Aug 26 18:33:01.705004: | ikev2 g^x  90 36 ec 5e  13 e1 fa a1  97 9f 5e ad  dc 29 ec 94
Aug 26 18:33:01.705006: | ikev2 g^x  1e 58 b5 5a  11 e1 3c 11  1f a6 7d d7  27 45 58 f5
Aug 26 18:33:01.705008: | ikev2 g^x  33 aa 5d de  d2 99 41 31  d0 68 10 bb  6b d8 03 a1
Aug 26 18:33:01.705011: | ikev2 g^x  13 d5 61 8d  32 3f 74 fa  ff d4 b9 83  4e 2d b0 b1
Aug 26 18:33:01.705013: | ikev2 g^x  00 e0 2e e4  4d 0c b9 12  e9 7c 51 cb  77 de 40 ae
Aug 26 18:33:01.705015: | emitting length of IKEv2 Key Exchange Payload: 264
Aug 26 18:33:01.705017: | ***emit IKEv2 Nonce Payload:
Aug 26 18:33:01.705020: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 26 18:33:01.705022: |    flags: none (0x0)
Aug 26 18:33:01.705026: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N
Aug 26 18:33:01.705029: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Aug 26 18:33:01.705032: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:01.705050: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Aug 26 18:33:01.705053: | IKEv2 nonce  ae 2d 53 d8  e0 19 41 1b  7f c2 c4 be  15 7c 87 60
Aug 26 18:33:01.705056: | IKEv2 nonce  37 81 1d 62  88 a5 e9 7c  ae 98 47 64  de 7b 2d 4b
Aug 26 18:33:01.705059: | emitting length of IKEv2 Nonce Payload: 36
Aug 26 18:33:01.705063: | Adding a v2N Payload
Aug 26 18:33:01.705066: | ***emit IKEv2 Notify Payload:
Aug 26 18:33:01.705069: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:01.705072: |    flags: none (0x0)
Aug 26 18:33:01.705075: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:33:01.705078: |    SPI size: 0 (0x0)
Aug 26 18:33:01.705081: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Aug 26 18:33:01.705086: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 18:33:01.705090: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:01.705093: | emitting length of IKEv2 Notify Payload: 8
Aug 26 18:33:01.705097: |  NAT-Traversal support  [enabled] add v2N payloads.
Aug 26 18:33:01.705109: | natd_hash: hasher=0x557386d55800(20)
Aug 26 18:33:01.705113: | natd_hash: icookie=  83 fa 44 51  3a d7 00 16
Aug 26 18:33:01.705115: | natd_hash: rcookie=  70 57 ce f3  8c cb 40 70
Aug 26 18:33:01.705116: | natd_hash: ip=  c0 01 02 17
Aug 26 18:33:01.705118: | natd_hash: port=500
Aug 26 18:33:01.705119: | natd_hash: hash=  d8 b4 a4 97  6a b0 df 9f  df cd 72 b7  13 5f 69 40
Aug 26 18:33:01.705121: | natd_hash: hash=  ca e3 eb b1
Aug 26 18:33:01.705122: | Adding a v2N Payload
Aug 26 18:33:01.705124: | ***emit IKEv2 Notify Payload:
Aug 26 18:33:01.705126: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:01.705127: |    flags: none (0x0)
Aug 26 18:33:01.705129: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:33:01.705130: |    SPI size: 0 (0x0)
Aug 26 18:33:01.705132: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Aug 26 18:33:01.705134: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 18:33:01.705136: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:01.705138: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Aug 26 18:33:01.705140: | Notify data  d8 b4 a4 97  6a b0 df 9f  df cd 72 b7  13 5f 69 40
Aug 26 18:33:01.705141: | Notify data  ca e3 eb b1
Aug 26 18:33:01.705143: | emitting length of IKEv2 Notify Payload: 28
Aug 26 18:33:01.705147: | natd_hash: hasher=0x557386d55800(20)
Aug 26 18:33:01.705149: | natd_hash: icookie=  83 fa 44 51  3a d7 00 16
Aug 26 18:33:01.705150: | natd_hash: rcookie=  70 57 ce f3  8c cb 40 70
Aug 26 18:33:01.705152: | natd_hash: ip=  c0 01 02 2d
Aug 26 18:33:01.705153: | natd_hash: port=500
Aug 26 18:33:01.705155: | natd_hash: hash=  5f 02 2a fb  72 e1 d8 bb  21 04 8c b7  09 9c 20 43
Aug 26 18:33:01.705156: | natd_hash: hash=  8b 94 3b b0
Aug 26 18:33:01.705158: | Adding a v2N Payload
Aug 26 18:33:01.705159: | ***emit IKEv2 Notify Payload:
Aug 26 18:33:01.705161: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:01.705162: |    flags: none (0x0)
Aug 26 18:33:01.705164: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 26 18:33:01.705165: |    SPI size: 0 (0x0)
Aug 26 18:33:01.705167: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Aug 26 18:33:01.705169: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Aug 26 18:33:01.705171: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:01.705173: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Aug 26 18:33:01.705174: | Notify data  5f 02 2a fb  72 e1 d8 bb  21 04 8c b7  09 9c 20 43
Aug 26 18:33:01.705176: | Notify data  8b 94 3b b0
Aug 26 18:33:01.705177: | emitting length of IKEv2 Notify Payload: 28
Aug 26 18:33:01.705179: | emitting length of ISAKMP Message: 432
Aug 26 18:33:01.705184: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:33:01.705186: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK
Aug 26 18:33:01.705188: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1
Aug 26 18:33:01.705191: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA)
Aug 26 18:33:01.705193: | Message ID: updating counters for #1 to 0 after switching state
Aug 26 18:33:01.705196: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1
Aug 26 18:33:01.705200: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1
Aug 26 18:33:01.705204: "westnet-eastnet-ikev2" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
Aug 26 18:33:01.705207: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Aug 26 18:33:01.705215: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Aug 26 18:33:01.705217: |   83 fa 44 51  3a d7 00 16  70 57 ce f3  8c cb 40 70
Aug 26 18:33:01.705218: |   21 20 22 20  00 00 00 00  00 00 01 b0  22 00 00 28
Aug 26 18:33:01.705220: |   00 00 00 24  01 01 00 03  03 00 00 0c  01 00 00 14
Aug 26 18:33:01.705221: |   80 0e 01 00  03 00 00 08  02 00 00 07  00 00 00 08
Aug 26 18:33:01.705223: |   04 00 00 0e  28 00 01 08  00 0e 00 00  1a 6f 78 74
Aug 26 18:33:01.705224: |   05 0e 5c 42  ba f6 0c 8f  5f 6f 88 7d  57 89 c3 86
Aug 26 18:33:01.705226: |   3d bf 52 8b  9d 47 ea 16  bf a4 05 01  3b f3 51 4f
Aug 26 18:33:01.705227: |   a3 fd 88 be  c9 02 0c f7  bb da a3 89  39 43 79 8d
Aug 26 18:33:01.705229: |   87 05 44 6e  ba e7 6d 0b  87 f1 ce 9b  d7 86 c1 36
Aug 26 18:33:01.705230: |   bb 16 3a 3d  f0 55 aa ef  f8 1f ca 14  46 18 b5 f0
Aug 26 18:33:01.705232: |   03 87 e4 6c  a1 d0 8e e3  2e 08 c9 2c  bf 96 e8 fe
Aug 26 18:33:01.705233: |   20 65 62 df  df 42 15 c0  5a 83 cd 3b  6e 3f e8 bc
Aug 26 18:33:01.705235: |   b9 c8 5a ff  65 5b 4e cf  32 6b 25 eb  4a df f3 da
Aug 26 18:33:01.705236: |   34 cb fd ea  80 08 fb 6d  4c 97 e3 4f  2c 2c 11 9b
Aug 26 18:33:01.705238: |   f6 cc 32 6b  b2 e2 0c 8f  8c 44 cf 9e  17 bb 71 1d
Aug 26 18:33:01.705239: |   e8 07 2b 4b  36 f6 2c 5a  66 eb 0a 70  90 36 ec 5e
Aug 26 18:33:01.705241: |   13 e1 fa a1  97 9f 5e ad  dc 29 ec 94  1e 58 b5 5a
Aug 26 18:33:01.705242: |   11 e1 3c 11  1f a6 7d d7  27 45 58 f5  33 aa 5d de
Aug 26 18:33:01.705244: |   d2 99 41 31  d0 68 10 bb  6b d8 03 a1  13 d5 61 8d
Aug 26 18:33:01.705245: |   32 3f 74 fa  ff d4 b9 83  4e 2d b0 b1  00 e0 2e e4
Aug 26 18:33:01.705247: |   4d 0c b9 12  e9 7c 51 cb  77 de 40 ae  29 00 00 24
Aug 26 18:33:01.705248: |   ae 2d 53 d8  e0 19 41 1b  7f c2 c4 be  15 7c 87 60
Aug 26 18:33:01.705250: |   37 81 1d 62  88 a5 e9 7c  ae 98 47 64  de 7b 2d 4b
Aug 26 18:33:01.705251: |   29 00 00 08  00 00 40 2e  29 00 00 1c  00 00 40 04
Aug 26 18:33:01.705253: |   d8 b4 a4 97  6a b0 df 9f  df cd 72 b7  13 5f 69 40
Aug 26 18:33:01.705254: |   ca e3 eb b1  00 00 00 1c  00 00 40 05  5f 02 2a fb
Aug 26 18:33:01.705256: |   72 e1 d8 bb  21 04 8c b7  09 9c 20 43  8b 94 3b b0
Aug 26 18:33:01.705309: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Aug 26 18:33:01.705316: | libevent_free: release ptr-libevent@0x55738804da98
Aug 26 18:33:01.705318: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55738804d718
Aug 26 18:33:01.705321: | event_schedule: new EVENT_SO_DISCARD-pe@0x55738804d718
Aug 26 18:33:01.705323: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1
Aug 26 18:33:01.705325: | libevent_malloc: new ptr-libevent@0x55738804f4a8 size 128
Aug 26 18:33:01.705328: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Aug 26 18:33:01.705345: | #1 spent 0.521 milliseconds in resume sending helper answer
Aug 26 18:33:01.705349: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Aug 26 18:33:01.705351: | libevent_free: release ptr-libevent@0x7fd868002888
Aug 26 18:33:01.710849: | spent 0.00308 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 18:33:01.710875: | *received 539 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 18:33:01.710880: |   83 fa 44 51  3a d7 00 16  70 57 ce f3  8c cb 40 70
Aug 26 18:33:01.710883: |   35 20 23 08  00 00 00 01  00 00 02 1b  23 00 01 ff
Aug 26 18:33:01.710886: |   00 01 00 02  d9 4f 13 62  19 10 9b 83  c1 8b 91 1b
Aug 26 18:33:01.710891: |   24 17 23 bc  f3 59 0e bc  67 24 44 b6  59 32 60 c6
Aug 26 18:33:01.710893: |   ee c8 2a b3  ec 80 5f a5  b6 65 07 85  64 2c 3b 07
Aug 26 18:33:01.710896: |   b1 dc 9a 6d  d0 0c 33 5c  ae 46 10 a2  d7 86 9a 68
Aug 26 18:33:01.710911: |   d2 eb 86 9b  59 03 7b a8  00 32 90 f9  4c 5f 79 61
Aug 26 18:33:01.710914: |   e1 61 db 4a  f4 e0 d9 16  c0 70 e7 2c  53 95 b0 23
Aug 26 18:33:01.710916: |   e5 eb da fd  37 eb 60 6a  58 26 bf 12  79 06 ba e8
Aug 26 18:33:01.710918: |   d8 28 20 af  57 7c 45 08  04 5c 72 80  ee ef 36 af
Aug 26 18:33:01.710921: |   b5 99 d1 ed  1c d1 b3 42  31 b2 8b 86  f3 1f a9 62
Aug 26 18:33:01.710923: |   01 8b ca a4  0d 4c a7 0a  7c a0 ae a1  84 91 e3 ba
Aug 26 18:33:01.710925: |   04 64 ad de  12 eb 5d c9  ae 4b 37 03  0c 69 ac ee
Aug 26 18:33:01.710927: |   6b 62 eb 82  93 53 ec 43  a7 39 25 3a  92 48 20 b6
Aug 26 18:33:01.710929: |   0c 8d e7 7a  bd 7f 79 61  69 87 24 87  e7 79 44 5b
Aug 26 18:33:01.710932: |   2c 2e 11 40  83 3e 5b a9  93 9e 9a 80  cf 85 2a 8a
Aug 26 18:33:01.710934: |   32 a8 ad 49  4a 51 8a b2  37 87 3a 84  53 3f 79 aa
Aug 26 18:33:01.710937: |   38 44 aa 70  90 6e bd ed  2c d1 e6 a1  25 0e a5 19
Aug 26 18:33:01.710939: |   d0 14 49 29  76 0a ae 61  65 64 70 f9  d3 32 ca 05
Aug 26 18:33:01.710941: |   0e b1 78 54  94 88 98 4e  0e 54 5f 8e  61 45 e9 3f
Aug 26 18:33:01.710944: |   3b 36 d4 a5  43 e1 c4 77  94 3a 79 2a  ae 74 81 e2
Aug 26 18:33:01.710946: |   0a ad ce 80  0e 93 fc f5  ff 43 fd 5d  e8 4e 38 14
Aug 26 18:33:01.710949: |   d2 5b 6d 3a  43 7f 56 69  6d 1d 8f f0  1b 2d 31 32
Aug 26 18:33:01.710951: |   fd 82 9f 57  89 6f d1 61  0f 18 13 2f  11 6f f9 78
Aug 26 18:33:01.710953: |   0f b8 06 4b  1f ab 98 25  50 41 05 d0  0a 84 a9 aa
Aug 26 18:33:01.710956: |   50 46 fc ab  17 06 53 df  e0 4c 23 21  61 bb c6 03
Aug 26 18:33:01.710958: |   47 30 66 68  2d 23 60 d0  1e bf 22 84  fe ec 32 2b
Aug 26 18:33:01.710960: |   ac de 19 c0  39 8e aa 0c  33 80 e1 1e  5a 89 48 83
Aug 26 18:33:01.710963: |   0c 9f 87 c4  28 66 fd 27  30 1d c4 e5  0b 47 4d e7
Aug 26 18:33:01.710965: |   ba bc 44 d5  42 5d b3 74  a4 db 0b b4  dd 97 4c c0
Aug 26 18:33:01.710968: |   13 5a 27 be  a9 ab ed 21  f0 ae 0e 5f  a0 6d 98 72
Aug 26 18:33:01.710970: |   69 28 6f 23  4a 9a 5c 5e  06 fb b6 91  a3 bd b4 d7
Aug 26 18:33:01.710973: |   2e b6 40 c6  c9 a0 9d 6a  5a 00 2c 0a  8c e9 51 bd
Aug 26 18:33:01.710975: |   a8 6c 16 8c  63 eb d2 72  b7 b0 09
Aug 26 18:33:01.710980: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 18:33:01.710984: | **parse ISAKMP Message:
Aug 26 18:33:01.710987: |    initiator cookie:
Aug 26 18:33:01.710989: |   83 fa 44 51  3a d7 00 16
Aug 26 18:33:01.710992: |    responder cookie:
Aug 26 18:33:01.710994: |   70 57 ce f3  8c cb 40 70
Aug 26 18:33:01.710997: |    next payload type: ISAKMP_NEXT_v2SKF (0x35)
Aug 26 18:33:01.711000: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:33:01.711003: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Aug 26 18:33:01.711006: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 18:33:01.711009: |    Message ID: 1 (0x1)
Aug 26 18:33:01.711012: |    length: 539 (0x21b)
Aug 26 18:33:01.711015: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Aug 26 18:33:01.711018: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request 
Aug 26 18:33:01.711023: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa)
Aug 26 18:33:01.711029: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 18:33:01.711032: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 18:33:01.711038: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Aug 26 18:33:01.711041: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
Aug 26 18:33:01.711046: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0
Aug 26 18:33:01.711051: | unpacking clear payload
Aug 26 18:33:01.711054: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF)
Aug 26 18:33:01.711057: | ***parse IKEv2 Encrypted Fragment:
Aug 26 18:33:01.711061: |    next payload type: ISAKMP_NEXT_v2IDi (0x23)
Aug 26 18:33:01.711064: |    flags: none (0x0)
Aug 26 18:33:01.711066: |    length: 511 (0x1ff)
Aug 26 18:33:01.711069: |    fragment number: 1 (0x1)
Aug 26 18:33:01.711072: |    total fragments: 2 (0x2)
Aug 26 18:33:01.711075: | processing payload: ISAKMP_NEXT_v2SKF (len=503)
Aug 26 18:33:01.711080: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1
Aug 26 18:33:01.711083: | #1 in state PARENT_R1: received v2I1, sent v2R1
Aug 26 18:33:01.711087: | received IKE encrypted fragment number '1', total number '2', next payload '35'
Aug 26 18:33:01.711090: |  updated IKE fragment state to respond using fragments without waiting for re-transmits
Aug 26 18:33:01.711096: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 18:33:01.711102: | #1 spent 0.236 milliseconds in ikev2_process_packet()
Aug 26 18:33:01.711107: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 18:33:01.711111: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 18:33:01.711114: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 18:33:01.711119: | spent 0.254 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 18:33:01.711129: | spent 0.00147 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 18:33:01.711140: | *received 101 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 18:33:01.711144: |   83 fa 44 51  3a d7 00 16  70 57 ce f3  8c cb 40 70
Aug 26 18:33:01.711147: |   35 20 23 08  00 00 00 01  00 00 00 65  00 00 00 49
Aug 26 18:33:01.711149: |   00 02 00 02  e5 89 30 28  dc a5 d5 4d  5d d2 c3 df
Aug 26 18:33:01.711152: |   f5 29 2e 35  23 75 51 e1  08 9a 0a 4e  ff de b1 5d
Aug 26 18:33:01.711154: |   27 13 9a f2  24 c6 20 15  48 37 34 cc  57 4d 87 98
Aug 26 18:33:01.711157: |   c4 aa 55 f8  90 f3 5d 64  93 c9 0c 31  4c fb a8 25
Aug 26 18:33:01.711159: |   b1 96 84 86  6a
Aug 26 18:33:01.711164: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 18:33:01.711167: | **parse ISAKMP Message:
Aug 26 18:33:01.711170: |    initiator cookie:
Aug 26 18:33:01.711172: |   83 fa 44 51  3a d7 00 16
Aug 26 18:33:01.711175: |    responder cookie:
Aug 26 18:33:01.711178: |   70 57 ce f3  8c cb 40 70
Aug 26 18:33:01.711181: |    next payload type: ISAKMP_NEXT_v2SKF (0x35)
Aug 26 18:33:01.711184: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:33:01.711186: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Aug 26 18:33:01.711189: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 18:33:01.711192: |    Message ID: 1 (0x1)
Aug 26 18:33:01.711195: |    length: 101 (0x65)
Aug 26 18:33:01.711198: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Aug 26 18:33:01.711202: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request 
Aug 26 18:33:01.711205: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa)
Aug 26 18:33:01.711211: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 18:33:01.711216: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2062)
Aug 26 18:33:01.711219: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
Aug 26 18:33:01.711221: | #1 is idle
Aug 26 18:33:01.711224: | #1 idle
Aug 26 18:33:01.711228: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1
Aug 26 18:33:01.711230: | unpacking clear payload
Aug 26 18:33:01.711233: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF)
Aug 26 18:33:01.711238: | ***parse IKEv2 Encrypted Fragment:
Aug 26 18:33:01.711240: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:01.711243: |    flags: none (0x0)
Aug 26 18:33:01.711245: |    length: 73 (0x49)
Aug 26 18:33:01.711247: |    fragment number: 2 (0x2)
Aug 26 18:33:01.711250: |    total fragments: 2 (0x2)
Aug 26 18:33:01.711253: | processing payload: ISAKMP_NEXT_v2SKF (len=65)
Aug 26 18:33:01.711255: | #1 in state PARENT_R1: received v2I1, sent v2R1
Aug 26 18:33:01.711258: | received IKE encrypted fragment number '2', total number '2', next payload '0'
Aug 26 18:33:01.711261: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED)
Aug 26 18:33:01.711264: | Now let's proceed with state specific processing
Aug 26 18:33:01.711267: | calling processor Responder: process IKE_AUTH request (no SKEYSEED)
Aug 26 18:33:01.711270: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2
Aug 26 18:33:01.711277: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16
Aug 26 18:33:01.711281: | adding ikev2_inI2outR2 KE work-order 2 for state #1
Aug 26 18:33:01.711285: | state #1 requesting EVENT_SO_DISCARD to be deleted
Aug 26 18:33:01.711296: | libevent_free: release ptr-libevent@0x55738804f4a8
Aug 26 18:33:01.711300: | free_event_entry: release EVENT_SO_DISCARD-pe@0x55738804d718
Aug 26 18:33:01.711303: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55738804d718
Aug 26 18:33:01.711320: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Aug 26 18:33:01.711325: | libevent_malloc: new ptr-libevent@0x7fd868002888 size 128
Aug 26 18:33:01.711336: |   #1 spent 0.0575 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet()
Aug 26 18:33:01.711341: | crypto helper 0 resuming
Aug 26 18:33:01.711342: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:33:01.711371: | crypto helper 0 starting work-order 2 for state #1
Aug 26 18:33:01.711375: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND
Aug 26 18:33:01.711378: | crypto helper 0 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2
Aug 26 18:33:01.711378: | suspending state #1 and saving MD
Aug 26 18:33:01.711388: | #1 is busy; has a suspended MD
Aug 26 18:33:01.711393: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269)
Aug 26 18:33:01.711396: | "westnet-eastnet-ikev2" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451
Aug 26 18:33:01.711401: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 18:33:01.711406: | #1 spent 0.258 milliseconds in ikev2_process_packet()
Aug 26 18:33:01.711410: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 18:33:01.711413: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 18:33:01.711416: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 18:33:01.711420: | spent 0.273 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 18:33:01.712248: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4
Aug 26 18:33:01.712733: | crypto helper 0 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001354 seconds
Aug 26 18:33:01.712748: | (#1) spent 1.36 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr)
Aug 26 18:33:01.712753: | crypto helper 0 sending results from work-order 2 for state #1 to event queue
Aug 26 18:33:01.712756: | scheduling resume sending helper answer for #1
Aug 26 18:33:01.712760: | libevent_malloc: new ptr-libevent@0x7fd860000f48 size 128
Aug 26 18:33:01.712769: | crypto helper 0 waiting (nothing to do)
Aug 26 18:33:01.712805: | processing resume sending helper answer for #1
Aug 26 18:33:01.712816: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Aug 26 18:33:01.712820: | crypto helper 0 replies to request ID 2
Aug 26 18:33:01.712821: | calling continuation function 0x557386c80b50
Aug 26 18:33:01.712823: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2
Aug 26 18:33:01.712826: | #1 in state PARENT_R1: received v2I1, sent v2R1
Aug 26 18:33:01.712827: | already have all fragments, skipping fragment collection
Aug 26 18:33:01.712829: | already have all fragments, skipping fragment collection
Aug 26 18:33:01.712843: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success
Aug 26 18:33:01.712845: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi)
Aug 26 18:33:01.712848: | **parse IKEv2 Identification - Initiator - Payload:
Aug 26 18:33:01.712850: |    next payload type: ISAKMP_NEXT_v2IDr (0x24)
Aug 26 18:33:01.712851: |    flags: none (0x0)
Aug 26 18:33:01.712853: |    length: 12 (0xc)
Aug 26 18:33:01.712855: |    ID type: ID_FQDN (0x2)
Aug 26 18:33:01.712857: | processing payload: ISAKMP_NEXT_v2IDi (len=4)
Aug 26 18:33:01.712858: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr)
Aug 26 18:33:01.712860: | **parse IKEv2 Identification - Responder - Payload:
Aug 26 18:33:01.712861: |    next payload type: ISAKMP_NEXT_v2AUTH (0x27)
Aug 26 18:33:01.712863: |    flags: none (0x0)
Aug 26 18:33:01.712864: |    length: 12 (0xc)
Aug 26 18:33:01.712866: |    ID type: ID_FQDN (0x2)
Aug 26 18:33:01.712868: | processing payload: ISAKMP_NEXT_v2IDr (len=4)
Aug 26 18:33:01.712869: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH)
Aug 26 18:33:01.712886: | **parse IKEv2 Authentication Payload:
Aug 26 18:33:01.712888: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 18:33:01.712889: |    flags: none (0x0)
Aug 26 18:33:01.712891: |    length: 282 (0x11a)
Aug 26 18:33:01.712892: |    auth method: IKEv2_AUTH_RSA (0x1)
Aug 26 18:33:01.712894: | processing payload: ISAKMP_NEXT_v2AUTH (len=274)
Aug 26 18:33:01.712896: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Aug 26 18:33:01.712897: | **parse IKEv2 Security Association Payload:
Aug 26 18:33:01.712899: |    next payload type: ISAKMP_NEXT_v2TSi (0x2c)
Aug 26 18:33:01.712901: |    flags: none (0x0)
Aug 26 18:33:01.712902: |    length: 164 (0xa4)
Aug 26 18:33:01.712904: | processing payload: ISAKMP_NEXT_v2SA (len=160)
Aug 26 18:33:01.712905: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi)
Aug 26 18:33:01.712907: | **parse IKEv2 Traffic Selector - Initiator - Payload:
Aug 26 18:33:01.712909: |    next payload type: ISAKMP_NEXT_v2TSr (0x2d)
Aug 26 18:33:01.712910: |    flags: none (0x0)
Aug 26 18:33:01.712912: |    length: 24 (0x18)
Aug 26 18:33:01.712913: |    number of TS: 1 (0x1)
Aug 26 18:33:01.712915: | processing payload: ISAKMP_NEXT_v2TSi (len=16)
Aug 26 18:33:01.712916: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr)
Aug 26 18:33:01.712918: | **parse IKEv2 Traffic Selector - Responder - Payload:
Aug 26 18:33:01.712920: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:01.712921: |    flags: none (0x0)
Aug 26 18:33:01.712923: |    length: 24 (0x18)
Aug 26 18:33:01.712924: |    number of TS: 1 (0x1)
Aug 26 18:33:01.712939: | processing payload: ISAKMP_NEXT_v2TSr (len=16)
Aug 26 18:33:01.712941: | selected state microcode Responder: process IKE_AUTH request
Aug 26 18:33:01.712942: | Now let's proceed with state specific processing
Aug 26 18:33:01.712944: | calling processor Responder: process IKE_AUTH request
Aug 26 18:33:01.712948: "westnet-eastnet-ikev2" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr}
Aug 26 18:33:01.712952: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669)
Aug 26 18:33:01.712955: | received IDr payload - extracting our alleged ID
Aug 26 18:33:01.712957: | refine_host_connection for IKEv2: starting with "westnet-eastnet-ikev2"
Aug 26 18:33:01.712960: |    match_id a=@west
Aug 26 18:33:01.712962: |             b=@west
Aug 26 18:33:01.712964: |    results  matched
Aug 26 18:33:01.712967: | refine_host_connection: checking "westnet-eastnet-ikev2" against "westnet-eastnet-ikev2", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0))
Aug 26 18:33:01.712969: | Warning: not switching back to template of current instance
Aug 26 18:33:01.712971: | Peer expects us to be @east (ID_FQDN) according to its IDr payload
Aug 26 18:33:01.712973: | This connection's local id is @east (ID_FQDN)
Aug 26 18:33:01.712975: | refine_host_connection: checked westnet-eastnet-ikev2 against westnet-eastnet-ikev2, now for see if best
Aug 26 18:33:01.712977: | started looking for secret for @east->@west of kind PKK_RSA
Aug 26 18:33:01.712979: | actually looking for secret for @east->@west of kind PKK_RSA
Aug 26 18:33:01.712981: | line 1: key type PKK_RSA(@east) to type PKK_RSA
Aug 26 18:33:01.712984: | 1: compared key (none) to @east / @west -> 002
Aug 26 18:33:01.712986: | 2: compared key (none) to @east / @west -> 002
Aug 26 18:33:01.712987: | line 1: match=002
Aug 26 18:33:01.712989: | match 002 beats previous best_match 000 match=0x557387fa4b58 (line=1)
Aug 26 18:33:01.712991: | concluding with best_match=002 best=0x557387fa4b58 (lineno=1)
Aug 26 18:33:01.712993: | returning because exact peer id match
Aug 26 18:33:01.712995: | offered CA: '%none'
Aug 26 18:33:01.712997: "westnet-eastnet-ikev2" #1: IKEv2 mode peer ID is ID_FQDN: '@west'
Aug 26 18:33:01.713010: | verifying AUTH payload
Aug 26 18:33:01.713020: | required RSA CA is '%any'
Aug 26 18:33:01.713022: | checking RSA keyid '@east' for match with '@west'
Aug 26 18:33:01.713024: | checking RSA keyid '@west' for match with '@west'
Aug 26 18:33:01.713026: | key issuer CA is '%any'
Aug 26 18:33:01.713069: | an RSA Sig check passed with *AQOm9dY/4 [preloaded key]
Aug 26 18:33:01.713074: |       #1 spent 0.0442 milliseconds in try_all_RSA_keys() trying a pubkey
Aug 26 18:33:01.713076: "westnet-eastnet-ikev2" #1: Authenticated using RSA
Aug 26 18:33:01.713079: |     #1 spent 0.0652 milliseconds in ikev2_verify_rsa_hash()
Aug 26 18:33:01.713081: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA)
Aug 26 18:33:01.713084: | #1 will expire in 3600 seconds (policy doesn't allow re-key)
Aug 26 18:33:01.713086: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Aug 26 18:33:01.713089: | libevent_free: release ptr-libevent@0x7fd868002888
Aug 26 18:33:01.713090: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55738804d718
Aug 26 18:33:01.713092: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55738804d718
Aug 26 18:33:01.713095: | inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds for #1
Aug 26 18:33:01.713097: | libevent_malloc: new ptr-libevent@0x55738804f4a8 size 128
Aug 26 18:33:01.713465: | pstats #1 ikev2.ike established
Aug 26 18:33:01.713476: | **emit ISAKMP Message:
Aug 26 18:33:01.713478: |    initiator cookie:
Aug 26 18:33:01.713479: |   83 fa 44 51  3a d7 00 16
Aug 26 18:33:01.713481: |    responder cookie:
Aug 26 18:33:01.713482: |   70 57 ce f3  8c cb 40 70
Aug 26 18:33:01.713484: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 18:33:01.713486: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:33:01.713488: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Aug 26 18:33:01.713490: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 18:33:01.713491: |    Message ID: 1 (0x1)
Aug 26 18:33:01.713493: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 18:33:01.713495: | IKEv2 CERT: send a certificate?
Aug 26 18:33:01.713497: | IKEv2 CERT: no certificate to send
Aug 26 18:33:01.713513: | ***emit IKEv2 Encryption Payload:
Aug 26 18:33:01.713515: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:01.713517: |    flags: none (0x0)
Aug 26 18:33:01.713519: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Aug 26 18:33:01.713521: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:01.713525: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Aug 26 18:33:01.713531: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Aug 26 18:33:01.713554: | ****emit IKEv2 Identification - Responder - Payload:
Aug 26 18:33:01.713556: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:01.713558: |    flags: none (0x0)
Aug 26 18:33:01.713560: |    ID type: ID_FQDN (0x2)
Aug 26 18:33:01.713562: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr)
Aug 26 18:33:01.713564: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:01.713566: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload
Aug 26 18:33:01.713568: | my identity  65 61 73 74
Aug 26 18:33:01.713569: | emitting length of IKEv2 Identification - Responder - Payload: 12
Aug 26 18:33:01.713575: | assembled IDr payload
Aug 26 18:33:01.713576: | CHILD SA proposals received
Aug 26 18:33:01.713578: | going to assemble AUTH payload
Aug 26 18:33:01.713580: | ****emit IKEv2 Authentication Payload:
Aug 26 18:33:01.713582: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Aug 26 18:33:01.713583: |    flags: none (0x0)
Aug 26 18:33:01.713585: |    auth method: IKEv2_AUTH_RSA (0x1)
Aug 26 18:33:01.713587: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA
Aug 26 18:33:01.713589: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH)
Aug 26 18:33:01.713591: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:01.713594: | started looking for secret for @east->@west of kind PKK_RSA
Aug 26 18:33:01.713596: | actually looking for secret for @east->@west of kind PKK_RSA
Aug 26 18:33:01.713598: | line 1: key type PKK_RSA(@east) to type PKK_RSA
Aug 26 18:33:01.713601: | 1: compared key (none) to @east / @west -> 002
Aug 26 18:33:01.713602: | 2: compared key (none) to @east / @west -> 002
Aug 26 18:33:01.713604: | line 1: match=002
Aug 26 18:33:01.713606: | match 002 beats previous best_match 000 match=0x557387fa4b58 (line=1)
Aug 26 18:33:01.713608: | concluding with best_match=002 best=0x557387fa4b58 (lineno=1)
Aug 26 18:33:01.717426: |       #1 spent 3.49 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA()
Aug 26 18:33:01.717450: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload
Aug 26 18:33:01.717457: | rsa signature  12 ab dc 06  71 16 ef 48  b5 90 5c 01  f0 bc 3e 29
Aug 26 18:33:01.717461: | rsa signature  76 ce 90 e2  de 42 cd ba  3c 52 90 ad  30 b8 53 c3
Aug 26 18:33:01.717464: | rsa signature  f1 9f b0 23  ec c8 c3 05  84 dd e6 71  cb 99 12 54
Aug 26 18:33:01.717467: | rsa signature  0f c4 98 95  0b cd aa 35  2c 70 43 a7  e5 ba 4f 6e
Aug 26 18:33:01.717471: | rsa signature  c2 4e 12 30  a7 eb 22 75  d1 2b f1 13  67 43 ea 55
Aug 26 18:33:01.717474: | rsa signature  1c da 61 28  f0 84 26 07  f7 6f a7 1e  27 0f 53 6f
Aug 26 18:33:01.717478: | rsa signature  3f c1 dd 92  89 21 82 a2  e0 5f 5f a3  72 6e fc 1e
Aug 26 18:33:01.717481: | rsa signature  ff 4b e1 ea  37 ea 8c 0d  2a 62 61 80  de 2a 49 3a
Aug 26 18:33:01.717483: | rsa signature  9a 0a 73 0f  68 6e 3a f7  42 44 84 42  f6 0b 9b 1f
Aug 26 18:33:01.717486: | rsa signature  de 98 e1 48  0b ba f4 fe  a2 2d 14 57  73 13 5d c4
Aug 26 18:33:01.717489: | rsa signature  1d ab 26 f8  4f 2e 2e 66  4e fa 28 c4  f5 0a c3 6a
Aug 26 18:33:01.717492: | rsa signature  57 6d f1 b1  c3 cf c8 7d  70 0f 14 9f  33 9f 7a 02
Aug 26 18:33:01.717495: | rsa signature  2e d4 59 ae  c6 36 90 e8  71 e6 6a 50  dc 7e 57 41
Aug 26 18:33:01.717497: | rsa signature  d4 92 09 a1  6f 27 c5 08  c3 27 24 e3  db 04 91 34
Aug 26 18:33:01.717500: | rsa signature  ea 2d 2f e3  8c bf 65 f4  cd 0c 65 f2  eb a5 73 61
Aug 26 18:33:01.717507: | rsa signature  ac ee 96 a6  11 7b d2 76  79 97 33 dd  61 ad 27 4c
Aug 26 18:33:01.717510: | rsa signature  f1 93 13 8b  c8 e7 c8 63  5b 3c 3e 71  b5 f0 9e 73
Aug 26 18:33:01.717512: | rsa signature  32 db
Aug 26 18:33:01.717519: |     #1 spent 3.61 milliseconds in ikev2_calculate_rsa_hash()
Aug 26 18:33:01.717524: | emitting length of IKEv2 Authentication Payload: 282
Aug 26 18:33:01.717530: | creating state object #2 at 0x557388059f08
Aug 26 18:33:01.717534: | State DB: adding IKEv2 state #2 in UNDEFINED
Aug 26 18:33:01.717537: | pstats #2 ikev2.child started
Aug 26 18:33:01.717539: | duplicating state object #1 "westnet-eastnet-ikev2" as #2 for IPSEC SA
Aug 26 18:33:01.717544: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484)
Aug 26 18:33:01.717549: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1
Aug 26 18:33:01.717553: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1
Aug 26 18:33:01.717556: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1
Aug 26 18:33:01.717558: | Child SA TS Request has ike->sa == md->st; so using parent connection
Aug 26 18:33:01.717560: | TSi: parsing 1 traffic selectors
Aug 26 18:33:01.717563: | ***parse IKEv2 Traffic Selector:
Aug 26 18:33:01.717565: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 18:33:01.717566: |    IP Protocol ID: 0 (0x0)
Aug 26 18:33:01.717568: |    length: 16 (0x10)
Aug 26 18:33:01.717570: |    start port: 0 (0x0)
Aug 26 18:33:01.717571: |    end port: 65535 (0xffff)
Aug 26 18:33:01.717573: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Aug 26 18:33:01.717575: | TS low  c0 00 01 00
Aug 26 18:33:01.717577: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Aug 26 18:33:01.717578: | TS high  c0 00 01 ff
Aug 26 18:33:01.717580: | TSi: parsed 1 traffic selectors
Aug 26 18:33:01.717581: | TSr: parsing 1 traffic selectors
Aug 26 18:33:01.717583: | ***parse IKEv2 Traffic Selector:
Aug 26 18:33:01.717585: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 18:33:01.717586: |    IP Protocol ID: 0 (0x0)
Aug 26 18:33:01.717588: |    length: 16 (0x10)
Aug 26 18:33:01.717589: |    start port: 0 (0x0)
Aug 26 18:33:01.717591: |    end port: 65535 (0xffff)
Aug 26 18:33:01.717592: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Aug 26 18:33:01.717594: | TS low  c0 00 02 00
Aug 26 18:33:01.717596: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Aug 26 18:33:01.717602: | TS high  c0 00 02 ff
Aug 26 18:33:01.717606: | TSr: parsed 1 traffic selectors
Aug 26 18:33:01.717609: | looking for best SPD in current connection
Aug 26 18:33:01.717616: | evaluating our conn="westnet-eastnet-ikev2" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their:
Aug 26 18:33:01.717622: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:01.717629: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 18:33:01.717633: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 18:33:01.717636: |           TSi[0] port match: YES fitness 65536
Aug 26 18:33:01.717640: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 18:33:01.717643: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 18:33:01.717648: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:01.717655: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Aug 26 18:33:01.717658: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Aug 26 18:33:01.717661: |           TSr[0] port match: YES fitness 65536
Aug 26 18:33:01.717664: |         narrow protocol end=*0 == TSr[0]=*0: 0
Aug 26 18:33:01.717670: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Aug 26 18:33:01.717673: | best fit so far: TSi[0] TSr[0]
Aug 26 18:33:01.717676: |     found better spd route for TSi[0],TSr[0]
Aug 26 18:33:01.717678: | looking for better host pair
Aug 26 18:33:01.717684: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Aug 26 18:33:01.717689: |   checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found
Aug 26 18:33:01.717692: |   investigating connection "westnet-eastnet-ikev2" as a better match
Aug 26 18:33:01.717696: |    match_id a=@west
Aug 26 18:33:01.717699: |             b=@west
Aug 26 18:33:01.717701: |    results  matched
Aug 26 18:33:01.717707: | evaluating our conn="westnet-eastnet-ikev2" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their:
Aug 26 18:33:01.717711: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:01.717717: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Aug 26 18:33:01.717720: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Aug 26 18:33:01.717723: |           TSi[0] port match: YES fitness 65536
Aug 26 18:33:01.717725: |         narrow protocol end=*0 == TSi[0]=*0: 0
Aug 26 18:33:01.717729: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Aug 26 18:33:01.717734: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Aug 26 18:33:01.717741: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Aug 26 18:33:01.717745: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Aug 26 18:33:01.717748: |           TSr[0] port match: YES fitness 65536
Aug 26 18:33:01.717751: |         narrow protocol end=*0 == TSr[0]=*0: 0
Aug 26 18:33:01.717754: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Aug 26 18:33:01.717756: | best fit so far: TSi[0] TSr[0]
Aug 26 18:33:01.717759: |   did not find a better connection using host pair
Aug 26 18:33:01.717762: | printing contents struct traffic_selector
Aug 26 18:33:01.717764: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Aug 26 18:33:01.717767: |   ipprotoid: 0
Aug 26 18:33:01.717769: |   port range: 0-65535
Aug 26 18:33:01.717773: |   ip range: 192.0.2.0-192.0.2.255
Aug 26 18:33:01.717775: | printing contents struct traffic_selector
Aug 26 18:33:01.717778: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Aug 26 18:33:01.717780: |   ipprotoid: 0
Aug 26 18:33:01.717782: |   port range: 0-65535
Aug 26 18:33:01.717786: |   ip range: 192.0.1.0-192.0.1.255
Aug 26 18:33:01.717790: | constructing ESP/AH proposals with all DH removed  for westnet-eastnet-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals)
Aug 26 18:33:01.717795: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Aug 26 18:33:01.717802: | ...  ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED
Aug 26 18:33:01.717805: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Aug 26 18:33:01.717809: | ...  ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED
Aug 26 18:33:01.717813: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Aug 26 18:33:01.717817: | ...  ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 18:33:01.717820: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Aug 26 18:33:01.717824: | ...  ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 18:33:01.717833: "westnet-eastnet-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Aug 26 18:33:01.717839: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals
Aug 26 18:33:01.717842: | local proposal 1 type ENCR has 1 transforms
Aug 26 18:33:01.717845: | local proposal 1 type PRF has 0 transforms
Aug 26 18:33:01.717848: | local proposal 1 type INTEG has 1 transforms
Aug 26 18:33:01.717851: | local proposal 1 type DH has 1 transforms
Aug 26 18:33:01.717853: | local proposal 1 type ESN has 1 transforms
Aug 26 18:33:01.717857: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH
Aug 26 18:33:01.717859: | local proposal 2 type ENCR has 1 transforms
Aug 26 18:33:01.717862: | local proposal 2 type PRF has 0 transforms
Aug 26 18:33:01.717864: | local proposal 2 type INTEG has 1 transforms
Aug 26 18:33:01.717867: | local proposal 2 type DH has 1 transforms
Aug 26 18:33:01.717870: | local proposal 2 type ESN has 1 transforms
Aug 26 18:33:01.717873: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH
Aug 26 18:33:01.717875: | local proposal 3 type ENCR has 1 transforms
Aug 26 18:33:01.717878: | local proposal 3 type PRF has 0 transforms
Aug 26 18:33:01.717880: | local proposal 3 type INTEG has 2 transforms
Aug 26 18:33:01.717883: | local proposal 3 type DH has 1 transforms
Aug 26 18:33:01.717885: | local proposal 3 type ESN has 1 transforms
Aug 26 18:33:01.717888: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH
Aug 26 18:33:01.717891: | local proposal 4 type ENCR has 1 transforms
Aug 26 18:33:01.717893: | local proposal 4 type PRF has 0 transforms
Aug 26 18:33:01.717896: | local proposal 4 type INTEG has 2 transforms
Aug 26 18:33:01.717899: | local proposal 4 type DH has 1 transforms
Aug 26 18:33:01.717901: | local proposal 4 type ESN has 1 transforms
Aug 26 18:33:01.717904: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH
Aug 26 18:33:01.717908: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:01.717911: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:01.717914: |    length: 32 (0x20)
Aug 26 18:33:01.717929: |    prop #: 1 (0x1)
Aug 26 18:33:01.717932: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:33:01.717934: |    spi size: 4 (0x4)
Aug 26 18:33:01.717936: |    # transforms: 2 (0x2)
Aug 26 18:33:01.717952: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:33:01.717955: | remote SPI  99 2b db b0
Aug 26 18:33:01.717959: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals
Aug 26 18:33:01.717962: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.717965: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.717968: |    length: 12 (0xc)
Aug 26 18:33:01.717970: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:01.717973: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:01.717976: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:01.717979: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:01.717982: |    length/value: 256 (0x100)
Aug 26 18:33:01.717999: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Aug 26 18:33:01.718002: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.718005: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:01.718007: |    length: 8 (0x8)
Aug 26 18:33:01.718010: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:33:01.718013: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:33:01.718016: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0
Aug 26 18:33:01.718020: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0
Aug 26 18:33:01.718023: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0
Aug 26 18:33:01.718027: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0
Aug 26 18:33:01.718031: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none
Aug 26 18:33:01.718037: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN
Aug 26 18:33:01.718040: | remote proposal 1 matches local proposal 1
Aug 26 18:33:01.718043: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:01.718046: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:01.718049: |    length: 32 (0x20)
Aug 26 18:33:01.718064: |    prop #: 2 (0x2)
Aug 26 18:33:01.718067: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:33:01.718070: |    spi size: 4 (0x4)
Aug 26 18:33:01.718072: |    # transforms: 2 (0x2)
Aug 26 18:33:01.718076: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:33:01.718078: | remote SPI  99 2b db b0
Aug 26 18:33:01.718082: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:01.718085: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.718088: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.718091: |    length: 12 (0xc)
Aug 26 18:33:01.718094: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:01.718096: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:01.718099: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:01.718102: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:01.718104: |    length/value: 128 (0x80)
Aug 26 18:33:01.718107: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.718109: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:01.718112: |    length: 8 (0x8)
Aug 26 18:33:01.718114: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:33:01.718117: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:33:01.718121: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN
Aug 26 18:33:01.718124: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN
Aug 26 18:33:01.718127: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:01.718130: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Aug 26 18:33:01.718132: |    length: 48 (0x30)
Aug 26 18:33:01.718135: |    prop #: 3 (0x3)
Aug 26 18:33:01.718137: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:33:01.718140: |    spi size: 4 (0x4)
Aug 26 18:33:01.718142: |    # transforms: 4 (0x4)
Aug 26 18:33:01.718145: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:33:01.718148: | remote SPI  99 2b db b0
Aug 26 18:33:01.718151: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:01.718154: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.718156: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.718158: |    length: 12 (0xc)
Aug 26 18:33:01.718161: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:01.718163: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 18:33:01.718166: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:01.718169: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:01.718172: |    length/value: 256 (0x100)
Aug 26 18:33:01.718175: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.718177: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.718179: |    length: 8 (0x8)
Aug 26 18:33:01.718182: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:01.718185: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 18:33:01.718188: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.718190: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.718193: |    length: 8 (0x8)
Aug 26 18:33:01.718195: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:01.718198: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 18:33:01.718200: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.718203: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:01.718205: |    length: 8 (0x8)
Aug 26 18:33:01.718210: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:33:01.718213: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:33:01.718217: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Aug 26 18:33:01.718220: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Aug 26 18:33:01.718223: | ***parse IKEv2 Proposal Substructure Payload:
Aug 26 18:33:01.718225: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 18:33:01.718228: |    length: 48 (0x30)
Aug 26 18:33:01.718230: |    prop #: 4 (0x4)
Aug 26 18:33:01.718233: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:33:01.718235: |    spi size: 4 (0x4)
Aug 26 18:33:01.718238: |    # transforms: 4 (0x4)
Aug 26 18:33:01.718241: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Aug 26 18:33:01.718244: | remote SPI  99 2b db b0
Aug 26 18:33:01.718247: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals
Aug 26 18:33:01.718250: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.718253: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.718255: |    length: 12 (0xc)
Aug 26 18:33:01.718257: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:01.718260: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 26 18:33:01.718263: | *****parse IKEv2 Attribute Substructure Payload:
Aug 26 18:33:01.718265: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:01.718268: |    length/value: 128 (0x80)
Aug 26 18:33:01.718271: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.718274: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.718277: |    length: 8 (0x8)
Aug 26 18:33:01.718279: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:01.718282: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Aug 26 18:33:01.718285: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.718293: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.718300: |    length: 8 (0x8)
Aug 26 18:33:01.718303: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 26 18:33:01.718306: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Aug 26 18:33:01.718309: | ****parse IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.718312: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:01.718314: |    length: 8 (0x8)
Aug 26 18:33:01.718317: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:33:01.718320: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:33:01.718324: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Aug 26 18:33:01.718327: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Aug 26 18:33:01.718333: "westnet-eastnet-ikev2" #1: proposal 1:ESP:SPI=992bdbb0;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED
Aug 26 18:33:01.718339: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=992bdbb0;ENCR=AES_GCM_C_256;ESN=DISABLED
Aug 26 18:33:01.718342: | converting proposal to internal trans attrs
Aug 26 18:33:01.718364: | netlink_get_spi: allocated 0x2558d9bd for esp.0@192.1.2.23
Aug 26 18:33:01.718368: | Emitting ikev2_proposal ...
Aug 26 18:33:01.718372: | ****emit IKEv2 Security Association Payload:
Aug 26 18:33:01.718375: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:01.718378: |    flags: none (0x0)
Aug 26 18:33:01.718382: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Aug 26 18:33:01.718386: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:01.718389: | *****emit IKEv2 Proposal Substructure Payload:
Aug 26 18:33:01.718394: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 26 18:33:01.718397: |    prop #: 1 (0x1)
Aug 26 18:33:01.718400: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Aug 26 18:33:01.718402: |    spi size: 4 (0x4)
Aug 26 18:33:01.718405: |    # transforms: 2 (0x2)
Aug 26 18:33:01.718409: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Aug 26 18:33:01.718413: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Aug 26 18:33:01.718415: | our spi  25 58 d9 bd
Aug 26 18:33:01.718418: | ******emit IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.718421: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.718424: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 26 18:33:01.718427: |    IKEv2 transform ID: AES_GCM_C (0x14)
Aug 26 18:33:01.718430: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:33:01.718433: | *******emit IKEv2 Attribute Substructure Payload:
Aug 26 18:33:01.718436: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Aug 26 18:33:01.718439: |    length/value: 256 (0x100)
Aug 26 18:33:01.718442: | emitting length of IKEv2 Transform Substructure Payload: 12
Aug 26 18:33:01.718445: | ******emit IKEv2 Transform Substructure Payload:
Aug 26 18:33:01.718448: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 26 18:33:01.718451: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Aug 26 18:33:01.718454: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Aug 26 18:33:01.718457: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Aug 26 18:33:01.718460: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Aug 26 18:33:01.718463: | emitting length of IKEv2 Transform Substructure Payload: 8
Aug 26 18:33:01.718466: | emitting length of IKEv2 Proposal Substructure Payload: 32
Aug 26 18:33:01.718469: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Aug 26 18:33:01.718471: | emitting length of IKEv2 Security Association Payload: 36
Aug 26 18:33:01.718475: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Aug 26 18:33:01.718478: | ****emit IKEv2 Traffic Selector - Initiator - Payload:
Aug 26 18:33:01.718481: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:01.718484: |    flags: none (0x0)
Aug 26 18:33:01.718486: |    number of TS: 1 (0x1)
Aug 26 18:33:01.718490: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi)
Aug 26 18:33:01.718493: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:01.718495: | *****emit IKEv2 Traffic Selector:
Aug 26 18:33:01.718498: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 18:33:01.718500: |    IP Protocol ID: 0 (0x0)
Aug 26 18:33:01.718503: |    start port: 0 (0x0)
Aug 26 18:33:01.718506: |    end port: 65535 (0xffff)
Aug 26 18:33:01.718509: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector
Aug 26 18:33:01.718512: | ipv4 start  c0 00 01 00
Aug 26 18:33:01.718515: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector
Aug 26 18:33:01.718517: | ipv4 end  c0 00 01 ff
Aug 26 18:33:01.718520: | emitting length of IKEv2 Traffic Selector: 16
Aug 26 18:33:01.718523: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24
Aug 26 18:33:01.718525: | ****emit IKEv2 Traffic Selector - Responder - Payload:
Aug 26 18:33:01.718528: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:01.718530: |    flags: none (0x0)
Aug 26 18:33:01.718533: |    number of TS: 1 (0x1)
Aug 26 18:33:01.718538: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr)
Aug 26 18:33:01.718541: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet'
Aug 26 18:33:01.718544: | *****emit IKEv2 Traffic Selector:
Aug 26 18:33:01.718546: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Aug 26 18:33:01.718549: |    IP Protocol ID: 0 (0x0)
Aug 26 18:33:01.718551: |    start port: 0 (0x0)
Aug 26 18:33:01.718552: |    end port: 65535 (0xffff)
Aug 26 18:33:01.718554: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector
Aug 26 18:33:01.718556: | ipv4 start  c0 00 02 00
Aug 26 18:33:01.718557: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector
Aug 26 18:33:01.718559: | ipv4 end  c0 00 02 ff
Aug 26 18:33:01.718560: | emitting length of IKEv2 Traffic Selector: 16
Aug 26 18:33:01.718562: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24
Aug 26 18:33:01.718564: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Aug 26 18:33:01.718567: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36
Aug 26 18:33:01.718681: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established
Aug 26 18:33:01.718688: |     #1 spent 1.17 milliseconds
Aug 26 18:33:01.718690: | install_ipsec_sa() for #2: inbound and outbound
Aug 26 18:33:01.718692: | could_route called for westnet-eastnet-ikev2 (kind=CK_PERMANENT)
Aug 26 18:33:01.718694: | FOR_EACH_CONNECTION_... in route_owner
Aug 26 18:33:01.718696: |  conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 vs
Aug 26 18:33:01.718698: |  conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000
Aug 26 18:33:01.718701: | route owner of "westnet-eastnet-ikev2" unrouted: NULL; eroute owner: NULL
Aug 26 18:33:01.718703: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Aug 26 18:33:01.718706: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Aug 26 18:33:01.718708: | AES_GCM_16 requires 4 salt bytes
Aug 26 18:33:01.718709: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Aug 26 18:33:01.718712: | setting IPsec SA replay-window to 32
Aug 26 18:33:01.718714: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2' not available on interface eth1
Aug 26 18:33:01.718716: | netlink: enabling tunnel mode
Aug 26 18:33:01.718718: | netlink: setting IPsec SA replay-window to 32 using old-style req
Aug 26 18:33:01.718720: | netlink: esp-hw-offload not set for IPsec SA
Aug 26 18:33:01.718781: | netlink response for Add SA esp.992bdbb0@192.1.2.45 included non-error error
Aug 26 18:33:01.718784: | set up outgoing SA, ref=0/0
Aug 26 18:33:01.718786: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Aug 26 18:33:01.718788: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Aug 26 18:33:01.718790: | AES_GCM_16 requires 4 salt bytes
Aug 26 18:33:01.718791: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Aug 26 18:33:01.718794: | setting IPsec SA replay-window to 32
Aug 26 18:33:01.718795: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2' not available on interface eth1
Aug 26 18:33:01.718797: | netlink: enabling tunnel mode
Aug 26 18:33:01.718799: | netlink: setting IPsec SA replay-window to 32 using old-style req
Aug 26 18:33:01.718801: | netlink: esp-hw-offload not set for IPsec SA
Aug 26 18:33:01.718831: | netlink response for Add SA esp.2558d9bd@192.1.2.23 included non-error error
Aug 26 18:33:01.718834: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7
Aug 26 18:33:01.718839: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute)
Aug 26 18:33:01.718841: | IPsec Sa SPD priority set to 1042407
Aug 26 18:33:01.718860: | raw_eroute result=success
Aug 26 18:33:01.718863: | set up incoming SA, ref=0/0
Aug 26 18:33:01.718864: | sr for #2: unrouted
Aug 26 18:33:01.718868: | route_and_eroute() for proto 0, and source port 0 dest port 0
Aug 26 18:33:01.718870: | FOR_EACH_CONNECTION_... in route_owner
Aug 26 18:33:01.718872: |  conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 vs
Aug 26 18:33:01.718874: |  conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000
Aug 26 18:33:01.718876: | route owner of "westnet-eastnet-ikev2" unrouted: NULL; eroute owner: NULL
Aug 26 18:33:01.718878: | route_and_eroute with c: westnet-eastnet-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2
Aug 26 18:33:01.718881: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7
Aug 26 18:33:01.718885: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute)
Aug 26 18:33:01.718887: | IPsec Sa SPD priority set to 1042407
Aug 26 18:33:01.718895: | raw_eroute result=success
Aug 26 18:33:01.718897: | running updown command "ipsec _updown" for verb up 
Aug 26 18:33:01.718899: | command executing up-client
Aug 26 18:33:01.718917: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' 
Aug 26 18:33:01.718919: | popen cmd is 1051 chars long
Aug 26 18:33:01.718921: | cmd(   0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ike:
Aug 26 18:33:01.718923: | cmd(  80):v2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLU:
Aug 26 18:33:01.718925: | cmd( 160):TO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' :
Aug 26 18:33:01.718927: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU:
Aug 26 18:33:01.718928: | cmd( 320):TO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@:
Aug 26 18:33:01.718930: | cmd( 400):west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_P:
Aug 26 18:33:01.718931: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT:
Aug 26 18:33:01.718933: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN:
Aug 26 18:33:01.718935: | cmd( 640):CRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO:
Aug 26 18:33:01.718936: | cmd( 720):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P:
Aug 26 18:33:01.718938: | cmd( 800):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER:
Aug 26 18:33:01.718940: | cmd( 880):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=:
Aug 26 18:33:01.718941: | cmd( 960):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x992bdbb0 SPI_OUT=0x2558d9bd ipsec _:
Aug 26 18:33:01.718943: | cmd(1040):updown 2>&1:
Aug 26 18:33:01.728269: | route_and_eroute: firewall_notified: true
Aug 26 18:33:01.728295: | running updown command "ipsec _updown" for verb prepare 
Aug 26 18:33:01.728301: | command executing prepare-client
Aug 26 18:33:01.728328: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH
Aug 26 18:33:01.728335: | popen cmd is 1056 chars long
Aug 26 18:33:01.728350: | cmd(   0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne:
Aug 26 18:33:01.728352: | cmd(  80):t-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23:
Aug 26 18:33:01.728353: | cmd( 160):' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.:
Aug 26 18:33:01.728355: | cmd( 240):2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0:
Aug 26 18:33:01.728357: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_:
Aug 26 18:33:01.728358: | cmd( 400):ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PL:
Aug 26 18:33:01.728360: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0':
Aug 26 18:33:01.728362: | cmd( 560): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSAS:
Aug 26 18:33:01.728363: | cmd( 640):IG+ENCRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' :
Aug 26 18:33:01.728365: | cmd( 720):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO:
Aug 26 18:33:01.728366: | cmd( 800):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B:
Aug 26 18:33:01.728368: | cmd( 880):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I:
Aug 26 18:33:01.728370: | cmd( 960):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x992bdbb0 SPI_OUT=0x2558d9bd ip:
Aug 26 18:33:01.728371: | cmd(1040):sec _updown 2>&1:
Aug 26 18:33:01.737847: | running updown command "ipsec _updown" for verb route 
Aug 26 18:33:01.737869: | command executing route-client
Aug 26 18:33:01.737904: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED
Aug 26 18:33:01.737909: | popen cmd is 1054 chars long
Aug 26 18:33:01.737912: | cmd(   0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-:
Aug 26 18:33:01.737915: | cmd(  80):ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' :
Aug 26 18:33:01.737918: | cmd( 160):PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.:
Aug 26 18:33:01.737924: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' :
Aug 26 18:33:01.737927: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID:
Aug 26 18:33:01.737930: | cmd( 400):='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUT:
Aug 26 18:33:01.737932: | cmd( 480):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P:
Aug 26 18:33:01.737935: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG:
Aug 26 18:33:01.737937: | cmd( 640):+ENCRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL:
Aug 26 18:33:01.737941: | cmd( 720):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I:
Aug 26 18:33:01.737943: | cmd( 800):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN:
Aug 26 18:33:01.737946: | cmd( 880):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA:
Aug 26 18:33:01.737949: | cmd( 960):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x992bdbb0 SPI_OUT=0x2558d9bd ipse:
Aug 26 18:33:01.737951: | cmd(1040):c _updown 2>&1:
Aug 26 18:33:01.750046: | route_and_eroute: instance "westnet-eastnet-ikev2", setting eroute_owner {spd=0x55738804b828,sr=0x55738804b828} to #2 (was #0) (newest_ipsec_sa=#0)
Aug 26 18:33:01.750122: |     #1 spent 1.72 milliseconds in install_ipsec_sa()
Aug 26 18:33:01.750129: | ISAKMP_v2_IKE_AUTH: instance westnet-eastnet-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1
Aug 26 18:33:01.750133: | adding 1 bytes of padding (including 1 byte padding-length)
Aug 26 18:33:01.750137: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Aug 26 18:33:01.750141: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Aug 26 18:33:01.750144: | emitting length of IKEv2 Encryption Payload: 407
Aug 26 18:33:01.750160: | emitting length of ISAKMP Message: 435
Aug 26 18:33:01.750198: | ikev2_parent_inI2outR2_continue_tail returned STF_OK
Aug 26 18:33:01.750203: |   #1 spent 7.18 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet()
Aug 26 18:33:01.750212: | suspend processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:33:01.750217: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:33:01.750222: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK
Aug 26 18:33:01.750225: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R
Aug 26 18:33:01.750229: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA)
Aug 26 18:33:01.750232: | Message ID: updating counters for #2 to 1 after switching state
Aug 26 18:33:01.750238: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1
Aug 26 18:33:01.750243: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1
Aug 26 18:33:01.750246: | pstats #2 ikev2.child established
Aug 26 18:33:01.750255: "westnet-eastnet-ikev2" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0]
Aug 26 18:33:01.750260: | NAT-T: encaps is 'auto'
Aug 26 18:33:01.750265: "westnet-eastnet-ikev2" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x992bdbb0 <0x2558d9bd xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive}
Aug 26 18:33:01.750270: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Aug 26 18:33:01.750278: | sending 435 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Aug 26 18:33:01.750284: |   83 fa 44 51  3a d7 00 16  70 57 ce f3  8c cb 40 70
Aug 26 18:33:01.750316: |   2e 20 23 20  00 00 00 01  00 00 01 b3  24 00 01 97
Aug 26 18:33:01.750335: |   8a a3 38 3b  d0 95 b2 49  58 41 4c bf  e9 a3 9d 81
Aug 26 18:33:01.750337: |   31 06 2d 60  0d 02 c4 60  48 ea c0 12  27 4a ac 82
Aug 26 18:33:01.750340: |   de dd f4 39  94 37 01 e2  53 e0 38 da  ff 02 9a 96
Aug 26 18:33:01.750342: |   4d 22 5f 8c  25 85 58 3c  11 75 cd bc  8d 0a 55 44
Aug 26 18:33:01.750344: |   22 09 79 9b  92 82 69 6a  23 42 0d 83  b3 01 1c 56
Aug 26 18:33:01.750347: |   16 5a e0 91  10 32 89 b1  0e 7d cb 4f  9c 0b 4e f8
Aug 26 18:33:01.750349: |   e0 d2 4b 9f  44 43 5e 27  93 98 de 33  ef 99 91 2e
Aug 26 18:33:01.750352: |   58 93 c4 db  e0 dd 72 a1  c7 7a d6 2f  33 f3 37 f1
Aug 26 18:33:01.750354: |   75 1c 14 8a  60 08 39 ec  af c8 69 2d  86 a9 b6 81
Aug 26 18:33:01.750357: |   fb 87 28 aa  e0 bb ec 5b  a1 0f 33 1d  09 c9 29 6c
Aug 26 18:33:01.750359: |   56 03 da 6e  9e eb db e3  db d7 ef 50  54 84 c3 65
Aug 26 18:33:01.750361: |   68 d7 53 6f  56 0d 78 d5  ef 70 c6 b4  79 2a 18 6a
Aug 26 18:33:01.750364: |   63 51 16 2d  de d2 ee 38  27 48 89 e8  31 35 b7 fe
Aug 26 18:33:01.750366: |   f9 28 17 10  00 38 c4 f2  f5 4c ca 3e  e9 e7 69 61
Aug 26 18:33:01.750369: |   2f 15 de f3  e0 c7 53 86  2a da 47 e2  f9 76 e9 a3
Aug 26 18:33:01.750388: |   4b 52 5d a9  b4 31 e2 a8  01 22 9a b5  99 5d 34 1c
Aug 26 18:33:01.750390: |   66 59 ca fd  a3 3d 56 8f  95 4c 0a 11  61 09 c5 50
Aug 26 18:33:01.750393: |   c7 d3 6c 81  65 48 8a d2  9c e3 2a cc  c0 90 a4 b6
Aug 26 18:33:01.750408: |   09 99 ce ea  3f 70 57 bf  d4 51 e8 09  70 63 a3 d8
Aug 26 18:33:01.750410: |   09 a5 e5 9d  7a d2 7a 2d  40 48 17 4e  82 e9 72 73
Aug 26 18:33:01.750413: |   9f d3 5e 78  58 ef d4 92  0c a4 62 6c  64 0d 38 18
Aug 26 18:33:01.750415: |   32 34 96 b9  40 79 6d f4  99 4c 34 57  f3 c2 c4 52
Aug 26 18:33:01.750417: |   36 9b ea 3e  98 b1 29 09  2d 05 b6 51  73 79 d5 c9
Aug 26 18:33:01.750420: |   b8 24 83 ea  2a 99 5e de  15 ef 4f 33  9d 0c 2d 20
Aug 26 18:33:01.750422: |   7b 8a ce 3e  f9 14 0c ec  36 22 8f d8  1a 49 e3 48
Aug 26 18:33:01.750425: |   4b 92 a8
Aug 26 18:33:01.750467: | releasing whack for #2 (sock=fd@-1)
Aug 26 18:33:01.750471: | releasing whack and unpending for parent #1
Aug 26 18:33:01.750474: | unpending state #1 connection "westnet-eastnet-ikev2"
Aug 26 18:33:01.750478: | #2 will expire in 28800 seconds (policy doesn't allow re-key)
Aug 26 18:33:01.750481: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7fd868002b78
Aug 26 18:33:01.750485: | inserting event EVENT_SA_EXPIRE, timeout in 28800 seconds for #2
Aug 26 18:33:01.750490: | libevent_malloc: new ptr-libevent@0x557388053bb8 size 128
Aug 26 18:33:01.750502: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Aug 26 18:33:01.750525: | #1 spent 7.58 milliseconds in resume sending helper answer
Aug 26 18:33:01.750531: | stop processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Aug 26 18:33:01.750535: | libevent_free: release ptr-libevent@0x7fd860000f48
Aug 26 18:33:01.750562: | processing signal PLUTO_SIGCHLD
Aug 26 18:33:01.750567: | waitpid returned ECHILD (no child processes left)
Aug 26 18:33:01.750572: | spent 0.00535 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 18:33:01.750574: | processing signal PLUTO_SIGCHLD
Aug 26 18:33:01.750578: | waitpid returned ECHILD (no child processes left)
Aug 26 18:33:01.750581: | spent 0.00347 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 18:33:01.750584: | processing signal PLUTO_SIGCHLD
Aug 26 18:33:01.750587: | waitpid returned ECHILD (no child processes left)
Aug 26 18:33:01.750591: | spent 0.00336 milliseconds in signal handler PLUTO_SIGCHLD
Aug 26 18:33:16.768061: | spent 0.0108 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 18:33:16.768146: | *received 57 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 18:33:16.768160: |   83 fa 44 51  3a d7 00 16  70 57 ce f3  8c cb 40 70
Aug 26 18:33:16.768178: |   2e 20 25 08  00 00 00 02  00 00 00 39  00 00 00 1d
Aug 26 18:33:16.768186: |   41 47 c6 6c  1f a3 1c 78  7d 08 b1 53  2f 0c 2c ef
Aug 26 18:33:16.768193: |   6b b2 c0 38  be 72 2e ab  d1
Aug 26 18:33:16.768208: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 18:33:16.768219: | **parse ISAKMP Message:
Aug 26 18:33:16.768228: |    initiator cookie:
Aug 26 18:33:16.768235: |   83 fa 44 51  3a d7 00 16
Aug 26 18:33:16.768243: |    responder cookie:
Aug 26 18:33:16.768250: |   70 57 ce f3  8c cb 40 70
Aug 26 18:33:16.768259: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Aug 26 18:33:16.768268: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:33:16.768276: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Aug 26 18:33:16.768307: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 18:33:16.768317: |    Message ID: 2 (0x2)
Aug 26 18:33:16.768325: |    length: 57 (0x39)
Aug 26 18:33:16.768335: |  processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37)
Aug 26 18:33:16.768345: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request 
Aug 26 18:33:16.768363: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa)
Aug 26 18:33:16.768383: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 18:33:16.768393: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 18:33:16.768407: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Aug 26 18:33:16.768417: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002
Aug 26 18:33:16.768430: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1
Aug 26 18:33:16.768438: | unpacking clear payload
Aug 26 18:33:16.768446: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Aug 26 18:33:16.768455: | ***parse IKEv2 Encryption Payload:
Aug 26 18:33:16.768464: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:16.768472: |    flags: none (0x0)
Aug 26 18:33:16.768480: |    length: 29 (0x1d)
Aug 26 18:33:16.768488: | processing payload: ISAKMP_NEXT_v2SK (len=25)
Aug 26 18:33:16.768502: | Message ID: start-responder #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2
Aug 26 18:33:16.768511: | #1 in state PARENT_R2: received v2I2, PARENT SA established
Aug 26 18:33:16.768565: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success
Aug 26 18:33:16.768576: | selected state microcode R2: process Informational Request
Aug 26 18:33:16.768584: | Now let's proceed with state specific processing
Aug 26 18:33:16.768591: | calling processor R2: process Informational Request
Aug 26 18:33:16.768603: | an informational request should send a response 
Aug 26 18:33:16.768611: | MOBIKE request: not updating IPsec SA
Aug 26 18:33:16.768693: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness
Aug 26 18:33:16.768705: | **emit ISAKMP Message:
Aug 26 18:33:16.768713: |    initiator cookie:
Aug 26 18:33:16.768721: |   83 fa 44 51  3a d7 00 16
Aug 26 18:33:16.768729: |    responder cookie:
Aug 26 18:33:16.768736: |   70 57 ce f3  8c cb 40 70
Aug 26 18:33:16.768744: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 18:33:16.768752: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:33:16.768760: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Aug 26 18:33:16.768769: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 18:33:16.768776: |    Message ID: 2 (0x2)
Aug 26 18:33:16.768785: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 18:33:16.768795: | ***emit IKEv2 Encryption Payload:
Aug 26 18:33:16.768803: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:16.768811: |    flags: none (0x0)
Aug 26 18:33:16.768821: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Aug 26 18:33:16.768836: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet'
Aug 26 18:33:16.768847: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Aug 26 18:33:16.768888: | adding 1 bytes of padding (including 1 byte padding-length)
Aug 26 18:33:16.768898: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Aug 26 18:33:16.768908: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Aug 26 18:33:16.768916: | emitting length of IKEv2 Encryption Payload: 29
Aug 26 18:33:16.768924: | emitting length of ISAKMP Message: 57
Aug 26 18:33:16.768963: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Aug 26 18:33:16.768973: |   83 fa 44 51  3a d7 00 16  70 57 ce f3  8c cb 40 70
Aug 26 18:33:16.768981: |   2e 20 25 20  00 00 00 02  00 00 00 39  00 00 00 1d
Aug 26 18:33:16.768988: |   ee d5 d5 07  ac e4 05 06  41 f1 5d 6a  9e 86 c1 1d
Aug 26 18:33:16.768995: |   4a 13 26 d3  7b b8 d8 60  24
Aug 26 18:33:16.769079: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2
Aug 26 18:33:16.769098: | Message ID: sent #1 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2
Aug 26 18:33:16.769117: |   #1 spent 0.475 milliseconds in processing: R2: process Informational Request in ikev2_process_state_packet()
Aug 26 18:33:16.769133: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:33:16.769144: | #1 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK
Aug 26 18:33:16.769153: | Message ID: updating counters for #1 to 2 after switching state
Aug 26 18:33:16.769167: | Message ID: recv #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1
Aug 26 18:33:16.769179: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1
Aug 26 18:33:16.769188: | STATE_PARENT_R2: received v2I2, PARENT SA established
Aug 26 18:33:16.769202: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 18:33:16.769216: | #1 spent 1.06 milliseconds in ikev2_process_packet()
Aug 26 18:33:16.769228: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 18:33:16.769239: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 18:33:16.769248: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 18:33:16.769261: | spent 1.1 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 18:33:19.771620: | spent 0.00294 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Aug 26 18:33:19.771639: | *received 57 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Aug 26 18:33:19.771642: |   83 fa 44 51  3a d7 00 16  70 57 ce f3  8c cb 40 70
Aug 26 18:33:19.771644: |   2e 20 25 08  00 00 00 03  00 00 00 39  00 00 00 1d
Aug 26 18:33:19.771645: |   58 f1 0f 7c  f4 f7 03 39  b7 f5 d0 16  51 4b 7d 8c
Aug 26 18:33:19.771647: |   4c c2 22 36  3a c6 36 66  10
Aug 26 18:33:19.771650: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Aug 26 18:33:19.771652: | **parse ISAKMP Message:
Aug 26 18:33:19.771654: |    initiator cookie:
Aug 26 18:33:19.771655: |   83 fa 44 51  3a d7 00 16
Aug 26 18:33:19.771657: |    responder cookie:
Aug 26 18:33:19.771658: |   70 57 ce f3  8c cb 40 70
Aug 26 18:33:19.771660: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Aug 26 18:33:19.771664: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:33:19.771666: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Aug 26 18:33:19.771668: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 26 18:33:19.771669: |    Message ID: 3 (0x3)
Aug 26 18:33:19.771671: |    length: 57 (0x39)
Aug 26 18:33:19.771673: |  processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37)
Aug 26 18:33:19.771675: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request 
Aug 26 18:33:19.771679: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa)
Aug 26 18:33:19.771683: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Aug 26 18:33:19.771685: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Aug 26 18:33:19.771688: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Aug 26 18:33:19.771690: | #1 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003
Aug 26 18:33:19.771693: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2
Aug 26 18:33:19.771695: | unpacking clear payload
Aug 26 18:33:19.771696: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Aug 26 18:33:19.771698: | ***parse IKEv2 Encryption Payload:
Aug 26 18:33:19.771700: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:19.771702: |    flags: none (0x0)
Aug 26 18:33:19.771703: |    length: 29 (0x1d)
Aug 26 18:33:19.771705: | processing payload: ISAKMP_NEXT_v2SK (len=25)
Aug 26 18:33:19.771708: | Message ID: start-responder #1 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3
Aug 26 18:33:19.771710: | #1 in state PARENT_R2: received v2I2, PARENT SA established
Aug 26 18:33:19.771721: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success
Aug 26 18:33:19.771723: | selected state microcode R2: process Informational Request
Aug 26 18:33:19.771725: | Now let's proceed with state specific processing
Aug 26 18:33:19.771727: | calling processor R2: process Informational Request
Aug 26 18:33:19.771729: | an informational request should send a response 
Aug 26 18:33:19.771731: | MOBIKE request: not updating IPsec SA
Aug 26 18:33:19.771735: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness
Aug 26 18:33:19.771737: | **emit ISAKMP Message:
Aug 26 18:33:19.771739: |    initiator cookie:
Aug 26 18:33:19.771741: |   83 fa 44 51  3a d7 00 16
Aug 26 18:33:19.771742: |    responder cookie:
Aug 26 18:33:19.771743: |   70 57 ce f3  8c cb 40 70
Aug 26 18:33:19.771745: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Aug 26 18:33:19.771747: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Aug 26 18:33:19.771748: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Aug 26 18:33:19.771750: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 26 18:33:19.771752: |    Message ID: 3 (0x3)
Aug 26 18:33:19.771753: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Aug 26 18:33:19.771755: | ***emit IKEv2 Encryption Payload:
Aug 26 18:33:19.771757: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 26 18:33:19.771759: |    flags: none (0x0)
Aug 26 18:33:19.771761: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Aug 26 18:33:19.771763: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet'
Aug 26 18:33:19.771765: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Aug 26 18:33:19.771774: | adding 1 bytes of padding (including 1 byte padding-length)
Aug 26 18:33:19.771776: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Aug 26 18:33:19.771778: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Aug 26 18:33:19.771779: | emitting length of IKEv2 Encryption Payload: 29
Aug 26 18:33:19.771782: | emitting length of ISAKMP Message: 57
Aug 26 18:33:19.771790: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Aug 26 18:33:19.771792: |   83 fa 44 51  3a d7 00 16  70 57 ce f3  8c cb 40 70
Aug 26 18:33:19.771794: |   2e 20 25 20  00 00 00 03  00 00 00 39  00 00 00 1d
Aug 26 18:33:19.771795: |   7b d6 b3 c7  87 c1 95 b9  08 e1 8b a2  e4 4c 2e bb
Aug 26 18:33:19.771797: |   03 60 6e 05  40 d6 42 91  93
Aug 26 18:33:19.771818: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3
Aug 26 18:33:19.771822: | Message ID: sent #1 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3
Aug 26 18:33:19.771827: |   #1 spent 0.0876 milliseconds in processing: R2: process Informational Request in ikev2_process_state_packet()
Aug 26 18:33:19.771830: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
Aug 26 18:33:19.771833: | #1 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK
Aug 26 18:33:19.771835: | Message ID: updating counters for #1 to 3 after switching state
Aug 26 18:33:19.771838: | Message ID: recv #1 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=3 responder.recv=2->3 wip.initiator=-1 wip.responder=3->-1
Aug 26 18:33:19.771840: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=3 responder.recv=3 wip.initiator=-1 wip.responder=-1
Aug 26 18:33:19.771842: | STATE_PARENT_R2: received v2I2, PARENT SA established
Aug 26 18:33:19.771845: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Aug 26 18:33:19.771848: | #1 spent 0.207 milliseconds in ikev2_process_packet()
Aug 26 18:33:19.771850: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Aug 26 18:33:19.771853: | processing: STOP state #0 (in process_md() at demux.c:382)
Aug 26 18:33:19.771854: | processing: STOP connection NULL (in process_md() at demux.c:383)
Aug 26 18:33:19.771857: | spent 0.216 milliseconds in comm_handle_cb() reading and processing packet
Aug 26 18:33:20.417318: | processing global timer EVENT_SHUNT_SCAN
Aug 26 18:33:20.417338: | expiring aged bare shunts from shunt table
Aug 26 18:33:20.417345: | spent 0.00626 milliseconds in global timer EVENT_SHUNT_SCAN
Aug 26 18:33:40.428347: | processing global timer EVENT_SHUNT_SCAN
Aug 26 18:33:40.428373: | expiring aged bare shunts from shunt table
Aug 26 18:33:40.428380: | spent 0.00556 milliseconds in global timer EVENT_SHUNT_SCAN
Aug 26 18:34:00.433325: | processing global timer EVENT_PENDING_DDNS
Aug 26 18:34:00.433354: | FOR_EACH_CONNECTION_... in connection_check_ddns
Aug 26 18:34:00.433359: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Aug 26 18:34:00.433366: | elapsed time in connection_check_ddns for hostname lookup 0.000011
Aug 26 18:34:00.433376: | spent 0.0185 milliseconds in global timer EVENT_PENDING_DDNS
Aug 26 18:34:00.433381: | processing global timer EVENT_SHUNT_SCAN
Aug 26 18:34:00.433386: | expiring aged bare shunts from shunt table
Aug 26 18:34:00.433392: | spent 0.00527 milliseconds in global timer EVENT_SHUNT_SCAN