Aug 26 18:38:31.979774: FIPS Product: YES Aug 26 18:38:31.979815: FIPS Kernel: NO Aug 26 18:38:31.979819: FIPS Mode: NO Aug 26 18:38:31.979821: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:38:31.979974: Initializing NSS Aug 26 18:38:31.979981: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:38:32.020577: NSS initialized Aug 26 18:38:32.020595: NSS crypto library initialized Aug 26 18:38:32.020599: FIPS HMAC integrity support [enabled] Aug 26 18:38:32.020601: FIPS mode disabled for pluto daemon Aug 26 18:38:32.064500: FIPS HMAC integrity verification self-test FAILED Aug 26 18:38:32.064608: libcap-ng support [enabled] Aug 26 18:38:32.064616: Linux audit support [enabled] Aug 26 18:38:32.064640: Linux audit activated Aug 26 18:38:32.064646: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:5175 Aug 26 18:38:32.064651: core dump dir: /tmp Aug 26 18:38:32.064653: secrets file: /etc/ipsec.secrets Aug 26 18:38:32.064656: leak-detective enabled Aug 26 18:38:32.064658: NSS crypto [enabled] Aug 26 18:38:32.064660: XAUTH PAM support [enabled] Aug 26 18:38:32.064731: | libevent is using pluto's memory allocator Aug 26 18:38:32.064738: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:38:32.064755: | libevent_malloc: new ptr-libevent@0x560b72bf7a08 size 40 Aug 26 18:38:32.064762: | libevent_malloc: new ptr-libevent@0x560b72bf7cd8 size 40 Aug 26 18:38:32.064766: | libevent_malloc: new ptr-libevent@0x560b72bf7dd8 size 40 Aug 26 18:38:32.064768: | creating event base Aug 26 18:38:32.064772: | libevent_malloc: new ptr-libevent@0x560b72c7aa48 size 56 Aug 26 18:38:32.064777: | libevent_malloc: new ptr-libevent@0x560b72c26e68 size 664 Aug 26 18:38:32.064788: | libevent_malloc: new ptr-libevent@0x560b72c7aab8 size 24 Aug 26 18:38:32.064791: | libevent_malloc: new ptr-libevent@0x560b72c7ab08 size 384 Aug 26 18:38:32.064801: | libevent_malloc: new ptr-libevent@0x560b72c7aa08 size 16 Aug 26 18:38:32.064804: | libevent_malloc: new ptr-libevent@0x560b72bf7908 size 40 Aug 26 18:38:32.064807: | libevent_malloc: new ptr-libevent@0x560b72bf7d38 size 48 Aug 26 18:38:32.064812: | libevent_realloc: new ptr-libevent@0x560b72c27968 size 256 Aug 26 18:38:32.064815: | libevent_malloc: new ptr-libevent@0x560b72c7acb8 size 16 Aug 26 18:38:32.064821: | libevent_free: release ptr-libevent@0x560b72c7aa48 Aug 26 18:38:32.064825: | libevent initialized Aug 26 18:38:32.064829: | libevent_realloc: new ptr-libevent@0x560b72c7aa48 size 64 Aug 26 18:38:32.064835: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:38:32.064849: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:38:32.064852: NAT-Traversal support [enabled] Aug 26 18:38:32.064855: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:38:32.064861: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:38:32.064865: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:38:32.064901: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:38:32.064905: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:38:32.064909: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:38:32.064959: Encryption algorithms: Aug 26 18:38:32.064966: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:38:32.064970: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:38:32.064974: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:38:32.064978: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:38:32.064982: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:38:32.064993: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:38:32.064997: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:38:32.065001: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:38:32.065005: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:38:32.065009: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:38:32.065013: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:38:32.065017: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:38:32.065021: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:38:32.065025: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:38:32.065029: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:38:32.065032: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:38:32.065036: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:38:32.065043: Hash algorithms: Aug 26 18:38:32.065046: MD5 IKEv1: IKE IKEv2: Aug 26 18:38:32.065050: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:38:32.065053: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:38:32.065056: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:38:32.065059: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:38:32.065076: PRF algorithms: Aug 26 18:38:32.065080: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:38:32.065083: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:38:32.065087: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:38:32.065091: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:38:32.065094: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:38:32.065097: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:38:32.065125: Integrity algorithms: Aug 26 18:38:32.065130: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:38:32.065134: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:38:32.065138: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:38:32.065142: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:38:32.065147: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:38:32.065150: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:38:32.065154: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:38:32.065157: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:38:32.065161: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:38:32.065173: DH algorithms: Aug 26 18:38:32.065177: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:38:32.065180: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:38:32.065183: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:38:32.065189: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:38:32.065192: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:38:32.065196: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:38:32.065199: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:38:32.065202: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:38:32.065206: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:38:32.065209: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:38:32.065212: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:38:32.065215: testing CAMELLIA_CBC: Aug 26 18:38:32.065219: Camellia: 16 bytes with 128-bit key Aug 26 18:38:32.065350: Camellia: 16 bytes with 128-bit key Aug 26 18:38:32.065385: Camellia: 16 bytes with 256-bit key Aug 26 18:38:32.065419: Camellia: 16 bytes with 256-bit key Aug 26 18:38:32.065448: testing AES_GCM_16: Aug 26 18:38:32.065452: empty string Aug 26 18:38:32.065481: one block Aug 26 18:38:32.065508: two blocks Aug 26 18:38:32.065535: two blocks with associated data Aug 26 18:38:32.065562: testing AES_CTR: Aug 26 18:38:32.065566: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:38:32.065593: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:38:32.065623: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:38:32.065652: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:38:32.065679: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:38:32.065709: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:38:32.065739: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:38:32.065765: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:38:32.065793: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:38:32.065823: testing AES_CBC: Aug 26 18:38:32.065827: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:38:32.065854: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:38:32.065895: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:38:32.065931: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:38:32.065977: testing AES_XCBC: Aug 26 18:38:32.065983: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:38:32.066281: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:38:32.066545: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:38:32.067637: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:38:32.067788: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:38:32.067923: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:38:32.068059: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:38:32.068377: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:38:32.068519: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:38:32.068669: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:38:32.069483: testing HMAC_MD5: Aug 26 18:38:32.069495: RFC 2104: MD5_HMAC test 1 Aug 26 18:38:32.069697: RFC 2104: MD5_HMAC test 2 Aug 26 18:38:32.069856: RFC 2104: MD5_HMAC test 3 Aug 26 18:38:32.070775: 8 CPU cores online Aug 26 18:38:32.070790: starting up 7 crypto helpers Aug 26 18:38:32.070831: started thread for crypto helper 0 Aug 26 18:38:32.070852: started thread for crypto helper 1 Aug 26 18:38:32.070935: started thread for crypto helper 2 Aug 26 18:38:32.070968: started thread for crypto helper 3 Aug 26 18:38:32.070970: | starting up helper thread 2 Aug 26 18:38:32.070987: | starting up helper thread 3 Aug 26 18:38:32.071000: started thread for crypto helper 4 Aug 26 18:38:32.071007: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:38:32.071013: | crypto helper 3 waiting (nothing to do) Aug 26 18:38:32.070994: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:38:32.071025: | crypto helper 2 waiting (nothing to do) Aug 26 18:38:32.070976: | starting up helper thread 1 Aug 26 18:38:32.071041: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:38:32.071044: | crypto helper 1 waiting (nothing to do) Aug 26 18:38:32.071025: started thread for crypto helper 5 Aug 26 18:38:32.071067: started thread for crypto helper 6 Aug 26 18:38:32.071072: | checking IKEv1 state table Aug 26 18:38:32.071083: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:38:32.071086: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:38:32.071090: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:38:32.071093: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:38:32.071096: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:38:32.071099: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:38:32.071102: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:32.071105: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:32.071108: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:38:32.071111: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:38:32.071115: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:32.071117: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:32.071120: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:38:32.071122: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:38:32.071125: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:38:32.071127: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:38:32.071130: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:38:32.071133: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:38:32.071135: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:38:32.071138: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:38:32.071141: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:38:32.071143: | -> UNDEFINED EVENT_NULL Aug 26 18:38:32.071146: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:38:32.071149: | -> UNDEFINED EVENT_NULL Aug 26 18:38:32.071153: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:38:32.071156: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:38:32.071159: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:38:32.071162: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:38:32.071165: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:38:32.071169: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:38:32.071172: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:38:32.071175: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:38:32.071178: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:38:32.071181: | -> UNDEFINED EVENT_NULL Aug 26 18:38:32.071185: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:38:32.071188: | -> UNDEFINED EVENT_NULL Aug 26 18:38:32.071191: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:38:32.071194: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:38:32.071197: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:38:32.071199: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:38:32.071202: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:38:32.071205: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:38:32.071208: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:38:32.071210: | -> UNDEFINED EVENT_NULL Aug 26 18:38:32.071213: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:38:32.071216: | -> UNDEFINED EVENT_NULL Aug 26 18:38:32.071218: | INFO: category: informational flags: 0: Aug 26 18:38:32.071222: | -> UNDEFINED EVENT_NULL Aug 26 18:38:32.071225: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:38:32.071228: | -> UNDEFINED EVENT_NULL Aug 26 18:38:32.071232: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:38:32.071239: | -> XAUTH_R1 EVENT_NULL Aug 26 18:38:32.071243: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:38:32.071246: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:38:32.071249: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:38:32.071252: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:38:32.071256: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:38:32.071259: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:38:32.071262: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:38:32.071265: | -> UNDEFINED EVENT_NULL Aug 26 18:38:32.071268: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:38:32.071271: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:38:32.071273: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:38:32.071276: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:38:32.071279: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:38:32.071282: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:38:32.071296: | checking IKEv2 state table Aug 26 18:38:32.071309: | PARENT_I0: category: ignore flags: 0: Aug 26 18:38:32.071313: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:38:32.071317: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:38:32.071321: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:38:32.071324: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:38:32.071328: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:38:32.071332: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:38:32.071335: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:38:32.071337: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:38:32.071340: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:38:32.071343: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:38:32.071346: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:38:32.071350: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:38:32.071353: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:38:32.071356: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:38:32.071360: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:38:32.071363: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:38:32.070976: | starting up helper thread 0 Aug 26 18:38:32.071367: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:38:32.071370: | starting up helper thread 4 Aug 26 18:38:32.071378: | starting up helper thread 6 Aug 26 18:38:32.071397: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:38:32.071383: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:38:32.071384: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:38:32.071387: | starting up helper thread 5 Aug 26 18:38:32.071387: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:38:32.071415: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:38:32.071410: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:38:32.071400: | crypto helper 6 waiting (nothing to do) Aug 26 18:38:32.071423: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:38:32.071431: | crypto helper 0 waiting (nothing to do) Aug 26 18:38:32.071431: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:38:32.071442: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:38:32.071442: | crypto helper 4 waiting (nothing to do) Aug 26 18:38:32.071444: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:38:32.071455: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:38:32.071456: | crypto helper 5 waiting (nothing to do) Aug 26 18:38:32.071457: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:38:32.071464: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:38:32.071466: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:38:32.071468: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:38:32.071470: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:38:32.071472: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:38:32.071474: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:38:32.071476: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:38:32.071478: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:38:32.071480: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:38:32.071482: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:38:32.071484: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:38:32.071485: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:38:32.071487: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:38:32.071489: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:38:32.071491: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:38:32.071493: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:38:32.071495: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:38:32.071497: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:38:32.071499: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:38:32.071500: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:38:32.071502: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:38:32.071517: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:38:32.071553: | Hard-wiring algorithms Aug 26 18:38:32.071555: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:38:32.071558: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:38:32.071560: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:38:32.071562: | adding 3DES_CBC to kernel algorithm db Aug 26 18:38:32.071564: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:38:32.071565: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:38:32.071567: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:38:32.071569: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:38:32.071570: | adding AES_CTR to kernel algorithm db Aug 26 18:38:32.071572: | adding AES_CBC to kernel algorithm db Aug 26 18:38:32.071574: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:38:32.071576: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:38:32.071578: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:38:32.071580: | adding NULL to kernel algorithm db Aug 26 18:38:32.071581: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:38:32.071583: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:38:32.071585: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:38:32.071587: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:38:32.071588: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:38:32.071590: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:38:32.071592: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:38:32.071593: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:38:32.071595: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:38:32.071597: | adding NONE to kernel algorithm db Aug 26 18:38:32.071622: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:38:32.071627: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:38:32.071629: | setup kernel fd callback Aug 26 18:38:32.071632: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x560b72c802c8 Aug 26 18:38:32.071635: | libevent_malloc: new ptr-libevent@0x560b72c63b18 size 128 Aug 26 18:38:32.071638: | libevent_malloc: new ptr-libevent@0x560b72c7f828 size 16 Aug 26 18:38:32.071642: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x560b72c7f718 Aug 26 18:38:32.071645: | libevent_malloc: new ptr-libevent@0x560b72c2a058 size 128 Aug 26 18:38:32.071647: | libevent_malloc: new ptr-libevent@0x560b72c80218 size 16 Aug 26 18:38:32.071796: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:38:32.071803: selinux support is enabled. Aug 26 18:38:32.072017: | unbound context created - setting debug level to 5 Aug 26 18:38:32.072046: | /etc/hosts lookups activated Aug 26 18:38:32.072061: | /etc/resolv.conf usage activated Aug 26 18:38:32.072109: | outgoing-port-avoid set 0-65535 Aug 26 18:38:32.072127: | outgoing-port-permit set 32768-60999 Aug 26 18:38:32.072129: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:38:32.072131: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:38:32.072133: | Setting up events, loop start Aug 26 18:38:32.072136: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x560b72c80258 Aug 26 18:38:32.072138: | libevent_malloc: new ptr-libevent@0x560b72c8c518 size 128 Aug 26 18:38:32.072142: | libevent_malloc: new ptr-libevent@0x560b72c97828 size 16 Aug 26 18:38:32.072148: | libevent_realloc: new ptr-libevent@0x560b72c26af8 size 256 Aug 26 18:38:32.072151: | libevent_malloc: new ptr-libevent@0x560b72c97868 size 8 Aug 26 18:38:32.072154: | libevent_realloc: new ptr-libevent@0x560b72c273a8 size 144 Aug 26 18:38:32.072156: | libevent_malloc: new ptr-libevent@0x560b72c27808 size 152 Aug 26 18:38:32.072160: | libevent_malloc: new ptr-libevent@0x560b72c978a8 size 16 Aug 26 18:38:32.072164: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:38:32.072167: | libevent_malloc: new ptr-libevent@0x560b72c978e8 size 8 Aug 26 18:38:32.072170: | libevent_malloc: new ptr-libevent@0x560b72c97928 size 152 Aug 26 18:38:32.072173: | signal event handler PLUTO_SIGTERM installed Aug 26 18:38:32.072175: | libevent_malloc: new ptr-libevent@0x560b72c979f8 size 8 Aug 26 18:38:32.072178: | libevent_malloc: new ptr-libevent@0x560b72c97a38 size 152 Aug 26 18:38:32.072181: | signal event handler PLUTO_SIGHUP installed Aug 26 18:38:32.072183: | libevent_malloc: new ptr-libevent@0x560b72c97b08 size 8 Aug 26 18:38:32.072186: | libevent_realloc: release ptr-libevent@0x560b72c273a8 Aug 26 18:38:32.072189: | libevent_realloc: new ptr-libevent@0x560b72c97b48 size 256 Aug 26 18:38:32.072191: | libevent_malloc: new ptr-libevent@0x560b72c97c78 size 152 Aug 26 18:38:32.072194: | signal event handler PLUTO_SIGSYS installed Aug 26 18:38:32.074295: | created addconn helper (pid:5344) using fork+execve Aug 26 18:38:32.074325: | forked child 5344 Aug 26 18:38:32.074389: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:32.074408: listening for IKE messages Aug 26 18:38:32.088921: | Inspecting interface lo Aug 26 18:38:32.088954: | found lo with address 127.0.0.1 Aug 26 18:38:32.088962: | Inspecting interface eth0 Aug 26 18:38:32.088968: | found eth0 with address 192.0.3.254 Aug 26 18:38:32.088972: | Inspecting interface eth1 Aug 26 18:38:32.088977: | found eth1 with address 192.1.3.33 Aug 26 18:38:32.088981: | Inspecting interface eth1 Aug 26 18:38:32.088986: | found eth1 with address 192.1.8.22 Aug 26 18:38:32.089110: Kernel supports NIC esp-hw-offload Aug 26 18:38:32.089691: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.8.22:500 Aug 26 18:38:32.089743: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:38:32.089750: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:38:32.089758: adding interface eth1/eth1 192.1.8.22:4500 Aug 26 18:38:32.089792: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Aug 26 18:38:32.089818: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:38:32.089823: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:38:32.089827: adding interface eth1/eth1 192.1.3.33:4500 Aug 26 18:38:32.089857: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Aug 26 18:38:32.089884: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:38:32.089889: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:38:32.089893: adding interface eth0/eth0 192.0.3.254:4500 Aug 26 18:38:32.089922: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:38:32.089947: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:38:32.089952: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:38:32.089956: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:38:32.090013: | no interfaces to sort Aug 26 18:38:32.090018: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:38:32.090029: | add_fd_read_event_handler: new ethX-pe@0x560b72c982a8 Aug 26 18:38:32.090033: | libevent_malloc: new ptr-libevent@0x560b72c8c468 size 128 Aug 26 18:38:32.090037: | libevent_malloc: new ptr-libevent@0x560b72c98318 size 16 Aug 26 18:38:32.090044: | setup callback for interface lo 127.0.0.1:4500 fd 24 Aug 26 18:38:32.090047: | add_fd_read_event_handler: new ethX-pe@0x560b72c98358 Aug 26 18:38:32.090052: | libevent_malloc: new ptr-libevent@0x560b72c282b8 size 128 Aug 26 18:38:32.090054: | libevent_malloc: new ptr-libevent@0x560b72c983c8 size 16 Aug 26 18:38:32.090060: | setup callback for interface lo 127.0.0.1:500 fd 23 Aug 26 18:38:32.090063: | add_fd_read_event_handler: new ethX-pe@0x560b72c98408 Aug 26 18:38:32.090067: | libevent_malloc: new ptr-libevent@0x560b72c2a158 size 128 Aug 26 18:38:32.090070: | libevent_malloc: new ptr-libevent@0x560b72c98478 size 16 Aug 26 18:38:32.090075: | setup callback for interface eth0 192.0.3.254:4500 fd 22 Aug 26 18:38:32.090078: | add_fd_read_event_handler: new ethX-pe@0x560b72c984b8 Aug 26 18:38:32.090081: | libevent_malloc: new ptr-libevent@0x560b72c272a8 size 128 Aug 26 18:38:32.090084: | libevent_malloc: new ptr-libevent@0x560b72c98528 size 16 Aug 26 18:38:32.090089: | setup callback for interface eth0 192.0.3.254:500 fd 21 Aug 26 18:38:32.090092: | add_fd_read_event_handler: new ethX-pe@0x560b72c98568 Aug 26 18:38:32.090096: | libevent_malloc: new ptr-libevent@0x560b72bf84e8 size 128 Aug 26 18:38:32.090099: | libevent_malloc: new ptr-libevent@0x560b72c985d8 size 16 Aug 26 18:38:32.090104: | setup callback for interface eth1 192.1.3.33:4500 fd 20 Aug 26 18:38:32.090107: | add_fd_read_event_handler: new ethX-pe@0x560b72c98618 Aug 26 18:38:32.090109: | libevent_malloc: new ptr-libevent@0x560b72bf81d8 size 128 Aug 26 18:38:32.090112: | libevent_malloc: new ptr-libevent@0x560b72c98688 size 16 Aug 26 18:38:32.090117: | setup callback for interface eth1 192.1.3.33:500 fd 19 Aug 26 18:38:32.090120: | add_fd_read_event_handler: new ethX-pe@0x560b72c986c8 Aug 26 18:38:32.090123: | libevent_malloc: new ptr-libevent@0x560b72c98cc8 size 128 Aug 26 18:38:32.090126: | libevent_malloc: new ptr-libevent@0x560b72c98d78 size 16 Aug 26 18:38:32.090131: | setup callback for interface eth1 192.1.8.22:4500 fd 18 Aug 26 18:38:32.090134: | add_fd_read_event_handler: new ethX-pe@0x560b72c98db8 Aug 26 18:38:32.090137: | libevent_malloc: new ptr-libevent@0x560b72c98e28 size 128 Aug 26 18:38:32.090140: | libevent_malloc: new ptr-libevent@0x560b72c98ed8 size 16 Aug 26 18:38:32.090145: | setup callback for interface eth1 192.1.8.22:500 fd 17 Aug 26 18:38:32.090149: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:38:32.090151: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:38:32.090169: loading secrets from "/etc/ipsec.secrets" Aug 26 18:38:32.090194: | Processing PSK at line 1: passed Aug 26 18:38:32.090200: | certs and keys locked by 'process_secret' Aug 26 18:38:32.090203: | certs and keys unlocked by 'process_secret' Aug 26 18:38:32.090494: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:32.090507: | spent 0.805 milliseconds in whack Aug 26 18:38:32.120587: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:32.120612: listening for IKE messages Aug 26 18:38:32.120641: | Inspecting interface lo Aug 26 18:38:32.120647: | found lo with address 127.0.0.1 Aug 26 18:38:32.120649: | Inspecting interface eth0 Aug 26 18:38:32.120652: | found eth0 with address 192.0.3.254 Aug 26 18:38:32.120653: | Inspecting interface eth1 Aug 26 18:38:32.120656: | found eth1 with address 192.1.3.33 Aug 26 18:38:32.120658: | Inspecting interface eth1 Aug 26 18:38:32.120660: | found eth1 with address 192.1.8.22 Aug 26 18:38:32.120714: | no interfaces to sort Aug 26 18:38:32.120722: | libevent_free: release ptr-libevent@0x560b72c8c468 Aug 26 18:38:32.120724: | free_event_entry: release EVENT_NULL-pe@0x560b72c982a8 Aug 26 18:38:32.120727: | add_fd_read_event_handler: new ethX-pe@0x560b72c982a8 Aug 26 18:38:32.120729: | libevent_malloc: new ptr-libevent@0x560b72c8c468 size 128 Aug 26 18:38:32.120735: | setup callback for interface lo 127.0.0.1:4500 fd 24 Aug 26 18:38:32.120738: | libevent_free: release ptr-libevent@0x560b72c282b8 Aug 26 18:38:32.120740: | free_event_entry: release EVENT_NULL-pe@0x560b72c98358 Aug 26 18:38:32.120741: | add_fd_read_event_handler: new ethX-pe@0x560b72c98358 Aug 26 18:38:32.120743: | libevent_malloc: new ptr-libevent@0x560b72c282b8 size 128 Aug 26 18:38:32.120746: | setup callback for interface lo 127.0.0.1:500 fd 23 Aug 26 18:38:32.120749: | libevent_free: release ptr-libevent@0x560b72c2a158 Aug 26 18:38:32.120751: | free_event_entry: release EVENT_NULL-pe@0x560b72c98408 Aug 26 18:38:32.120753: | add_fd_read_event_handler: new ethX-pe@0x560b72c98408 Aug 26 18:38:32.120755: | libevent_malloc: new ptr-libevent@0x560b72c2a158 size 128 Aug 26 18:38:32.120760: | setup callback for interface eth0 192.0.3.254:4500 fd 22 Aug 26 18:38:32.120764: | libevent_free: release ptr-libevent@0x560b72c272a8 Aug 26 18:38:32.120767: | free_event_entry: release EVENT_NULL-pe@0x560b72c984b8 Aug 26 18:38:32.120769: | add_fd_read_event_handler: new ethX-pe@0x560b72c984b8 Aug 26 18:38:32.120771: | libevent_malloc: new ptr-libevent@0x560b72c272a8 size 128 Aug 26 18:38:32.120774: | setup callback for interface eth0 192.0.3.254:500 fd 21 Aug 26 18:38:32.120777: | libevent_free: release ptr-libevent@0x560b72bf84e8 Aug 26 18:38:32.120779: | free_event_entry: release EVENT_NULL-pe@0x560b72c98568 Aug 26 18:38:32.120781: | add_fd_read_event_handler: new ethX-pe@0x560b72c98568 Aug 26 18:38:32.120782: | libevent_malloc: new ptr-libevent@0x560b72bf84e8 size 128 Aug 26 18:38:32.120785: | setup callback for interface eth1 192.1.3.33:4500 fd 20 Aug 26 18:38:32.120788: | libevent_free: release ptr-libevent@0x560b72bf81d8 Aug 26 18:38:32.120790: | free_event_entry: release EVENT_NULL-pe@0x560b72c98618 Aug 26 18:38:32.120792: | add_fd_read_event_handler: new ethX-pe@0x560b72c98618 Aug 26 18:38:32.120793: | libevent_malloc: new ptr-libevent@0x560b72bf81d8 size 128 Aug 26 18:38:32.120796: | setup callback for interface eth1 192.1.3.33:500 fd 19 Aug 26 18:38:32.120799: | libevent_free: release ptr-libevent@0x560b72c98cc8 Aug 26 18:38:32.120801: | free_event_entry: release EVENT_NULL-pe@0x560b72c986c8 Aug 26 18:38:32.120802: | add_fd_read_event_handler: new ethX-pe@0x560b72c986c8 Aug 26 18:38:32.120804: | libevent_malloc: new ptr-libevent@0x560b72c98cc8 size 128 Aug 26 18:38:32.120807: | setup callback for interface eth1 192.1.8.22:4500 fd 18 Aug 26 18:38:32.120810: | libevent_free: release ptr-libevent@0x560b72c98e28 Aug 26 18:38:32.120812: | free_event_entry: release EVENT_NULL-pe@0x560b72c98db8 Aug 26 18:38:32.120813: | add_fd_read_event_handler: new ethX-pe@0x560b72c98db8 Aug 26 18:38:32.120819: | libevent_malloc: new ptr-libevent@0x560b72c98e28 size 128 Aug 26 18:38:32.120823: | setup callback for interface eth1 192.1.8.22:500 fd 17 Aug 26 18:38:32.120825: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:38:32.120828: forgetting secrets Aug 26 18:38:32.120836: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:38:32.120852: loading secrets from "/etc/ipsec.secrets" Aug 26 18:38:32.120860: | Processing PSK at line 1: passed Aug 26 18:38:32.120863: | certs and keys locked by 'process_secret' Aug 26 18:38:32.120865: | certs and keys unlocked by 'process_secret' Aug 26 18:38:32.120873: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:32.120880: | spent 0.301 milliseconds in whack Aug 26 18:38:32.121295: | processing signal PLUTO_SIGCHLD Aug 26 18:38:32.121318: | waitpid returned pid 5344 (exited with status 0) Aug 26 18:38:32.121322: | reaped addconn helper child (status 0) Aug 26 18:38:32.121326: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:32.121329: | spent 0.0191 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:32.180403: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:32.180433: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:32.180437: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:38:32.180440: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:32.180442: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:38:32.180447: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:32.180499: | Added new connection northnet-eastnet with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 18:38:32.180560: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:38:32.180565: | from whack: got --esp=aes256-sha2 Aug 26 18:38:32.180580: | ESP/AH string values: AES_CBC_256-HMAC_SHA2_256_128 Aug 26 18:38:32.180587: | counting wild cards for 192.1.3.33 is 0 Aug 26 18:38:32.180591: | counting wild cards for 192.1.2.23 is 0 Aug 26 18:38:32.180601: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Aug 26 18:38:32.180604: | new hp@0x560b72c9a9c8 Aug 26 18:38:32.180609: added connection description "northnet-eastnet" Aug 26 18:38:32.180620: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 18:38:32.180630: | 192.0.3.0/24===192.1.3.33<192.1.3.33>...192.1.2.23<192.1.2.23>===192.0.2.0/24 Aug 26 18:38:32.180638: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:32.180645: | spent 0.251 milliseconds in whack Aug 26 18:38:32.240961: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:32.240988: | old debugging base+cpu-usage + none Aug 26 18:38:32.240993: | base debugging = base+cpu-usage Aug 26 18:38:32.240996: | old impairing none + suppress-retransmits Aug 26 18:38:32.240999: | base impairing = suppress-retransmits Aug 26 18:38:32.241006: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:32.241013: | spent 0.0629 milliseconds in whack Aug 26 18:38:32.363976: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:32.364367: | dup_any(fd@16) -> fd@25 (in whack_process() at rcv_whack.c:590) Aug 26 18:38:32.364376: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:32.364382: | start processing: connection "northnet-eastnet" (in initiate_a_connection() at initiate.c:186) Aug 26 18:38:32.364391: | connection 'northnet-eastnet' +POLICY_UP Aug 26 18:38:32.364394: | dup_any(fd@25) -> fd@26 (in initiate_a_connection() at initiate.c:342) Aug 26 18:38:32.364397: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:38:32.364417: | creating state object #1 at 0x560b72c9aaa8 Aug 26 18:38:32.364420: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 18:38:32.364428: | pstats #1 ikev2.ike started Aug 26 18:38:32.364432: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:38:32.364436: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:38:32.364442: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:38:32.364450: | suspend processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:38:32.364456: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:38:32.364459: | dup_any(fd@26) -> fd@27 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:38:32.364464: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet" IKE SA #1 "northnet-eastnet" Aug 26 18:38:32.364469: "northnet-eastnet" #1: initiating v2 parent SA Aug 26 18:38:32.364479: | constructing local IKE proposals for northnet-eastnet (IKE SA initiator selecting KE) Aug 26 18:38:32.364488: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:32.364497: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:32.364500: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:32.364506: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:32.364510: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:32.364516: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:32.364520: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:32.364525: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:32.364537: "northnet-eastnet": constructed local IKE proposals for northnet-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:32.364546: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 18:38:32.364550: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x560b72c9d218 Aug 26 18:38:32.364554: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:38:32.364557: | libevent_malloc: new ptr-libevent@0x560b72c9d288 size 128 Aug 26 18:38:32.364574: | #1 spent 0.19 milliseconds in ikev2_parent_outI1() Aug 26 18:38:32.364577: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:38:32.364582: | RESET processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:38:32.364585: | RESET processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:38:32.364589: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:38:32.364592: | close_any(fd@25) (in initiate_connection() at initiate.c:372) Aug 26 18:38:32.364596: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:32.364600: | spent 0.631 milliseconds in whack Aug 26 18:38:32.364704: | crypto helper 3 resuming Aug 26 18:38:32.364717: | crypto helper 3 starting work-order 1 for state #1 Aug 26 18:38:32.364724: | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 18:38:32.365735: | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001009 seconds Aug 26 18:38:32.365752: | (#1) spent 1.01 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 18:38:32.365757: | crypto helper 3 sending results from work-order 1 for state #1 to event queue Aug 26 18:38:32.365761: | scheduling resume sending helper answer for #1 Aug 26 18:38:32.365765: | libevent_malloc: new ptr-libevent@0x7f2394002888 size 128 Aug 26 18:38:32.365787: | processing resume sending helper answer for #1 Aug 26 18:38:32.365795: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:38:32.365799: | crypto helper 3 replies to request ID 1 Aug 26 18:38:32.365802: | calling continuation function 0x560b71aceb50 Aug 26 18:38:32.365804: | ikev2_parent_outI1_continue for #1 Aug 26 18:38:32.365836: | **emit ISAKMP Message: Aug 26 18:38:32.365841: | initiator cookie: Aug 26 18:38:32.365843: | ad 6d 60 74 a3 e2 ed 1a Aug 26 18:38:32.365846: | responder cookie: Aug 26 18:38:32.365849: | 00 00 00 00 00 00 00 00 Aug 26 18:38:32.365852: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:32.365856: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:32.365858: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:38:32.365862: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:38:32.365865: | Message ID: 0 (0x0) Aug 26 18:38:32.365868: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:32.365884: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:32.365888: | Emitting ikev2_proposals ... Aug 26 18:38:32.365891: | ***emit IKEv2 Security Association Payload: Aug 26 18:38:32.365894: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:32.365897: | flags: none (0x0) Aug 26 18:38:32.365900: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:38:32.365904: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:38:32.365907: | discarding INTEG=NONE Aug 26 18:38:32.365910: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:32.365913: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:32.365921: | prop #: 1 (0x1) Aug 26 18:38:32.365924: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:32.365927: | spi size: 0 (0x0) Aug 26 18:38:32.365930: | # transforms: 11 (0xb) Aug 26 18:38:32.365933: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:32.365936: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.365940: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.365942: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:32.365945: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:32.365947: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.365949: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:32.365951: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:32.365953: | length/value: 256 (0x100) Aug 26 18:38:32.365955: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:32.365956: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.365958: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.365960: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:32.365961: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:32.365964: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.365966: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.365967: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.365969: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.365971: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.365972: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:32.365974: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:32.365976: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.365978: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.365979: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.365981: | discarding INTEG=NONE Aug 26 18:38:32.365982: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.365984: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.365986: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.365987: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:32.365989: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.365991: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.365994: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.365996: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.365998: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366000: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366001: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:32.366003: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366005: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366007: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366008: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366012: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366015: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366017: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:32.366020: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366023: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366025: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366027: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366030: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366032: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366034: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:32.366037: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366041: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366043: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366046: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366048: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366051: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366054: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:32.366057: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366060: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366062: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366065: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366067: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366070: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366072: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:32.366075: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366078: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366080: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366083: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366086: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366088: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366090: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:32.366093: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366096: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366099: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366101: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366104: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:32.366106: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366109: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:32.366113: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366115: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366120: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366123: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:38:32.366126: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:32.366129: | discarding INTEG=NONE Aug 26 18:38:32.366132: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:32.366135: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:32.366137: | prop #: 2 (0x2) Aug 26 18:38:32.366140: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:32.366142: | spi size: 0 (0x0) Aug 26 18:38:32.366145: | # transforms: 11 (0xb) Aug 26 18:38:32.366148: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:32.366152: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:32.366154: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366157: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366160: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:32.366163: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:32.366166: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366169: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:32.366171: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:32.366174: | length/value: 128 (0x80) Aug 26 18:38:32.366177: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:32.366179: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366182: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366185: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:32.366188: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:32.366191: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366194: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366197: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366200: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366202: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366205: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:32.366208: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:32.366211: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366215: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366218: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366220: | discarding INTEG=NONE Aug 26 18:38:32.366223: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366225: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366228: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366231: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:32.366234: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366238: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366241: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366243: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366246: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366252: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366255: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:32.366258: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366261: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366264: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366267: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366270: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366273: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366275: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:32.366278: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366282: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366285: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366292: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366299: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366301: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366304: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:32.366307: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366309: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366312: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366314: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366317: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366320: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366322: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:32.366326: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366329: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366332: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366335: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366337: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366340: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366343: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:32.366346: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366348: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366351: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366354: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366357: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366360: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366363: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:32.366366: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366370: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366377: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366380: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366383: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:32.366386: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366389: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:32.366392: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366396: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366400: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366403: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:38:32.366406: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:32.366409: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:32.366412: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:32.366415: | prop #: 3 (0x3) Aug 26 18:38:32.366417: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:32.366420: | spi size: 0 (0x0) Aug 26 18:38:32.366423: | # transforms: 13 (0xd) Aug 26 18:38:32.366427: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:32.366430: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:32.366433: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366436: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366439: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:32.366442: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:32.366445: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366448: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:32.366451: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:32.366453: | length/value: 256 (0x100) Aug 26 18:38:32.366456: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:32.366459: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366462: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366465: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:32.366468: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:32.366471: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366475: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366478: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366481: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366483: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366486: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:32.366488: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:32.366492: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366495: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366498: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366501: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366504: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366507: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:32.366512: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:38:32.366515: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366519: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366522: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366525: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366527: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366530: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:32.366533: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:32.366536: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366539: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366542: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366544: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366547: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366550: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366553: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:32.366557: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366560: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366563: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366565: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366568: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366571: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366573: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:32.366576: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366579: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366582: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366585: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366588: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366590: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366593: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:32.366596: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366599: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366602: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366605: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366607: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366610: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366613: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:32.366616: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366619: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366621: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366624: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366628: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366631: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366633: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:32.366637: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366640: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366643: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366645: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366648: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366651: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366653: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:32.366656: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366659: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366662: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366665: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366668: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366670: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366673: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:32.366676: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366679: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366682: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366685: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366687: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:32.366690: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366693: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:32.366696: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366699: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366702: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366705: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:38:32.366708: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:32.366711: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:32.366713: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:32.366716: | prop #: 4 (0x4) Aug 26 18:38:32.366719: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:32.366721: | spi size: 0 (0x0) Aug 26 18:38:32.366724: | # transforms: 13 (0xd) Aug 26 18:38:32.366727: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:32.366730: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:32.366733: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366736: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366738: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:32.366741: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:32.366744: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366750: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:32.366753: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:32.366756: | length/value: 128 (0x80) Aug 26 18:38:32.366759: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:32.366761: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366764: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366767: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:32.366769: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:32.366772: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366775: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366778: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366781: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366784: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366787: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:32.366790: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:32.366793: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366796: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366799: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366801: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366804: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366806: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:32.366809: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:38:32.366812: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366815: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366818: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366821: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366823: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366826: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:32.366828: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:32.366831: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366834: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366837: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366840: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366842: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366845: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366848: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:32.366851: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366854: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366857: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366859: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366862: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366864: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366868: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:32.366872: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366875: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366878: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366881: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366884: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366886: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366888: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:32.366892: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366895: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366898: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366900: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366902: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366905: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366908: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:32.366911: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366914: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366917: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366920: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366922: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366925: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366928: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:32.366930: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366933: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366936: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366938: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366941: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366943: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366946: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:32.366949: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366953: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366956: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366958: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366960: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366963: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366966: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:32.366969: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366971: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366974: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366978: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.366981: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:32.366983: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.366986: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:32.366989: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.366992: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.366995: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.366997: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:38:32.367000: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:32.367003: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:38:32.367006: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:38:32.367009: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:38:32.367012: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:32.367014: | flags: none (0x0) Aug 26 18:38:32.367017: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:32.367020: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:38:32.367023: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:38:32.367026: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:38:32.367029: | ikev2 g^x 2c d4 4e 70 3d 53 45 cb 42 c2 51 bb ff 60 dd 5d Aug 26 18:38:32.367031: | ikev2 g^x 34 16 ef 36 17 ad 69 3b c0 d0 ab df 00 a9 12 42 Aug 26 18:38:32.367033: | ikev2 g^x 35 dc c1 4f cb 73 95 a2 74 52 f0 73 ed c4 fd 37 Aug 26 18:38:32.367035: | ikev2 g^x 63 65 c3 d3 6b 60 ac 90 8e ae 5a 41 b6 1c 22 ef Aug 26 18:38:32.367037: | ikev2 g^x 1b da 71 9b 10 bd 0b f1 2a 70 49 ca e7 13 9f 31 Aug 26 18:38:32.367040: | ikev2 g^x ef 42 09 bb 0b 4b 45 1e e4 59 ad 68 c4 09 01 07 Aug 26 18:38:32.367042: | ikev2 g^x 5e df ac e2 b7 bf b0 09 ee 7d bc e2 06 53 62 6b Aug 26 18:38:32.367044: | ikev2 g^x 86 41 00 04 d0 01 ce 65 93 e8 5c 81 fd fa a2 ce Aug 26 18:38:32.367046: | ikev2 g^x 85 e7 32 d0 de 8f 02 40 97 b4 02 32 ba 41 ec ab Aug 26 18:38:32.367048: | ikev2 g^x 15 3b 12 42 f2 d1 1c f1 07 91 59 c1 35 59 9d db Aug 26 18:38:32.367050: | ikev2 g^x 68 fb 0e 85 45 84 8e 5b fa f5 67 3f 22 45 6d f3 Aug 26 18:38:32.367052: | ikev2 g^x 6e fc 7b 5b 4c fc 4c cc 20 25 f0 fb 73 16 58 df Aug 26 18:38:32.367055: | ikev2 g^x e4 34 f1 00 80 07 40 bb 60 03 64 1e 39 8c bf 4c Aug 26 18:38:32.367058: | ikev2 g^x 37 d2 29 df 87 3a c2 80 1f b5 fc 73 c1 17 47 be Aug 26 18:38:32.367060: | ikev2 g^x 85 59 0a e2 e7 d7 29 42 02 f3 ff 95 c4 e4 2d 1b Aug 26 18:38:32.367063: | ikev2 g^x 71 44 e2 b0 80 56 a7 53 30 8e bd c2 17 de f7 a7 Aug 26 18:38:32.367066: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:38:32.367069: | ***emit IKEv2 Nonce Payload: Aug 26 18:38:32.367072: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:32.367075: | flags: none (0x0) Aug 26 18:38:32.367078: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:38:32.367081: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:38:32.367084: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:38:32.367087: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:38:32.367091: | IKEv2 nonce a8 79 5c f1 63 b5 21 0a df df 81 c7 78 d9 b8 9e Aug 26 18:38:32.367096: | IKEv2 nonce a9 6e 68 01 79 aa ce a8 14 d1 e5 27 1f 9f d3 d3 Aug 26 18:38:32.367099: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:38:32.367102: | Adding a v2N Payload Aug 26 18:38:32.367105: | ***emit IKEv2 Notify Payload: Aug 26 18:38:32.367107: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:32.367110: | flags: none (0x0) Aug 26 18:38:32.367112: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:32.367115: | SPI size: 0 (0x0) Aug 26 18:38:32.367118: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:38:32.367122: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:32.367125: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:32.367128: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:38:32.367131: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:38:32.367134: | natd_hash: rcookie is zero Aug 26 18:38:32.367151: | natd_hash: hasher=0x560b71ba3800(20) Aug 26 18:38:32.367155: | natd_hash: icookie= ad 6d 60 74 a3 e2 ed 1a Aug 26 18:38:32.367158: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:38:32.367161: | natd_hash: ip= c0 01 03 21 Aug 26 18:38:32.367163: | natd_hash: port=500 Aug 26 18:38:32.367166: | natd_hash: hash= cf ae 46 76 2a 3b 54 01 dc 9b a4 d7 46 6b d8 83 Aug 26 18:38:32.367169: | natd_hash: hash= 01 e0 5b b7 Aug 26 18:38:32.367171: | Adding a v2N Payload Aug 26 18:38:32.367174: | ***emit IKEv2 Notify Payload: Aug 26 18:38:32.367176: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:32.367178: | flags: none (0x0) Aug 26 18:38:32.367181: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:32.367183: | SPI size: 0 (0x0) Aug 26 18:38:32.367185: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:32.367188: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:32.367190: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:32.367193: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:32.367195: | Notify data cf ae 46 76 2a 3b 54 01 dc 9b a4 d7 46 6b d8 83 Aug 26 18:38:32.367197: | Notify data 01 e0 5b b7 Aug 26 18:38:32.367200: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:32.367202: | natd_hash: rcookie is zero Aug 26 18:38:32.367210: | natd_hash: hasher=0x560b71ba3800(20) Aug 26 18:38:32.367213: | natd_hash: icookie= ad 6d 60 74 a3 e2 ed 1a Aug 26 18:38:32.367215: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:38:32.367217: | natd_hash: ip= c0 01 02 17 Aug 26 18:38:32.367219: | natd_hash: port=500 Aug 26 18:38:32.367222: | natd_hash: hash= c6 e9 df de 20 1d e9 a9 ef b1 d7 d1 a0 21 ce 65 Aug 26 18:38:32.367224: | natd_hash: hash= 73 0d 39 59 Aug 26 18:38:32.367225: | Adding a v2N Payload Aug 26 18:38:32.367228: | ***emit IKEv2 Notify Payload: Aug 26 18:38:32.367230: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:32.367232: | flags: none (0x0) Aug 26 18:38:32.367234: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:32.367237: | SPI size: 0 (0x0) Aug 26 18:38:32.367239: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:32.367242: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:32.367245: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:32.367248: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:32.367251: | Notify data c6 e9 df de 20 1d e9 a9 ef b1 d7 d1 a0 21 ce 65 Aug 26 18:38:32.367253: | Notify data 73 0d 39 59 Aug 26 18:38:32.367256: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:32.367259: | emitting length of ISAKMP Message: 828 Aug 26 18:38:32.367269: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:38:32.367283: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:32.367326: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:38:32.367335: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:38:32.367339: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:38:32.367343: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 18:38:32.367346: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 18:38:32.367352: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:38:32.367355: "northnet-eastnet" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:38:32.367370: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:38:32.367383: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:38:32.367386: | ad 6d 60 74 a3 e2 ed 1a 00 00 00 00 00 00 00 00 Aug 26 18:38:32.367389: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:38:32.367392: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:38:32.367395: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:38:32.367397: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:38:32.367400: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:38:32.367403: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:38:32.367406: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:38:32.367409: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:38:32.367411: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:38:32.367414: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:38:32.367417: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:38:32.367419: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:38:32.367422: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:38:32.367425: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:38:32.367428: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:38:32.367430: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:38:32.367433: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:38:32.367436: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:38:32.367439: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:38:32.367441: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:38:32.367444: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:38:32.367446: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:38:32.367449: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:38:32.367452: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:38:32.367455: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:38:32.367457: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:38:32.367460: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:38:32.367463: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:38:32.367466: | 28 00 01 08 00 0e 00 00 2c d4 4e 70 3d 53 45 cb Aug 26 18:38:32.367469: | 42 c2 51 bb ff 60 dd 5d 34 16 ef 36 17 ad 69 3b Aug 26 18:38:32.367471: | c0 d0 ab df 00 a9 12 42 35 dc c1 4f cb 73 95 a2 Aug 26 18:38:32.367474: | 74 52 f0 73 ed c4 fd 37 63 65 c3 d3 6b 60 ac 90 Aug 26 18:38:32.367477: | 8e ae 5a 41 b6 1c 22 ef 1b da 71 9b 10 bd 0b f1 Aug 26 18:38:32.367480: | 2a 70 49 ca e7 13 9f 31 ef 42 09 bb 0b 4b 45 1e Aug 26 18:38:32.367482: | e4 59 ad 68 c4 09 01 07 5e df ac e2 b7 bf b0 09 Aug 26 18:38:32.367487: | ee 7d bc e2 06 53 62 6b 86 41 00 04 d0 01 ce 65 Aug 26 18:38:32.367490: | 93 e8 5c 81 fd fa a2 ce 85 e7 32 d0 de 8f 02 40 Aug 26 18:38:32.367493: | 97 b4 02 32 ba 41 ec ab 15 3b 12 42 f2 d1 1c f1 Aug 26 18:38:32.367495: | 07 91 59 c1 35 59 9d db 68 fb 0e 85 45 84 8e 5b Aug 26 18:38:32.367498: | fa f5 67 3f 22 45 6d f3 6e fc 7b 5b 4c fc 4c cc Aug 26 18:38:32.367501: | 20 25 f0 fb 73 16 58 df e4 34 f1 00 80 07 40 bb Aug 26 18:38:32.367504: | 60 03 64 1e 39 8c bf 4c 37 d2 29 df 87 3a c2 80 Aug 26 18:38:32.367507: | 1f b5 fc 73 c1 17 47 be 85 59 0a e2 e7 d7 29 42 Aug 26 18:38:32.367509: | 02 f3 ff 95 c4 e4 2d 1b 71 44 e2 b0 80 56 a7 53 Aug 26 18:38:32.367512: | 30 8e bd c2 17 de f7 a7 29 00 00 24 a8 79 5c f1 Aug 26 18:38:32.367515: | 63 b5 21 0a df df 81 c7 78 d9 b8 9e a9 6e 68 01 Aug 26 18:38:32.367518: | 79 aa ce a8 14 d1 e5 27 1f 9f d3 d3 29 00 00 08 Aug 26 18:38:32.367520: | 00 00 40 2e 29 00 00 1c 00 00 40 04 cf ae 46 76 Aug 26 18:38:32.367523: | 2a 3b 54 01 dc 9b a4 d7 46 6b d8 83 01 e0 5b b7 Aug 26 18:38:32.367526: | 00 00 00 1c 00 00 40 05 c6 e9 df de 20 1d e9 a9 Aug 26 18:38:32.367529: | ef b1 d7 d1 a0 21 ce 65 73 0d 39 59 Aug 26 18:38:32.367970: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:38:32.367980: | libevent_free: release ptr-libevent@0x560b72c9d288 Aug 26 18:38:32.367983: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x560b72c9d218 Aug 26 18:38:32.367987: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:38:32.367990: "northnet-eastnet" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:38:32.368000: | event_schedule: new EVENT_RETRANSMIT-pe@0x560b72c9d218 Aug 26 18:38:32.368005: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Aug 26 18:38:32.368008: | libevent_malloc: new ptr-libevent@0x560b72c9d288 size 128 Aug 26 18:38:32.368013: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29998.110466 Aug 26 18:38:32.368018: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 18:38:32.368025: | #1 spent 2.18 milliseconds in resume sending helper answer Aug 26 18:38:32.368030: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:38:32.368034: | libevent_free: release ptr-libevent@0x7f2394002888 Aug 26 18:38:32.368046: | crypto helper 3 waiting (nothing to do) Aug 26 18:38:32.373050: | spent 0.00411 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:32.373086: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:38:32.373091: | ad 6d 60 74 a3 e2 ed 1a 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:32.373094: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 18:38:32.373096: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 18:38:32.373098: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 18:38:32.373101: | 04 00 00 0e 28 00 01 08 00 0e 00 00 22 fb fe 03 Aug 26 18:38:32.373104: | 45 3c 7e 53 f6 01 ae ca 5e 77 81 06 29 12 cd 31 Aug 26 18:38:32.373106: | a2 33 81 21 ed c7 03 07 99 3a 83 3a 86 a2 f7 95 Aug 26 18:38:32.373109: | 67 02 75 a0 2f 8b 0e 10 ee c0 2c 76 97 5e e4 bc Aug 26 18:38:32.373111: | e2 d5 50 b7 2d 5c 4d 00 97 db 69 b1 e3 cf f6 52 Aug 26 18:38:32.373114: | 68 c3 42 bd 5d 18 df da 37 f9 49 c1 a4 f4 a0 cd Aug 26 18:38:32.373116: | 16 74 6f 58 d8 d4 de 4f d9 a0 ef 6b 39 3e 1c 64 Aug 26 18:38:32.373118: | a9 18 ff 72 9a dc 87 ee 22 c0 9b eb c7 f4 23 ff Aug 26 18:38:32.373121: | 99 08 a5 dd 73 8d 50 f0 07 9d 74 95 d5 dd 29 a5 Aug 26 18:38:32.373123: | e3 ac 2c 27 e0 ad c4 80 08 02 7b be de b7 87 8c Aug 26 18:38:32.373125: | ea 59 6a 5e 5b 82 24 27 8c c3 32 59 f6 95 f5 b6 Aug 26 18:38:32.373128: | 49 72 7a 60 53 3f 7f f1 c6 26 85 aa 8e 43 65 0b Aug 26 18:38:32.373133: | e6 0b e4 8b 83 57 9c 3c e9 66 07 d6 90 f5 ae 35 Aug 26 18:38:32.373135: | d5 ea bf 87 43 c3 60 c2 ad 1f 3f 7e 75 ee 9a 77 Aug 26 18:38:32.373136: | 15 f3 f2 4e ce 14 f6 e1 3d 49 f4 51 b5 e9 33 c7 Aug 26 18:38:32.373138: | e4 e7 d5 c7 86 25 d3 6e 2c f0 18 85 d6 23 1f 98 Aug 26 18:38:32.373140: | 52 72 40 09 2b 05 7f 8b 86 8d 8c 04 29 00 00 24 Aug 26 18:38:32.373141: | 58 a2 34 54 8b 09 26 e7 d3 03 4a 8b 31 0a 64 b1 Aug 26 18:38:32.373143: | 91 f2 eb 08 5d 16 d7 ec d8 39 c5 62 72 3e ea ec Aug 26 18:38:32.373144: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 18:38:32.373146: | 97 f6 0e 0b fe 2e 88 10 c2 f8 17 1e 13 48 c2 cd Aug 26 18:38:32.373147: | 64 66 d9 a3 00 00 00 1c 00 00 40 05 2a fc 6d be Aug 26 18:38:32.373149: | 8b e1 35 68 c3 f8 dd c8 9e 4e f7 26 09 f0 37 de Aug 26 18:38:32.373152: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:38:32.373156: | **parse ISAKMP Message: Aug 26 18:38:32.373158: | initiator cookie: Aug 26 18:38:32.373159: | ad 6d 60 74 a3 e2 ed 1a Aug 26 18:38:32.373161: | responder cookie: Aug 26 18:38:32.373162: | 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:32.373164: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:38:32.373166: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:32.373168: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:38:32.373170: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:38:32.373171: | Message ID: 0 (0x0) Aug 26 18:38:32.373173: | length: 432 (0x1b0) Aug 26 18:38:32.373175: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 18:38:32.373178: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 18:38:32.373181: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 18:38:32.373186: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:32.373189: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:38:32.373191: | #1 is idle Aug 26 18:38:32.373193: | #1 idle Aug 26 18:38:32.373194: | unpacking clear payload Aug 26 18:38:32.373196: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:38:32.373198: | ***parse IKEv2 Security Association Payload: Aug 26 18:38:32.373200: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:38:32.373202: | flags: none (0x0) Aug 26 18:38:32.373203: | length: 40 (0x28) Aug 26 18:38:32.373205: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 18:38:32.373207: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:38:32.373210: | ***parse IKEv2 Key Exchange Payload: Aug 26 18:38:32.373213: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:38:32.373215: | flags: none (0x0) Aug 26 18:38:32.373217: | length: 264 (0x108) Aug 26 18:38:32.373220: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:32.373223: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:38:32.373225: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:38:32.373228: | ***parse IKEv2 Nonce Payload: Aug 26 18:38:32.373230: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:32.373233: | flags: none (0x0) Aug 26 18:38:32.373235: | length: 36 (0x24) Aug 26 18:38:32.373238: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:38:32.373240: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:32.373243: | ***parse IKEv2 Notify Payload: Aug 26 18:38:32.373245: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:32.373248: | flags: none (0x0) Aug 26 18:38:32.373250: | length: 8 (0x8) Aug 26 18:38:32.373253: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:32.373255: | SPI size: 0 (0x0) Aug 26 18:38:32.373258: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:38:32.373260: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:38:32.373264: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:32.373267: | ***parse IKEv2 Notify Payload: Aug 26 18:38:32.373269: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:32.373272: | flags: none (0x0) Aug 26 18:38:32.373274: | length: 28 (0x1c) Aug 26 18:38:32.373277: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:32.373279: | SPI size: 0 (0x0) Aug 26 18:38:32.373282: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:32.373284: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:32.373287: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:32.373323: | ***parse IKEv2 Notify Payload: Aug 26 18:38:32.373327: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:32.373329: | flags: none (0x0) Aug 26 18:38:32.373332: | length: 28 (0x1c) Aug 26 18:38:32.373334: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:32.373337: | SPI size: 0 (0x0) Aug 26 18:38:32.373340: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:32.373342: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:32.373346: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 18:38:32.373353: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:38:32.373357: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:38:32.373360: | Now let's proceed with state specific processing Aug 26 18:38:32.373363: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:38:32.373367: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 18:38:32.373385: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:32.373390: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 18:38:32.373395: | local proposal 1 type ENCR has 1 transforms Aug 26 18:38:32.373398: | local proposal 1 type PRF has 2 transforms Aug 26 18:38:32.373401: | local proposal 1 type INTEG has 1 transforms Aug 26 18:38:32.373404: | local proposal 1 type DH has 8 transforms Aug 26 18:38:32.373406: | local proposal 1 type ESN has 0 transforms Aug 26 18:38:32.373410: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:38:32.373414: | local proposal 2 type ENCR has 1 transforms Aug 26 18:38:32.373416: | local proposal 2 type PRF has 2 transforms Aug 26 18:38:32.373419: | local proposal 2 type INTEG has 1 transforms Aug 26 18:38:32.373422: | local proposal 2 type DH has 8 transforms Aug 26 18:38:32.373425: | local proposal 2 type ESN has 0 transforms Aug 26 18:38:32.373428: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:38:32.373431: | local proposal 3 type ENCR has 1 transforms Aug 26 18:38:32.373434: | local proposal 3 type PRF has 2 transforms Aug 26 18:38:32.373437: | local proposal 3 type INTEG has 2 transforms Aug 26 18:38:32.373440: | local proposal 3 type DH has 8 transforms Aug 26 18:38:32.373443: | local proposal 3 type ESN has 0 transforms Aug 26 18:38:32.373446: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:38:32.373449: | local proposal 4 type ENCR has 1 transforms Aug 26 18:38:32.373451: | local proposal 4 type PRF has 2 transforms Aug 26 18:38:32.373454: | local proposal 4 type INTEG has 2 transforms Aug 26 18:38:32.373459: | local proposal 4 type DH has 8 transforms Aug 26 18:38:32.373462: | local proposal 4 type ESN has 0 transforms Aug 26 18:38:32.373465: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:38:32.373469: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:38:32.373473: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:32.373475: | length: 36 (0x24) Aug 26 18:38:32.373478: | prop #: 1 (0x1) Aug 26 18:38:32.373481: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:32.373483: | spi size: 0 (0x0) Aug 26 18:38:32.373486: | # transforms: 3 (0x3) Aug 26 18:38:32.373490: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:38:32.373493: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:32.373496: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.373499: | length: 12 (0xc) Aug 26 18:38:32.373502: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:32.373505: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:32.373508: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:38:32.373511: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:32.373514: | length/value: 256 (0x100) Aug 26 18:38:32.373519: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:38:32.373522: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:32.373525: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.373528: | length: 8 (0x8) Aug 26 18:38:32.373531: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:32.373534: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:32.373538: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 18:38:32.373541: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:32.373544: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:32.373546: | length: 8 (0x8) Aug 26 18:38:32.373549: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:32.373552: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:32.373555: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:38:32.373560: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 18:38:32.373565: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 18:38:32.373568: | remote proposal 1 matches local proposal 1 Aug 26 18:38:32.373571: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 18:38:32.373574: | converting proposal to internal trans attrs Aug 26 18:38:32.373598: | natd_hash: hasher=0x560b71ba3800(20) Aug 26 18:38:32.373603: | natd_hash: icookie= ad 6d 60 74 a3 e2 ed 1a Aug 26 18:38:32.373606: | natd_hash: rcookie= 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:32.373608: | natd_hash: ip= c0 01 03 21 Aug 26 18:38:32.373611: | natd_hash: port=500 Aug 26 18:38:32.373614: | natd_hash: hash= 2a fc 6d be 8b e1 35 68 c3 f8 dd c8 9e 4e f7 26 Aug 26 18:38:32.373617: | natd_hash: hash= 09 f0 37 de Aug 26 18:38:32.373625: | natd_hash: hasher=0x560b71ba3800(20) Aug 26 18:38:32.373628: | natd_hash: icookie= ad 6d 60 74 a3 e2 ed 1a Aug 26 18:38:32.373631: | natd_hash: rcookie= 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:32.373633: | natd_hash: ip= c0 01 02 17 Aug 26 18:38:32.373635: | natd_hash: port=500 Aug 26 18:38:32.373638: | natd_hash: hash= 97 f6 0e 0b fe 2e 88 10 c2 f8 17 1e 13 48 c2 cd Aug 26 18:38:32.373641: | natd_hash: hash= 64 66 d9 a3 Aug 26 18:38:32.373644: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:38:32.373647: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 18:38:32.373649: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:38:32.373653: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 18:38:32.373660: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 18:38:32.373665: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 18:38:32.373668: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:38:32.373671: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 18:38:32.373677: | libevent_free: release ptr-libevent@0x560b72c9d288 Aug 26 18:38:32.373680: | free_event_entry: release EVENT_RETRANSMIT-pe@0x560b72c9d218 Aug 26 18:38:32.373683: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x560b72c9d218 Aug 26 18:38:32.373688: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:38:32.373692: | libevent_malloc: new ptr-libevent@0x560b72c9cfb8 size 128 Aug 26 18:38:32.373705: | #1 spent 0.336 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 18:38:32.373711: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:32.373715: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 18:38:32.373718: | suspending state #1 and saving MD Aug 26 18:38:32.373721: | #1 is busy; has a suspended MD Aug 26 18:38:32.373726: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:38:32.373730: | "northnet-eastnet" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:38:32.373735: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:32.373739: | #1 spent 0.639 milliseconds in ikev2_process_packet() Aug 26 18:38:32.373744: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:38:32.373747: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:32.373750: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:32.373755: | spent 0.654 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:32.373768: | crypto helper 2 resuming Aug 26 18:38:32.373774: | crypto helper 2 starting work-order 2 for state #1 Aug 26 18:38:32.373778: | crypto helper 2 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 18:38:32.374603: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 18:38:32.374892: | crypto helper 2 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001113 seconds Aug 26 18:38:32.374899: | (#1) spent 1.1 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 18:38:32.374902: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Aug 26 18:38:32.374904: | scheduling resume sending helper answer for #1 Aug 26 18:38:32.374907: | libevent_malloc: new ptr-libevent@0x7f238c000f48 size 128 Aug 26 18:38:32.374914: | crypto helper 2 waiting (nothing to do) Aug 26 18:38:32.374923: | processing resume sending helper answer for #1 Aug 26 18:38:32.374935: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:38:32.374940: | crypto helper 2 replies to request ID 2 Aug 26 18:38:32.374943: | calling continuation function 0x560b71aceb50 Aug 26 18:38:32.374946: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 18:38:32.374954: | creating state object #2 at 0x560b72c9fe98 Aug 26 18:38:32.374957: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 18:38:32.374961: | pstats #2 ikev2.child started Aug 26 18:38:32.374965: | duplicating state object #1 "northnet-eastnet" as #2 for IPSEC SA Aug 26 18:38:32.374970: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:38:32.374977: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:38:32.374984: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 18:38:32.374989: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 18:38:32.374992: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:38:32.374996: | libevent_free: release ptr-libevent@0x560b72c9cfb8 Aug 26 18:38:32.374999: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x560b72c9d218 Aug 26 18:38:32.375002: | event_schedule: new EVENT_SA_REPLACE-pe@0x560b72c9d218 Aug 26 18:38:32.375006: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 18:38:32.375009: | libevent_malloc: new ptr-libevent@0x560b72c9cfb8 size 128 Aug 26 18:38:32.375013: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 18:38:32.375019: | **emit ISAKMP Message: Aug 26 18:38:32.375022: | initiator cookie: Aug 26 18:38:32.375024: | ad 6d 60 74 a3 e2 ed 1a Aug 26 18:38:32.375027: | responder cookie: Aug 26 18:38:32.375029: | 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:32.375032: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:32.375035: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:32.375038: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:38:32.375041: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:38:32.375044: | Message ID: 1 (0x1) Aug 26 18:38:32.375047: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:32.375050: | ***emit IKEv2 Encryption Payload: Aug 26 18:38:32.375053: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:32.375055: | flags: none (0x0) Aug 26 18:38:32.375059: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:38:32.375062: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:38:32.375065: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:38:32.375073: | IKEv2 CERT: send a certificate? Aug 26 18:38:32.375077: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 18:38:32.375079: | IDr payload will NOT be sent Aug 26 18:38:32.375097: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 18:38:32.375101: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:32.375103: | flags: none (0x0) Aug 26 18:38:32.375106: | ID type: ID_IPV4_ADDR (0x1) Aug 26 18:38:32.375109: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 18:38:32.375112: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:38:32.375115: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 18:38:32.375118: | my identity c0 01 03 21 Aug 26 18:38:32.375121: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 18:38:32.375129: | not sending INITIAL_CONTACT Aug 26 18:38:32.375133: | ****emit IKEv2 Authentication Payload: Aug 26 18:38:32.375136: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:32.375138: | flags: none (0x0) Aug 26 18:38:32.375141: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:38:32.375144: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 18:38:32.375147: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 18:38:32.375151: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Aug 26 18:38:32.375156: | started looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 18:38:32.375163: | actually looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 18:38:32.375168: | line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK Aug 26 18:38:32.375172: | 1: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 18:38:32.375175: | 2: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 18:38:32.375177: | line 1: match=002 Aug 26 18:38:32.375180: | match 002 beats previous best_match 000 match=0x560b72bf3c48 (line=1) Aug 26 18:38:32.375183: | concluding with best_match=002 best=0x560b72bf3c48 (lineno=1) Aug 26 18:38:32.375244: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 18:38:32.375248: | PSK auth 37 8f 9a b4 ea 49 db 14 a6 e9 6e ce 64 59 68 25 Aug 26 18:38:32.375250: | PSK auth 74 e9 b7 33 37 97 d9 1f 74 f7 96 d0 8c 91 fb dd Aug 26 18:38:32.375253: | PSK auth 75 63 c8 cb 24 36 18 81 12 04 5a c6 d8 bb 1f 05 Aug 26 18:38:32.375255: | PSK auth 70 b1 35 ed c2 a0 e0 97 f8 58 69 51 3b 31 22 68 Aug 26 18:38:32.375258: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 18:38:32.375261: | getting first pending from state #1 Aug 26 18:38:32.375286: | netlink_get_spi: allocated 0x173b1f61 for esp.0@192.1.3.33 Aug 26 18:38:32.375329: | constructing ESP/AH proposals with all DH removed for northnet-eastnet (IKE SA initiator emitting ESP/AH proposals) Aug 26 18:38:32.375335: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:38:32.375340: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:38:32.375345: "northnet-eastnet": constructed local ESP/AH proposals for northnet-eastnet (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:38:32.375357: | Emitting ikev2_proposals ... Aug 26 18:38:32.375360: | ****emit IKEv2 Security Association Payload: Aug 26 18:38:32.375363: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:32.375365: | flags: none (0x0) Aug 26 18:38:32.375369: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:38:32.375372: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:38:32.375375: | discarding DH=NONE Aug 26 18:38:32.375377: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:32.375380: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:32.375383: | prop #: 1 (0x1) Aug 26 18:38:32.375385: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:38:32.375388: | spi size: 4 (0x4) Aug 26 18:38:32.375390: | # transforms: 3 (0x3) Aug 26 18:38:32.375393: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:32.375396: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:38:32.375399: | our spi 17 3b 1f 61 Aug 26 18:38:32.375402: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.375404: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.375407: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:32.375410: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:32.375413: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.375416: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:32.375418: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:32.375421: | length/value: 256 (0x100) Aug 26 18:38:32.375424: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:32.375427: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.375429: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.375432: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:32.375434: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:32.375439: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.375443: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.375445: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.375448: | discarding DH=NONE Aug 26 18:38:32.375450: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:38:32.375453: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:32.375455: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:38:32.375458: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:38:32.375461: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.375464: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:32.375467: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:32.375469: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:38:32.375472: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:32.375475: | emitting length of IKEv2 Security Association Payload: 44 Aug 26 18:38:32.375478: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:38:32.375481: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:38:32.375484: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:32.375487: | flags: none (0x0) Aug 26 18:38:32.375489: | number of TS: 1 (0x1) Aug 26 18:38:32.375492: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:38:32.375495: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:38:32.375498: | *****emit IKEv2 Traffic Selector: Aug 26 18:38:32.375501: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:38:32.375504: | IP Protocol ID: 0 (0x0) Aug 26 18:38:32.375506: | start port: 0 (0x0) Aug 26 18:38:32.375509: | end port: 65535 (0xffff) Aug 26 18:38:32.375512: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:38:32.375515: | ipv4 start c0 00 03 00 Aug 26 18:38:32.375518: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:38:32.375520: | ipv4 end c0 00 03 ff Aug 26 18:38:32.375523: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:38:32.375525: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:38:32.375528: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:38:32.375531: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:32.375533: | flags: none (0x0) Aug 26 18:38:32.375536: | number of TS: 1 (0x1) Aug 26 18:38:32.375539: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:38:32.375542: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:38:32.375544: | *****emit IKEv2 Traffic Selector: Aug 26 18:38:32.375547: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:38:32.375550: | IP Protocol ID: 0 (0x0) Aug 26 18:38:32.375552: | start port: 0 (0x0) Aug 26 18:38:32.375554: | end port: 65535 (0xffff) Aug 26 18:38:32.375557: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:38:32.375560: | ipv4 start c0 00 02 00 Aug 26 18:38:32.375562: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:38:32.375566: | ipv4 end c0 00 02 ff Aug 26 18:38:32.375568: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:38:32.375571: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:38:32.375574: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 18:38:32.375577: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:38:32.375579: | Adding a v2N Payload Aug 26 18:38:32.375582: | ****emit IKEv2 Notify Payload: Aug 26 18:38:32.375585: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:32.375587: | flags: none (0x0) Aug 26 18:38:32.375590: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:32.375592: | SPI size: 0 (0x0) Aug 26 18:38:32.375595: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 18:38:32.375599: | next payload chain: setting previous 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:32.375602: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:32.375604: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:38:32.375607: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:38:32.375611: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:38:32.375614: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:38:32.375616: | emitting length of IKEv2 Encryption Payload: 213 Aug 26 18:38:32.375619: | emitting length of ISAKMP Message: 241 Aug 26 18:38:32.375633: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:32.375638: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:32.375642: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 18:38:32.375645: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 18:38:32.375649: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 18:38:32.375652: | Message ID: updating counters for #2 to 0 after switching state Aug 26 18:38:32.375657: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 18:38:32.375662: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 18:38:32.375667: "northnet-eastnet" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 18:38:32.375677: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:38:32.375684: | sending 241 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:38:32.375687: | ad 6d 60 74 a3 e2 ed 1a 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:32.375690: | 2e 20 23 08 00 00 00 01 00 00 00 f1 23 00 00 d5 Aug 26 18:38:32.375692: | 83 30 b2 6d 6a 62 ed 59 1e c2 e2 17 bb 4c 23 e4 Aug 26 18:38:32.375694: | 25 04 bb 0e d3 4e 9b 46 d1 b2 69 16 bb eb 0d c1 Aug 26 18:38:32.375697: | 07 e2 ef 75 76 03 7d ca c0 4e 03 3c 01 b2 12 69 Aug 26 18:38:32.375699: | 24 63 3b 37 f0 5c b2 10 38 86 e6 b3 d9 9d 9f 88 Aug 26 18:38:32.375702: | 4a e3 7b b2 d0 f2 15 23 66 23 00 aa a8 50 05 4c Aug 26 18:38:32.375704: | aa a8 1e 45 13 3e 8f 63 ee 47 2b c2 ca 9e ca 49 Aug 26 18:38:32.375707: | f3 56 ff 82 19 d9 79 0f 7d 02 97 1e 22 16 0e e0 Aug 26 18:38:32.375709: | d0 b3 40 a9 fa bc 6d 40 c0 60 27 64 5c 61 3d 47 Aug 26 18:38:32.375711: | 1d f1 77 7d f7 6d f6 d3 ff 91 ba 71 1f a0 51 07 Aug 26 18:38:32.375714: | ae 1a 98 00 f7 6a 2e 14 a6 ab 1c 7b 62 39 14 c3 Aug 26 18:38:32.375716: | 7d 3b 5f ef b4 c6 2b 6c 8e aa fc 11 bf 26 08 33 Aug 26 18:38:32.375720: | ed 0c 87 e8 bc 09 29 90 ee 60 70 46 42 3a 73 67 Aug 26 18:38:32.375723: | e1 b5 93 9f 10 49 57 7f 89 f9 e3 94 be 6b cf e8 Aug 26 18:38:32.375725: | 93 Aug 26 18:38:32.375747: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:38:32.375751: "northnet-eastnet" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:38:32.375758: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f2394002b78 Aug 26 18:38:32.375761: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Aug 26 18:38:32.375765: | libevent_malloc: new ptr-libevent@0x560b72ca0b68 size 128 Aug 26 18:38:32.375770: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29998.118224 Aug 26 18:38:32.375774: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:38:32.375780: | #1 spent 0.804 milliseconds in resume sending helper answer Aug 26 18:38:32.375785: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:38:32.375788: | libevent_free: release ptr-libevent@0x7f238c000f48 Aug 26 18:38:32.421349: | spent 0.00269 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:32.421373: | *received 241 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:38:32.421377: | ad 6d 60 74 a3 e2 ed 1a 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:32.421380: | 2e 20 23 20 00 00 00 01 00 00 00 f1 29 00 00 d5 Aug 26 18:38:32.421383: | 6d a3 5d 42 8f 58 84 d5 bc 1b 7f d8 fb 12 3c d8 Aug 26 18:38:32.421385: | d6 8c df 41 f0 04 1f a0 02 31 01 92 7d 97 98 9d Aug 26 18:38:32.421388: | fe 7c 2b b3 65 77 53 50 a9 e4 24 b8 8a 81 df 62 Aug 26 18:38:32.421390: | d5 71 7d 7d 76 25 cc f4 25 f4 dc c4 a8 fd 04 4f Aug 26 18:38:32.421393: | 1d fa 92 24 9a f3 15 38 21 9e 99 9e b0 11 f7 1a Aug 26 18:38:32.421395: | 78 05 14 58 df 48 45 2a 82 e2 1f 0f 4f a3 15 16 Aug 26 18:38:32.421398: | 36 84 bb 86 65 68 c7 d2 8f ac b5 ce 74 cf c8 73 Aug 26 18:38:32.421400: | db e2 2e 34 c0 c0 69 f1 11 1b 3c 80 43 1f 73 60 Aug 26 18:38:32.421403: | b2 21 da 76 2c b0 fb 1a e6 90 14 23 6e 32 88 c1 Aug 26 18:38:32.421405: | ba b8 61 80 7e 62 27 04 7c e3 42 00 83 64 f3 dc Aug 26 18:38:32.421407: | 80 2f c2 9d b8 72 21 cd 24 ec d9 f2 e5 d9 24 e5 Aug 26 18:38:32.421410: | b1 da 6b 24 79 92 10 50 49 50 7c 64 3a 01 3c 6b Aug 26 18:38:32.421413: | bf cd d3 7b aa 1d 42 13 69 70 87 03 d5 d8 82 86 Aug 26 18:38:32.421415: | 8c Aug 26 18:38:32.421420: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:38:32.421425: | **parse ISAKMP Message: Aug 26 18:38:32.421428: | initiator cookie: Aug 26 18:38:32.421430: | ad 6d 60 74 a3 e2 ed 1a Aug 26 18:38:32.421433: | responder cookie: Aug 26 18:38:32.421435: | 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:32.421438: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:38:32.421441: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:32.421444: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:38:32.421447: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:38:32.421449: | Message ID: 1 (0x1) Aug 26 18:38:32.421452: | length: 241 (0xf1) Aug 26 18:38:32.421455: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:38:32.421459: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:38:32.421463: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:38:32.421470: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:32.421474: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:38:32.421478: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:38:32.421485: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:38:32.421488: | #2 is idle Aug 26 18:38:32.421491: | #2 idle Aug 26 18:38:32.421493: | unpacking clear payload Aug 26 18:38:32.421496: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:38:32.421499: | ***parse IKEv2 Encryption Payload: Aug 26 18:38:32.421502: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:32.421505: | flags: none (0x0) Aug 26 18:38:32.421507: | length: 213 (0xd5) Aug 26 18:38:32.421510: | processing payload: ISAKMP_NEXT_v2SK (len=209) Aug 26 18:38:32.421513: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:38:32.421529: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 18:38:32.421532: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:32.421536: | **parse IKEv2 Notify Payload: Aug 26 18:38:32.421538: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:38:32.421541: | flags: none (0x0) Aug 26 18:38:32.421543: | length: 8 (0x8) Aug 26 18:38:32.421546: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:32.421549: | SPI size: 0 (0x0) Aug 26 18:38:32.421552: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 18:38:32.421554: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:38:32.421557: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 18:38:32.421560: | **parse IKEv2 Identification - Responder - Payload: Aug 26 18:38:32.421563: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:38:32.421565: | flags: none (0x0) Aug 26 18:38:32.421568: | length: 12 (0xc) Aug 26 18:38:32.421570: | ID type: ID_IPV4_ADDR (0x1) Aug 26 18:38:32.421573: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 18:38:32.421576: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 18:38:32.421578: | **parse IKEv2 Authentication Payload: Aug 26 18:38:32.421581: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:38:32.421583: | flags: none (0x0) Aug 26 18:38:32.421586: | length: 72 (0x48) Aug 26 18:38:32.421589: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:38:32.421591: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 18:38:32.421594: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:38:32.421597: | **parse IKEv2 Security Association Payload: Aug 26 18:38:32.421600: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:38:32.421602: | flags: none (0x0) Aug 26 18:38:32.421605: | length: 44 (0x2c) Aug 26 18:38:32.421607: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 18:38:32.421610: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:38:32.421612: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:38:32.421615: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:38:32.421618: | flags: none (0x0) Aug 26 18:38:32.421620: | length: 24 (0x18) Aug 26 18:38:32.421623: | number of TS: 1 (0x1) Aug 26 18:38:32.421625: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:38:32.421628: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:38:32.421631: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:38:32.421633: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:32.421636: | flags: none (0x0) Aug 26 18:38:32.421638: | length: 24 (0x18) Aug 26 18:38:32.421641: | number of TS: 1 (0x1) Aug 26 18:38:32.421643: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:38:32.421646: | selected state microcode Initiator: process IKE_AUTH response Aug 26 18:38:32.421649: | Now let's proceed with state specific processing Aug 26 18:38:32.421652: | calling processor Initiator: process IKE_AUTH response Aug 26 18:38:32.421656: | received v2N_MOBIKE_SUPPORTED and sent Aug 26 18:38:32.421660: | parsing 4 raw bytes of IKEv2 Identification - Responder - Payload into peer ID Aug 26 18:38:32.421663: | peer ID c0 01 02 17 Aug 26 18:38:32.421667: | offered CA: '%none' Aug 26 18:38:32.421672: "northnet-eastnet" #2: IKEv2 mode peer ID is ID_IPV4_ADDR: '192.1.2.23' Aug 26 18:38:32.421715: | verifying AUTH payload Aug 26 18:38:32.421721: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Aug 26 18:38:32.421726: | started looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 18:38:32.421730: | actually looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 18:38:32.421734: | line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK Aug 26 18:38:32.421738: | 1: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 18:38:32.421741: | 2: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 18:38:32.421744: | line 1: match=002 Aug 26 18:38:32.421747: | match 002 beats previous best_match 000 match=0x560b72bf3c48 (line=1) Aug 26 18:38:32.421750: | concluding with best_match=002 best=0x560b72bf3c48 (lineno=1) Aug 26 18:38:32.421813: "northnet-eastnet" #2: Authenticated using authby=secret Aug 26 18:38:32.421822: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 18:38:32.421828: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 18:38:32.421831: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:38:32.421835: | libevent_free: release ptr-libevent@0x560b72c9cfb8 Aug 26 18:38:32.421838: | free_event_entry: release EVENT_SA_REPLACE-pe@0x560b72c9d218 Aug 26 18:38:32.421841: | event_schedule: new EVENT_SA_REKEY-pe@0x560b72c9d218 Aug 26 18:38:32.421845: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 18:38:32.421848: | libevent_malloc: new ptr-libevent@0x7f238c000f48 size 128 Aug 26 18:38:32.422823: | pstats #1 ikev2.ike established Aug 26 18:38:32.422838: | TSi: parsing 1 traffic selectors Aug 26 18:38:32.422843: | ***parse IKEv2 Traffic Selector: Aug 26 18:38:32.422846: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:38:32.422849: | IP Protocol ID: 0 (0x0) Aug 26 18:38:32.422851: | length: 16 (0x10) Aug 26 18:38:32.422854: | start port: 0 (0x0) Aug 26 18:38:32.422856: | end port: 65535 (0xffff) Aug 26 18:38:32.422860: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:38:32.422862: | TS low c0 00 03 00 Aug 26 18:38:32.422865: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:38:32.422868: | TS high c0 00 03 ff Aug 26 18:38:32.422870: | TSi: parsed 1 traffic selectors Aug 26 18:38:32.422873: | TSr: parsing 1 traffic selectors Aug 26 18:38:32.422876: | ***parse IKEv2 Traffic Selector: Aug 26 18:38:32.422878: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:38:32.422881: | IP Protocol ID: 0 (0x0) Aug 26 18:38:32.422883: | length: 16 (0x10) Aug 26 18:38:32.422886: | start port: 0 (0x0) Aug 26 18:38:32.422888: | end port: 65535 (0xffff) Aug 26 18:38:32.422891: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:38:32.422893: | TS low c0 00 02 00 Aug 26 18:38:32.422896: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:38:32.422898: | TS high c0 00 02 ff Aug 26 18:38:32.422901: | TSr: parsed 1 traffic selectors Aug 26 18:38:32.422908: | evaluating our conn="northnet-eastnet" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:38:32.422913: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:38:32.422920: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:38:32.422924: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:38:32.422926: | TSi[0] port match: YES fitness 65536 Aug 26 18:38:32.422929: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:38:32.422933: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:38:32.422937: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:38:32.422943: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 18:38:32.422946: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:38:32.422952: | TSr[0] port match: YES fitness 65536 Aug 26 18:38:32.422955: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:38:32.422958: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:38:32.422961: | best fit so far: TSi[0] TSr[0] Aug 26 18:38:32.422963: | found an acceptable TSi/TSr Traffic Selector Aug 26 18:38:32.422966: | printing contents struct traffic_selector Aug 26 18:38:32.422968: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:38:32.422971: | ipprotoid: 0 Aug 26 18:38:32.422973: | port range: 0-65535 Aug 26 18:38:32.422978: | ip range: 192.0.3.0-192.0.3.255 Aug 26 18:38:32.422980: | printing contents struct traffic_selector Aug 26 18:38:32.422982: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:38:32.422985: | ipprotoid: 0 Aug 26 18:38:32.422987: | port range: 0-65535 Aug 26 18:38:32.422991: | ip range: 192.0.2.0-192.0.2.255 Aug 26 18:38:32.423001: | using existing local ESP/AH proposals for northnet-eastnet (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:38:32.423005: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals Aug 26 18:38:32.423009: | local proposal 1 type ENCR has 1 transforms Aug 26 18:38:32.423012: | local proposal 1 type PRF has 0 transforms Aug 26 18:38:32.423015: | local proposal 1 type INTEG has 1 transforms Aug 26 18:38:32.423017: | local proposal 1 type DH has 1 transforms Aug 26 18:38:32.423020: | local proposal 1 type ESN has 1 transforms Aug 26 18:38:32.423024: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:38:32.423027: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:38:32.423030: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:32.423032: | length: 40 (0x28) Aug 26 18:38:32.423035: | prop #: 1 (0x1) Aug 26 18:38:32.423038: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:38:32.423040: | spi size: 4 (0x4) Aug 26 18:38:32.423043: | # transforms: 3 (0x3) Aug 26 18:38:32.423046: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:38:32.423049: | remote SPI 9f 33 cf 1b Aug 26 18:38:32.423052: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Aug 26 18:38:32.423055: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:32.423058: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.423060: | length: 12 (0xc) Aug 26 18:38:32.423063: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:32.423066: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:32.423069: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:38:32.423072: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:32.423074: | length/value: 256 (0x100) Aug 26 18:38:32.423079: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:38:32.423082: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:32.423084: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:32.423087: | length: 8 (0x8) Aug 26 18:38:32.423089: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:32.423092: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:32.423096: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Aug 26 18:38:32.423099: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:32.423101: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:32.423104: | length: 8 (0x8) Aug 26 18:38:32.423107: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:38:32.423109: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:38:32.423113: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:38:32.423117: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Aug 26 18:38:32.423123: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Aug 26 18:38:32.423126: | remote proposal 1 matches local proposal 1 Aug 26 18:38:32.423129: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] Aug 26 18:38:32.423135: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=9f33cf1b;ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 18:38:32.423137: | converting proposal to internal trans attrs Aug 26 18:38:32.423143: | ignored received NOTIFY (16396): v2N_MOBIKE_SUPPORTED Aug 26 18:38:32.423147: | integ=sha2_256: .key_size=32 encrypt=aes: .key_size=32 .salt_size=0 keymat_len=64 Aug 26 18:38:32.423329: | #1 spent 1.49 milliseconds Aug 26 18:38:32.423336: | install_ipsec_sa() for #2: inbound and outbound Aug 26 18:38:32.423339: | could_route called for northnet-eastnet (kind=CK_PERMANENT) Aug 26 18:38:32.423342: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:38:32.423346: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 18:38:32.423349: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 18:38:32.423353: | route owner of "northnet-eastnet" unrouted: NULL; eroute owner: NULL Aug 26 18:38:32.423357: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Aug 26 18:38:32.423360: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Aug 26 18:38:32.423363: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Aug 26 18:38:32.423368: | setting IPsec SA replay-window to 32 Aug 26 18:38:32.423371: | NIC esp-hw-offload not for connection 'northnet-eastnet' not available on interface eth1 Aug 26 18:38:32.423375: | netlink: enabling tunnel mode Aug 26 18:38:32.423378: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:38:32.423381: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:38:32.423455: | netlink response for Add SA esp.9f33cf1b@192.1.2.23 included non-error error Aug 26 18:38:32.423459: | set up outgoing SA, ref=0/0 Aug 26 18:38:32.423463: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Aug 26 18:38:32.423466: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Aug 26 18:38:32.423469: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Aug 26 18:38:32.423473: | setting IPsec SA replay-window to 32 Aug 26 18:38:32.423476: | NIC esp-hw-offload not for connection 'northnet-eastnet' not available on interface eth1 Aug 26 18:38:32.423478: | netlink: enabling tunnel mode Aug 26 18:38:32.423481: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:38:32.423484: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:38:32.423517: | netlink response for Add SA esp.173b1f61@192.1.3.33 included non-error error Aug 26 18:38:32.423521: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:32.423529: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 18:38:32.423532: | IPsec Sa SPD priority set to 1042407 Aug 26 18:38:32.423552: | raw_eroute result=success Aug 26 18:38:32.423555: | set up incoming SA, ref=0/0 Aug 26 18:38:32.423558: | sr for #2: unrouted Aug 26 18:38:32.423561: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:38:32.423563: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:38:32.423566: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 18:38:32.423569: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 18:38:32.423573: | route owner of "northnet-eastnet" unrouted: NULL; eroute owner: NULL Aug 26 18:38:32.423577: | route_and_eroute with c: northnet-eastnet (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 18:38:32.423580: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:32.423588: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 18:38:32.423593: | IPsec Sa SPD priority set to 1042407 Aug 26 18:38:32.423603: | raw_eroute result=success Aug 26 18:38:32.423607: | running updown command "ipsec _updown" for verb up Aug 26 18:38:32.423610: | command executing up-client Aug 26 18:38:32.423638: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Aug 26 18:38:32.423641: | popen cmd is 1052 chars long Aug 26 18:38:32.423645: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' P: Aug 26 18:38:32.423648: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY: Aug 26 18:38:32.423651: | cmd( 160):_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' : Aug 26 18:38:32.423653: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Aug 26 18:38:32.423656: | cmd( 320):TO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='1: Aug 26 18:38:32.423659: | cmd( 400):92.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Aug 26 18:38:32.423662: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 18:38:32.423664: | cmd( 560): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+: Aug 26 18:38:32.423667: | cmd( 640):ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUT: Aug 26 18:38:32.423670: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Aug 26 18:38:32.423672: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Aug 26 18:38:32.423675: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Aug 26 18:38:32.423678: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9f33cf1b SPI_OUT=0x173b1f61 ipsec : Aug 26 18:38:32.423681: | cmd(1040):_updown 2>&1: Aug 26 18:38:32.434912: | route_and_eroute: firewall_notified: true Aug 26 18:38:32.434939: | running updown command "ipsec _updown" for verb prepare Aug 26 18:38:32.434943: | command executing prepare-client Aug 26 18:38:32.434979: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Aug 26 18:38:32.434989: | popen cmd is 1057 chars long Aug 26 18:38:32.434993: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:38:32.434996: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLU: Aug 26 18:38:32.434999: | cmd( 160):TO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 18:38:32.435002: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Aug 26 18:38:32.435005: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Aug 26 18:38:32.435007: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Aug 26 18:38:32.435010: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 18:38:32.435013: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=: Aug 26 18:38:32.435016: | cmd( 640):'PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO': Aug 26 18:38:32.435019: | cmd( 720): PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUT: Aug 26 18:38:32.435022: | cmd( 800):O_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_: Aug 26 18:38:32.435024: | cmd( 880):BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_: Aug 26 18:38:32.435027: | cmd( 960):IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9f33cf1b SPI_OUT=0x173b1f61 i: Aug 26 18:38:32.435030: | cmd(1040):psec _updown 2>&1: Aug 26 18:38:32.451080: | running updown command "ipsec _updown" for verb route Aug 26 18:38:32.451102: | command executing route-client Aug 26 18:38:32.451140: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARE Aug 26 18:38:32.451146: | popen cmd is 1055 chars long Aug 26 18:38:32.451150: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 18:38:32.451152: | cmd( 80):' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO: Aug 26 18:38:32.451155: | cmd( 160):_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Aug 26 18:38:32.451158: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Aug 26 18:38:32.451161: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Aug 26 18:38:32.451164: | cmd( 400):='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Aug 26 18:38:32.451167: | cmd( 480): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Aug 26 18:38:32.451169: | cmd( 560):'0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='P: Aug 26 18:38:32.451172: | cmd( 640):SK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' P: Aug 26 18:38:32.451178: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Aug 26 18:38:32.451181: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Aug 26 18:38:32.451184: | cmd( 880):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Aug 26 18:38:32.451187: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9f33cf1b SPI_OUT=0x173b1f61 ips: Aug 26 18:38:32.451190: | cmd(1040):ec _updown 2>&1: Aug 26 18:38:32.476214: | route_and_eroute: instance "northnet-eastnet", setting eroute_owner {spd=0x560b72c990a8,sr=0x560b72c990a8} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 18:38:32.477007: | #1 spent 1.95 milliseconds in install_ipsec_sa() Aug 26 18:38:32.477022: | inR2: instance northnet-eastnet[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 18:38:32.477026: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:38:32.477031: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 18:38:32.477042: | libevent_free: release ptr-libevent@0x560b72ca0b68 Aug 26 18:38:32.477050: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f2394002b78 Aug 26 18:38:32.477057: | #2 spent 3.2 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 18:38:32.477066: | [RE]START processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:32.477070: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 18:38:32.477074: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 18:38:32.477079: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 18:38:32.477082: | Message ID: updating counters for #2 to 1 after switching state Aug 26 18:38:32.477088: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 18:38:32.477093: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:38:32.477097: | pstats #2 ikev2.child established Aug 26 18:38:32.477107: "northnet-eastnet" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 18:38:32.479684: | NAT-T: encaps is 'auto' Aug 26 18:38:32.479703: "northnet-eastnet" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x9f33cf1b <0x173b1f61 xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=none NATD=none DPD=passive} Aug 26 18:38:32.479742: | releasing whack for #2 (sock=fd@27) Aug 26 18:38:32.479749: | close_any(fd@27) (in release_whack() at state.c:654) Aug 26 18:38:32.479753: | releasing whack and unpending for parent #1 Aug 26 18:38:32.479757: | unpending state #1 connection "northnet-eastnet" Aug 26 18:38:32.479765: | delete from pending Child SA with 192.1.2.23 "northnet-eastnet" Aug 26 18:38:32.479768: | removing pending policy for no connection {0x560b72c8b8f8} Aug 26 18:38:32.479865: | close_any(fd@26) (in release_whack() at state.c:654) Aug 26 18:38:32.479874: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 18:38:32.479878: | event_schedule: new EVENT_SA_REKEY-pe@0x7f2394002b78 Aug 26 18:38:32.479882: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 18:38:32.479887: | libevent_malloc: new ptr-libevent@0x560b72c9faf8 size 128 Aug 26 18:38:32.479895: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:32.479905: | #1 spent 3.68 milliseconds in ikev2_process_packet() Aug 26 18:38:32.479913: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:38:32.479919: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:32.479922: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:32.479930: | spent 3.71 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:32.479948: | processing signal PLUTO_SIGCHLD Aug 26 18:38:32.479954: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:32.479959: | spent 0.00557 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:32.479961: | processing signal PLUTO_SIGCHLD Aug 26 18:38:32.479965: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:32.479969: | spent 0.00371 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:32.479972: | processing signal PLUTO_SIGCHLD Aug 26 18:38:32.479975: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:32.479979: | spent 0.00361 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:33.677154: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:33.677178: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:38:33.677182: | FOR_EACH_STATE_... in sort_states Aug 26 18:38:33.677190: | get_sa_info esp.173b1f61@192.1.3.33 Aug 26 18:38:33.677205: | get_sa_info esp.9f33cf1b@192.1.2.23 Aug 26 18:38:33.677223: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:33.677231: | spent 0.0846 milliseconds in whack Aug 26 18:38:39.014151: | kernel_process_msg_cb process netlink message Aug 26 18:38:39.014839: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:38:39.014884: | spent 0.679 milliseconds in kernel message Aug 26 18:38:39.074897: | kernel_process_msg_cb process netlink message Aug 26 18:38:39.074944: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:38:39.074961: | spent 0.0209 milliseconds in kernel message Aug 26 18:38:39.130489: | kernel_process_msg_cb process netlink message Aug 26 18:38:39.130525: | netlink_get: XFRM_MSG_GETPOLICY message Aug 26 18:38:39.130531: | xfrm netlink address change RTM_DELADDR msg len 80 Aug 26 18:38:39.130539: | XFRM RTM_DELADDR 192.1.3.33 IFA_LOCAL Aug 26 18:38:39.130544: | FOR_EACH_STATE_... in record_deladdr (for_each_state) Aug 26 18:38:39.130554: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:38:39.130561: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:38:39.130568: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:38:39.130573: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:38:39.130579: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 18:38:39.130583: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 18:38:39.130589: | route owner of "northnet-eastnet" unrouted: NULL Aug 26 18:38:39.130593: | running updown command "ipsec _updown" for verb down Aug 26 18:38:39.130598: | command executing down-client Aug 26 18:38:39.130639: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844712' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VT Aug 26 18:38:39.130650: | popen cmd is 1063 chars long Aug 26 18:38:39.130655: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet': Aug 26 18:38:39.130665: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_: Aug 26 18:38:39.130669: | cmd( 160):MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0: Aug 26 18:38:39.130673: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Aug 26 18:38:39.130677: | cmd( 320):LUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Aug 26 18:38:39.130681: | cmd( 400):'192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' : Aug 26 18:38:39.130685: | cmd( 480):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 18:38:39.130689: | cmd( 560):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844712' PLUTO_CONN_P: Aug 26 18:38:39.130693: | cmd( 640):OLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+E: Aug 26 18:38:39.130697: | cmd( 720):SN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=: Aug 26 18:38:39.130701: | cmd( 800):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO: Aug 26 18:38:39.130704: | cmd( 880):_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0: Aug 26 18:38:39.130708: | cmd( 960):' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9f33cf1b SPI_OUT=0x173b: Aug 26 18:38:39.130712: | cmd(1040):1f61 ipsec _updown 2>&1: Aug 26 18:38:39.147513: | running updown command "ipsec _updown" for verb unroute Aug 26 18:38:39.147539: | command executing unroute-client Aug 26 18:38:39.147580: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844712' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING=' Aug 26 18:38:39.147586: | popen cmd is 1066 chars long Aug 26 18:38:39.147591: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:38:39.147594: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLU: Aug 26 18:38:39.147597: | cmd( 160):TO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 18:38:39.147600: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Aug 26 18:38:39.147604: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Aug 26 18:38:39.147607: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Aug 26 18:38:39.147610: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 18:38:39.147613: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844712' PLUTO_CON: Aug 26 18:38:39.147616: | cmd( 640):N_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIK: Aug 26 18:38:39.147619: | cmd( 720):E+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAIL: Aug 26 18:38:39.147622: | cmd( 800):ED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PL: Aug 26 18:38:39.147630: | cmd( 880):UTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED: Aug 26 18:38:39.147633: | cmd( 960):='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9f33cf1b SPI_OUT=0x1: Aug 26 18:38:39.147636: | cmd(1040):73b1f61 ipsec _updown 2>&1: Aug 26 18:38:39.162345: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:39.162373: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:39.162377: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:39.162381: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:39.162443: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:39.162454: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:39.162459: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:39.162463: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:39.162524: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:39.162535: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:39.162539: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:39.162543: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:39.162563: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:39.162584: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:39.169334: | event_schedule: new EVENT_v2_ADDR_CHANGE-pe@0x560b72c9d388 Aug 26 18:38:39.169355: | inserting event EVENT_v2_ADDR_CHANGE, timeout in 0 seconds for #1 Aug 26 18:38:39.169362: | libevent_malloc: new ptr-libevent@0x560b72c9cf08 size 128 Aug 26 18:38:39.169381: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:38:39.169387: | IKEv2 received address RTM_DELADDR type 3 Aug 26 18:38:39.169390: | IKEv2 received address RTM_DELADDR type 8 Aug 26 18:38:39.169392: | IKEv2 received address RTM_DELADDR type 6 Aug 26 18:38:39.169401: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:38:39.169405: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:38:39.169409: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:38:39.169412: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:38:39.169422: | spent 1.91 milliseconds in kernel message Aug 26 18:38:39.169440: | timer_event_cb: processing event@0x560b72c9d388 Aug 26 18:38:39.169443: | handling event EVENT_v2_ADDR_CHANGE for parent state #1 Aug 26 18:38:39.169448: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:38:39.169453: | #1 IKEv2 local address change Aug 26 18:38:39.169995: | #1 MOBIKE new source address 192.1.8.22 remote 192.1.2.23 and gateway 192.1.8.254 Aug 26 18:38:39.170002: | Opening output PBS mobike informational request Aug 26 18:38:39.170006: | **emit ISAKMP Message: Aug 26 18:38:39.170011: | initiator cookie: Aug 26 18:38:39.170014: | ad 6d 60 74 a3 e2 ed 1a Aug 26 18:38:39.170016: | responder cookie: Aug 26 18:38:39.170019: | 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:39.170022: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:39.170024: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:39.170027: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:39.170032: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:38:39.170035: | Message ID: 2 (0x2) Aug 26 18:38:39.170038: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:39.170042: | ***emit IKEv2 Encryption Payload: Aug 26 18:38:39.170045: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:39.170051: | flags: none (0x0) Aug 26 18:38:39.170054: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:38:39.170058: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'mobike informational request' Aug 26 18:38:39.170061: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:38:39.170079: | Adding a v2N Payload Aug 26 18:38:39.170082: | ****emit IKEv2 Notify Payload: Aug 26 18:38:39.170085: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:39.170087: | flags: none (0x0) Aug 26 18:38:39.170090: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:39.170093: | SPI size: 0 (0x0) Aug 26 18:38:39.170096: | Notify Message Type: v2N_UPDATE_SA_ADDRESSES (0x4010) Aug 26 18:38:39.170099: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:39.170102: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 18:38:39.170105: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:38:39.170108: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:38:39.170131: | natd_hash: hasher=0x560b71ba3800(20) Aug 26 18:38:39.170134: | natd_hash: icookie= ad 6d 60 74 a3 e2 ed 1a Aug 26 18:38:39.170137: | natd_hash: rcookie= 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:39.170139: | natd_hash: ip= c0 01 08 16 Aug 26 18:38:39.170142: | natd_hash: port=500 Aug 26 18:38:39.170144: | natd_hash: hash= f3 fa b6 43 bc e2 e5 03 37 60 30 20 9b 69 8f 01 Aug 26 18:38:39.170147: | natd_hash: hash= 78 b3 36 16 Aug 26 18:38:39.170149: | Adding a v2N Payload Aug 26 18:38:39.170152: | ****emit IKEv2 Notify Payload: Aug 26 18:38:39.170154: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:39.170157: | flags: none (0x0) Aug 26 18:38:39.170159: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:39.170162: | SPI size: 0 (0x0) Aug 26 18:38:39.170165: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:39.170168: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:39.170171: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 18:38:39.170174: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:39.170177: | Notify data f3 fa b6 43 bc e2 e5 03 37 60 30 20 9b 69 8f 01 Aug 26 18:38:39.170180: | Notify data 78 b3 36 16 Aug 26 18:38:39.170182: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:39.170188: | natd_hash: hasher=0x560b71ba3800(20) Aug 26 18:38:39.170191: | natd_hash: icookie= ad 6d 60 74 a3 e2 ed 1a Aug 26 18:38:39.170193: | natd_hash: rcookie= 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:39.170196: | natd_hash: ip= c0 01 02 17 Aug 26 18:38:39.170198: | natd_hash: port=500 Aug 26 18:38:39.170201: | natd_hash: hash= 97 f6 0e 0b fe 2e 88 10 c2 f8 17 1e 13 48 c2 cd Aug 26 18:38:39.170203: | natd_hash: hash= 64 66 d9 a3 Aug 26 18:38:39.170205: | Adding a v2N Payload Aug 26 18:38:39.170208: | ****emit IKEv2 Notify Payload: Aug 26 18:38:39.170210: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:39.170213: | flags: none (0x0) Aug 26 18:38:39.170215: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:39.170218: | SPI size: 0 (0x0) Aug 26 18:38:39.170220: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:39.170223: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:39.170226: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 18:38:39.170229: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:39.170234: | Notify data 97 f6 0e 0b fe 2e 88 10 c2 f8 17 1e 13 48 c2 cd Aug 26 18:38:39.170236: | Notify data 64 66 d9 a3 Aug 26 18:38:39.170239: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:39.170242: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:38:39.170245: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:38:39.170248: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:38:39.170251: | emitting length of IKEv2 Encryption Payload: 93 Aug 26 18:38:39.170254: | emitting length of ISAKMP Message: 121 Aug 26 18:38:39.170277: | sending 121 bytes for mobike informational request through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Aug 26 18:38:39.170280: | ad 6d 60 74 a3 e2 ed 1a 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:39.170283: | 2e 20 25 08 00 00 00 02 00 00 00 79 29 00 00 5d Aug 26 18:38:39.170285: | 8e 50 c3 77 62 00 ae 13 99 b5 c8 76 37 4b 2d 66 Aug 26 18:38:39.170303: | 56 8d 0a f5 38 0b 9a 08 0f 59 8c 54 27 81 08 5d Aug 26 18:38:39.170310: | a3 9a 00 19 8c 55 8b 03 5b 7f 3a f4 cb 9c fe af Aug 26 18:38:39.170312: | fc 39 25 ae a2 8c cd d9 6f df 86 ce 03 c6 3f 07 Aug 26 18:38:39.170314: | b2 0e c9 99 d3 3c d8 97 19 54 be 8c 11 5a c4 4b Aug 26 18:38:39.170317: | f3 e7 d9 5d 4f 9d 42 fd 25 Aug 26 18:38:39.170655: | Message ID: #1 XXX: in initiate_mobike_probe() hacking around record'n'send bypassing send queue; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:38:39.170665: | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 Aug 26 18:38:39.170670: | libevent_free: release ptr-libevent@0x560b72c9cf08 Aug 26 18:38:39.170673: | free_event_entry: release EVENT_v2_ADDR_CHANGE-pe@0x560b72c9d388 Aug 26 18:38:39.170680: | #1 spent 1.17 milliseconds in timer_event_cb() EVENT_v2_ADDR_CHANGE Aug 26 18:38:39.170686: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:38:39.170689: | processing signal PLUTO_SIGCHLD Aug 26 18:38:39.170695: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:39.170700: | spent 0.00622 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:39.170703: | processing signal PLUTO_SIGCHLD Aug 26 18:38:39.170707: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:39.170711: | spent 0.00399 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:39.171535: | spent 0.00343 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:39.171570: | *received 113 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Aug 26 18:38:39.171577: | ad 6d 60 74 a3 e2 ed 1a 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:39.171582: | 2e 20 25 20 00 00 00 02 00 00 00 71 29 00 00 55 Aug 26 18:38:39.171586: | f4 2a ec 6d 31 02 51 82 15 60 97 7f 46 d2 79 28 Aug 26 18:38:39.171590: | 02 c2 03 16 b5 85 4b c4 2f 8f a3 e1 c3 ba 81 4f Aug 26 18:38:39.171594: | 97 0d 20 55 6e 62 17 c0 2e 00 28 4b af 2d 4f 7a Aug 26 18:38:39.171598: | f2 a5 95 77 8a d2 d1 4a 4a 64 ec d3 40 c8 c6 f6 Aug 26 18:38:39.171602: | 94 8b 9c ea 2d 39 64 c2 2b 5c 36 34 85 f6 bd 46 Aug 26 18:38:39.171606: | 20 Aug 26 18:38:39.171614: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:38:39.171620: | **parse ISAKMP Message: Aug 26 18:38:39.171625: | initiator cookie: Aug 26 18:38:39.171629: | ad 6d 60 74 a3 e2 ed 1a Aug 26 18:38:39.171633: | responder cookie: Aug 26 18:38:39.171637: | 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:39.171642: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:38:39.171646: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:39.171650: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:39.171655: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:38:39.171659: | Message ID: 2 (0x2) Aug 26 18:38:39.171667: | length: 113 (0x71) Aug 26 18:38:39.171672: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:38:39.171678: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response Aug 26 18:38:39.171685: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:38:39.171695: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:39.171702: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:38:39.171707: | #1 is idle Aug 26 18:38:39.171711: | #1 idle Aug 26 18:38:39.171715: | unpacking clear payload Aug 26 18:38:39.171720: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:38:39.171725: | ***parse IKEv2 Encryption Payload: Aug 26 18:38:39.171729: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:39.171734: | flags: none (0x0) Aug 26 18:38:39.171738: | length: 85 (0x55) Aug 26 18:38:39.171742: | processing payload: ISAKMP_NEXT_v2SK (len=81) Aug 26 18:38:39.171746: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:38:39.171771: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:38:39.171776: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:39.171781: | **parse IKEv2 Notify Payload: Aug 26 18:38:39.171786: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:39.171789: | flags: none (0x0) Aug 26 18:38:39.171793: | length: 28 (0x1c) Aug 26 18:38:39.171797: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:39.171801: | SPI size: 0 (0x0) Aug 26 18:38:39.171805: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:39.171810: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:39.171813: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:39.171817: | **parse IKEv2 Notify Payload: Aug 26 18:38:39.171822: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:39.171826: | flags: none (0x0) Aug 26 18:38:39.171830: | length: 28 (0x1c) Aug 26 18:38:39.171834: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:39.171838: | SPI size: 0 (0x0) Aug 26 18:38:39.171842: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:39.171846: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:39.171851: | selected state microcode I3: Informational Request Aug 26 18:38:39.171854: | Now let's proceed with state specific processing Aug 26 18:38:39.171858: | calling processor I3: Informational Request Aug 26 18:38:39.171864: | an informational response Aug 26 18:38:39.171868: | TODO: process v2N_NAT_DETECTION_SOURCE_IP in MOBIKE response Aug 26 18:38:39.171873: | TODO: process v2N_NAT_DETECTION_DESTINATION_IP in MOBIKE response Aug 26 18:38:39.171882: | #2 pst=#1 MOBIKE update local address 192.1.3.33:500 -> 192.1.8.22:500 Aug 26 18:38:39.171892: | initiator migrate kernel SA esp.9f33cf1b@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_OUT Aug 26 18:38:39.171961: | initiator migrate kernel SA esp.173b1f61@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_IN Aug 26 18:38:39.172010: | initiator migrate kernel SA esp.173b1f61@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_FWD Aug 26 18:38:39.172033: "northnet-eastnet" #1: success MOBIKE update local address 192.1.3.33:500 -> 192.1.8.22:500 Aug 26 18:38:39.172045: | free hp@0x560b72c9a9c8 Aug 26 18:38:39.172055: | connect_to_host_pair: 192.1.8.22:500 192.1.2.23:500 -> hp@(nil): none Aug 26 18:38:39.172060: | new hp@0x560b72c9a9c8 Aug 26 18:38:39.172066: | running updown command "ipsec _updown" for verb up Aug 26 18:38:39.172071: | command executing up-client Aug 26 18:38:39.172118: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844712' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Aug 26 18:38:39.172130: | popen cmd is 1062 chars long Aug 26 18:38:39.172136: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' P: Aug 26 18:38:39.172141: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_M: Aug 26 18:38:39.172145: | cmd( 160):Y_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0': Aug 26 18:38:39.172150: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Aug 26 18:38:39.172155: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=': Aug 26 18:38:39.172159: | cmd( 400):192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' P: Aug 26 18:38:39.172164: | cmd( 480):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0: Aug 26 18:38:39.172169: | cmd( 560):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844712' PLUTO_CONN_PO: Aug 26 18:38:39.172174: | cmd( 640):LICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ES: Aug 26 18:38:39.172178: | cmd( 720):N_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0: Aug 26 18:38:39.172183: | cmd( 800): PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_: Aug 26 18:38:39.172188: | cmd( 880):PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0': Aug 26 18:38:39.172192: | cmd( 960): VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9f33cf1b SPI_OUT=0x173b1: Aug 26 18:38:39.172196: | cmd(1040):f61 ipsec _updown 2>&1: Aug 26 18:38:39.183218: | running updown command "ipsec _updown" for verb route Aug 26 18:38:39.183237: | command executing route-client Aug 26 18:38:39.183270: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844712' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' Aug 26 18:38:39.183276: | popen cmd is 1065 chars long Aug 26 18:38:39.183279: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 18:38:39.183282: | cmd( 80):' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUT: Aug 26 18:38:39.183285: | cmd( 160):O_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3: Aug 26 18:38:39.183296: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0': Aug 26 18:38:39.183310: | cmd( 320): PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_I: Aug 26 18:38:39.183314: | cmd( 400):D='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0: Aug 26 18:38:39.183316: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 18:38:39.183319: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844712' PLUTO_CONN: Aug 26 18:38:39.183322: | cmd( 640):_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE: Aug 26 18:38:39.183324: | cmd( 720):+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILE: Aug 26 18:38:39.183327: | cmd( 800):D=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLU: Aug 26 18:38:39.183329: | cmd( 880):TO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=: Aug 26 18:38:39.183332: | cmd( 960):'0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9f33cf1b SPI_OUT=0x17: Aug 26 18:38:39.183335: | cmd(1040):3b1f61 ipsec _updown 2>&1: Aug 26 18:38:39.197462: | #1 updating local interface from 192.1.8.22:500 to 192.1.8.22:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:38:39.197485: "northnet-eastnet" #1: MOBIKE response: updating IPsec SA Aug 26 18:38:39.197489: | Received an INFORMATIONAL non-delete request; updating liveness, no longer pending. Aug 26 18:38:39.197501: | #1 spent 1.58 milliseconds in processing: I3: Informational Request in ikev2_process_state_packet() Aug 26 18:38:39.197507: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:39.197511: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 18:38:39.197527: | Message ID: updating counters for #1 to 2 after switching state Aug 26 18:38:39.197531: | Message ID: recv #1 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1 wip.initiator=2->-1 wip.responder=-1 Aug 26 18:38:39.197535: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:38:39.197537: | STATE_PARENT_I3: PARENT SA established Aug 26 18:38:39.197541: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:39.197547: | #1 spent 1.94 milliseconds in ikev2_process_packet() Aug 26 18:38:39.197552: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:38:39.197561: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:39.197564: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:39.197567: | spent 1.96 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:39.197585: | processing signal PLUTO_SIGCHLD Aug 26 18:38:39.197590: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:39.197594: | spent 0.0048 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:39.197596: | processing signal PLUTO_SIGCHLD Aug 26 18:38:39.197599: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:39.197602: | spent 0.00297 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:52.085500: | processing global timer EVENT_SHUNT_SCAN Aug 26 18:38:52.085516: | expiring aged bare shunts from shunt table Aug 26 18:38:52.085522: | spent 0.00439 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 18:38:53.659105: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:53.659128: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:38:53.659133: | FOR_EACH_STATE_... in sort_states Aug 26 18:38:53.659139: | get_sa_info esp.173b1f61@192.1.8.22 Aug 26 18:38:53.659157: | get_sa_info esp.9f33cf1b@192.1.2.23 Aug 26 18:38:53.659174: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:53.659183: | spent 0.0909 milliseconds in whack Aug 26 18:38:53.899333: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:53.900205: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:38:53.900233: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:38:53.900514: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:38:53.900542: | FOR_EACH_STATE_... in sort_states Aug 26 18:38:53.900594: | get_sa_info esp.173b1f61@192.1.8.22 Aug 26 18:38:53.900658: | get_sa_info esp.9f33cf1b@192.1.2.23 Aug 26 18:38:53.900744: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:53.900771: | spent 1.44 milliseconds in whack Aug 26 18:38:54.254714: | spent 0.00291 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:54.254738: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Aug 26 18:38:54.254742: | ad 6d 60 74 a3 e2 ed 1a 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:54.254745: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:38:54.254747: | 0e bc 9a 4b 4c 87 e5 05 a0 f1 d3 f0 35 91 ca e7 Aug 26 18:38:54.254750: | 09 d4 8f ff 7b 9c dd a2 32 a2 98 39 a3 69 4b ed Aug 26 18:38:54.254752: | d9 a1 c6 91 34 Aug 26 18:38:54.254759: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:38:54.254763: | **parse ISAKMP Message: Aug 26 18:38:54.254766: | initiator cookie: Aug 26 18:38:54.254768: | ad 6d 60 74 a3 e2 ed 1a Aug 26 18:38:54.254771: | responder cookie: Aug 26 18:38:54.254773: | 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:54.254776: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:38:54.254779: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:54.254781: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:54.254785: | flags: none (0x0) Aug 26 18:38:54.254787: | Message ID: 0 (0x0) Aug 26 18:38:54.254790: | length: 69 (0x45) Aug 26 18:38:54.254793: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:38:54.254811: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:38:54.254815: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:38:54.254822: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:54.254826: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:38:54.254831: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:38:54.254847: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 18:38:54.254852: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Aug 26 18:38:54.254855: | unpacking clear payload Aug 26 18:38:54.254857: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:38:54.254861: | ***parse IKEv2 Encryption Payload: Aug 26 18:38:54.254864: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:38:54.254866: | flags: none (0x0) Aug 26 18:38:54.254869: | length: 41 (0x29) Aug 26 18:38:54.254872: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 18:38:54.254876: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 18:38:54.254879: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:38:54.254902: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:38:54.254905: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:38:54.254908: | **parse IKEv2 Delete Payload: Aug 26 18:38:54.254910: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:54.254912: | flags: none (0x0) Aug 26 18:38:54.254914: | length: 12 (0xc) Aug 26 18:38:54.254917: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:38:54.254920: | SPI size: 4 (0x4) Aug 26 18:38:54.254923: | number of SPIs: 1 (0x1) Aug 26 18:38:54.254925: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 18:38:54.254928: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:38:54.254930: | Now let's proceed with state specific processing Aug 26 18:38:54.254932: | calling processor I3: INFORMATIONAL Request Aug 26 18:38:54.254936: | an informational request should send a response Aug 26 18:38:54.254958: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:38:54.254962: | **emit ISAKMP Message: Aug 26 18:38:54.254964: | initiator cookie: Aug 26 18:38:54.254966: | ad 6d 60 74 a3 e2 ed 1a Aug 26 18:38:54.254969: | responder cookie: Aug 26 18:38:54.254971: | 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:54.254973: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:54.254975: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:54.254978: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:54.254981: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:38:54.254983: | Message ID: 0 (0x0) Aug 26 18:38:54.254986: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:54.254988: | ***emit IKEv2 Encryption Payload: Aug 26 18:38:54.254991: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:54.254993: | flags: none (0x0) Aug 26 18:38:54.254996: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:38:54.254999: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:38:54.255002: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:38:54.255014: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 18:38:54.255017: | SPI 9f 33 cf 1b Aug 26 18:38:54.255019: | delete PROTO_v2_ESP SA(0x9f33cf1b) Aug 26 18:38:54.255022: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 18:38:54.255025: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 18:38:54.255028: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x9f33cf1b) Aug 26 18:38:54.255031: "northnet-eastnet" #1: received Delete SA payload: replace IPsec State #2 now Aug 26 18:38:54.255034: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 18:38:54.255038: | libevent_free: release ptr-libevent@0x560b72c9faf8 Aug 26 18:38:54.255042: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f2394002b78 Aug 26 18:38:54.255045: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f2394002b78 Aug 26 18:38:54.255049: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 18:38:54.255052: | libevent_malloc: new ptr-libevent@0x560b72ca59d8 size 128 Aug 26 18:38:54.255055: | ****emit IKEv2 Delete Payload: Aug 26 18:38:54.255058: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:54.255060: | flags: none (0x0) Aug 26 18:38:54.255062: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:38:54.255065: | SPI size: 4 (0x4) Aug 26 18:38:54.255067: | number of SPIs: 1 (0x1) Aug 26 18:38:54.255070: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:38:54.255073: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:38:54.255076: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 18:38:54.255078: | local SPIs 17 3b 1f 61 Aug 26 18:38:54.255081: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:38:54.255083: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:38:54.255086: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:38:54.255089: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:38:54.255093: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:38:54.255095: | emitting length of ISAKMP Message: 69 Aug 26 18:38:54.255113: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Aug 26 18:38:54.255118: | ad 6d 60 74 a3 e2 ed 1a 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:54.255120: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:38:54.255122: | b9 68 16 03 b8 ce 0d 9a 8b 20 e0 0e d9 f6 34 98 Aug 26 18:38:54.255125: | 4a 93 4c ee 3c fc 8a f8 f1 38 31 43 92 ad 78 0b Aug 26 18:38:54.255127: | 45 1e c0 89 e2 Aug 26 18:38:54.255158: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:38:54.255165: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:38:54.255171: | #1 spent 0.218 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 18:38:54.255176: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:54.255179: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 18:38:54.255182: | Message ID: updating counters for #1 to 0 after switching state Aug 26 18:38:54.255186: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 18:38:54.255190: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 18:38:54.255193: "northnet-eastnet" #1: STATE_PARENT_I3: PARENT SA established Aug 26 18:38:54.255198: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:54.255202: | #1 spent 0.461 milliseconds in ikev2_process_packet() Aug 26 18:38:54.255206: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:38:54.255209: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:54.255212: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:54.255216: | spent 0.475 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:54.255222: | timer_event_cb: processing event@0x7f2394002b78 Aug 26 18:38:54.255225: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 18:38:54.255230: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:38:54.255234: | picked newest_ipsec_sa #2 for #2 Aug 26 18:38:54.255237: | replacing stale CHILD SA Aug 26 18:38:54.255241: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:38:54.255244: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:38:54.255247: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 18:38:54.255251: | creating state object #3 at 0x560b72ca5a88 Aug 26 18:38:54.255254: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 18:38:54.255278: | pstats #3 ikev2.child started Aug 26 18:38:54.255282: | duplicating state object #1 "northnet-eastnet" as #3 for IPSEC SA Aug 26 18:38:54.255296: | #3 setting local endpoint to 192.1.8.22:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:38:54.255310: | Message ID: init_child #1.#3; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:38:54.255315: | suspend processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:38:54.255332: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:38:54.255338: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 18:38:54.255343: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 18:38:54.255348: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnet (ESP/AH initiator emitting proposals) Aug 26 18:38:54.255353: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:38:54.255359: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:38:54.255364: "northnet-eastnet": constructed local ESP/AH proposals for northnet-eastnet (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:38:54.255369: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 18:38:54.255373: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x560b72c9d388 Aug 26 18:38:54.255376: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 18:38:54.255379: | libevent_malloc: new ptr-libevent@0x560b72c9cf08 size 128 Aug 26 18:38:54.255384: | RESET processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:38:54.255388: | event_schedule: new EVENT_SA_EXPIRE-pe@0x560b72ca0b68 Aug 26 18:38:54.255391: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 18:38:54.255394: | libevent_malloc: new ptr-libevent@0x560b72ca5878 size 128 Aug 26 18:38:54.255398: | libevent_free: release ptr-libevent@0x560b72ca59d8 Aug 26 18:38:54.255401: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f2394002b78 Aug 26 18:38:54.255405: | #2 spent 0.174 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:38:54.255408: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:38:54.255414: | timer_event_cb: processing event@0x560b72c9d388 Aug 26 18:38:54.255417: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 18:38:54.255421: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 18:38:54.255426: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Aug 26 18:38:54.255428: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f2394002b78 Aug 26 18:38:54.255430: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:38:54.255432: | libevent_malloc: new ptr-libevent@0x560b72ca59d8 size 128 Aug 26 18:38:54.255437: | libevent_free: release ptr-libevent@0x560b72c9cf08 Aug 26 18:38:54.255439: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x560b72c9d388 Aug 26 18:38:54.255462: | #3 spent 0.048 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 18:38:54.255465: | stop processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 18:38:54.255468: | timer_event_cb: processing event@0x560b72ca0b68 Aug 26 18:38:54.255469: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 18:38:54.255472: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:38:54.255472: | crypto helper 1 resuming Aug 26 18:38:54.255488: | crypto helper 1 starting work-order 3 for state #3 Aug 26 18:38:54.255492: | crypto helper 1 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Aug 26 18:38:54.255474: | picked newest_ipsec_sa #2 for #2 Aug 26 18:38:54.255520: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:38:54.255523: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 18:38:54.255525: | pstats #2 ikev2.child deleted completed Aug 26 18:38:54.255528: | #2 spent 3.38 milliseconds in total Aug 26 18:38:54.255532: | [RE]START processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:38:54.255536: "northnet-eastnet" #2: deleting state (STATE_V2_IPSEC_I) aged 21.880s and NOT sending notification Aug 26 18:38:54.255539: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 18:38:54.255542: | get_sa_info esp.9f33cf1b@192.1.2.23 Aug 26 18:38:54.255553: | get_sa_info esp.173b1f61@192.1.8.22 Aug 26 18:38:54.255558: "northnet-eastnet" #2: ESP traffic information: in=336B out=336B Aug 26 18:38:54.255561: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:38:54.255601: | running updown command "ipsec _updown" for verb down Aug 26 18:38:54.255605: | command executing down-client Aug 26 18:38:54.255622: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844712' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V Aug 26 18:38:54.255625: | popen cmd is 1064 chars long Aug 26 18:38:54.255627: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet': Aug 26 18:38:54.255628: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO: Aug 26 18:38:54.255630: | cmd( 160):_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Aug 26 18:38:54.255632: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Aug 26 18:38:54.255634: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Aug 26 18:38:54.255635: | cmd( 400):='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Aug 26 18:38:54.255637: | cmd( 480): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Aug 26 18:38:54.255639: | cmd( 560):'0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844712' PLUTO_CONN_: Aug 26 18:38:54.255640: | cmd( 640):POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+: Aug 26 18:38:54.255642: | cmd( 720):ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED: Aug 26 18:38:54.255644: | cmd( 800):=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUT: Aug 26 18:38:54.255645: | cmd( 880):O_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=': Aug 26 18:38:54.255647: | cmd( 960):0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9f33cf1b SPI_OUT=0x173: Aug 26 18:38:54.255649: | cmd(1040):b1f61 ipsec _updown 2>&1: Aug 26 18:38:54.256373: | crypto helper 1 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.00088 seconds Aug 26 18:38:54.256390: | (#3) spent 0.888 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 18:38:54.256395: | crypto helper 1 sending results from work-order 3 for state #3 to event queue Aug 26 18:38:54.256398: | scheduling resume sending helper answer for #3 Aug 26 18:38:54.256402: | libevent_malloc: new ptr-libevent@0x7f2390002888 size 128 Aug 26 18:38:54.256415: | crypto helper 1 waiting (nothing to do) Aug 26 18:38:54.263879: | shunt_eroute() called for connection 'northnet-eastnet' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:38:54.263891: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:38:54.263895: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:54.263899: | IPsec Sa SPD priority set to 1042407 Aug 26 18:38:54.263921: | delete esp.9f33cf1b@192.1.2.23 Aug 26 18:38:54.263948: | netlink response for Del SA esp.9f33cf1b@192.1.2.23 included non-error error Aug 26 18:38:54.263964: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:54.263970: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.8.22 (raw_eroute) Aug 26 18:38:54.263986: | raw_eroute result=success Aug 26 18:38:54.263989: | delete esp.173b1f61@192.1.8.22 Aug 26 18:38:54.263997: | netlink response for Del SA esp.173b1f61@192.1.8.22 included non-error error Aug 26 18:38:54.264006: | in connection_discard for connection northnet-eastnet Aug 26 18:38:54.264008: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 18:38:54.264011: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:38:54.264015: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:38:54.264029: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 18:38:54.264031: | can't expire unused IKE SA #1; it has the child #3 Aug 26 18:38:54.264035: | libevent_free: release ptr-libevent@0x560b72ca5878 Aug 26 18:38:54.264037: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x560b72ca0b68 Aug 26 18:38:54.264040: | in statetime_stop() and could not find #2 Aug 26 18:38:54.264042: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:38:54.264056: | spent 0.00197 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:54.264081: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Aug 26 18:38:54.264083: | ad 6d 60 74 a3 e2 ed 1a 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:54.264085: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 18:38:54.264087: | 3a 6a 5c 13 57 0c 5b 58 4a 4c b8 60 7e 91 8d 82 Aug 26 18:38:54.264088: | 4a 60 b5 50 8a ed 09 8e 6e f2 ac 2f b4 85 0d a1 Aug 26 18:38:54.264089: | ea Aug 26 18:38:54.264093: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:38:54.264096: | **parse ISAKMP Message: Aug 26 18:38:54.264098: | initiator cookie: Aug 26 18:38:54.264099: | ad 6d 60 74 a3 e2 ed 1a Aug 26 18:38:54.264101: | responder cookie: Aug 26 18:38:54.264102: | 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:54.264104: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:38:54.264106: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:54.264108: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:54.264110: | flags: none (0x0) Aug 26 18:38:54.264112: | Message ID: 1 (0x1) Aug 26 18:38:54.264113: | length: 65 (0x41) Aug 26 18:38:54.264115: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:38:54.264118: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:38:54.264120: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:38:54.264124: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:54.264126: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:38:54.264129: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:38:54.264131: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:38:54.264134: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Aug 26 18:38:54.264135: | unpacking clear payload Aug 26 18:38:54.264137: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:38:54.264139: | ***parse IKEv2 Encryption Payload: Aug 26 18:38:54.264143: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:38:54.264144: | flags: none (0x0) Aug 26 18:38:54.264146: | length: 37 (0x25) Aug 26 18:38:54.264148: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 18:38:54.264151: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 18:38:54.264153: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:38:54.264166: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:38:54.264168: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:38:54.264170: | **parse IKEv2 Delete Payload: Aug 26 18:38:54.264171: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:54.264173: | flags: none (0x0) Aug 26 18:38:54.264174: | length: 8 (0x8) Aug 26 18:38:54.264176: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 18:38:54.264178: | SPI size: 0 (0x0) Aug 26 18:38:54.264179: | number of SPIs: 0 (0x0) Aug 26 18:38:54.264181: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 18:38:54.264182: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:38:54.264184: | Now let's proceed with state specific processing Aug 26 18:38:54.264186: | calling processor I3: INFORMATIONAL Request Aug 26 18:38:54.264188: | an informational request should send a response Aug 26 18:38:54.264207: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:38:54.264210: | **emit ISAKMP Message: Aug 26 18:38:54.264211: | initiator cookie: Aug 26 18:38:54.264213: | ad 6d 60 74 a3 e2 ed 1a Aug 26 18:38:54.264214: | responder cookie: Aug 26 18:38:54.264216: | 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:54.264217: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:54.264219: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:54.264221: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:54.264223: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:38:54.264224: | Message ID: 1 (0x1) Aug 26 18:38:54.264226: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:54.264228: | ***emit IKEv2 Encryption Payload: Aug 26 18:38:54.264230: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:54.264231: | flags: none (0x0) Aug 26 18:38:54.264233: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:38:54.264235: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:38:54.264238: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:38:54.264244: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:38:54.264246: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:38:54.264248: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:38:54.264250: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 18:38:54.264252: | emitting length of ISAKMP Message: 57 Aug 26 18:38:54.264263: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Aug 26 18:38:54.264266: | ad 6d 60 74 a3 e2 ed 1a 47 4e 95 2d b8 ba d3 51 Aug 26 18:38:54.264268: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Aug 26 18:38:54.264269: | 9c 8e 90 01 29 cd a8 2d 4a b0 c8 ac b4 d9 a7 46 Aug 26 18:38:54.264271: | 62 46 c4 cd 0e 7f 02 02 b6 Aug 26 18:38:54.264320: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:38:54.264327: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:38:54.264331: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 18:38:54.264334: | pstats #3 ikev2.child deleted other Aug 26 18:38:54.264336: | #3 spent 0.048 milliseconds in total Aug 26 18:38:54.264352: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:38:54.264355: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:38:54.264358: "northnet-eastnet" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.009s and NOT sending notification Aug 26 18:38:54.264360: | child state #3: CHILDSA_DEL(informational) => delete Aug 26 18:38:54.264362: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:38:54.264365: | libevent_free: release ptr-libevent@0x560b72ca59d8 Aug 26 18:38:54.264368: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f2394002b78 Aug 26 18:38:54.264370: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:54.264374: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.8.22 (raw_eroute) Aug 26 18:38:54.264383: | raw_eroute result=success Aug 26 18:38:54.264387: | in connection_discard for connection northnet-eastnet Aug 26 18:38:54.264389: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 18:38:54.264394: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:38:54.264397: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:38:54.264399: | resume processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:38:54.264402: | State DB: IKEv2 state not found (delete_my_family) Aug 26 18:38:54.264404: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 18:38:54.264406: | pstats #1 ikev2.ike deleted completed Aug 26 18:38:54.264409: | #1 spent 13.2 milliseconds in total Aug 26 18:38:54.264412: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:38:54.264414: "northnet-eastnet" #1: deleting state (STATE_IKESA_DEL) aged 21.899s and NOT sending notification Aug 26 18:38:54.264415: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 18:38:54.264468: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 18:38:54.264473: | libevent_free: release ptr-libevent@0x7f238c000f48 Aug 26 18:38:54.264477: | free_event_entry: release EVENT_SA_REKEY-pe@0x560b72c9d218 Aug 26 18:38:54.264480: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:38:54.264482: | picked newest_isakmp_sa #0 for #1 Aug 26 18:38:54.264484: "northnet-eastnet" #1: deleting IKE SA for connection 'northnet-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:38:54.264487: | add revival: connection 'northnet-eastnet' added to the list and scheduled for 0 seconds Aug 26 18:38:54.264489: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 18:38:54.264491: | in connection_discard for connection northnet-eastnet Aug 26 18:38:54.264493: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 18:38:54.264495: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 18:38:54.264519: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:38:54.264552: | in statetime_stop() and could not find #1 Aug 26 18:38:54.264555: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:54.264558: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 18:38:54.264560: | STF_OK but no state object remains Aug 26 18:38:54.264562: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:54.264563: | in statetime_stop() and could not find #1 Aug 26 18:38:54.264568: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:38:54.264570: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:54.264572: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:54.264575: | spent 0.479 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:54.264581: | processing resume sending helper answer for #3 Aug 26 18:38:54.264583: | crypto helper 1 replies to request ID 3 Aug 26 18:38:54.264585: | calling continuation function 0x560b71aceb50 Aug 26 18:38:54.264586: | work-order 3 state #3 crypto result suppressed Aug 26 18:38:54.264594: | (#3) spent 0.0109 milliseconds in resume sending helper answer Aug 26 18:38:54.264597: | libevent_free: release ptr-libevent@0x7f2390002888 Aug 26 18:38:54.264599: | processing signal PLUTO_SIGCHLD Aug 26 18:38:54.264602: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:54.264605: | spent 0.00374 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:54.264608: | processing global timer EVENT_REVIVE_CONNS Aug 26 18:38:54.264611: Initiating connection northnet-eastnet which received a Delete/Notify but must remain up per local policy Aug 26 18:38:54.264613: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:54.264616: | start processing: connection "northnet-eastnet" (in initiate_a_connection() at initiate.c:186) Aug 26 18:38:54.264618: | connection 'northnet-eastnet' +POLICY_UP Aug 26 18:38:54.264620: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 18:38:54.264621: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:38:54.264625: | creating state object #4 at 0x560b72c9fe98 Aug 26 18:38:54.264627: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 18:38:54.264631: | pstats #4 ikev2.ike started Aug 26 18:38:54.264633: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:38:54.264635: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:38:54.264638: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:38:54.264642: | suspend processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:38:54.264645: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:38:54.264647: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:38:54.264649: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet" IKE SA #4 "northnet-eastnet" Aug 26 18:38:54.264652: "northnet-eastnet" #4: initiating v2 parent SA Aug 26 18:38:54.264662: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:54.264665: | adding ikev2_outI1 KE work-order 4 for state #4 Aug 26 18:38:54.264668: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f238c002fc8 Aug 26 18:38:54.264670: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 18:38:54.264672: | libevent_malloc: new ptr-libevent@0x560b72ca5878 size 128 Aug 26 18:38:54.264679: | #4 spent 0.0629 milliseconds in ikev2_parent_outI1() Aug 26 18:38:54.264682: | RESET processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:38:54.264685: | crypto helper 6 resuming Aug 26 18:38:54.264685: | RESET processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:38:54.264696: | crypto helper 6 starting work-order 4 for state #4 Aug 26 18:38:54.264707: | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Aug 26 18:38:54.264702: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:38:54.264716: | spent 0.0994 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 18:38:54.265297: | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.000588 seconds Aug 26 18:38:54.265325: | (#4) spent 0.612 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Aug 26 18:38:54.265330: | crypto helper 6 sending results from work-order 4 for state #4 to event queue Aug 26 18:38:54.265347: | scheduling resume sending helper answer for #4 Aug 26 18:38:54.265350: | libevent_malloc: new ptr-libevent@0x7f2384002888 size 128 Aug 26 18:38:54.265357: | crypto helper 6 waiting (nothing to do) Aug 26 18:38:54.265395: | processing resume sending helper answer for #4 Aug 26 18:38:54.265404: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:38:54.265407: | crypto helper 6 replies to request ID 4 Aug 26 18:38:54.265409: | calling continuation function 0x560b71aceb50 Aug 26 18:38:54.265411: | ikev2_parent_outI1_continue for #4 Aug 26 18:38:54.265414: | **emit ISAKMP Message: Aug 26 18:38:54.265416: | initiator cookie: Aug 26 18:38:54.265418: | 1b 7d f7 8d 86 69 d0 06 Aug 26 18:38:54.265419: | responder cookie: Aug 26 18:38:54.265421: | 00 00 00 00 00 00 00 00 Aug 26 18:38:54.265423: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:54.265425: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:54.265426: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:38:54.265428: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:38:54.265430: | Message ID: 0 (0x0) Aug 26 18:38:54.265432: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:54.265441: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:54.265443: | Emitting ikev2_proposals ... Aug 26 18:38:54.265445: | ***emit IKEv2 Security Association Payload: Aug 26 18:38:54.265447: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:54.265449: | flags: none (0x0) Aug 26 18:38:54.265451: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:38:54.265453: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:38:54.265455: | discarding INTEG=NONE Aug 26 18:38:54.265457: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:54.265459: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:54.265460: | prop #: 1 (0x1) Aug 26 18:38:54.265462: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:54.265464: | spi size: 0 (0x0) Aug 26 18:38:54.265465: | # transforms: 11 (0xb) Aug 26 18:38:54.265467: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:54.265471: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265473: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265475: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:54.265476: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:54.265478: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265480: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:54.265482: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:54.265483: | length/value: 256 (0x100) Aug 26 18:38:54.265485: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:54.265487: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265489: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265490: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:54.265492: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:54.265494: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265496: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265497: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265499: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265501: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265502: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:54.265504: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:54.265506: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265507: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265509: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265511: | discarding INTEG=NONE Aug 26 18:38:54.265512: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265514: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265515: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265517: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:54.265519: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265521: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265522: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265524: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265525: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265527: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265528: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:54.265530: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265532: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265534: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265535: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265537: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265538: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265540: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:54.265542: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265545: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265546: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265548: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265549: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265551: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265552: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:54.265554: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265556: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265558: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265559: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265561: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265562: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265564: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:54.265566: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265568: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265569: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265571: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265572: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265574: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265576: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:54.265577: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265579: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265581: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265582: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265584: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265586: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265587: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:54.265589: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265591: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265592: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265594: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265596: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:54.265597: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265599: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:54.265601: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265602: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265604: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265606: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:38:54.265608: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:54.265609: | discarding INTEG=NONE Aug 26 18:38:54.265612: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:54.265613: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:54.265615: | prop #: 2 (0x2) Aug 26 18:38:54.265616: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:54.265618: | spi size: 0 (0x0) Aug 26 18:38:54.265620: | # transforms: 11 (0xb) Aug 26 18:38:54.265622: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:54.265623: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:54.265625: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265627: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265628: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:54.265630: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:54.265632: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265633: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:54.265635: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:54.265636: | length/value: 128 (0x80) Aug 26 18:38:54.265638: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:54.265640: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265641: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265643: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:54.265644: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:54.265646: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265648: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265650: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265651: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265653: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265654: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:54.265656: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:54.265658: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265660: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265661: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265663: | discarding INTEG=NONE Aug 26 18:38:54.265664: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265666: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265667: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265669: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:54.265671: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265673: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265674: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265676: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265677: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265679: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265680: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:54.265682: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265685: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265687: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265688: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265690: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265691: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265693: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:54.265695: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265697: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265698: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265700: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265701: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265703: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265704: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:54.265706: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265708: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265710: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265711: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265713: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265714: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265716: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:54.265718: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265720: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265721: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265723: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265724: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265726: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265727: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:54.265729: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265731: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265733: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265734: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265736: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265737: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265739: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:54.265741: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265742: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265744: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265746: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265747: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:54.265749: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265750: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:54.265754: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265756: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265758: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265759: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:38:54.265761: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:54.265763: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:54.265765: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:54.265766: | prop #: 3 (0x3) Aug 26 18:38:54.265768: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:54.265769: | spi size: 0 (0x0) Aug 26 18:38:54.265771: | # transforms: 13 (0xd) Aug 26 18:38:54.265773: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:54.265774: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:54.265776: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265778: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265779: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:54.265781: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:54.265782: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265784: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:54.265786: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:54.265787: | length/value: 256 (0x100) Aug 26 18:38:54.265789: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:54.265790: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265792: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265794: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:54.265795: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:54.265797: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265799: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265800: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265802: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265804: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265805: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:54.265807: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:54.265809: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265810: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265812: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265813: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265815: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265817: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:54.265818: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:38:54.265820: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265822: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265825: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265827: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265829: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265830: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:54.265832: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:54.265834: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265835: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265837: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265839: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265840: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265842: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265843: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:54.265845: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265847: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265849: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265850: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265852: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265853: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265855: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:54.265857: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265859: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265860: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265862: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265863: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265865: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265866: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:54.265868: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265870: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265872: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265873: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265875: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265876: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265878: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:54.265880: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265882: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265883: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265885: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265886: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265888: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265889: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:54.265891: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265894: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265896: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265897: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265899: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265900: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265902: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:54.265904: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265906: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265907: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265909: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265910: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265912: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265914: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:54.265915: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265917: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265919: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265920: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265922: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:54.265923: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.265940: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:54.265942: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265944: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265946: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265947: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:38:54.265949: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:54.265951: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:54.265953: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:54.265954: | prop #: 4 (0x4) Aug 26 18:38:54.265956: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:54.265957: | spi size: 0 (0x0) Aug 26 18:38:54.265959: | # transforms: 13 (0xd) Aug 26 18:38:54.265961: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:54.265963: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:54.265964: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265966: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265968: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:54.265969: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:54.265971: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265973: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:54.265974: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:54.265976: | length/value: 128 (0x80) Aug 26 18:38:54.265977: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:54.265979: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265982: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265983: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:54.265985: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:54.265987: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265989: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.265990: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.265992: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.265993: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.265995: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:54.265997: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:54.265999: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266000: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.266002: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.266004: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.266005: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266007: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:54.266008: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:38:54.266010: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266012: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.266014: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.266015: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.266017: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266019: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:54.266020: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:54.266035: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266037: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.266039: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.266040: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.266042: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266043: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.266045: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:54.266047: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266049: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.266050: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.266052: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.266053: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266055: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.266056: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:54.266058: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266060: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.266063: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.266064: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.266066: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266067: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.266069: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:54.266071: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266072: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.266074: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.266076: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.266077: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266079: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.266080: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:54.266082: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266084: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.266086: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.266087: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.266089: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266090: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.266092: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:54.266094: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266095: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.266097: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.266112: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.266113: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266115: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.266117: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:54.266119: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266120: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.266122: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.266124: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.266125: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266127: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.266128: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:54.266130: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266132: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.266134: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.266135: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:54.266137: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:54.266139: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:54.266140: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:54.266142: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:54.266145: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:54.266147: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:54.266148: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:38:54.266150: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:54.266152: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:38:54.266153: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:38:54.266155: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:38:54.266157: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:54.266159: | flags: none (0x0) Aug 26 18:38:54.266160: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:54.266162: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:38:54.266164: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:38:54.266167: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:38:54.266169: | ikev2 g^x 46 32 41 d6 41 e2 3e 1e d5 b0 fe b7 1f 1e 3e 61 Aug 26 18:38:54.266170: | ikev2 g^x 44 5c 26 3f b4 65 f5 c7 a7 05 bb 50 7f 07 89 b1 Aug 26 18:38:54.266172: | ikev2 g^x 01 2d e9 d2 cb 39 2e 98 25 c3 cd fb c7 64 8d b1 Aug 26 18:38:54.266173: | ikev2 g^x a5 43 72 71 63 d0 bf c8 31 38 29 24 8e 24 f4 f0 Aug 26 18:38:54.266175: | ikev2 g^x b3 c9 93 67 2c 07 b3 ad ce 5c f3 80 3c c9 45 e4 Aug 26 18:38:54.266177: | ikev2 g^x 20 14 6e e5 11 f1 0f 19 75 56 d0 4b c8 1c 7e 6a Aug 26 18:38:54.266178: | ikev2 g^x b1 71 ce d0 04 df fe 63 42 24 bf 43 b2 98 f9 c8 Aug 26 18:38:54.266180: | ikev2 g^x af e2 97 6b dc 33 69 a6 9a fa 6e cc cf 77 54 fb Aug 26 18:38:54.266181: | ikev2 g^x ea e1 9c 33 98 e6 cb a4 56 d6 c1 8c b9 72 a3 4d Aug 26 18:38:54.266183: | ikev2 g^x b7 95 7b 00 58 31 88 bb 88 00 6c 6f 71 dc 3e 34 Aug 26 18:38:54.266184: | ikev2 g^x 1c b5 61 94 c3 fc 7e bf c6 ed 30 3c 46 b8 bc 59 Aug 26 18:38:54.266186: | ikev2 g^x 05 c5 e9 f4 37 0a 3b 48 57 24 b7 19 b5 cc 27 42 Aug 26 18:38:54.266188: | ikev2 g^x db b7 51 33 3b 3f 1a 7f f7 79 69 37 cc f9 cb 2e Aug 26 18:38:54.266189: | ikev2 g^x 12 95 b3 31 43 75 1c 3b bb 6d c3 01 a0 23 18 3a Aug 26 18:38:54.266191: | ikev2 g^x a7 84 e6 e8 b4 51 a2 81 23 11 18 41 7f 64 36 47 Aug 26 18:38:54.266192: | ikev2 g^x 1f ac 88 86 d7 97 35 b5 94 ac 26 dc 16 10 74 75 Aug 26 18:38:54.266194: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:38:54.266196: | ***emit IKEv2 Nonce Payload: Aug 26 18:38:54.266197: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:54.266199: | flags: none (0x0) Aug 26 18:38:54.266201: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:38:54.266203: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:38:54.266205: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:38:54.266207: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:38:54.266208: | IKEv2 nonce 87 a2 ca 64 4a 28 81 6e 90 08 89 66 40 3d 8a ac Aug 26 18:38:54.266210: | IKEv2 nonce 20 40 7b 9b 61 0e fa 4f 91 5a 1b 6d dd 13 4a 70 Aug 26 18:38:54.266212: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:38:54.266213: | Adding a v2N Payload Aug 26 18:38:54.266215: | ***emit IKEv2 Notify Payload: Aug 26 18:38:54.266217: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:54.266218: | flags: none (0x0) Aug 26 18:38:54.266221: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:54.266223: | SPI size: 0 (0x0) Aug 26 18:38:54.266225: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:38:54.266227: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:54.266228: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:54.266230: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:38:54.266233: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:38:54.266235: | natd_hash: rcookie is zero Aug 26 18:38:54.266244: | natd_hash: hasher=0x560b71ba3800(20) Aug 26 18:38:54.266246: | natd_hash: icookie= 1b 7d f7 8d 86 69 d0 06 Aug 26 18:38:54.266248: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:38:54.266249: | natd_hash: ip= c0 01 08 16 Aug 26 18:38:54.266251: | natd_hash: port=500 Aug 26 18:38:54.266252: | natd_hash: hash= 97 04 07 78 43 31 3b 31 57 12 bf ba 42 ea 5e 98 Aug 26 18:38:54.266254: | natd_hash: hash= 06 08 5f 29 Aug 26 18:38:54.266255: | Adding a v2N Payload Aug 26 18:38:54.266257: | ***emit IKEv2 Notify Payload: Aug 26 18:38:54.266259: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:54.266260: | flags: none (0x0) Aug 26 18:38:54.266262: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:54.266264: | SPI size: 0 (0x0) Aug 26 18:38:54.266265: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:54.266267: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:54.266269: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:54.266271: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:54.266273: | Notify data 97 04 07 78 43 31 3b 31 57 12 bf ba 42 ea 5e 98 Aug 26 18:38:54.266274: | Notify data 06 08 5f 29 Aug 26 18:38:54.266276: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:54.266278: | natd_hash: rcookie is zero Aug 26 18:38:54.266281: | natd_hash: hasher=0x560b71ba3800(20) Aug 26 18:38:54.266283: | natd_hash: icookie= 1b 7d f7 8d 86 69 d0 06 Aug 26 18:38:54.266285: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:38:54.266286: | natd_hash: ip= c0 01 02 17 Aug 26 18:38:54.266297: | natd_hash: port=500 Aug 26 18:38:54.266302: | natd_hash: hash= 76 30 8f 1c 60 76 03 97 2a ea 79 71 e6 d6 66 1f Aug 26 18:38:54.266304: | natd_hash: hash= d8 48 39 c5 Aug 26 18:38:54.266305: | Adding a v2N Payload Aug 26 18:38:54.266307: | ***emit IKEv2 Notify Payload: Aug 26 18:38:54.266309: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:54.266310: | flags: none (0x0) Aug 26 18:38:54.266312: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:54.266313: | SPI size: 0 (0x0) Aug 26 18:38:54.266315: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:54.266317: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:54.266332: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:54.266334: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:54.266336: | Notify data 76 30 8f 1c 60 76 03 97 2a ea 79 71 e6 d6 66 1f Aug 26 18:38:54.266337: | Notify data d8 48 39 c5 Aug 26 18:38:54.266339: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:54.266340: | emitting length of ISAKMP Message: 828 Aug 26 18:38:54.266345: | stop processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:38:54.266348: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:54.266351: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:38:54.266354: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:38:54.266356: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:38:54.266358: | Message ID: updating counters for #4 to 4294967295 after switching state Aug 26 18:38:54.266360: | Message ID: IKE #4 skipping update_recv as MD is fake Aug 26 18:38:54.266363: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:38:54.266365: "northnet-eastnet" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:38:54.266368: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.8.22:500) Aug 26 18:38:54.266372: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #4) Aug 26 18:38:54.266374: | 1b 7d f7 8d 86 69 d0 06 00 00 00 00 00 00 00 00 Aug 26 18:38:54.266375: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:38:54.266377: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:38:54.266378: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:38:54.266380: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:38:54.266381: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:38:54.266383: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:38:54.266384: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:38:54.266386: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:38:54.266387: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:38:54.266389: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:38:54.266390: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:38:54.266392: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:38:54.266393: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:38:54.266395: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:38:54.266396: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:38:54.266398: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:38:54.266399: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:38:54.266401: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:38:54.266402: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:38:54.266404: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:38:54.266405: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:38:54.266407: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:38:54.266408: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:38:54.266410: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:38:54.266411: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:38:54.266413: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:38:54.266414: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:38:54.266416: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:38:54.266417: | 28 00 01 08 00 0e 00 00 46 32 41 d6 41 e2 3e 1e Aug 26 18:38:54.266419: | d5 b0 fe b7 1f 1e 3e 61 44 5c 26 3f b4 65 f5 c7 Aug 26 18:38:54.266420: | a7 05 bb 50 7f 07 89 b1 01 2d e9 d2 cb 39 2e 98 Aug 26 18:38:54.266422: | 25 c3 cd fb c7 64 8d b1 a5 43 72 71 63 d0 bf c8 Aug 26 18:38:54.266423: | 31 38 29 24 8e 24 f4 f0 b3 c9 93 67 2c 07 b3 ad Aug 26 18:38:54.266425: | ce 5c f3 80 3c c9 45 e4 20 14 6e e5 11 f1 0f 19 Aug 26 18:38:54.266426: | 75 56 d0 4b c8 1c 7e 6a b1 71 ce d0 04 df fe 63 Aug 26 18:38:54.266428: | 42 24 bf 43 b2 98 f9 c8 af e2 97 6b dc 33 69 a6 Aug 26 18:38:54.266429: | 9a fa 6e cc cf 77 54 fb ea e1 9c 33 98 e6 cb a4 Aug 26 18:38:54.266431: | 56 d6 c1 8c b9 72 a3 4d b7 95 7b 00 58 31 88 bb Aug 26 18:38:54.266432: | 88 00 6c 6f 71 dc 3e 34 1c b5 61 94 c3 fc 7e bf Aug 26 18:38:54.266434: | c6 ed 30 3c 46 b8 bc 59 05 c5 e9 f4 37 0a 3b 48 Aug 26 18:38:54.266436: | 57 24 b7 19 b5 cc 27 42 db b7 51 33 3b 3f 1a 7f Aug 26 18:38:54.266438: | f7 79 69 37 cc f9 cb 2e 12 95 b3 31 43 75 1c 3b Aug 26 18:38:54.266440: | bb 6d c3 01 a0 23 18 3a a7 84 e6 e8 b4 51 a2 81 Aug 26 18:38:54.266441: | 23 11 18 41 7f 64 36 47 1f ac 88 86 d7 97 35 b5 Aug 26 18:38:54.266443: | 94 ac 26 dc 16 10 74 75 29 00 00 24 87 a2 ca 64 Aug 26 18:38:54.266444: | 4a 28 81 6e 90 08 89 66 40 3d 8a ac 20 40 7b 9b Aug 26 18:38:54.266446: | 61 0e fa 4f 91 5a 1b 6d dd 13 4a 70 29 00 00 08 Aug 26 18:38:54.266447: | 00 00 40 2e 29 00 00 1c 00 00 40 04 97 04 07 78 Aug 26 18:38:54.266449: | 43 31 3b 31 57 12 bf ba 42 ea 5e 98 06 08 5f 29 Aug 26 18:38:54.266450: | 00 00 00 1c 00 00 40 05 76 30 8f 1c 60 76 03 97 Aug 26 18:38:54.266452: | 2a ea 79 71 e6 d6 66 1f d8 48 39 c5 Aug 26 18:38:54.266477: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:38:54.266480: | libevent_free: release ptr-libevent@0x560b72ca5878 Aug 26 18:38:54.266483: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f238c002fc8 Aug 26 18:38:54.266485: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:38:54.266487: "northnet-eastnet" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:38:54.266489: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f238c002fc8 Aug 26 18:38:54.266492: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #4 Aug 26 18:38:54.266494: | libevent_malloc: new ptr-libevent@0x560b72c9faf8 size 128 Aug 26 18:38:54.266497: | #4 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 30020.008956 Aug 26 18:38:54.266499: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Aug 26 18:38:54.266503: | #4 spent 1.07 milliseconds in resume sending helper answer Aug 26 18:38:54.266506: | stop processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:38:54.266508: | libevent_free: release ptr-libevent@0x7f2384002888 Aug 26 18:38:54.730167: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:54.730187: shutting down Aug 26 18:38:54.730195: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 18:38:54.730199: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:38:54.730202: forgetting secrets Aug 26 18:38:54.730207: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:38:54.730211: | start processing: connection "northnet-eastnet" (in delete_connection() at connections.c:189) Aug 26 18:38:54.730213: | removing pending policy for no connection {0x560b72c8b8f8} Aug 26 18:38:54.730216: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:38:54.730217: | pass 0 Aug 26 18:38:54.730219: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:38:54.730221: | state #4 Aug 26 18:38:54.730223: | suspend processing: connection "northnet-eastnet" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:38:54.730227: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:38:54.730229: | pstats #4 ikev2.ike deleted other Aug 26 18:38:54.730233: | #4 spent 1.75 milliseconds in total Aug 26 18:38:54.730236: | [RE]START processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:38:54.730239: "northnet-eastnet" #4: deleting state (STATE_PARENT_I1) aged 0.465s and NOT sending notification Aug 26 18:38:54.730241: | parent state #4: PARENT_I1(half-open IKE SA) => delete Aug 26 18:38:54.730244: | state #4 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:38:54.730246: | #4 STATE_PARENT_I1: retransmits: cleared Aug 26 18:38:54.730249: | libevent_free: release ptr-libevent@0x560b72c9faf8 Aug 26 18:38:54.730254: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f238c002fc8 Aug 26 18:38:54.730257: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:38:54.730259: | picked newest_isakmp_sa #0 for #4 Aug 26 18:38:54.730261: "northnet-eastnet" #4: deleting IKE SA for connection 'northnet-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:38:54.730264: | add revival: connection 'northnet-eastnet' added to the list and scheduled for 5 seconds Aug 26 18:38:54.730266: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 18:38:54.730270: | stop processing: connection "northnet-eastnet" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 18:38:54.730272: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 18:38:54.730274: | in connection_discard for connection northnet-eastnet Aug 26 18:38:54.730275: | State DB: deleting IKEv2 state #4 in PARENT_I1 Aug 26 18:38:54.730278: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 18:38:54.730312: | stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:38:54.730318: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:38:54.730320: | pass 1 Aug 26 18:38:54.730321: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:38:54.730337: | shunt_eroute() called for connection 'northnet-eastnet' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:38:54.730339: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:38:54.730342: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:54.730369: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:54.730377: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:38:54.730380: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 18:38:54.730382: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 18:38:54.730384: | route owner of "northnet-eastnet" unrouted: NULL Aug 26 18:38:54.730386: | running updown command "ipsec _updown" for verb unroute Aug 26 18:38:54.730388: | command executing unroute-client Aug 26 18:38:54.730421: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI Aug 26 18:38:54.730424: | popen cmd is 1045 chars long Aug 26 18:38:54.730426: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:38:54.730428: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PL: Aug 26 18:38:54.730429: | cmd( 160):UTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0: Aug 26 18:38:54.730431: | cmd( 240):.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=': Aug 26 18:38:54.730433: | cmd( 320):0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEE: Aug 26 18:38:54.730447: | cmd( 400):R_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 18:38:54.730451: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 18:38:54.730453: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Aug 26 18:38:54.730454: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_N: Aug 26 18:38:54.730456: | cmd( 720):O' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PL: Aug 26 18:38:54.730458: | cmd( 800):UTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEE: Aug 26 18:38:54.730459: | cmd( 880):R_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VT: Aug 26 18:38:54.730461: | cmd( 960):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown: Aug 26 18:38:54.730463: | cmd(1040): 2>&1: Aug 26 18:38:54.739122: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:54.739141: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:54.739144: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:54.739146: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:54.739148: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:54.739149: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:54.739156: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:54.739169: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:54.739181: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:54.739192: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:54.739204: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:54.739217: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:54.739230: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:54.744982: | free hp@0x560b72c9a9c8 Aug 26 18:38:54.745006: | flush revival: connection 'northnet-eastnet' revival flushed Aug 26 18:38:54.745015: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 18:38:54.745040: | crl fetch request list locked by 'free_crl_fetch' Aug 26 18:38:54.745043: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 18:38:54.745056: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 18:38:54.745061: shutting down interface lo/lo 127.0.0.1:500 Aug 26 18:38:54.745065: shutting down interface eth0/eth0 192.0.3.254:4500 Aug 26 18:38:54.745069: shutting down interface eth0/eth0 192.0.3.254:500 Aug 26 18:38:54.745073: shutting down interface eth1/eth1 192.1.3.33:4500 Aug 26 18:38:54.745077: shutting down interface eth1/eth1 192.1.3.33:500 Aug 26 18:38:54.745081: shutting down interface eth1/eth1 192.1.8.22:4500 Aug 26 18:38:54.745085: shutting down interface eth1/eth1 192.1.8.22:500 Aug 26 18:38:54.745090: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 18:38:54.745105: | libevent_free: release ptr-libevent@0x560b72c8c468 Aug 26 18:38:54.745109: | free_event_entry: release EVENT_NULL-pe@0x560b72c982a8 Aug 26 18:38:54.745122: | libevent_free: release ptr-libevent@0x560b72c282b8 Aug 26 18:38:54.745126: | free_event_entry: release EVENT_NULL-pe@0x560b72c98358 Aug 26 18:38:54.745135: | libevent_free: release ptr-libevent@0x560b72c2a158 Aug 26 18:38:54.745139: | free_event_entry: release EVENT_NULL-pe@0x560b72c98408 Aug 26 18:38:54.745147: | libevent_free: release ptr-libevent@0x560b72c272a8 Aug 26 18:38:54.745151: | free_event_entry: release EVENT_NULL-pe@0x560b72c984b8 Aug 26 18:38:54.745159: | libevent_free: release ptr-libevent@0x560b72bf84e8 Aug 26 18:38:54.745162: | free_event_entry: release EVENT_NULL-pe@0x560b72c98568 Aug 26 18:38:54.745168: | libevent_free: release ptr-libevent@0x560b72bf81d8 Aug 26 18:38:54.745170: | free_event_entry: release EVENT_NULL-pe@0x560b72c98618 Aug 26 18:38:54.745176: | libevent_free: release ptr-libevent@0x560b72c98cc8 Aug 26 18:38:54.745181: | free_event_entry: release EVENT_NULL-pe@0x560b72c986c8 Aug 26 18:38:54.745188: | libevent_free: release ptr-libevent@0x560b72c98e28 Aug 26 18:38:54.745192: | free_event_entry: release EVENT_NULL-pe@0x560b72c98db8 Aug 26 18:38:54.745199: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:38:54.745629: | libevent_free: release ptr-libevent@0x560b72c8c518 Aug 26 18:38:54.745637: | free_event_entry: release EVENT_NULL-pe@0x560b72c80258 Aug 26 18:38:54.745642: | libevent_free: release ptr-libevent@0x560b72c2a058 Aug 26 18:38:54.745645: | free_event_entry: release EVENT_NULL-pe@0x560b72c7f718 Aug 26 18:38:54.745648: | libevent_free: release ptr-libevent@0x560b72c63b18 Aug 26 18:38:54.745650: | free_event_entry: release EVENT_NULL-pe@0x560b72c802c8 Aug 26 18:38:54.745653: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 18:38:54.745655: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 18:38:54.745657: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 18:38:54.745658: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 18:38:54.745660: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 18:38:54.745661: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 18:38:54.745663: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 18:38:54.745665: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 18:38:54.745666: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 18:38:54.745670: | libevent_free: release ptr-libevent@0x560b72c27808 Aug 26 18:38:54.745672: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 18:38:54.745674: | libevent_free: release ptr-libevent@0x560b72c97928 Aug 26 18:38:54.745676: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 18:38:54.745678: | libevent_free: release ptr-libevent@0x560b72c97a38 Aug 26 18:38:54.745680: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 18:38:54.745682: | libevent_free: release ptr-libevent@0x560b72c97c78 Aug 26 18:38:54.745683: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 18:38:54.745685: | releasing event base Aug 26 18:38:54.745694: | libevent_free: release ptr-libevent@0x560b72c97b48 Aug 26 18:38:54.745697: | libevent_free: release ptr-libevent@0x560b72c7ab08 Aug 26 18:38:54.745699: | libevent_free: release ptr-libevent@0x560b72c7aab8 Aug 26 18:38:54.745701: | libevent_free: release ptr-libevent@0x560b72c7aa48 Aug 26 18:38:54.745703: | libevent_free: release ptr-libevent@0x560b72c7aa08 Aug 26 18:38:54.745704: | libevent_free: release ptr-libevent@0x560b72c97828 Aug 26 18:38:54.745706: | libevent_free: release ptr-libevent@0x560b72c978a8 Aug 26 18:38:54.745708: | libevent_free: release ptr-libevent@0x560b72c7acb8 Aug 26 18:38:54.745709: | libevent_free: release ptr-libevent@0x560b72c7f828 Aug 26 18:38:54.745711: | libevent_free: release ptr-libevent@0x560b72c80218 Aug 26 18:38:54.745712: | libevent_free: release ptr-libevent@0x560b72c98ed8 Aug 26 18:38:54.745714: | libevent_free: release ptr-libevent@0x560b72c98d78 Aug 26 18:38:54.745715: | libevent_free: release ptr-libevent@0x560b72c98688 Aug 26 18:38:54.745717: | libevent_free: release ptr-libevent@0x560b72c985d8 Aug 26 18:38:54.745719: | libevent_free: release ptr-libevent@0x560b72c98528 Aug 26 18:38:54.745720: | libevent_free: release ptr-libevent@0x560b72c98478 Aug 26 18:38:54.745722: | libevent_free: release ptr-libevent@0x560b72c983c8 Aug 26 18:38:54.745723: | libevent_free: release ptr-libevent@0x560b72c98318 Aug 26 18:38:54.745725: | libevent_free: release ptr-libevent@0x560b72c27968 Aug 26 18:38:54.745726: | libevent_free: release ptr-libevent@0x560b72c979f8 Aug 26 18:38:54.745728: | libevent_free: release ptr-libevent@0x560b72c978e8 Aug 26 18:38:54.745729: | libevent_free: release ptr-libevent@0x560b72c97868 Aug 26 18:38:54.745731: | libevent_free: release ptr-libevent@0x560b72c97b08 Aug 26 18:38:54.745733: | libevent_free: release ptr-libevent@0x560b72c26af8 Aug 26 18:38:54.745734: | libevent_free: release ptr-libevent@0x560b72bf7908 Aug 26 18:38:54.745736: | libevent_free: release ptr-libevent@0x560b72bf7d38 Aug 26 18:38:54.745740: | libevent_free: release ptr-libevent@0x560b72c26e68 Aug 26 18:38:54.745741: | releasing global libevent data Aug 26 18:38:54.745744: | libevent_free: release ptr-libevent@0x560b72bf7a08 Aug 26 18:38:54.745745: | libevent_free: release ptr-libevent@0x560b72bf7cd8 Aug 26 18:38:54.745747: | libevent_free: release ptr-libevent@0x560b72bf7dd8 Aug 26 18:38:54.745774: leak detective found no leaks