Aug 26 18:38:34.621429: FIPS Product: YES Aug 26 18:38:34.621475: FIPS Kernel: NO Aug 26 18:38:34.621478: FIPS Mode: NO Aug 26 18:38:34.621481: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:38:34.621654: Initializing NSS Aug 26 18:38:34.621663: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:38:34.657554: NSS initialized Aug 26 18:38:34.657577: NSS crypto library initialized Aug 26 18:38:34.657581: FIPS HMAC integrity support [enabled] Aug 26 18:38:34.657583: FIPS mode disabled for pluto daemon Aug 26 18:38:34.695791: FIPS HMAC integrity verification self-test FAILED Aug 26 18:38:34.695893: libcap-ng support [enabled] Aug 26 18:38:34.695901: Linux audit support [enabled] Aug 26 18:38:34.695926: Linux audit activated Aug 26 18:38:34.695935: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:12867 Aug 26 18:38:34.695939: core dump dir: /tmp Aug 26 18:38:34.695942: secrets file: /etc/ipsec.secrets Aug 26 18:38:34.695944: leak-detective enabled Aug 26 18:38:34.695947: NSS crypto [enabled] Aug 26 18:38:34.695949: XAUTH PAM support [enabled] Aug 26 18:38:34.696021: | libevent is using pluto's memory allocator Aug 26 18:38:34.696029: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:38:34.696044: | libevent_malloc: new ptr-libevent@0x55d4c8d03488 size 40 Aug 26 18:38:34.696052: | libevent_malloc: new ptr-libevent@0x55d4c8d02cd8 size 40 Aug 26 18:38:34.696055: | libevent_malloc: new ptr-libevent@0x55d4c8d02dd8 size 40 Aug 26 18:38:34.696058: | creating event base Aug 26 18:38:34.696061: | libevent_malloc: new ptr-libevent@0x55d4c8d85a58 size 56 Aug 26 18:38:34.696067: | libevent_malloc: new ptr-libevent@0x55d4c8d31e78 size 664 Aug 26 18:38:34.696079: | libevent_malloc: new ptr-libevent@0x55d4c8d85ac8 size 24 Aug 26 18:38:34.696083: | libevent_malloc: new ptr-libevent@0x55d4c8d85b18 size 384 Aug 26 18:38:34.696092: | libevent_malloc: new ptr-libevent@0x55d4c8d85a18 size 16 Aug 26 18:38:34.696096: | libevent_malloc: new ptr-libevent@0x55d4c8d02908 size 40 Aug 26 18:38:34.696098: | libevent_malloc: new ptr-libevent@0x55d4c8d02d38 size 48 Aug 26 18:38:34.696103: | libevent_realloc: new ptr-libevent@0x55d4c8d32978 size 256 Aug 26 18:38:34.696107: | libevent_malloc: new ptr-libevent@0x55d4c8d85cc8 size 16 Aug 26 18:38:34.696113: | libevent_free: release ptr-libevent@0x55d4c8d85a58 Aug 26 18:38:34.696117: | libevent initialized Aug 26 18:38:34.696121: | libevent_realloc: new ptr-libevent@0x55d4c8d85a58 size 64 Aug 26 18:38:34.696127: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:38:34.696141: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:38:34.696144: NAT-Traversal support [enabled] Aug 26 18:38:34.696147: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:38:34.696153: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:38:34.696157: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:38:34.696190: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:38:34.696194: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:38:34.696197: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:38:34.696247: Encryption algorithms: Aug 26 18:38:34.696257: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:38:34.696261: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:38:34.696266: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:38:34.696269: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:38:34.696273: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:38:34.696281: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:38:34.696286: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:38:34.696311: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:38:34.696318: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:38:34.696322: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:38:34.696326: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:38:34.696330: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:38:34.696334: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:38:34.696338: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:38:34.696342: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:38:34.696345: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:38:34.696349: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:38:34.696356: Hash algorithms: Aug 26 18:38:34.696359: MD5 IKEv1: IKE IKEv2: Aug 26 18:38:34.696362: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:38:34.696366: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:38:34.696369: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:38:34.696372: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:38:34.696386: PRF algorithms: Aug 26 18:38:34.696390: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:38:34.696393: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:38:34.696397: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:38:34.696400: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:38:34.696404: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:38:34.696407: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:38:34.696433: Integrity algorithms: Aug 26 18:38:34.696437: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:38:34.696441: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:38:34.696445: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:38:34.696449: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:38:34.696453: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:38:34.696456: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:38:34.696459: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:38:34.696462: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:38:34.696466: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:38:34.696478: DH algorithms: Aug 26 18:38:34.696482: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:38:34.696485: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:38:34.696489: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:38:34.696495: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:38:34.696499: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:38:34.696502: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:38:34.696505: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:38:34.696509: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:38:34.696512: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:38:34.696516: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:38:34.696519: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:38:34.696522: testing CAMELLIA_CBC: Aug 26 18:38:34.696525: Camellia: 16 bytes with 128-bit key Aug 26 18:38:34.696653: Camellia: 16 bytes with 128-bit key Aug 26 18:38:34.696685: Camellia: 16 bytes with 256-bit key Aug 26 18:38:34.696719: Camellia: 16 bytes with 256-bit key Aug 26 18:38:34.696750: testing AES_GCM_16: Aug 26 18:38:34.696754: empty string Aug 26 18:38:34.696786: one block Aug 26 18:38:34.696816: two blocks Aug 26 18:38:34.696845: two blocks with associated data Aug 26 18:38:34.696875: testing AES_CTR: Aug 26 18:38:34.696880: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:38:34.696910: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:38:34.696940: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:38:34.696972: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:38:34.697002: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:38:34.697036: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:38:34.697067: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:38:34.697096: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:38:34.697125: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:38:34.697156: testing AES_CBC: Aug 26 18:38:34.697159: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:38:34.697187: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:38:34.697217: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:38:34.697247: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:38:34.697282: testing AES_XCBC: Aug 26 18:38:34.697287: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:38:34.697423: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:38:34.697570: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:38:34.697696: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:38:34.697830: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:38:34.697964: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:38:34.698105: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:38:34.698419: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:38:34.698569: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:38:34.698700: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:38:34.698954: testing HMAC_MD5: Aug 26 18:38:34.698961: RFC 2104: MD5_HMAC test 1 Aug 26 18:38:34.699144: RFC 2104: MD5_HMAC test 2 Aug 26 18:38:34.699309: RFC 2104: MD5_HMAC test 3 Aug 26 18:38:34.699512: 8 CPU cores online Aug 26 18:38:34.699518: starting up 7 crypto helpers Aug 26 18:38:34.699557: started thread for crypto helper 0 Aug 26 18:38:34.699562: | starting up helper thread 0 Aug 26 18:38:34.699580: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:38:34.699583: | crypto helper 0 waiting (nothing to do) Aug 26 18:38:34.699590: started thread for crypto helper 1 Aug 26 18:38:34.699619: started thread for crypto helper 2 Aug 26 18:38:34.699640: started thread for crypto helper 3 Aug 26 18:38:34.699656: | starting up helper thread 3 Aug 26 18:38:34.699663: started thread for crypto helper 4 Aug 26 18:38:34.699669: | starting up helper thread 1 Aug 26 18:38:34.699702: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:38:34.699705: | crypto helper 1 waiting (nothing to do) Aug 26 18:38:34.699672: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:38:34.699798: | crypto helper 3 waiting (nothing to do) Aug 26 18:38:34.699693: started thread for crypto helper 5 Aug 26 18:38:34.699831: started thread for crypto helper 6 Aug 26 18:38:34.699839: | checking IKEv1 state table Aug 26 18:38:34.699847: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:38:34.699850: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:38:34.699853: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:38:34.699855: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:38:34.699858: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:38:34.699861: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:38:34.699863: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:34.699866: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:34.699869: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:38:34.699871: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:38:34.699874: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:34.699876: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:34.699879: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:38:34.699881: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:38:34.699884: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:38:34.699886: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:38:34.699889: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:38:34.699892: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:38:34.699894: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:38:34.699896: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:38:34.699899: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:38:34.699902: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.699905: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:38:34.699907: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.699910: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:38:34.699913: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:38:34.699915: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:38:34.699918: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:38:34.699920: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:38:34.699923: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:38:34.699926: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:38:34.699928: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:38:34.699931: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:38:34.699933: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.699936: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:38:34.699939: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.699942: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:38:34.699944: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:38:34.699947: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:38:34.699950: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:38:34.699952: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:38:34.699955: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:38:34.699958: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:38:34.699960: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.699963: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:38:34.699966: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.699968: | INFO: category: informational flags: 0: Aug 26 18:38:34.699971: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.699974: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:38:34.699976: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.699979: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:38:34.699985: | -> XAUTH_R1 EVENT_NULL Aug 26 18:38:34.699988: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:38:34.699990: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:38:34.699993: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:38:34.699996: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:38:34.699999: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:38:34.700001: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:38:34.700004: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:38:34.700007: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.700010: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:38:34.700012: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:38:34.700015: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:38:34.700018: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:38:34.700021: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:38:34.700023: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:38:34.700029: | checking IKEv2 state table Aug 26 18:38:34.700035: | PARENT_I0: category: ignore flags: 0: Aug 26 18:38:34.700038: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:38:34.699675: | starting up helper thread 4 Aug 26 18:38:34.700039: | starting up helper thread 2 Aug 26 18:38:34.700051: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:38:34.700041: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:38:34.700058: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:38:34.700061: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:38:34.700065: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:38:34.700068: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:38:34.700071: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:38:34.700073: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:38:34.700076: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:38:34.700079: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:38:34.700082: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:38:34.700085: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:38:34.700088: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:38:34.700090: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:38:34.700093: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:38:34.700096: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:38:34.700099: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:38:34.700102: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:38:34.700105: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:38:34.700108: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:38:34.700111: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:38:34.700114: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:38:34.700116: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:38:34.700119: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:38:34.700122: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:38:34.700125: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:38:34.700128: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:38:34.700131: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:38:34.700133: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:38:34.700138: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:38:34.700141: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:38:34.700144: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:38:34.700147: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:38:34.700150: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:38:34.700153: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:38:34.700156: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:38:34.700159: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:38:34.700162: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:38:34.700165: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:38:34.700168: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:38:34.700171: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:38:34.700174: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:38:34.700177: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:38:34.700180: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:38:34.700183: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:38:34.700186: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:38:34.700200: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:38:34.700255: | Hard-wiring algorithms Aug 26 18:38:34.700259: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:38:34.700263: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:38:34.700266: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:38:34.700268: | adding 3DES_CBC to kernel algorithm db Aug 26 18:38:34.700271: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:38:34.700274: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:38:34.700276: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:38:34.700279: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:38:34.700282: | adding AES_CTR to kernel algorithm db Aug 26 18:38:34.700284: | adding AES_CBC to kernel algorithm db Aug 26 18:38:34.700287: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:38:34.700330: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:38:34.700333: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:38:34.700336: | adding NULL to kernel algorithm db Aug 26 18:38:34.700339: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:38:34.700342: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:38:34.700344: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:38:34.700347: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:38:34.700349: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:38:34.700352: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:38:34.700355: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:38:34.700357: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:38:34.700360: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:38:34.700362: | adding NONE to kernel algorithm db Aug 26 18:38:34.700385: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:38:34.700390: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:38:34.700397: | crypto helper 4 waiting (nothing to do) Aug 26 18:38:34.700391: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:38:34.700407: | setup kernel fd callback Aug 26 18:38:34.700412: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55d4c8d8b2d8 Aug 26 18:38:34.700419: | libevent_malloc: new ptr-libevent@0x55d4c8d6eb28 size 128 Aug 26 18:38:34.700424: | libevent_malloc: new ptr-libevent@0x55d4c8d8a838 size 16 Aug 26 18:38:34.700436: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55d4c8d8a728 Aug 26 18:38:34.700441: | libevent_malloc: new ptr-libevent@0x55d4c8d35068 size 128 Aug 26 18:38:34.701085: | libevent_malloc: new ptr-libevent@0x55d4c8d8b228 size 16 Aug 26 18:38:34.700623: | starting up helper thread 5 Aug 26 18:38:34.701323: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:38:34.701327: | crypto helper 5 waiting (nothing to do) Aug 26 18:38:34.701339: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:38:34.701350: selinux support is enabled. Aug 26 18:38:34.701600: | unbound context created - setting debug level to 5 Aug 26 18:38:34.701627: | /etc/hosts lookups activated Aug 26 18:38:34.701644: | /etc/resolv.conf usage activated Aug 26 18:38:34.701699: | outgoing-port-avoid set 0-65535 Aug 26 18:38:34.701718: | outgoing-port-permit set 32768-60999 Aug 26 18:38:34.701720: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:38:34.701722: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:38:34.701725: | Setting up events, loop start Aug 26 18:38:34.701727: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55d4c8d8b268 Aug 26 18:38:34.701729: | libevent_malloc: new ptr-libevent@0x55d4c8d97528 size 128 Aug 26 18:38:34.701732: | libevent_malloc: new ptr-libevent@0x55d4c8da2838 size 16 Aug 26 18:38:34.701737: | libevent_realloc: new ptr-libevent@0x55d4c8d31b08 size 256 Aug 26 18:38:34.701739: | libevent_malloc: new ptr-libevent@0x55d4c8da2878 size 8 Aug 26 18:38:34.701741: | libevent_realloc: new ptr-libevent@0x55d4c8d323b8 size 144 Aug 26 18:38:34.701743: | libevent_malloc: new ptr-libevent@0x55d4c8d32818 size 152 Aug 26 18:38:34.701746: | libevent_malloc: new ptr-libevent@0x55d4c8da28b8 size 16 Aug 26 18:38:34.701749: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:38:34.701750: | libevent_malloc: new ptr-libevent@0x55d4c8da28f8 size 8 Aug 26 18:38:34.701752: | libevent_malloc: new ptr-libevent@0x55d4c8da2938 size 152 Aug 26 18:38:34.701754: | signal event handler PLUTO_SIGTERM installed Aug 26 18:38:34.701756: | libevent_malloc: new ptr-libevent@0x55d4c8da2a08 size 8 Aug 26 18:38:34.701758: | libevent_malloc: new ptr-libevent@0x55d4c8da2a48 size 152 Aug 26 18:38:34.701760: | signal event handler PLUTO_SIGHUP installed Aug 26 18:38:34.701762: | libevent_malloc: new ptr-libevent@0x55d4c8da2b18 size 8 Aug 26 18:38:34.701764: | libevent_realloc: release ptr-libevent@0x55d4c8d323b8 Aug 26 18:38:34.701766: | libevent_realloc: new ptr-libevent@0x55d4c8da2b58 size 256 Aug 26 18:38:34.701767: | libevent_malloc: new ptr-libevent@0x55d4c8da2c88 size 152 Aug 26 18:38:34.701770: | signal event handler PLUTO_SIGSYS installed Aug 26 18:38:34.702115: | created addconn helper (pid:13132) using fork+execve Aug 26 18:38:34.702131: | forked child 13132 Aug 26 18:38:34.702182: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:34.702204: listening for IKE messages Aug 26 18:38:34.702204: | starting up helper thread 6 Aug 26 18:38:34.702227: | crypto helper 2 waiting (nothing to do) Aug 26 18:38:34.702238: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:38:34.702250: | crypto helper 6 waiting (nothing to do) Aug 26 18:38:34.702268: | Inspecting interface lo Aug 26 18:38:34.702277: | found lo with address 127.0.0.1 Aug 26 18:38:34.702283: | Inspecting interface eth0 Aug 26 18:38:34.702293: | found eth0 with address 192.0.3.254 Aug 26 18:38:34.702302: | Inspecting interface eth1 Aug 26 18:38:34.702307: | found eth1 with address 192.1.3.33 Aug 26 18:38:34.702362: Kernel supports NIC esp-hw-offload Aug 26 18:38:34.702376: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Aug 26 18:38:34.702402: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:38:34.702408: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:38:34.702413: adding interface eth1/eth1 192.1.3.33:4500 Aug 26 18:38:34.702448: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Aug 26 18:38:34.702472: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:38:34.702477: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:38:34.702481: adding interface eth0/eth0 192.0.3.254:4500 Aug 26 18:38:34.702506: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:38:34.702530: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:38:34.702535: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:38:34.702539: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:38:34.702600: | no interfaces to sort Aug 26 18:38:34.702606: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:38:34.702616: | add_fd_read_event_handler: new ethX-pe@0x55d4c8da3158 Aug 26 18:38:34.702620: | libevent_malloc: new ptr-libevent@0x55d4c8d97478 size 128 Aug 26 18:38:34.702623: | libevent_malloc: new ptr-libevent@0x55d4c8da31c8 size 16 Aug 26 18:38:34.702630: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:38:34.702633: | add_fd_read_event_handler: new ethX-pe@0x55d4c8da3208 Aug 26 18:38:34.702639: | libevent_malloc: new ptr-libevent@0x55d4c8d332c8 size 128 Aug 26 18:38:34.702642: | libevent_malloc: new ptr-libevent@0x55d4c8da3278 size 16 Aug 26 18:38:34.702647: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:38:34.702650: | add_fd_read_event_handler: new ethX-pe@0x55d4c8da32b8 Aug 26 18:38:34.702653: | libevent_malloc: new ptr-libevent@0x55d4c8d35168 size 128 Aug 26 18:38:34.702656: | libevent_malloc: new ptr-libevent@0x55d4c8da3328 size 16 Aug 26 18:38:34.702660: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 18:38:34.702663: | add_fd_read_event_handler: new ethX-pe@0x55d4c8da3368 Aug 26 18:38:34.702666: | libevent_malloc: new ptr-libevent@0x55d4c8d322b8 size 128 Aug 26 18:38:34.702669: | libevent_malloc: new ptr-libevent@0x55d4c8da33d8 size 16 Aug 26 18:38:34.702674: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 18:38:34.702677: | add_fd_read_event_handler: new ethX-pe@0x55d4c8da3418 Aug 26 18:38:34.702683: | libevent_malloc: new ptr-libevent@0x55d4c8d034e8 size 128 Aug 26 18:38:34.702686: | libevent_malloc: new ptr-libevent@0x55d4c8da3488 size 16 Aug 26 18:38:34.702692: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 18:38:34.702695: | add_fd_read_event_handler: new ethX-pe@0x55d4c8da34c8 Aug 26 18:38:34.702698: | libevent_malloc: new ptr-libevent@0x55d4c8d031d8 size 128 Aug 26 18:38:34.702701: | libevent_malloc: new ptr-libevent@0x55d4c8da3538 size 16 Aug 26 18:38:34.702707: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 18:38:34.702713: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:38:34.702716: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:38:34.702737: loading secrets from "/etc/ipsec.secrets" Aug 26 18:38:34.702751: | Processing PSK at line 1: passed Aug 26 18:38:34.702756: | certs and keys locked by 'process_secret' Aug 26 18:38:34.702758: | certs and keys unlocked by 'process_secret' Aug 26 18:38:34.702770: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:34.702779: | spent 0.601 milliseconds in whack Aug 26 18:38:34.731792: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:34.731821: listening for IKE messages Aug 26 18:38:34.731856: | Inspecting interface lo Aug 26 18:38:34.731863: | found lo with address 127.0.0.1 Aug 26 18:38:34.731867: | Inspecting interface eth0 Aug 26 18:38:34.731871: | found eth0 with address 192.0.3.254 Aug 26 18:38:34.731874: | Inspecting interface eth1 Aug 26 18:38:34.731878: | found eth1 with address 192.1.3.33 Aug 26 18:38:34.731945: | no interfaces to sort Aug 26 18:38:34.731956: | libevent_free: release ptr-libevent@0x55d4c8d97478 Aug 26 18:38:34.731960: | free_event_entry: release EVENT_NULL-pe@0x55d4c8da3158 Aug 26 18:38:34.731969: | add_fd_read_event_handler: new ethX-pe@0x55d4c8da3158 Aug 26 18:38:34.731973: | libevent_malloc: new ptr-libevent@0x55d4c8d97478 size 128 Aug 26 18:38:34.731981: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:38:34.731985: | libevent_free: release ptr-libevent@0x55d4c8d332c8 Aug 26 18:38:34.731988: | free_event_entry: release EVENT_NULL-pe@0x55d4c8da3208 Aug 26 18:38:34.731991: | add_fd_read_event_handler: new ethX-pe@0x55d4c8da3208 Aug 26 18:38:34.731994: | libevent_malloc: new ptr-libevent@0x55d4c8d332c8 size 128 Aug 26 18:38:34.731999: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:38:34.732002: | libevent_free: release ptr-libevent@0x55d4c8d35168 Aug 26 18:38:34.732005: | free_event_entry: release EVENT_NULL-pe@0x55d4c8da32b8 Aug 26 18:38:34.732008: | add_fd_read_event_handler: new ethX-pe@0x55d4c8da32b8 Aug 26 18:38:34.732011: | libevent_malloc: new ptr-libevent@0x55d4c8d35168 size 128 Aug 26 18:38:34.732016: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 18:38:34.732019: | libevent_free: release ptr-libevent@0x55d4c8d322b8 Aug 26 18:38:34.732022: | free_event_entry: release EVENT_NULL-pe@0x55d4c8da3368 Aug 26 18:38:34.732025: | add_fd_read_event_handler: new ethX-pe@0x55d4c8da3368 Aug 26 18:38:34.732028: | libevent_malloc: new ptr-libevent@0x55d4c8d322b8 size 128 Aug 26 18:38:34.732033: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 18:38:34.732036: | libevent_free: release ptr-libevent@0x55d4c8d034e8 Aug 26 18:38:34.732039: | free_event_entry: release EVENT_NULL-pe@0x55d4c8da3418 Aug 26 18:38:34.732042: | add_fd_read_event_handler: new ethX-pe@0x55d4c8da3418 Aug 26 18:38:34.732045: | libevent_malloc: new ptr-libevent@0x55d4c8d034e8 size 128 Aug 26 18:38:34.732049: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 18:38:34.732053: | libevent_free: release ptr-libevent@0x55d4c8d031d8 Aug 26 18:38:34.732056: | free_event_entry: release EVENT_NULL-pe@0x55d4c8da34c8 Aug 26 18:38:34.732058: | add_fd_read_event_handler: new ethX-pe@0x55d4c8da34c8 Aug 26 18:38:34.732061: | libevent_malloc: new ptr-libevent@0x55d4c8d031d8 size 128 Aug 26 18:38:34.732066: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 18:38:34.732069: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:38:34.732072: forgetting secrets Aug 26 18:38:34.732080: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:38:34.732094: loading secrets from "/etc/ipsec.secrets" Aug 26 18:38:34.732101: | Processing PSK at line 1: passed Aug 26 18:38:34.732105: | certs and keys locked by 'process_secret' Aug 26 18:38:34.732107: | certs and keys unlocked by 'process_secret' Aug 26 18:38:34.732116: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:34.732123: | spent 0.34 milliseconds in whack Aug 26 18:38:34.732655: | processing signal PLUTO_SIGCHLD Aug 26 18:38:34.732673: | waitpid returned pid 13132 (exited with status 0) Aug 26 18:38:34.732678: | reaped addconn helper child (status 0) Aug 26 18:38:34.732683: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:34.732688: | spent 0.0178 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:34.789037: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:34.789060: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:34.789064: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:38:34.789067: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:34.789069: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:38:34.789074: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:34.789123: | Added new connection northnet-eastnet with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 18:38:34.789183: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:38:34.789195: | from whack: got --esp=aes256-sha2 Aug 26 18:38:34.789210: | ESP/AH string values: AES_CBC_256-HMAC_SHA2_256_128 Aug 26 18:38:34.789217: | counting wild cards for 192.1.3.33 is 0 Aug 26 18:38:34.789222: | counting wild cards for 192.1.2.23 is 0 Aug 26 18:38:34.789231: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Aug 26 18:38:34.789234: | new hp@0x55d4c8da54c8 Aug 26 18:38:34.789239: added connection description "northnet-eastnet" Aug 26 18:38:34.789248: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 18:38:34.789259: | 192.0.3.0/24===192.1.3.33<192.1.3.33>...192.1.2.23<192.1.2.23>===192.0.2.0/24 Aug 26 18:38:34.789265: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:34.789272: | spent 0.246 milliseconds in whack Aug 26 18:38:34.848071: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:34.848094: | old debugging base+cpu-usage + none Aug 26 18:38:34.848098: | base debugging = base+cpu-usage Aug 26 18:38:34.848101: | old impairing none + suppress-retransmits Aug 26 18:38:34.848104: | base impairing = suppress-retransmits Aug 26 18:38:34.848112: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:34.848119: | spent 0.057 milliseconds in whack Aug 26 18:38:34.960664: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:34.960683: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 18:38:34.960686: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:34.960691: | start processing: connection "northnet-eastnet" (in initiate_a_connection() at initiate.c:186) Aug 26 18:38:34.960694: | connection 'northnet-eastnet' +POLICY_UP Aug 26 18:38:34.960696: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 18:38:34.960698: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:38:34.960718: | creating state object #1 at 0x55d4c8da55a8 Aug 26 18:38:34.960721: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 18:38:34.960727: | pstats #1 ikev2.ike started Aug 26 18:38:34.960730: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:38:34.960732: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:38:34.960736: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:38:34.960742: | suspend processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:38:34.960746: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:38:34.960749: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:38:34.960752: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet" IKE SA #1 "northnet-eastnet" Aug 26 18:38:34.960755: "northnet-eastnet" #1: initiating v2 parent SA Aug 26 18:38:34.960768: | constructing local IKE proposals for northnet-eastnet (IKE SA initiator selecting KE) Aug 26 18:38:34.960777: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:34.960784: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:34.960786: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:34.960793: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:34.960796: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:34.960800: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:34.960802: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:34.960806: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:34.960812: "northnet-eastnet": constructed local IKE proposals for northnet-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:34.960819: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 18:38:34.960823: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d4c8da7d18 Aug 26 18:38:34.960827: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:38:34.960830: | libevent_malloc: new ptr-libevent@0x55d4c8da7d88 size 128 Aug 26 18:38:34.960841: | #1 spent 0.148 milliseconds in ikev2_parent_outI1() Aug 26 18:38:34.960843: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:38:34.960846: | crypto helper 0 resuming Aug 26 18:38:34.960846: | RESET processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:38:34.960862: | crypto helper 0 starting work-order 1 for state #1 Aug 26 18:38:34.960864: | RESET processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:38:34.960867: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:38:34.960868: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 18:38:34.960871: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Aug 26 18:38:34.960874: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:34.960877: | spent 0.217 milliseconds in whack Aug 26 18:38:34.961941: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001072 seconds Aug 26 18:38:34.961955: | (#1) spent 1.06 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 18:38:34.961959: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 18:38:34.961963: | scheduling resume sending helper answer for #1 Aug 26 18:38:34.961966: | libevent_malloc: new ptr-libevent@0x7fb074002888 size 128 Aug 26 18:38:34.961975: | crypto helper 0 waiting (nothing to do) Aug 26 18:38:34.962006: | processing resume sending helper answer for #1 Aug 26 18:38:34.962015: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:38:34.962019: | crypto helper 0 replies to request ID 1 Aug 26 18:38:34.962021: | calling continuation function 0x55d4c84a3b50 Aug 26 18:38:34.962023: | ikev2_parent_outI1_continue for #1 Aug 26 18:38:34.962050: | **emit ISAKMP Message: Aug 26 18:38:34.962055: | initiator cookie: Aug 26 18:38:34.962057: | c9 74 af 35 05 84 b2 d5 Aug 26 18:38:34.962058: | responder cookie: Aug 26 18:38:34.962060: | 00 00 00 00 00 00 00 00 Aug 26 18:38:34.962062: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:34.962064: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:34.962066: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:38:34.962068: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:38:34.962070: | Message ID: 0 (0x0) Aug 26 18:38:34.962072: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:34.962083: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:34.962085: | Emitting ikev2_proposals ... Aug 26 18:38:34.962087: | ***emit IKEv2 Security Association Payload: Aug 26 18:38:34.962089: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.962091: | flags: none (0x0) Aug 26 18:38:34.962093: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:38:34.962095: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.962097: | discarding INTEG=NONE Aug 26 18:38:34.962099: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.962101: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:34.962103: | prop #: 1 (0x1) Aug 26 18:38:34.962104: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:34.962106: | spi size: 0 (0x0) Aug 26 18:38:34.962108: | # transforms: 11 (0xb) Aug 26 18:38:34.962110: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:34.962112: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962114: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962115: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.962117: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:34.962119: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962121: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.962123: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.962125: | length/value: 256 (0x100) Aug 26 18:38:34.962127: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:34.962129: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962131: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962132: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.962134: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:34.962136: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962138: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962140: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962142: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962143: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962146: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.962148: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:34.962150: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962152: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962154: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962155: | discarding INTEG=NONE Aug 26 18:38:34.962157: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962159: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962160: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962162: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.962164: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962166: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962168: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962169: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962171: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962173: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962174: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:34.962176: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962178: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962180: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962182: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962183: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962185: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962187: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:34.962189: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962190: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962192: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962194: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962195: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962197: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962199: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:34.962201: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962203: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962204: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962206: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962208: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962209: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962211: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:34.962213: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962215: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962218: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962219: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962221: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962223: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962224: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:34.962226: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962228: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962230: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962232: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962233: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962235: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962237: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:34.962239: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962241: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962242: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962244: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962246: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.962247: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962249: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:34.962251: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962253: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962255: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962257: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:38:34.962259: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:34.962260: | discarding INTEG=NONE Aug 26 18:38:34.962262: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.962264: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:34.962265: | prop #: 2 (0x2) Aug 26 18:38:34.962267: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:34.962269: | spi size: 0 (0x0) Aug 26 18:38:34.962270: | # transforms: 11 (0xb) Aug 26 18:38:34.962272: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:34.962274: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:34.962276: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962278: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962279: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.962281: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:34.962283: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962285: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.962287: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.962292: | length/value: 128 (0x80) Aug 26 18:38:34.962299: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:34.962302: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962305: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962309: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.962312: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:34.962315: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962318: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962320: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962323: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962326: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962329: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.962332: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:34.962335: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962338: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962342: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962344: | discarding INTEG=NONE Aug 26 18:38:34.962347: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962349: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962352: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962355: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.962358: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962361: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962363: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962366: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962368: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962371: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962373: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:34.962377: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962379: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962382: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962385: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962387: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962390: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962392: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:34.962395: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962398: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962401: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962403: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962406: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962409: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962412: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:34.962415: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962418: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962424: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962427: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962430: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962432: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962435: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:34.962438: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962441: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962444: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962446: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962449: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962451: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962454: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:34.962457: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962460: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962462: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962465: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962467: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962470: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962472: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:34.962476: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962478: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962481: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962483: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962486: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.962489: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962491: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:34.962494: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962497: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962499: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962502: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:38:34.962505: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:34.962508: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.962511: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:34.962513: | prop #: 3 (0x3) Aug 26 18:38:34.962516: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:34.962518: | spi size: 0 (0x0) Aug 26 18:38:34.962520: | # transforms: 13 (0xd) Aug 26 18:38:34.962524: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:34.962527: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:34.962530: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962532: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962535: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.962537: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:34.962544: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962547: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.962550: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.962552: | length/value: 256 (0x100) Aug 26 18:38:34.962555: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:34.962558: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962560: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962563: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.962565: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:34.962568: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962571: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962574: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962576: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962579: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962581: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.962583: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:34.962586: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962589: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962592: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962595: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962597: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962600: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:34.962602: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:38:34.962605: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962607: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962610: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962612: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962615: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962617: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:34.962620: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:34.962623: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962625: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962627: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962630: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962632: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962634: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962637: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.962640: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962643: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962646: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962648: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962653: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962656: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962658: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:34.962661: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962664: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962667: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962670: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962672: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962675: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962678: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:34.962681: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962684: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962687: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962690: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962692: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962695: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962698: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:34.962700: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962704: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962707: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962709: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962712: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962715: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962717: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:34.962721: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962724: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962727: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962730: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962732: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962735: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962738: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:34.962742: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962745: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962748: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962751: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962754: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962756: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962759: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:34.962763: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962766: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962772: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962775: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962778: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.962781: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962784: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:34.962787: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962791: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962794: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962797: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:38:34.962801: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:34.962804: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.962807: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:34.962809: | prop #: 4 (0x4) Aug 26 18:38:34.962812: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:34.962815: | spi size: 0 (0x0) Aug 26 18:38:34.962818: | # transforms: 13 (0xd) Aug 26 18:38:34.962821: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:34.962825: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:34.962828: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962831: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962833: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.962836: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:34.962839: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962842: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.962846: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.962848: | length/value: 128 (0x80) Aug 26 18:38:34.962852: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:34.962854: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962857: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962860: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.962863: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:34.962866: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962869: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962872: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962874: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962877: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962880: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.962882: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:34.962885: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962889: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962891: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962894: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962897: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962899: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:34.962905: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:38:34.962908: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962911: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962914: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962916: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962919: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962922: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:34.962925: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:34.962928: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962931: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962934: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962936: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962939: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962942: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962944: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.962948: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962951: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962954: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962957: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962960: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962962: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962965: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:34.962968: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962972: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962974: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962977: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962980: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962982: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.962985: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:34.962988: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.962991: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.962994: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.962996: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.962999: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.963002: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.963004: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:34.963008: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.963011: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.963013: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.963018: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.963020: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.963023: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.963026: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:34.963029: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.963031: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.963034: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.963037: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.963040: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.963042: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.963045: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:34.963048: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.963051: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.963054: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.963056: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.963059: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.963062: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.963065: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:34.963068: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.963070: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.963074: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.963076: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.963079: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.963082: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.963085: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:34.963088: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.963090: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.963093: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.963096: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:38:34.963099: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:34.963101: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:38:34.963104: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:38:34.963107: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:38:34.963110: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.963113: | flags: none (0x0) Aug 26 18:38:34.963116: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.963120: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:38:34.963123: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.963127: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:38:34.963130: | ikev2 g^x 2f a0 15 7a 07 73 4d 0f d7 51 e2 53 57 41 40 61 Aug 26 18:38:34.963133: | ikev2 g^x cc c6 01 15 3b 2f d0 02 6f 0d 3c ff 58 77 8c 5e Aug 26 18:38:34.963138: | ikev2 g^x 61 84 5a 9c 5d 4e 8d 70 f5 90 9f fa 68 34 28 61 Aug 26 18:38:34.963141: | ikev2 g^x 5b f9 99 5e c4 0e 0e 24 47 63 95 4d dd 3a 95 34 Aug 26 18:38:34.963143: | ikev2 g^x 6f 10 9c 46 83 96 e1 79 81 27 1c 3a 67 eb 4f 14 Aug 26 18:38:34.963146: | ikev2 g^x 45 08 be f7 d4 9c 8e ba 87 69 0d 49 60 76 62 ed Aug 26 18:38:34.963148: | ikev2 g^x c1 8c 29 af fd 0d 60 f7 d3 3d d4 ed f4 e7 d6 7e Aug 26 18:38:34.963151: | ikev2 g^x 70 e5 05 c3 26 45 96 05 f9 6b da c0 9d fd ad 8a Aug 26 18:38:34.963153: | ikev2 g^x b1 26 13 57 a6 3f c3 58 c6 29 38 fd 38 9e 23 b8 Aug 26 18:38:34.963156: | ikev2 g^x e7 a7 50 af 28 f5 f7 9a d0 60 cb 89 82 cf bf e9 Aug 26 18:38:34.963159: | ikev2 g^x 4c d9 94 cd ae a1 7d 7f 2b d4 d2 53 6a db cd 75 Aug 26 18:38:34.963162: | ikev2 g^x af 02 b0 3b fa a1 4d 9d 76 e1 ed 2d 2c ef 88 8e Aug 26 18:38:34.963164: | ikev2 g^x ef e9 e8 53 af ed fd 56 7d 08 30 20 93 b0 be ab Aug 26 18:38:34.963167: | ikev2 g^x 0a a2 8d 34 c5 ca 0f 1a 5b a7 4f 20 51 ef da 08 Aug 26 18:38:34.963170: | ikev2 g^x df 26 7b 8e 80 4e 5b 40 43 4b 42 8f c9 ae 3a f2 Aug 26 18:38:34.963173: | ikev2 g^x cd ea 54 5c b7 3c 2c 0c 26 02 43 fb fd 63 4e de Aug 26 18:38:34.963175: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:38:34.963178: | ***emit IKEv2 Nonce Payload: Aug 26 18:38:34.963181: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:34.963184: | flags: none (0x0) Aug 26 18:38:34.963188: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:38:34.963191: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:38:34.963194: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.963198: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:38:34.963201: | IKEv2 nonce 2b 41 87 b7 a6 9d 26 cf 75 5d f8 08 ad e0 df 36 Aug 26 18:38:34.963204: | IKEv2 nonce 4d 8f e5 03 2c 34 d3 b7 3f 21 22 d8 89 89 0b db Aug 26 18:38:34.963207: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:38:34.963210: | Adding a v2N Payload Aug 26 18:38:34.963212: | ***emit IKEv2 Notify Payload: Aug 26 18:38:34.963215: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.963218: | flags: none (0x0) Aug 26 18:38:34.963221: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.963224: | SPI size: 0 (0x0) Aug 26 18:38:34.963227: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:38:34.963231: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:34.963234: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.963237: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:38:34.963241: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:38:34.963244: | natd_hash: rcookie is zero Aug 26 18:38:34.963261: | natd_hash: hasher=0x55d4c8578800(20) Aug 26 18:38:34.963265: | natd_hash: icookie= c9 74 af 35 05 84 b2 d5 Aug 26 18:38:34.963268: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:38:34.963271: | natd_hash: ip= c0 01 03 21 Aug 26 18:38:34.963274: | natd_hash: port=500 Aug 26 18:38:34.963276: | natd_hash: hash= be a7 08 a4 6d b3 8f 29 57 8d 17 8a c1 5c 94 34 Aug 26 18:38:34.963279: | natd_hash: hash= d1 e6 dc e0 Aug 26 18:38:34.963282: | Adding a v2N Payload Aug 26 18:38:34.963285: | ***emit IKEv2 Notify Payload: Aug 26 18:38:34.963302: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.963308: | flags: none (0x0) Aug 26 18:38:34.963311: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.963314: | SPI size: 0 (0x0) Aug 26 18:38:34.963317: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:34.963323: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:34.963326: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.963330: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:34.963333: | Notify data be a7 08 a4 6d b3 8f 29 57 8d 17 8a c1 5c 94 34 Aug 26 18:38:34.963336: | Notify data d1 e6 dc e0 Aug 26 18:38:34.963339: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:34.963341: | natd_hash: rcookie is zero Aug 26 18:38:34.963351: | natd_hash: hasher=0x55d4c8578800(20) Aug 26 18:38:34.963354: | natd_hash: icookie= c9 74 af 35 05 84 b2 d5 Aug 26 18:38:34.963357: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:38:34.963359: | natd_hash: ip= c0 01 02 17 Aug 26 18:38:34.963362: | natd_hash: port=500 Aug 26 18:38:34.963365: | natd_hash: hash= 14 bf 7a 3e 8f 34 ec 3e da 9f 0d 56 04 e6 cf ea Aug 26 18:38:34.963368: | natd_hash: hash= 46 31 da af Aug 26 18:38:34.963371: | Adding a v2N Payload Aug 26 18:38:34.963373: | ***emit IKEv2 Notify Payload: Aug 26 18:38:34.963376: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.963379: | flags: none (0x0) Aug 26 18:38:34.963382: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.963385: | SPI size: 0 (0x0) Aug 26 18:38:34.963388: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:34.963391: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:34.963394: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.963397: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:34.963400: | Notify data 14 bf 7a 3e 8f 34 ec 3e da 9f 0d 56 04 e6 cf ea Aug 26 18:38:34.963403: | Notify data 46 31 da af Aug 26 18:38:34.963406: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:34.963409: | emitting length of ISAKMP Message: 828 Aug 26 18:38:34.963416: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:38:34.963428: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:34.963432: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:38:34.963436: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:38:34.963440: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:38:34.963443: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 18:38:34.963446: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 18:38:34.963452: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:38:34.963456: "northnet-eastnet" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:38:34.963469: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:38:34.963479: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:38:34.963482: | c9 74 af 35 05 84 b2 d5 00 00 00 00 00 00 00 00 Aug 26 18:38:34.963485: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:38:34.963487: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:38:34.963490: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:38:34.963492: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:38:34.963495: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:38:34.963498: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:38:34.963500: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:38:34.963503: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:38:34.963507: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:38:34.963509: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:38:34.963512: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:38:34.963515: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:38:34.963517: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:38:34.963520: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:38:34.963523: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:38:34.963525: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:38:34.963528: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:38:34.963530: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:38:34.963533: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:38:34.963535: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:38:34.963538: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:38:34.963540: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:38:34.963543: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:38:34.963545: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:38:34.963548: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:38:34.963551: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:38:34.963553: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:38:34.963556: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:38:34.963559: | 28 00 01 08 00 0e 00 00 2f a0 15 7a 07 73 4d 0f Aug 26 18:38:34.963562: | d7 51 e2 53 57 41 40 61 cc c6 01 15 3b 2f d0 02 Aug 26 18:38:34.963564: | 6f 0d 3c ff 58 77 8c 5e 61 84 5a 9c 5d 4e 8d 70 Aug 26 18:38:34.963567: | f5 90 9f fa 68 34 28 61 5b f9 99 5e c4 0e 0e 24 Aug 26 18:38:34.963569: | 47 63 95 4d dd 3a 95 34 6f 10 9c 46 83 96 e1 79 Aug 26 18:38:34.963572: | 81 27 1c 3a 67 eb 4f 14 45 08 be f7 d4 9c 8e ba Aug 26 18:38:34.963574: | 87 69 0d 49 60 76 62 ed c1 8c 29 af fd 0d 60 f7 Aug 26 18:38:34.963577: | d3 3d d4 ed f4 e7 d6 7e 70 e5 05 c3 26 45 96 05 Aug 26 18:38:34.963579: | f9 6b da c0 9d fd ad 8a b1 26 13 57 a6 3f c3 58 Aug 26 18:38:34.963582: | c6 29 38 fd 38 9e 23 b8 e7 a7 50 af 28 f5 f7 9a Aug 26 18:38:34.963584: | d0 60 cb 89 82 cf bf e9 4c d9 94 cd ae a1 7d 7f Aug 26 18:38:34.963587: | 2b d4 d2 53 6a db cd 75 af 02 b0 3b fa a1 4d 9d Aug 26 18:38:34.963589: | 76 e1 ed 2d 2c ef 88 8e ef e9 e8 53 af ed fd 56 Aug 26 18:38:34.963592: | 7d 08 30 20 93 b0 be ab 0a a2 8d 34 c5 ca 0f 1a Aug 26 18:38:34.963594: | 5b a7 4f 20 51 ef da 08 df 26 7b 8e 80 4e 5b 40 Aug 26 18:38:34.963597: | 43 4b 42 8f c9 ae 3a f2 cd ea 54 5c b7 3c 2c 0c Aug 26 18:38:34.963599: | 26 02 43 fb fd 63 4e de 29 00 00 24 2b 41 87 b7 Aug 26 18:38:34.963602: | a6 9d 26 cf 75 5d f8 08 ad e0 df 36 4d 8f e5 03 Aug 26 18:38:34.963604: | 2c 34 d3 b7 3f 21 22 d8 89 89 0b db 29 00 00 08 Aug 26 18:38:34.963606: | 00 00 40 2e 29 00 00 1c 00 00 40 04 be a7 08 a4 Aug 26 18:38:34.963609: | 6d b3 8f 29 57 8d 17 8a c1 5c 94 34 d1 e6 dc e0 Aug 26 18:38:34.963611: | 00 00 00 1c 00 00 40 05 14 bf 7a 3e 8f 34 ec 3e Aug 26 18:38:34.963614: | da 9f 0d 56 04 e6 cf ea 46 31 da af Aug 26 18:38:34.963711: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:38:34.963718: | libevent_free: release ptr-libevent@0x55d4c8da7d88 Aug 26 18:38:34.963722: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d4c8da7d18 Aug 26 18:38:34.963726: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:38:34.963729: "northnet-eastnet" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:38:34.963740: | event_schedule: new EVENT_RETRANSMIT-pe@0x55d4c8da7d18 Aug 26 18:38:34.963744: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Aug 26 18:38:34.963748: | libevent_malloc: new ptr-libevent@0x55d4c8da7d88 size 128 Aug 26 18:38:34.963755: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 30000.706205 Aug 26 18:38:34.963759: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 18:38:34.963765: | #1 spent 1.66 milliseconds in resume sending helper answer Aug 26 18:38:34.963771: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:38:34.963774: | libevent_free: release ptr-libevent@0x7fb074002888 Aug 26 18:38:34.966699: | spent 0.00286 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:34.966725: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:38:34.966730: | c9 74 af 35 05 84 b2 d5 bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:34.966733: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 18:38:34.966736: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 18:38:34.966738: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 18:38:34.966741: | 04 00 00 0e 28 00 01 08 00 0e 00 00 f4 51 ea cf Aug 26 18:38:34.966744: | f9 17 6f 0e b6 b8 a8 31 7e 8c 8c 97 ce 09 1c 83 Aug 26 18:38:34.966746: | e8 15 e3 3b b8 bf ab 7c 71 28 8a 4d 6b bb 0b 64 Aug 26 18:38:34.966749: | 22 e4 ab e1 dd 92 97 e8 e7 89 d8 73 fd 6f e8 73 Aug 26 18:38:34.966751: | 36 30 92 04 39 eb 46 7c ac 5a bf e6 99 af f0 1c Aug 26 18:38:34.966754: | 84 8d 4c 2f 05 a0 60 f2 5e 7d 6c 7b 53 1f 8d dc Aug 26 18:38:34.966757: | 61 57 69 9d ed 3c 69 e7 11 4d 0d e4 bf a7 86 f5 Aug 26 18:38:34.966760: | 02 9d d7 f6 82 97 ae 90 8f 69 35 f1 51 b1 98 e1 Aug 26 18:38:34.966762: | 2c 18 1e 46 55 cc e0 a9 68 d6 0d d6 6f 33 86 9f Aug 26 18:38:34.966765: | 4b 9f bc 6d 57 ba 3c b1 1d d8 1e 54 a1 e8 a0 ba Aug 26 18:38:34.966767: | 84 6c 9f 73 6f ab b7 d4 51 b9 20 e0 a0 f6 1a e4 Aug 26 18:38:34.966770: | 3f 3b 57 4c ca d7 52 32 0a 44 f7 2b 08 d5 0a ba Aug 26 18:38:34.966772: | ed 57 cf ad d1 aa 5c 35 dd aa d9 9f d7 a7 5a 0f Aug 26 18:38:34.966775: | 14 c7 b6 52 2b 7d 08 e1 87 fe e0 94 c9 f4 95 ad Aug 26 18:38:34.966777: | 3c ec 23 26 6c 82 37 f4 84 df 0b 26 3b 09 c9 66 Aug 26 18:38:34.966780: | 58 97 91 04 1c fc 5d e2 31 07 7a ad ab 58 22 cf Aug 26 18:38:34.966782: | 07 30 6e 50 40 bc 70 96 04 68 68 cc 29 00 00 24 Aug 26 18:38:34.966785: | 49 b3 e4 b1 cc 2e be cb e8 54 25 73 63 10 01 9c Aug 26 18:38:34.966788: | da 8e 2b bd 86 8c 19 9c 94 e9 d8 57 d6 f9 cc ec Aug 26 18:38:34.966791: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 18:38:34.966793: | a7 1c a9 f6 20 39 d0 52 d0 0f 01 ec 99 71 23 33 Aug 26 18:38:34.966796: | 68 4f 0f 9d 00 00 00 1c 00 00 40 05 54 30 83 c4 Aug 26 18:38:34.966799: | 1a 7d 04 c1 f4 52 3b 20 e2 56 ba f4 96 fa ac a9 Aug 26 18:38:34.966804: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:38:34.966808: | **parse ISAKMP Message: Aug 26 18:38:34.966811: | initiator cookie: Aug 26 18:38:34.966813: | c9 74 af 35 05 84 b2 d5 Aug 26 18:38:34.966816: | responder cookie: Aug 26 18:38:34.966818: | bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:34.966821: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:38:34.966824: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:34.966827: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:38:34.966830: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:38:34.966833: | Message ID: 0 (0x0) Aug 26 18:38:34.966836: | length: 432 (0x1b0) Aug 26 18:38:34.966839: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 18:38:34.966843: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 18:38:34.966847: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 18:38:34.966854: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:34.966862: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:38:34.966865: | #1 is idle Aug 26 18:38:34.966867: | #1 idle Aug 26 18:38:34.966870: | unpacking clear payload Aug 26 18:38:34.966873: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:38:34.966876: | ***parse IKEv2 Security Association Payload: Aug 26 18:38:34.966879: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:38:34.966882: | flags: none (0x0) Aug 26 18:38:34.966884: | length: 40 (0x28) Aug 26 18:38:34.966887: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 18:38:34.966890: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:38:34.966893: | ***parse IKEv2 Key Exchange Payload: Aug 26 18:38:34.966896: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:38:34.966898: | flags: none (0x0) Aug 26 18:38:34.966901: | length: 264 (0x108) Aug 26 18:38:34.966904: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.966906: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:38:34.966909: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:38:34.966912: | ***parse IKEv2 Nonce Payload: Aug 26 18:38:34.966915: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:34.966918: | flags: none (0x0) Aug 26 18:38:34.966921: | length: 36 (0x24) Aug 26 18:38:34.966923: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:38:34.966926: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:34.966929: | ***parse IKEv2 Notify Payload: Aug 26 18:38:34.966931: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:34.966933: | flags: none (0x0) Aug 26 18:38:34.966936: | length: 8 (0x8) Aug 26 18:38:34.966938: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.966940: | SPI size: 0 (0x0) Aug 26 18:38:34.966944: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:38:34.966947: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:38:34.966949: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:34.966952: | ***parse IKEv2 Notify Payload: Aug 26 18:38:34.966954: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:34.966957: | flags: none (0x0) Aug 26 18:38:34.966959: | length: 28 (0x1c) Aug 26 18:38:34.966962: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.966964: | SPI size: 0 (0x0) Aug 26 18:38:34.966967: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:34.966969: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:34.966972: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:34.966975: | ***parse IKEv2 Notify Payload: Aug 26 18:38:34.966978: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.966981: | flags: none (0x0) Aug 26 18:38:34.966983: | length: 28 (0x1c) Aug 26 18:38:34.966986: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.966989: | SPI size: 0 (0x0) Aug 26 18:38:34.966992: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:34.966995: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:34.966998: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 18:38:34.967005: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:38:34.967009: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:38:34.967013: | Now let's proceed with state specific processing Aug 26 18:38:34.967016: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:38:34.967020: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 18:38:34.967037: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:34.967044: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 18:38:34.967048: | local proposal 1 type ENCR has 1 transforms Aug 26 18:38:34.967051: | local proposal 1 type PRF has 2 transforms Aug 26 18:38:34.967054: | local proposal 1 type INTEG has 1 transforms Aug 26 18:38:34.967056: | local proposal 1 type DH has 8 transforms Aug 26 18:38:34.967059: | local proposal 1 type ESN has 0 transforms Aug 26 18:38:34.967062: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:38:34.967065: | local proposal 2 type ENCR has 1 transforms Aug 26 18:38:34.967068: | local proposal 2 type PRF has 2 transforms Aug 26 18:38:34.967070: | local proposal 2 type INTEG has 1 transforms Aug 26 18:38:34.967073: | local proposal 2 type DH has 8 transforms Aug 26 18:38:34.967076: | local proposal 2 type ESN has 0 transforms Aug 26 18:38:34.967079: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:38:34.967082: | local proposal 3 type ENCR has 1 transforms Aug 26 18:38:34.967085: | local proposal 3 type PRF has 2 transforms Aug 26 18:38:34.967088: | local proposal 3 type INTEG has 2 transforms Aug 26 18:38:34.967091: | local proposal 3 type DH has 8 transforms Aug 26 18:38:34.967094: | local proposal 3 type ESN has 0 transforms Aug 26 18:38:34.967098: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:38:34.967101: | local proposal 4 type ENCR has 1 transforms Aug 26 18:38:34.967104: | local proposal 4 type PRF has 2 transforms Aug 26 18:38:34.967107: | local proposal 4 type INTEG has 2 transforms Aug 26 18:38:34.967110: | local proposal 4 type DH has 8 transforms Aug 26 18:38:34.967112: | local proposal 4 type ESN has 0 transforms Aug 26 18:38:34.967115: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:38:34.967117: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.967119: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:34.967121: | length: 36 (0x24) Aug 26 18:38:34.967123: | prop #: 1 (0x1) Aug 26 18:38:34.967124: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:34.967126: | spi size: 0 (0x0) Aug 26 18:38:34.967128: | # transforms: 3 (0x3) Aug 26 18:38:34.967130: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:38:34.967132: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.967134: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.967136: | length: 12 (0xc) Aug 26 18:38:34.967137: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.967139: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:34.967141: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.967143: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.967144: | length/value: 256 (0x100) Aug 26 18:38:34.967147: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:38:34.967149: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.967151: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.967153: | length: 8 (0x8) Aug 26 18:38:34.967154: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.967156: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:34.967158: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 18:38:34.967160: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.967162: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.967167: | length: 8 (0x8) Aug 26 18:38:34.967168: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.967170: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.967172: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:38:34.967175: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 18:38:34.967178: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 18:38:34.967180: | remote proposal 1 matches local proposal 1 Aug 26 18:38:34.967182: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 18:38:34.967184: | converting proposal to internal trans attrs Aug 26 18:38:34.967197: | natd_hash: hasher=0x55d4c8578800(20) Aug 26 18:38:34.967199: | natd_hash: icookie= c9 74 af 35 05 84 b2 d5 Aug 26 18:38:34.967201: | natd_hash: rcookie= bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:34.967203: | natd_hash: ip= c0 01 03 21 Aug 26 18:38:34.967204: | natd_hash: port=500 Aug 26 18:38:34.967206: | natd_hash: hash= 54 30 83 c4 1a 7d 04 c1 f4 52 3b 20 e2 56 ba f4 Aug 26 18:38:34.967207: | natd_hash: hash= 96 fa ac a9 Aug 26 18:38:34.967211: | natd_hash: hasher=0x55d4c8578800(20) Aug 26 18:38:34.967213: | natd_hash: icookie= c9 74 af 35 05 84 b2 d5 Aug 26 18:38:34.967215: | natd_hash: rcookie= bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:34.967216: | natd_hash: ip= c0 01 02 17 Aug 26 18:38:34.967218: | natd_hash: port=500 Aug 26 18:38:34.967219: | natd_hash: hash= a7 1c a9 f6 20 39 d0 52 d0 0f 01 ec 99 71 23 33 Aug 26 18:38:34.967221: | natd_hash: hash= 68 4f 0f 9d Aug 26 18:38:34.967223: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:38:34.967224: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 18:38:34.967226: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:38:34.967228: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 18:38:34.967233: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 18:38:34.967236: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 18:38:34.967238: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:38:34.967240: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 18:38:34.967242: | libevent_free: release ptr-libevent@0x55d4c8da7d88 Aug 26 18:38:34.967244: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55d4c8da7d18 Aug 26 18:38:34.967246: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d4c8da7d18 Aug 26 18:38:34.967249: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:38:34.967251: | libevent_malloc: new ptr-libevent@0x55d4c8da7ab8 size 128 Aug 26 18:38:34.967260: | #1 spent 0.239 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 18:38:34.967264: | crypto helper 1 resuming Aug 26 18:38:34.967266: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:34.967275: | crypto helper 1 starting work-order 2 for state #1 Aug 26 18:38:34.967285: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 18:38:34.967310: | suspending state #1 and saving MD Aug 26 18:38:34.967304: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 18:38:34.967315: | #1 is busy; has a suspended MD Aug 26 18:38:34.967329: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:38:34.967334: | "northnet-eastnet" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:38:34.967339: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:34.967344: | #1 spent 0.61 milliseconds in ikev2_process_packet() Aug 26 18:38:34.967351: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:38:34.967354: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:34.967357: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:34.967362: | spent 0.629 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:34.967890: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 18:38:34.968189: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.0009 seconds Aug 26 18:38:34.968197: | (#1) spent 0.889 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 18:38:34.968201: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 18:38:34.968205: | scheduling resume sending helper answer for #1 Aug 26 18:38:34.968208: | libevent_malloc: new ptr-libevent@0x7fb06c000f48 size 128 Aug 26 18:38:34.968215: | crypto helper 1 waiting (nothing to do) Aug 26 18:38:34.968224: | processing resume sending helper answer for #1 Aug 26 18:38:34.968233: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:38:34.968237: | crypto helper 1 replies to request ID 2 Aug 26 18:38:34.968240: | calling continuation function 0x55d4c84a3b50 Aug 26 18:38:34.968243: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 18:38:34.968251: | creating state object #2 at 0x55d4c8daa998 Aug 26 18:38:34.968254: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 18:38:34.968257: | pstats #2 ikev2.child started Aug 26 18:38:34.968261: | duplicating state object #1 "northnet-eastnet" as #2 for IPSEC SA Aug 26 18:38:34.968266: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:38:34.968272: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:38:34.968277: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 18:38:34.968282: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 18:38:34.968285: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:38:34.968302: | libevent_free: release ptr-libevent@0x55d4c8da7ab8 Aug 26 18:38:34.968308: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d4c8da7d18 Aug 26 18:38:34.968311: | event_schedule: new EVENT_SA_REPLACE-pe@0x55d4c8da7d18 Aug 26 18:38:34.968315: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 18:38:34.968318: | libevent_malloc: new ptr-libevent@0x55d4c8da7ab8 size 128 Aug 26 18:38:34.968322: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 18:38:34.968328: | **emit ISAKMP Message: Aug 26 18:38:34.968331: | initiator cookie: Aug 26 18:38:34.968334: | c9 74 af 35 05 84 b2 d5 Aug 26 18:38:34.968336: | responder cookie: Aug 26 18:38:34.968339: | bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:34.968342: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:34.968344: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:34.968347: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:38:34.968350: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:38:34.968353: | Message ID: 1 (0x1) Aug 26 18:38:34.968356: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:34.968360: | ***emit IKEv2 Encryption Payload: Aug 26 18:38:34.968363: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.968365: | flags: none (0x0) Aug 26 18:38:34.968368: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:38:34.968373: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.968377: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:38:34.968386: | IKEv2 CERT: send a certificate? Aug 26 18:38:34.968389: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 18:38:34.968392: | IDr payload will NOT be sent Aug 26 18:38:34.968407: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 18:38:34.968410: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.968413: | flags: none (0x0) Aug 26 18:38:34.968416: | ID type: ID_IPV4_ADDR (0x1) Aug 26 18:38:34.968419: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 18:38:34.968422: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.968426: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 18:38:34.968428: | my identity c0 01 03 21 Aug 26 18:38:34.968431: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 18:38:34.968440: | not sending INITIAL_CONTACT Aug 26 18:38:34.968443: | ****emit IKEv2 Authentication Payload: Aug 26 18:38:34.968446: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.968449: | flags: none (0x0) Aug 26 18:38:34.968452: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:38:34.968455: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 18:38:34.968458: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.968462: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Aug 26 18:38:34.968468: | started looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 18:38:34.968472: | actually looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 18:38:34.968477: | line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK Aug 26 18:38:34.968481: | 1: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 18:38:34.968484: | 2: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 18:38:34.968487: | line 1: match=002 Aug 26 18:38:34.968490: | match 002 beats previous best_match 000 match=0x55d4c8cfec48 (line=1) Aug 26 18:38:34.968493: | concluding with best_match=002 best=0x55d4c8cfec48 (lineno=1) Aug 26 18:38:34.968553: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 18:38:34.968557: | PSK auth ec cb 55 d5 e4 bb 8e e0 fb 52 09 b0 ba d2 7d 21 Aug 26 18:38:34.968560: | PSK auth 8e d1 57 f4 70 bd 21 ec eb 2a 53 bd 4e ff 73 87 Aug 26 18:38:34.968563: | PSK auth 88 c0 2e 45 ab a4 9b 8e 94 18 b8 28 fc f7 bc 9f Aug 26 18:38:34.968565: | PSK auth 9c 41 81 b3 b3 41 cc 0c 3a 82 a9 e1 fe c9 de c4 Aug 26 18:38:34.968568: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 18:38:34.968571: | getting first pending from state #1 Aug 26 18:38:34.968589: | netlink_get_spi: allocated 0x852abbc for esp.0@192.1.3.33 Aug 26 18:38:34.968593: | constructing ESP/AH proposals with all DH removed for northnet-eastnet (IKE SA initiator emitting ESP/AH proposals) Aug 26 18:38:34.968600: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:38:34.968606: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:38:34.968611: "northnet-eastnet": constructed local ESP/AH proposals for northnet-eastnet (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:38:34.968621: | Emitting ikev2_proposals ... Aug 26 18:38:34.968624: | ****emit IKEv2 Security Association Payload: Aug 26 18:38:34.968627: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.968631: | flags: none (0x0) Aug 26 18:38:34.968634: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:38:34.968638: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.968640: | discarding DH=NONE Aug 26 18:38:34.968643: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.968646: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:34.968648: | prop #: 1 (0x1) Aug 26 18:38:34.968651: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:38:34.968654: | spi size: 4 (0x4) Aug 26 18:38:34.968657: | # transforms: 3 (0x3) Aug 26 18:38:34.968660: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:34.968663: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:38:34.968666: | our spi 08 52 ab bc Aug 26 18:38:34.968668: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.968671: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.968674: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.968676: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:34.968680: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.968683: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.968685: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.968688: | length/value: 256 (0x100) Aug 26 18:38:34.968691: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:34.968694: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.968697: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.968699: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:34.968702: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:34.968705: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.968708: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.968711: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.968714: | discarding DH=NONE Aug 26 18:38:34.968716: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.968719: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.968722: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:38:34.968725: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:38:34.968728: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.968731: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.968734: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.968737: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:38:34.968740: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:34.968743: | emitting length of IKEv2 Security Association Payload: 44 Aug 26 18:38:34.968745: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:38:34.968749: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:38:34.968751: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.968754: | flags: none (0x0) Aug 26 18:38:34.968757: | number of TS: 1 (0x1) Aug 26 18:38:34.968760: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:38:34.968765: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.968768: | *****emit IKEv2 Traffic Selector: Aug 26 18:38:34.968771: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:38:34.968773: | IP Protocol ID: 0 (0x0) Aug 26 18:38:34.968776: | start port: 0 (0x0) Aug 26 18:38:34.968779: | end port: 65535 (0xffff) Aug 26 18:38:34.968782: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:38:34.968784: | ipv4 start c0 00 03 00 Aug 26 18:38:34.968787: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:38:34.968790: | ipv4 end c0 00 03 ff Aug 26 18:38:34.968793: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:38:34.968795: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:38:34.968798: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:38:34.968801: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.968803: | flags: none (0x0) Aug 26 18:38:34.968806: | number of TS: 1 (0x1) Aug 26 18:38:34.968809: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:38:34.968812: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.968815: | *****emit IKEv2 Traffic Selector: Aug 26 18:38:34.968818: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:38:34.968820: | IP Protocol ID: 0 (0x0) Aug 26 18:38:34.968823: | start port: 0 (0x0) Aug 26 18:38:34.968825: | end port: 65535 (0xffff) Aug 26 18:38:34.968828: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:38:34.968831: | ipv4 start c0 00 02 00 Aug 26 18:38:34.968834: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:38:34.968836: | ipv4 end c0 00 02 ff Aug 26 18:38:34.968839: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:38:34.968841: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:38:34.968844: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 18:38:34.968847: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:38:34.968850: | Adding a v2N Payload Aug 26 18:38:34.968853: | ****emit IKEv2 Notify Payload: Aug 26 18:38:34.968855: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.968858: | flags: none (0x0) Aug 26 18:38:34.968861: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.968863: | SPI size: 0 (0x0) Aug 26 18:38:34.968866: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 18:38:34.968870: | next payload chain: setting previous 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:34.968872: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.968875: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:38:34.968878: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:38:34.968882: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:38:34.968885: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:38:34.968888: | emitting length of IKEv2 Encryption Payload: 213 Aug 26 18:38:34.968890: | emitting length of ISAKMP Message: 241 Aug 26 18:38:34.968903: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:34.968908: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:34.968913: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 18:38:34.968917: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 18:38:34.968921: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 18:38:34.968924: | Message ID: updating counters for #2 to 0 after switching state Aug 26 18:38:34.968929: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 18:38:34.968934: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 18:38:34.968939: "northnet-eastnet" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 18:38:34.968948: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:38:34.968954: | sending 241 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:38:34.968957: | c9 74 af 35 05 84 b2 d5 bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:34.968960: | 2e 20 23 08 00 00 00 01 00 00 00 f1 23 00 00 d5 Aug 26 18:38:34.968962: | 19 36 20 fa 00 80 4e d6 1c 2b cb 79 81 c0 b7 bb Aug 26 18:38:34.968965: | 2b 4f 01 df 70 e0 01 30 91 32 21 10 3f ff 76 87 Aug 26 18:38:34.968967: | d2 30 86 94 c3 62 1c 78 66 ca aa 0a 9e 06 95 be Aug 26 18:38:34.968970: | 20 c5 e5 b5 97 6d 6a b4 4f eb 7a 3b 3d a8 c0 0a Aug 26 18:38:34.968973: | 9b 44 d5 8d 15 99 24 a1 3c f8 1e da 83 f3 cd 8a Aug 26 18:38:34.968975: | 51 14 de 8b e4 28 ad e0 cc 49 bf cf 31 6b 5e f3 Aug 26 18:38:34.968978: | 54 d6 49 4c 16 75 7b 7d 79 9f 65 b7 58 d0 1b d2 Aug 26 18:38:34.968980: | 43 f1 8c 50 09 39 3a c1 af 6c 20 44 a6 a1 ed 42 Aug 26 18:38:34.968983: | 13 2b ac cd da eb ae 32 eb 4a 05 64 07 20 95 94 Aug 26 18:38:34.968986: | c5 f3 7e 80 b2 dd a5 6c 2f 29 a3 73 12 83 41 0a Aug 26 18:38:34.968988: | b8 a2 ed 9f 24 d8 dd 83 13 2f 74 9c 2c ba 71 13 Aug 26 18:38:34.968991: | 29 ae 6b 26 e3 b2 bb 2a 95 3e aa bd ef ed 5d 5e Aug 26 18:38:34.968993: | be ba 5e eb 43 92 e0 14 23 75 38 9f 54 ae 2d 5b Aug 26 18:38:34.968995: | 58 Aug 26 18:38:34.969040: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:38:34.969045: "northnet-eastnet" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:38:34.969051: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fb074002b78 Aug 26 18:38:34.969055: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Aug 26 18:38:34.969058: | libevent_malloc: new ptr-libevent@0x55d4c8dab668 size 128 Aug 26 18:38:34.969064: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 30000.711517 Aug 26 18:38:34.969067: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:38:34.969073: | #1 spent 0.797 milliseconds in resume sending helper answer Aug 26 18:38:34.969078: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:38:34.969081: | libevent_free: release ptr-libevent@0x7fb06c000f48 Aug 26 18:38:35.005616: | spent 0.00316 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:35.005639: | *received 241 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:38:35.005643: | c9 74 af 35 05 84 b2 d5 bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:35.005646: | 2e 20 23 20 00 00 00 01 00 00 00 f1 29 00 00 d5 Aug 26 18:38:35.005648: | 2b 21 18 99 a7 fc 16 79 28 63 62 3d df 09 b4 df Aug 26 18:38:35.005650: | 8a fc 0d d6 ff c1 ef 93 81 86 41 75 24 15 c0 d3 Aug 26 18:38:35.005652: | 66 c5 70 47 aa 17 b5 00 1c 27 89 24 9d 31 ed 5b Aug 26 18:38:35.005654: | ef c8 d8 69 97 ec b8 53 3d b8 e9 de 8d 07 df 80 Aug 26 18:38:35.005657: | 82 87 24 ea be e0 18 88 4f e9 c5 32 1d d5 0c a8 Aug 26 18:38:35.005662: | 54 39 23 86 b3 43 ae 5d 1c 96 f6 a2 d4 66 22 32 Aug 26 18:38:35.005665: | 98 0a 0c e5 e0 e1 08 f6 62 8c 52 03 47 31 6d ea Aug 26 18:38:35.005667: | 2c ca 65 39 78 b3 a1 ea 9d ac 2f 61 44 4f dc 51 Aug 26 18:38:35.005669: | 4e 34 0f 93 8b 4f 98 fd c6 29 a6 2e 94 a8 65 31 Aug 26 18:38:35.005672: | c4 84 b4 5f 39 2d 44 54 9e cc 35 f3 b1 1a 22 ce Aug 26 18:38:35.005674: | ed 0b d2 92 d0 a3 c2 68 9b 98 34 65 0e 3f 83 93 Aug 26 18:38:35.005677: | 0c d0 ab 55 9a bf 91 31 1b 2d e4 2c 8f 59 3c 12 Aug 26 18:38:35.005679: | ae b8 ad b7 90 a8 d4 9c 29 a1 b1 9e 77 2c 2e da Aug 26 18:38:35.005681: | d5 Aug 26 18:38:35.005686: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:38:35.005690: | **parse ISAKMP Message: Aug 26 18:38:35.005693: | initiator cookie: Aug 26 18:38:35.005695: | c9 74 af 35 05 84 b2 d5 Aug 26 18:38:35.005697: | responder cookie: Aug 26 18:38:35.005700: | bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:35.005703: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:38:35.005705: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:35.005708: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:38:35.005711: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:38:35.005713: | Message ID: 1 (0x1) Aug 26 18:38:35.005716: | length: 241 (0xf1) Aug 26 18:38:35.005718: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:38:35.005722: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:38:35.005726: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:38:35.005732: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:35.005736: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:38:35.005741: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:38:35.005745: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:38:35.005749: | #2 is idle Aug 26 18:38:35.005751: | #2 idle Aug 26 18:38:35.005754: | unpacking clear payload Aug 26 18:38:35.005757: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:38:35.005760: | ***parse IKEv2 Encryption Payload: Aug 26 18:38:35.005764: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:35.005767: | flags: none (0x0) Aug 26 18:38:35.005769: | length: 213 (0xd5) Aug 26 18:38:35.005772: | processing payload: ISAKMP_NEXT_v2SK (len=209) Aug 26 18:38:35.005775: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:38:35.005792: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 18:38:35.005796: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:35.005799: | **parse IKEv2 Notify Payload: Aug 26 18:38:35.005802: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:38:35.005805: | flags: none (0x0) Aug 26 18:38:35.005808: | length: 8 (0x8) Aug 26 18:38:35.005810: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:35.005813: | SPI size: 0 (0x0) Aug 26 18:38:35.005816: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 18:38:35.005819: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:38:35.005822: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 18:38:35.005826: | **parse IKEv2 Identification - Responder - Payload: Aug 26 18:38:35.005829: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:38:35.005831: | flags: none (0x0) Aug 26 18:38:35.005834: | length: 12 (0xc) Aug 26 18:38:35.005837: | ID type: ID_IPV4_ADDR (0x1) Aug 26 18:38:35.005840: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 18:38:35.005843: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 18:38:35.005846: | **parse IKEv2 Authentication Payload: Aug 26 18:38:35.005848: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:38:35.005854: | flags: none (0x0) Aug 26 18:38:35.005857: | length: 72 (0x48) Aug 26 18:38:35.005859: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:38:35.005862: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 18:38:35.005865: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:38:35.005867: | **parse IKEv2 Security Association Payload: Aug 26 18:38:35.005870: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:38:35.005872: | flags: none (0x0) Aug 26 18:38:35.005875: | length: 44 (0x2c) Aug 26 18:38:35.005877: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 18:38:35.005879: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:38:35.005882: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:38:35.005884: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:38:35.005886: | flags: none (0x0) Aug 26 18:38:35.005889: | length: 24 (0x18) Aug 26 18:38:35.005891: | number of TS: 1 (0x1) Aug 26 18:38:35.005893: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:38:35.005895: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:38:35.005898: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:38:35.005900: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:35.005902: | flags: none (0x0) Aug 26 18:38:35.005905: | length: 24 (0x18) Aug 26 18:38:35.005907: | number of TS: 1 (0x1) Aug 26 18:38:35.005910: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:38:35.005912: | selected state microcode Initiator: process IKE_AUTH response Aug 26 18:38:35.005915: | Now let's proceed with state specific processing Aug 26 18:38:35.005917: | calling processor Initiator: process IKE_AUTH response Aug 26 18:38:35.005921: | received v2N_MOBIKE_SUPPORTED and sent Aug 26 18:38:35.005926: | parsing 4 raw bytes of IKEv2 Identification - Responder - Payload into peer ID Aug 26 18:38:35.005929: | peer ID c0 01 02 17 Aug 26 18:38:35.005933: | offered CA: '%none' Aug 26 18:38:35.005937: "northnet-eastnet" #2: IKEv2 mode peer ID is ID_IPV4_ADDR: '192.1.2.23' Aug 26 18:38:35.005974: | verifying AUTH payload Aug 26 18:38:35.005980: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Aug 26 18:38:35.005986: | started looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 18:38:35.005990: | actually looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 18:38:35.005995: | line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK Aug 26 18:38:35.005998: | 1: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 18:38:35.006001: | 2: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 18:38:35.006004: | line 1: match=002 Aug 26 18:38:35.006007: | match 002 beats previous best_match 000 match=0x55d4c8cfec48 (line=1) Aug 26 18:38:35.006009: | concluding with best_match=002 best=0x55d4c8cfec48 (lineno=1) Aug 26 18:38:35.006071: "northnet-eastnet" #2: Authenticated using authby=secret Aug 26 18:38:35.006081: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 18:38:35.006087: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 18:38:35.006090: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:38:35.006094: | libevent_free: release ptr-libevent@0x55d4c8da7ab8 Aug 26 18:38:35.006097: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55d4c8da7d18 Aug 26 18:38:35.006101: | event_schedule: new EVENT_SA_REKEY-pe@0x55d4c8da7d18 Aug 26 18:38:35.006104: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 18:38:35.006107: | libevent_malloc: new ptr-libevent@0x7fb06c000f48 size 128 Aug 26 18:38:35.006181: | pstats #1 ikev2.ike established Aug 26 18:38:35.006187: | TSi: parsing 1 traffic selectors Aug 26 18:38:35.006190: | ***parse IKEv2 Traffic Selector: Aug 26 18:38:35.006193: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:38:35.006196: | IP Protocol ID: 0 (0x0) Aug 26 18:38:35.006198: | length: 16 (0x10) Aug 26 18:38:35.006201: | start port: 0 (0x0) Aug 26 18:38:35.006205: | end port: 65535 (0xffff) Aug 26 18:38:35.006208: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:38:35.006211: | TS low c0 00 03 00 Aug 26 18:38:35.006214: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:38:35.006216: | TS high c0 00 03 ff Aug 26 18:38:35.006219: | TSi: parsed 1 traffic selectors Aug 26 18:38:35.006221: | TSr: parsing 1 traffic selectors Aug 26 18:38:35.006224: | ***parse IKEv2 Traffic Selector: Aug 26 18:38:35.006227: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:38:35.006229: | IP Protocol ID: 0 (0x0) Aug 26 18:38:35.006232: | length: 16 (0x10) Aug 26 18:38:35.006234: | start port: 0 (0x0) Aug 26 18:38:35.006237: | end port: 65535 (0xffff) Aug 26 18:38:35.006240: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:38:35.006242: | TS low c0 00 02 00 Aug 26 18:38:35.006245: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:38:35.006247: | TS high c0 00 02 ff Aug 26 18:38:35.006250: | TSr: parsed 1 traffic selectors Aug 26 18:38:35.006256: | evaluating our conn="northnet-eastnet" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:38:35.006261: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:38:35.006268: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:38:35.006271: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:38:35.006274: | TSi[0] port match: YES fitness 65536 Aug 26 18:38:35.006277: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:38:35.006280: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:38:35.006284: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:38:35.006303: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 18:38:35.006308: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:38:35.006311: | TSr[0] port match: YES fitness 65536 Aug 26 18:38:35.006314: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:38:35.006317: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:38:35.006320: | best fit so far: TSi[0] TSr[0] Aug 26 18:38:35.006323: | found an acceptable TSi/TSr Traffic Selector Aug 26 18:38:35.006325: | printing contents struct traffic_selector Aug 26 18:38:35.006328: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:38:35.006330: | ipprotoid: 0 Aug 26 18:38:35.006333: | port range: 0-65535 Aug 26 18:38:35.006337: | ip range: 192.0.3.0-192.0.3.255 Aug 26 18:38:35.006340: | printing contents struct traffic_selector Aug 26 18:38:35.006342: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:38:35.006345: | ipprotoid: 0 Aug 26 18:38:35.006347: | port range: 0-65535 Aug 26 18:38:35.006351: | ip range: 192.0.2.0-192.0.2.255 Aug 26 18:38:35.006359: | using existing local ESP/AH proposals for northnet-eastnet (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:38:35.006363: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals Aug 26 18:38:35.006367: | local proposal 1 type ENCR has 1 transforms Aug 26 18:38:35.006369: | local proposal 1 type PRF has 0 transforms Aug 26 18:38:35.006372: | local proposal 1 type INTEG has 1 transforms Aug 26 18:38:35.006375: | local proposal 1 type DH has 1 transforms Aug 26 18:38:35.006378: | local proposal 1 type ESN has 1 transforms Aug 26 18:38:35.006381: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:38:35.006385: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:38:35.006387: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:35.006390: | length: 40 (0x28) Aug 26 18:38:35.006392: | prop #: 1 (0x1) Aug 26 18:38:35.006395: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:38:35.006399: | spi size: 4 (0x4) Aug 26 18:38:35.006402: | # transforms: 3 (0x3) Aug 26 18:38:35.006405: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:38:35.006408: | remote SPI 25 35 31 6c Aug 26 18:38:35.006411: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Aug 26 18:38:35.006414: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:35.006416: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.006419: | length: 12 (0xc) Aug 26 18:38:35.006421: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:35.006424: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:35.006427: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:38:35.006430: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:35.006433: | length/value: 256 (0x100) Aug 26 18:38:35.006438: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:38:35.006442: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:35.006445: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.006448: | length: 8 (0x8) Aug 26 18:38:35.006451: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:35.006454: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:35.006459: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Aug 26 18:38:35.006462: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:35.006465: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:35.006468: | length: 8 (0x8) Aug 26 18:38:35.006471: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:38:35.006475: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:38:35.006479: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:38:35.006484: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Aug 26 18:38:35.006490: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Aug 26 18:38:35.006493: | remote proposal 1 matches local proposal 1 Aug 26 18:38:35.006496: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] Aug 26 18:38:35.006501: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=2535316c;ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 18:38:35.006504: | converting proposal to internal trans attrs Aug 26 18:38:35.006509: | ignored received NOTIFY (16396): v2N_MOBIKE_SUPPORTED Aug 26 18:38:35.006511: | integ=sha2_256: .key_size=32 encrypt=aes: .key_size=32 .salt_size=0 keymat_len=64 Aug 26 18:38:35.006617: | install_ipsec_sa() for #2: inbound and outbound Aug 26 18:38:35.006620: | could_route called for northnet-eastnet (kind=CK_PERMANENT) Aug 26 18:38:35.006622: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:38:35.006625: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 18:38:35.006627: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 18:38:35.006630: | route owner of "northnet-eastnet" unrouted: NULL; eroute owner: NULL Aug 26 18:38:35.006632: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Aug 26 18:38:35.006634: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Aug 26 18:38:35.006636: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Aug 26 18:38:35.006640: | setting IPsec SA replay-window to 32 Aug 26 18:38:35.006642: | NIC esp-hw-offload not for connection 'northnet-eastnet' not available on interface eth1 Aug 26 18:38:35.006644: | netlink: enabling tunnel mode Aug 26 18:38:35.006646: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:38:35.006648: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:38:35.006714: | netlink response for Add SA esp.2535316c@192.1.2.23 included non-error error Aug 26 18:38:35.006725: | set up outgoing SA, ref=0/0 Aug 26 18:38:35.006730: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Aug 26 18:38:35.006734: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Aug 26 18:38:35.006737: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Aug 26 18:38:35.006742: | setting IPsec SA replay-window to 32 Aug 26 18:38:35.006746: | NIC esp-hw-offload not for connection 'northnet-eastnet' not available on interface eth1 Aug 26 18:38:35.006749: | netlink: enabling tunnel mode Aug 26 18:38:35.006753: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:38:35.006756: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:38:35.006798: | netlink response for Add SA esp.852abbc@192.1.3.33 included non-error error Aug 26 18:38:35.006805: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:35.006813: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 18:38:35.006817: | IPsec Sa SPD priority set to 1042407 Aug 26 18:38:35.006843: | raw_eroute result=success Aug 26 18:38:35.006848: | set up incoming SA, ref=0/0 Aug 26 18:38:35.006851: | sr for #2: unrouted Aug 26 18:38:35.006855: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:38:35.006858: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:38:35.006862: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 18:38:35.006866: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 18:38:35.006870: | route owner of "northnet-eastnet" unrouted: NULL; eroute owner: NULL Aug 26 18:38:35.006875: | route_and_eroute with c: northnet-eastnet (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 18:38:35.006879: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:35.006888: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 18:38:35.006891: | IPsec Sa SPD priority set to 1042407 Aug 26 18:38:35.006905: | raw_eroute result=success Aug 26 18:38:35.006909: | running updown command "ipsec _updown" for verb up Aug 26 18:38:35.006912: | command executing up-client Aug 26 18:38:35.006949: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Aug 26 18:38:35.006954: | popen cmd is 1051 chars long Aug 26 18:38:35.006958: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' P: Aug 26 18:38:35.006962: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY: Aug 26 18:38:35.006966: | cmd( 160):_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' : Aug 26 18:38:35.006970: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Aug 26 18:38:35.006974: | cmd( 320):TO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='1: Aug 26 18:38:35.006977: | cmd( 400):92.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Aug 26 18:38:35.006983: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 18:38:35.006985: | cmd( 560): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+: Aug 26 18:38:35.006987: | cmd( 640):ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUT: Aug 26 18:38:35.006989: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Aug 26 18:38:35.006990: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Aug 26 18:38:35.006992: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Aug 26 18:38:35.006994: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2535316c SPI_OUT=0x852abbc ipsec _: Aug 26 18:38:35.006995: | cmd(1040):updown 2>&1: Aug 26 18:38:35.016077: | route_and_eroute: firewall_notified: true Aug 26 18:38:35.016094: | running updown command "ipsec _updown" for verb prepare Aug 26 18:38:35.016098: | command executing prepare-client Aug 26 18:38:35.016133: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Aug 26 18:38:35.016140: | popen cmd is 1056 chars long Aug 26 18:38:35.016143: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:38:35.016146: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLU: Aug 26 18:38:35.016149: | cmd( 160):TO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 18:38:35.016152: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Aug 26 18:38:35.016154: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Aug 26 18:38:35.016157: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Aug 26 18:38:35.016160: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 18:38:35.016162: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=: Aug 26 18:38:35.016165: | cmd( 640):'PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO': Aug 26 18:38:35.016167: | cmd( 720): PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUT: Aug 26 18:38:35.016170: | cmd( 800):O_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_: Aug 26 18:38:35.016172: | cmd( 880):BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_: Aug 26 18:38:35.016175: | cmd( 960):IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2535316c SPI_OUT=0x852abbc ip: Aug 26 18:38:35.016177: | cmd(1040):sec _updown 2>&1: Aug 26 18:38:35.025823: | running updown command "ipsec _updown" for verb route Aug 26 18:38:35.025842: | command executing route-client Aug 26 18:38:35.025870: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARE Aug 26 18:38:35.025879: | popen cmd is 1054 chars long Aug 26 18:38:35.025883: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 18:38:35.025886: | cmd( 80):' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO: Aug 26 18:38:35.025889: | cmd( 160):_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Aug 26 18:38:35.025892: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Aug 26 18:38:35.025895: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Aug 26 18:38:35.025898: | cmd( 400):='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Aug 26 18:38:35.025901: | cmd( 480): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Aug 26 18:38:35.025904: | cmd( 560):'0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='P: Aug 26 18:38:35.025906: | cmd( 640):SK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' P: Aug 26 18:38:35.025909: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Aug 26 18:38:35.025912: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Aug 26 18:38:35.025915: | cmd( 880):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Aug 26 18:38:35.025918: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2535316c SPI_OUT=0x852abbc ipse: Aug 26 18:38:35.025920: | cmd(1040):c _updown 2>&1: Aug 26 18:38:35.037887: | route_and_eroute: instance "northnet-eastnet", setting eroute_owner {spd=0x55d4c8da3da8,sr=0x55d4c8da3da8} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 18:38:35.037986: | #1 spent 1.86 milliseconds in install_ipsec_sa() Aug 26 18:38:35.037993: | inR2: instance northnet-eastnet[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 18:38:35.037997: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:38:35.038002: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 18:38:35.038012: | libevent_free: release ptr-libevent@0x55d4c8dab668 Aug 26 18:38:35.038019: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fb074002b78 Aug 26 18:38:35.038024: | #2 spent 2.58 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 18:38:35.038033: | [RE]START processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:35.038037: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 18:38:35.038041: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 18:38:35.038045: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 18:38:35.038049: | Message ID: updating counters for #2 to 1 after switching state Aug 26 18:38:35.038054: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 18:38:35.038063: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:38:35.038066: | pstats #2 ikev2.child established Aug 26 18:38:35.038076: "northnet-eastnet" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 18:38:35.038088: | NAT-T: encaps is 'auto' Aug 26 18:38:35.038093: "northnet-eastnet" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x2535316c <0x0852abbc xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=none NATD=none DPD=passive} Aug 26 18:38:35.038097: | releasing whack for #2 (sock=fd@25) Aug 26 18:38:35.038101: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 18:38:35.038104: | releasing whack and unpending for parent #1 Aug 26 18:38:35.038107: | unpending state #1 connection "northnet-eastnet" Aug 26 18:38:35.038113: | delete from pending Child SA with 192.1.2.23 "northnet-eastnet" Aug 26 18:38:35.038116: | removing pending policy for no connection {0x55d4c8d96908} Aug 26 18:38:35.038124: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 18:38:35.038129: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 18:38:35.038133: | event_schedule: new EVENT_SA_REKEY-pe@0x7fb074002b78 Aug 26 18:38:35.038136: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 18:38:35.038140: | libevent_malloc: new ptr-libevent@0x55d4c8daa5f8 size 128 Aug 26 18:38:35.038145: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:35.038151: | #1 spent 3 milliseconds in ikev2_process_packet() Aug 26 18:38:35.038156: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:38:35.038162: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:35.038165: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:35.038169: | spent 3.02 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:35.038184: | processing signal PLUTO_SIGCHLD Aug 26 18:38:35.038190: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:35.038195: | spent 0.00541 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:35.038197: | processing signal PLUTO_SIGCHLD Aug 26 18:38:35.038201: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:35.038204: | spent 0.00343 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:35.038206: | processing signal PLUTO_SIGCHLD Aug 26 18:38:35.038210: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:35.038213: | spent 0.00327 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:36.163874: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:36.163893: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:38:36.163896: | FOR_EACH_STATE_... in sort_states Aug 26 18:38:36.163903: | get_sa_info esp.852abbc@192.1.3.33 Aug 26 18:38:36.163916: | get_sa_info esp.2535316c@192.1.2.23 Aug 26 18:38:36.163931: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:36.163936: | spent 0.0705 milliseconds in whack Aug 26 18:38:41.486376: | kernel_process_msg_cb process netlink message Aug 26 18:38:41.486440: | netlink_get: XFRM_MSG_GETPOLICY message Aug 26 18:38:41.486453: | xfrm netlink address change RTM_DELADDR msg len 80 Aug 26 18:38:41.486467: | XFRM RTM_DELADDR 192.1.3.33 IFA_LOCAL Aug 26 18:38:41.486476: | FOR_EACH_STATE_... in record_deladdr (for_each_state) Aug 26 18:38:41.486495: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:38:41.486510: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:38:41.486524: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:38:41.486545: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:38:41.486556: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 18:38:41.486566: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 18:38:41.486577: | route owner of "northnet-eastnet" unrouted: NULL Aug 26 18:38:41.486587: | running updown command "ipsec _updown" for verb down Aug 26 18:38:41.486595: | command executing down-client Aug 26 18:38:41.486679: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VT Aug 26 18:38:41.486696: | popen cmd is 1062 chars long Aug 26 18:38:41.486706: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet': Aug 26 18:38:41.486715: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_: Aug 26 18:38:41.486724: | cmd( 160):MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0: Aug 26 18:38:41.486732: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Aug 26 18:38:41.486741: | cmd( 320):LUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Aug 26 18:38:41.486749: | cmd( 400):'192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' : Aug 26 18:38:41.486757: | cmd( 480):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 18:38:41.486765: | cmd( 560):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CONN_P: Aug 26 18:38:41.486774: | cmd( 640):OLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+E: Aug 26 18:38:41.486782: | cmd( 720):SN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=: Aug 26 18:38:41.486790: | cmd( 800):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO: Aug 26 18:38:41.486798: | cmd( 880):_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0: Aug 26 18:38:41.486807: | cmd( 960):' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2535316c SPI_OUT=0x852a: Aug 26 18:38:41.486814: | cmd(1040):bbc ipsec _updown 2>&1: Aug 26 18:38:41.514741: | running updown command "ipsec _updown" for verb unroute Aug 26 18:38:41.514774: | command executing unroute-client Aug 26 18:38:41.514827: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING=' Aug 26 18:38:41.514841: | popen cmd is 1065 chars long Aug 26 18:38:41.514848: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:38:41.514852: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLU: Aug 26 18:38:41.514857: | cmd( 160):TO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 18:38:41.514861: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Aug 26 18:38:41.514865: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Aug 26 18:38:41.514870: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Aug 26 18:38:41.514874: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 18:38:41.514878: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CON: Aug 26 18:38:41.514882: | cmd( 640):N_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIK: Aug 26 18:38:41.514886: | cmd( 720):E+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAIL: Aug 26 18:38:41.514891: | cmd( 800):ED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PL: Aug 26 18:38:41.514895: | cmd( 880):UTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED: Aug 26 18:38:41.514899: | cmd( 960):='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2535316c SPI_OUT=0x8: Aug 26 18:38:41.514903: | cmd(1040):52abbc ipsec _updown 2>&1: Aug 26 18:38:41.527993: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.528025: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.528032: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.528038: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.528057: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.530464: "northnet-eastnet" #1: unroute-client output: RTNETLINK answers: Network is unreachable Aug 26 18:38:41.533688: | event_schedule: new EVENT_v2_ADDR_CHANGE-pe@0x55d4c8da7e88 Aug 26 18:38:41.533701: | inserting event EVENT_v2_ADDR_CHANGE, timeout in 0 seconds for #1 Aug 26 18:38:41.533705: | libevent_malloc: new ptr-libevent@0x55d4c8da7a08 size 128 Aug 26 18:38:41.533719: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:38:41.533724: | IKEv2 received address RTM_DELADDR type 3 Aug 26 18:38:41.533726: | IKEv2 received address RTM_DELADDR type 8 Aug 26 18:38:41.533728: | IKEv2 received address RTM_DELADDR type 6 Aug 26 18:38:41.533736: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:38:41.533739: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:38:41.533742: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:38:41.533745: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:38:41.533752: | spent 2.37 milliseconds in kernel message Aug 26 18:38:41.533767: | timer_event_cb: processing event@0x55d4c8da7e88 Aug 26 18:38:41.533770: | handling event EVENT_v2_ADDR_CHANGE for parent state #1 Aug 26 18:38:41.533775: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:38:41.533779: | #1 IKEv2 local address change Aug 26 18:38:41.533968: "northnet-eastnet" #1: unexpected TRY AGAIN from second resolve_defaultroute_one Aug 26 18:38:41.533973: "northnet-eastnet" #1: no local source address to reach remote 192.1.2.23, local gateway Aug 26 18:38:41.533977: | libevent_free: release ptr-libevent@0x55d4c8da7a08 Aug 26 18:38:41.533982: | free_event_entry: release EVENT_v2_ADDR_CHANGE-pe@0x55d4c8da7e88 Aug 26 18:38:41.533988: | #1 spent 0.219 milliseconds in timer_event_cb() EVENT_v2_ADDR_CHANGE Aug 26 18:38:41.533992: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:38:41.533995: | processing signal PLUTO_SIGCHLD Aug 26 18:38:41.533999: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:41.534003: | spent 0.00458 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:41.534005: | processing signal PLUTO_SIGCHLD Aug 26 18:38:41.534008: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:41.534011: | spent 0.00306 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:41.653784: | kernel_process_msg_cb process netlink message Aug 26 18:38:41.653851: | netlink_get: XFRM_MSG_DELPOLICY message Aug 26 18:38:41.653864: | xfrm netlink address change RTM_NEWADDR msg len 80 Aug 26 18:38:41.653879: | XFRM RTM_NEWADDR 192.1.8.22 IFA_LOCAL Aug 26 18:38:41.653888: | FOR_EACH_STATE_... in record_newaddr (for_each_state) Aug 26 18:38:41.653907: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:38:41.653922: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:38:41.653936: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:38:41.653949: | event_schedule: new EVENT_v2_ADDR_CHANGE-pe@0x55d4c8da7e88 Aug 26 18:38:41.653963: | inserting event EVENT_v2_ADDR_CHANGE, timeout in 3 seconds for #1 Aug 26 18:38:41.653973: | libevent_malloc: new ptr-libevent@0x55d4c8da7a08 size 128 Aug 26 18:38:41.653989: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:38:41.653998: | IKEv2 received address RTM_NEWADDR type 3 Aug 26 18:38:41.654006: | IKEv2 received address RTM_NEWADDR type 8 Aug 26 18:38:41.654013: | IKEv2 received address RTM_NEWADDR type 6 Aug 26 18:38:41.654026: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:38:41.654037: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:38:41.654047: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:38:41.654068: | spent 0.225 milliseconds in kernel message Aug 26 18:38:41.665652: | kernel_process_msg_cb process netlink message Aug 26 18:38:41.665735: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:38:41.665761: | spent 0.0333 milliseconds in kernel message Aug 26 18:38:41.728948: | kernel_process_msg_cb process netlink message Aug 26 18:38:41.728995: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:38:41.729013: | spent 0.0224 milliseconds in kernel message Aug 26 18:38:44.658074: | timer_event_cb: processing event@0x55d4c8da7e88 Aug 26 18:38:44.658113: | handling event EVENT_v2_ADDR_CHANGE for parent state #1 Aug 26 18:38:44.658119: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:38:44.658122: | #1 IKEv2 local address change Aug 26 18:38:44.658283: | #1 no interface for 192.1.8.22:500 try to initialize Aug 26 18:38:44.658354: | Inspecting interface lo Aug 26 18:38:44.658361: | found lo with address 127.0.0.1 Aug 26 18:38:44.658367: | Inspecting interface eth0 Aug 26 18:38:44.658371: | found eth0 with address 192.0.3.254 Aug 26 18:38:44.658373: | Inspecting interface eth1 Aug 26 18:38:44.658376: | found eth1 with address 192.1.8.22 Aug 26 18:38:44.658408: "northnet-eastnet" #1: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.8.22:500 Aug 26 18:38:44.658445: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:38:44.658449: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:38:44.658452: "northnet-eastnet" #1: adding interface eth1/eth1 192.1.8.22:4500 Aug 26 18:38:44.658698: | no interfaces to sort Aug 26 18:38:44.658702: | add_fd_read_event_handler: new ethX-pe@0x55d4c8db03e8 Aug 26 18:38:44.658711: | libevent_malloc: new ptr-libevent@0x7fb074002888 size 128 Aug 26 18:38:44.658714: | libevent_malloc: new ptr-libevent@0x55d4c8dab7c8 size 16 Aug 26 18:38:44.658720: | setup callback for interface eth1 192.1.8.22:4500 fd 23 Aug 26 18:38:44.658722: | add_fd_read_event_handler: new ethX-pe@0x55d4c8db0458 Aug 26 18:38:44.658725: | libevent_malloc: new ptr-libevent@0x55d4c8da8228 size 128 Aug 26 18:38:44.658727: | libevent_malloc: new ptr-libevent@0x55d4c8dab6d8 size 16 Aug 26 18:38:44.658730: | setup callback for interface eth1 192.1.8.22:500 fd 16 Aug 26 18:38:44.658736: | libevent_free: release ptr-libevent@0x55d4c8d97478 Aug 26 18:38:44.658738: | free_event_entry: release EVENT_NULL-pe@0x55d4c8da3158 Aug 26 18:38:44.658740: | add_fd_read_event_handler: new ethX-pe@0x55d4c8da3158 Aug 26 18:38:44.658742: | libevent_malloc: new ptr-libevent@0x55d4c8d97478 size 128 Aug 26 18:38:44.658745: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:38:44.658749: | libevent_free: release ptr-libevent@0x55d4c8d332c8 Aug 26 18:38:44.658751: | free_event_entry: release EVENT_NULL-pe@0x55d4c8da3208 Aug 26 18:38:44.658753: | add_fd_read_event_handler: new ethX-pe@0x55d4c8da3208 Aug 26 18:38:44.658755: | libevent_malloc: new ptr-libevent@0x55d4c8d332c8 size 128 Aug 26 18:38:44.658758: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:38:44.658761: | libevent_free: release ptr-libevent@0x55d4c8d35168 Aug 26 18:38:44.658763: | free_event_entry: release EVENT_NULL-pe@0x55d4c8da32b8 Aug 26 18:38:44.658765: | add_fd_read_event_handler: new ethX-pe@0x55d4c8da32b8 Aug 26 18:38:44.658767: | libevent_malloc: new ptr-libevent@0x55d4c8d35168 size 128 Aug 26 18:38:44.658770: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 18:38:44.658773: | libevent_free: release ptr-libevent@0x55d4c8d322b8 Aug 26 18:38:44.658775: | free_event_entry: release EVENT_NULL-pe@0x55d4c8da3368 Aug 26 18:38:44.658777: | add_fd_read_event_handler: new ethX-pe@0x55d4c8da3368 Aug 26 18:38:44.658778: | libevent_malloc: new ptr-libevent@0x55d4c8d322b8 size 128 Aug 26 18:38:44.658782: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 18:38:44.658785: | libevent_free: release ptr-libevent@0x55d4c8d034e8 Aug 26 18:38:44.658787: | free_event_entry: release EVENT_NULL-pe@0x55d4c8da3418 Aug 26 18:38:44.658789: | add_fd_read_event_handler: new ethX-pe@0x55d4c8da3418 Aug 26 18:38:44.658791: | libevent_malloc: new ptr-libevent@0x55d4c8d034e8 size 128 Aug 26 18:38:44.658794: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 18:38:44.658797: | libevent_free: release ptr-libevent@0x55d4c8d031d8 Aug 26 18:38:44.658800: | free_event_entry: release EVENT_NULL-pe@0x55d4c8da34c8 Aug 26 18:38:44.658801: | add_fd_read_event_handler: new ethX-pe@0x55d4c8da34c8 Aug 26 18:38:44.658803: | libevent_malloc: new ptr-libevent@0x55d4c8d031d8 size 128 Aug 26 18:38:44.658807: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 18:38:44.658810: | #1 MOBIKE new source address 192.1.8.22 remote 192.1.2.23 and gateway 192.1.8.254 Aug 26 18:38:44.658813: | Opening output PBS mobike informational request Aug 26 18:38:44.658818: | **emit ISAKMP Message: Aug 26 18:38:44.658820: | initiator cookie: Aug 26 18:38:44.658822: | c9 74 af 35 05 84 b2 d5 Aug 26 18:38:44.658824: | responder cookie: Aug 26 18:38:44.658826: | bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:44.658828: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:44.658830: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:44.658832: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:44.658836: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:38:44.658838: | Message ID: 2 (0x2) Aug 26 18:38:44.658840: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:44.658842: | ***emit IKEv2 Encryption Payload: Aug 26 18:38:44.658844: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:44.658846: | flags: none (0x0) Aug 26 18:38:44.658849: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:38:44.658852: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'mobike informational request' Aug 26 18:38:44.658855: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:38:44.658869: | Adding a v2N Payload Aug 26 18:38:44.658871: | ****emit IKEv2 Notify Payload: Aug 26 18:38:44.658873: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:44.658875: | flags: none (0x0) Aug 26 18:38:44.658876: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:44.658878: | SPI size: 0 (0x0) Aug 26 18:38:44.658880: | Notify Message Type: v2N_UPDATE_SA_ADDRESSES (0x4010) Aug 26 18:38:44.658883: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:44.658885: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 18:38:44.658887: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:38:44.658889: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:38:44.658905: | natd_hash: hasher=0x55d4c8578800(20) Aug 26 18:38:44.658908: | natd_hash: icookie= c9 74 af 35 05 84 b2 d5 Aug 26 18:38:44.658909: | natd_hash: rcookie= bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:44.658911: | natd_hash: ip= c0 01 08 16 Aug 26 18:38:44.658913: | natd_hash: port=500 Aug 26 18:38:44.658915: | natd_hash: hash= 29 a1 99 6d 44 93 1f 6b 76 1e 3f b1 32 b9 56 6f Aug 26 18:38:44.658916: | natd_hash: hash= 46 1d d9 88 Aug 26 18:38:44.658918: | Adding a v2N Payload Aug 26 18:38:44.658920: | ****emit IKEv2 Notify Payload: Aug 26 18:38:44.658922: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:44.658923: | flags: none (0x0) Aug 26 18:38:44.658925: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:44.658927: | SPI size: 0 (0x0) Aug 26 18:38:44.658929: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:44.658931: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:44.658933: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 18:38:44.658935: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:44.658937: | Notify data 29 a1 99 6d 44 93 1f 6b 76 1e 3f b1 32 b9 56 6f Aug 26 18:38:44.658939: | Notify data 46 1d d9 88 Aug 26 18:38:44.658941: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:44.658945: | natd_hash: hasher=0x55d4c8578800(20) Aug 26 18:38:44.658947: | natd_hash: icookie= c9 74 af 35 05 84 b2 d5 Aug 26 18:38:44.658949: | natd_hash: rcookie= bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:44.658950: | natd_hash: ip= c0 01 02 17 Aug 26 18:38:44.658952: | natd_hash: port=500 Aug 26 18:38:44.658954: | natd_hash: hash= a7 1c a9 f6 20 39 d0 52 d0 0f 01 ec 99 71 23 33 Aug 26 18:38:44.658955: | natd_hash: hash= 68 4f 0f 9d Aug 26 18:38:44.658957: | Adding a v2N Payload Aug 26 18:38:44.658959: | ****emit IKEv2 Notify Payload: Aug 26 18:38:44.658961: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:44.658962: | flags: none (0x0) Aug 26 18:38:44.658964: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:44.658966: | SPI size: 0 (0x0) Aug 26 18:38:44.658968: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:44.658970: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:44.658972: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 18:38:44.658974: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:44.658976: | Notify data a7 1c a9 f6 20 39 d0 52 d0 0f 01 ec 99 71 23 33 Aug 26 18:38:44.658977: | Notify data 68 4f 0f 9d Aug 26 18:38:44.658980: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:44.658983: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:38:44.658985: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:38:44.658987: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:38:44.658989: | emitting length of IKEv2 Encryption Payload: 93 Aug 26 18:38:44.658991: | emitting length of ISAKMP Message: 121 Aug 26 18:38:44.659008: | sending 121 bytes for mobike informational request through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Aug 26 18:38:44.659011: | c9 74 af 35 05 84 b2 d5 bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:44.659013: | 2e 20 25 08 00 00 00 02 00 00 00 79 29 00 00 5d Aug 26 18:38:44.659014: | 5b f3 f7 44 7f f2 5c 67 35 6d d4 d4 03 51 dc 14 Aug 26 18:38:44.659016: | 3c 49 d9 3c 80 bc 83 15 49 2e 92 72 0c 00 9a 89 Aug 26 18:38:44.659018: | 7b c2 97 43 34 fe 19 35 34 da d9 58 09 d6 19 9a Aug 26 18:38:44.659019: | f2 6a 08 6e 0d e9 59 22 85 3e 2d ae f5 8f 87 74 Aug 26 18:38:44.659021: | 07 94 b6 f1 5a b1 0b 73 62 2d 05 8b 41 a0 48 54 Aug 26 18:38:44.659023: | 4f 45 ae 38 1e 8f e8 bb af Aug 26 18:38:44.659085: | Message ID: #1 XXX: in initiate_mobike_probe() hacking around record'n'send bypassing send queue; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:38:44.659091: | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 Aug 26 18:38:44.659093: | libevent_free: release ptr-libevent@0x55d4c8da7a08 Aug 26 18:38:44.659096: | free_event_entry: release EVENT_v2_ADDR_CHANGE-pe@0x55d4c8da7e88 Aug 26 18:38:44.659101: | #1 spent 0.982 milliseconds in timer_event_cb() EVENT_v2_ADDR_CHANGE Aug 26 18:38:44.659104: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:38:44.659690: | spent 0.00242 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:44.659712: | *received 113 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Aug 26 18:38:44.659715: | c9 74 af 35 05 84 b2 d5 bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:44.659717: | 2e 20 25 20 00 00 00 02 00 00 00 71 29 00 00 55 Aug 26 18:38:44.659718: | 4d a3 b3 af 7d 6d 8e 8a 68 b6 1b 11 ff a2 5a 9b Aug 26 18:38:44.659720: | fc eb 84 f7 fa 3f b1 65 7e 40 41 1c 2f 47 0a c6 Aug 26 18:38:44.659722: | d9 c0 5b b1 e6 43 3b ee 7c 18 a5 13 13 59 0c 24 Aug 26 18:38:44.659724: | 6d 2b b1 b4 f6 5a 1a c1 ce 62 c1 d9 70 55 57 0e Aug 26 18:38:44.659725: | 21 c7 25 80 56 22 e1 19 f4 5e d2 7b 37 11 fd 95 Aug 26 18:38:44.659727: | cb Aug 26 18:38:44.659730: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:38:44.659733: | **parse ISAKMP Message: Aug 26 18:38:44.659735: | initiator cookie: Aug 26 18:38:44.659736: | c9 74 af 35 05 84 b2 d5 Aug 26 18:38:44.659738: | responder cookie: Aug 26 18:38:44.659740: | bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:44.659742: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:38:44.659744: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:44.659746: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:44.659747: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:38:44.659749: | Message ID: 2 (0x2) Aug 26 18:38:44.659751: | length: 113 (0x71) Aug 26 18:38:44.659753: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:38:44.659756: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response Aug 26 18:38:44.659758: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:38:44.659763: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:44.659766: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:38:44.659770: | #1 is idle Aug 26 18:38:44.659772: | #1 idle Aug 26 18:38:44.659774: | unpacking clear payload Aug 26 18:38:44.659776: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:38:44.659778: | ***parse IKEv2 Encryption Payload: Aug 26 18:38:44.659780: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:44.659782: | flags: none (0x0) Aug 26 18:38:44.659784: | length: 85 (0x55) Aug 26 18:38:44.659785: | processing payload: ISAKMP_NEXT_v2SK (len=81) Aug 26 18:38:44.659787: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:38:44.659801: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:38:44.659803: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:44.659805: | **parse IKEv2 Notify Payload: Aug 26 18:38:44.659807: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:44.659809: | flags: none (0x0) Aug 26 18:38:44.659810: | length: 28 (0x1c) Aug 26 18:38:44.659812: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:44.659814: | SPI size: 0 (0x0) Aug 26 18:38:44.659816: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:44.659818: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:44.659820: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:44.659821: | **parse IKEv2 Notify Payload: Aug 26 18:38:44.659823: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:44.659825: | flags: none (0x0) Aug 26 18:38:44.659827: | length: 28 (0x1c) Aug 26 18:38:44.659829: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:44.659830: | SPI size: 0 (0x0) Aug 26 18:38:44.659832: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:44.659834: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:44.659836: | selected state microcode I3: Informational Request Aug 26 18:38:44.659838: | Now let's proceed with state specific processing Aug 26 18:38:44.659839: | calling processor I3: Informational Request Aug 26 18:38:44.659842: | an informational response Aug 26 18:38:44.659844: | TODO: process v2N_NAT_DETECTION_SOURCE_IP in MOBIKE response Aug 26 18:38:44.659846: | TODO: process v2N_NAT_DETECTION_DESTINATION_IP in MOBIKE response Aug 26 18:38:44.659850: | #2 pst=#1 MOBIKE update local address 192.1.3.33:500 -> 192.1.8.22:500 Aug 26 18:38:44.659855: | initiator migrate kernel SA esp.2535316c@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_OUT Aug 26 18:38:44.659890: | initiator migrate kernel SA esp.852abbc@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_IN Aug 26 18:38:44.659912: | initiator migrate kernel SA esp.852abbc@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_FWD Aug 26 18:38:44.659921: "northnet-eastnet" #1: success MOBIKE update local address 192.1.3.33:500 -> 192.1.8.22:500 Aug 26 18:38:44.659926: | free hp@0x55d4c8da54c8 Aug 26 18:38:44.659930: | connect_to_host_pair: 192.1.8.22:500 192.1.2.23:500 -> hp@(nil): none Aug 26 18:38:44.659932: | new hp@0x55d4c8da54c8 Aug 26 18:38:44.659935: | running updown command "ipsec _updown" for verb up Aug 26 18:38:44.659937: | command executing up-client Aug 26 18:38:44.659956: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Aug 26 18:38:44.659963: | popen cmd is 1061 chars long Aug 26 18:38:44.659965: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' P: Aug 26 18:38:44.659967: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_M: Aug 26 18:38:44.659969: | cmd( 160):Y_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0': Aug 26 18:38:44.659971: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Aug 26 18:38:44.659973: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=': Aug 26 18:38:44.659975: | cmd( 400):192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' P: Aug 26 18:38:44.659976: | cmd( 480):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0: Aug 26 18:38:44.659978: | cmd( 560):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CONN_PO: Aug 26 18:38:44.659980: | cmd( 640):LICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ES: Aug 26 18:38:44.659982: | cmd( 720):N_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0: Aug 26 18:38:44.659984: | cmd( 800): PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_: Aug 26 18:38:44.659986: | cmd( 880):PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0': Aug 26 18:38:44.659988: | cmd( 960): VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2535316c SPI_OUT=0x852ab: Aug 26 18:38:44.659989: | cmd(1040):bc ipsec _updown 2>&1: Aug 26 18:38:44.668028: | running updown command "ipsec _updown" for verb route Aug 26 18:38:44.668044: | command executing route-client Aug 26 18:38:44.668068: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' Aug 26 18:38:44.668072: | popen cmd is 1064 chars long Aug 26 18:38:44.668075: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 18:38:44.668097: | cmd( 80):' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUT: Aug 26 18:38:44.668100: | cmd( 160):O_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3: Aug 26 18:38:44.668102: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0': Aug 26 18:38:44.668104: | cmd( 320): PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_I: Aug 26 18:38:44.668106: | cmd( 400):D='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0: Aug 26 18:38:44.668109: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 18:38:44.668111: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CONN: Aug 26 18:38:44.668113: | cmd( 640):_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE: Aug 26 18:38:44.668118: | cmd( 720):+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILE: Aug 26 18:38:44.668121: | cmd( 800):D=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLU: Aug 26 18:38:44.668123: | cmd( 880):TO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=: Aug 26 18:38:44.668125: | cmd( 960):'0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2535316c SPI_OUT=0x85: Aug 26 18:38:44.668127: | cmd(1040):2abbc ipsec _updown 2>&1: Aug 26 18:38:44.680788: | #1 updating local interface from 192.1.8.22:500 to 192.1.8.22:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:38:44.680811: "northnet-eastnet" #1: MOBIKE response: updating IPsec SA Aug 26 18:38:44.680816: | Received an INFORMATIONAL non-delete request; updating liveness, no longer pending. Aug 26 18:38:44.680827: | #1 spent 0.986 milliseconds in processing: I3: Informational Request in ikev2_process_state_packet() Aug 26 18:38:44.680834: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:44.680838: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 18:38:44.680841: | Message ID: updating counters for #1 to 2 after switching state Aug 26 18:38:44.680846: | Message ID: recv #1 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1 wip.initiator=2->-1 wip.responder=-1 Aug 26 18:38:44.680851: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:38:44.680853: | STATE_PARENT_I3: PARENT SA established Aug 26 18:38:44.680858: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:44.680865: | #1 spent 1.17 milliseconds in ikev2_process_packet() Aug 26 18:38:44.680869: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:38:44.680880: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:44.680883: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:44.680887: | spent 1.19 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:44.680907: | processing signal PLUTO_SIGCHLD Aug 26 18:38:44.680913: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:44.680917: | spent 0.00517 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:44.680919: | processing signal PLUTO_SIGCHLD Aug 26 18:38:44.680923: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:44.680926: | spent 0.00362 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:52.379455: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@24 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:52.379534: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:38:52.379553: | FOR_EACH_STATE_... in sort_states Aug 26 18:38:52.379574: | get_sa_info esp.852abbc@192.1.8.22 Aug 26 18:38:52.379629: | get_sa_info esp.2535316c@192.1.2.23 Aug 26 18:38:52.379692: | close_any(fd@24) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:52.379714: | spent 0.292 milliseconds in whack Aug 26 18:38:52.714703: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@24 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:52.715584: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:38:52.715622: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:38:52.715943: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:38:52.715965: | FOR_EACH_STATE_... in sort_states Aug 26 18:38:52.716031: | get_sa_info esp.852abbc@192.1.8.22 Aug 26 18:38:52.716119: | get_sa_info esp.2535316c@192.1.2.23 Aug 26 18:38:52.716240: | close_any(fd@24) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:52.716266: | spent 1.57 milliseconds in whack Aug 26 18:38:53.069653: | spent 0.00297 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:53.069676: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Aug 26 18:38:53.069681: | c9 74 af 35 05 84 b2 d5 bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:53.069683: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:38:53.069684: | 99 42 31 98 77 eb 31 5d 10 8e 64 49 e4 87 38 aa Aug 26 18:38:53.069686: | be 15 a2 33 c3 00 9b 12 11 21 92 18 1e 34 6c 91 Aug 26 18:38:53.069687: | 40 b0 3f e2 47 Aug 26 18:38:53.069692: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:38:53.069694: | **parse ISAKMP Message: Aug 26 18:38:53.069696: | initiator cookie: Aug 26 18:38:53.069698: | c9 74 af 35 05 84 b2 d5 Aug 26 18:38:53.069700: | responder cookie: Aug 26 18:38:53.069701: | bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:53.069703: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:38:53.069705: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:53.069707: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:53.069709: | flags: none (0x0) Aug 26 18:38:53.069711: | Message ID: 0 (0x0) Aug 26 18:38:53.069713: | length: 69 (0x45) Aug 26 18:38:53.069715: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:38:53.069717: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:38:53.069720: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:38:53.069725: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:53.069727: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:38:53.069730: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:38:53.069732: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 18:38:53.069735: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Aug 26 18:38:53.069736: | unpacking clear payload Aug 26 18:38:53.069738: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:38:53.069740: | ***parse IKEv2 Encryption Payload: Aug 26 18:38:53.069742: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:38:53.069744: | flags: none (0x0) Aug 26 18:38:53.069745: | length: 41 (0x29) Aug 26 18:38:53.069747: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 18:38:53.069750: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 18:38:53.069752: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:38:53.069771: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:38:53.069773: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:38:53.069775: | **parse IKEv2 Delete Payload: Aug 26 18:38:53.069777: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:53.069778: | flags: none (0x0) Aug 26 18:38:53.069780: | length: 12 (0xc) Aug 26 18:38:53.069782: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:38:53.069783: | SPI size: 4 (0x4) Aug 26 18:38:53.069785: | number of SPIs: 1 (0x1) Aug 26 18:38:53.069786: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 18:38:53.069788: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:38:53.069790: | Now let's proceed with state specific processing Aug 26 18:38:53.069792: | calling processor I3: INFORMATIONAL Request Aug 26 18:38:53.069794: | an informational request should send a response Aug 26 18:38:53.069813: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:38:53.069816: | **emit ISAKMP Message: Aug 26 18:38:53.069818: | initiator cookie: Aug 26 18:38:53.069819: | c9 74 af 35 05 84 b2 d5 Aug 26 18:38:53.069821: | responder cookie: Aug 26 18:38:53.069825: | bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:53.069826: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:53.069828: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:53.069830: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:53.069832: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:38:53.069834: | Message ID: 0 (0x0) Aug 26 18:38:53.069836: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:53.069838: | ***emit IKEv2 Encryption Payload: Aug 26 18:38:53.069839: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:53.069841: | flags: none (0x0) Aug 26 18:38:53.069843: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:38:53.069845: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:38:53.069847: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:38:53.069856: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 18:38:53.069858: | SPI 25 35 31 6c Aug 26 18:38:53.069860: | delete PROTO_v2_ESP SA(0x2535316c) Aug 26 18:38:53.069862: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 18:38:53.069864: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 18:38:53.069866: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x2535316c) Aug 26 18:38:53.069868: "northnet-eastnet" #1: received Delete SA payload: replace IPsec State #2 now Aug 26 18:38:53.069871: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 18:38:53.069874: | libevent_free: release ptr-libevent@0x55d4c8daa5f8 Aug 26 18:38:53.069877: | free_event_entry: release EVENT_SA_REKEY-pe@0x7fb074002b78 Aug 26 18:38:53.069880: | event_schedule: new EVENT_SA_REPLACE-pe@0x7fb074002b78 Aug 26 18:38:53.069882: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 18:38:53.069884: | libevent_malloc: new ptr-libevent@0x55d4c8db07f8 size 128 Aug 26 18:38:53.069887: | ****emit IKEv2 Delete Payload: Aug 26 18:38:53.069889: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:53.069890: | flags: none (0x0) Aug 26 18:38:53.069892: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:38:53.069894: | SPI size: 4 (0x4) Aug 26 18:38:53.069895: | number of SPIs: 1 (0x1) Aug 26 18:38:53.069897: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:38:53.069899: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:38:53.069901: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 18:38:53.069903: | local SPIs 08 52 ab bc Aug 26 18:38:53.069905: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:38:53.069907: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:38:53.069909: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:38:53.069911: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:38:53.069912: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:38:53.069914: | emitting length of ISAKMP Message: 69 Aug 26 18:38:53.069928: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Aug 26 18:38:53.069953: | c9 74 af 35 05 84 b2 d5 bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:53.069956: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:38:53.069972: | 3e b0 55 5a b4 ef dc 3f 0b 21 04 d1 cd a3 7d d5 Aug 26 18:38:53.069975: | 23 ad d1 bd 73 60 da 30 d8 21 6c 79 b8 aa 7f cd Aug 26 18:38:53.069977: | 62 8b 24 aa 87 Aug 26 18:38:53.070014: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:38:53.070024: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:38:53.070031: | #1 spent 0.217 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 18:38:53.070037: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:53.070042: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 18:38:53.070045: | Message ID: updating counters for #1 to 0 after switching state Aug 26 18:38:53.070051: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 18:38:53.070057: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 18:38:53.070060: "northnet-eastnet" #1: STATE_PARENT_I3: PARENT SA established Aug 26 18:38:53.070066: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:53.070071: | #1 spent 0.389 milliseconds in ikev2_process_packet() Aug 26 18:38:53.070076: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:38:53.070080: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:53.070083: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:53.070088: | spent 0.406 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:53.070093: | timer_event_cb: processing event@0x7fb074002b78 Aug 26 18:38:53.070095: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 18:38:53.070098: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:38:53.070101: | picked newest_ipsec_sa #2 for #2 Aug 26 18:38:53.070103: | replacing stale CHILD SA Aug 26 18:38:53.070106: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:38:53.070108: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:38:53.070110: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 18:38:53.070113: | creating state object #3 at 0x55d4c8db08a8 Aug 26 18:38:53.070115: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 18:38:53.070121: | pstats #3 ikev2.child started Aug 26 18:38:53.070123: | duplicating state object #1 "northnet-eastnet" as #3 for IPSEC SA Aug 26 18:38:53.070127: | #3 setting local endpoint to 192.1.8.22:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:38:53.070134: | Message ID: init_child #1.#3; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:38:53.070138: | suspend processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:38:53.070140: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:38:53.070143: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 18:38:53.070145: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 18:38:53.070149: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnet (ESP/AH initiator emitting proposals) Aug 26 18:38:53.070152: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:38:53.070156: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:38:53.070159: "northnet-eastnet": constructed local ESP/AH proposals for northnet-eastnet (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:38:53.070164: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 18:38:53.070166: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55d4c8da7e88 Aug 26 18:38:53.070169: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 18:38:53.070171: | libevent_malloc: new ptr-libevent@0x55d4c8daa5f8 size 128 Aug 26 18:38:53.070174: | RESET processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:38:53.070176: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55d4c8db04c8 Aug 26 18:38:53.070179: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 18:38:53.070180: | libevent_malloc: new ptr-libevent@0x55d4c8db0698 size 128 Aug 26 18:38:53.070182: | libevent_free: release ptr-libevent@0x55d4c8db07f8 Aug 26 18:38:53.070184: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7fb074002b78 Aug 26 18:38:53.070187: | #2 spent 0.0937 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:38:53.070189: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:38:53.070192: | timer_event_cb: processing event@0x55d4c8da7e88 Aug 26 18:38:53.070194: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 18:38:53.070197: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 18:38:53.070201: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Aug 26 18:38:53.070203: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fb074002b78 Aug 26 18:38:53.070205: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:38:53.070207: | libevent_malloc: new ptr-libevent@0x55d4c8db07f8 size 128 Aug 26 18:38:53.070213: | libevent_free: release ptr-libevent@0x55d4c8daa5f8 Aug 26 18:38:53.070215: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55d4c8da7e88 Aug 26 18:38:53.070222: | #3 spent 0.0276 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 18:38:53.070230: | stop processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 18:38:53.070235: | timer_event_cb: processing event@0x55d4c8db04c8 Aug 26 18:38:53.070238: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 18:38:53.070243: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:38:53.070246: | picked newest_ipsec_sa #2 for #2 Aug 26 18:38:53.070249: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:38:53.070251: | crypto helper 3 resuming Aug 26 18:38:53.070253: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 18:38:53.070267: | crypto helper 3 starting work-order 3 for state #3 Aug 26 18:38:53.070268: | pstats #2 ikev2.child deleted completed Aug 26 18:38:53.070271: | crypto helper 3 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Aug 26 18:38:53.070272: | #2 spent 2.67 milliseconds in total Aug 26 18:38:53.070277: | [RE]START processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:38:53.070281: "northnet-eastnet" #2: deleting state (STATE_V2_IPSEC_I) aged 18.102s and NOT sending notification Aug 26 18:38:53.070284: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 18:38:53.070292: | get_sa_info esp.2535316c@192.1.2.23 Aug 26 18:38:53.070322: | get_sa_info esp.852abbc@192.1.8.22 Aug 26 18:38:53.070344: "northnet-eastnet" #2: ESP traffic information: in=168B out=168B Aug 26 18:38:53.070348: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:38:53.070387: | running updown command "ipsec _updown" for verb down Aug 26 18:38:53.070391: | command executing down-client Aug 26 18:38:53.070415: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V Aug 26 18:38:53.070436: | popen cmd is 1063 chars long Aug 26 18:38:53.070439: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet': Aug 26 18:38:53.070442: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO: Aug 26 18:38:53.070445: | cmd( 160):_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Aug 26 18:38:53.070447: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Aug 26 18:38:53.070450: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Aug 26 18:38:53.070465: | cmd( 400):='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Aug 26 18:38:53.070468: | cmd( 480): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Aug 26 18:38:53.070471: | cmd( 560):'0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CONN_: Aug 26 18:38:53.070473: | cmd( 640):POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+: Aug 26 18:38:53.070476: | cmd( 720):ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED: Aug 26 18:38:53.070478: | cmd( 800):=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUT: Aug 26 18:38:53.070480: | cmd( 880):O_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=': Aug 26 18:38:53.070482: | cmd( 960):0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2535316c SPI_OUT=0x852: Aug 26 18:38:53.070484: | cmd(1040):abbc ipsec _updown 2>&1: Aug 26 18:38:53.070952: | crypto helper 3 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.000681 seconds Aug 26 18:38:53.070962: | (#3) spent 0.682 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 18:38:53.070965: | crypto helper 3 sending results from work-order 3 for state #3 to event queue Aug 26 18:38:53.070967: | scheduling resume sending helper answer for #3 Aug 26 18:38:53.070969: | libevent_malloc: new ptr-libevent@0x7fb070002888 size 128 Aug 26 18:38:53.070981: | crypto helper 3 waiting (nothing to do) Aug 26 18:38:53.077580: | shunt_eroute() called for connection 'northnet-eastnet' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:38:53.077604: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:38:53.077609: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:53.077615: | IPsec Sa SPD priority set to 1042407 Aug 26 18:38:53.077639: | delete esp.2535316c@192.1.2.23 Aug 26 18:38:53.077651: | netlink response for Del SA esp.2535316c@192.1.2.23 included non-error error Aug 26 18:38:53.077654: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:53.077684: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.8.22 (raw_eroute) Aug 26 18:38:53.077704: | raw_eroute result=success Aug 26 18:38:53.077709: | delete esp.852abbc@192.1.8.22 Aug 26 18:38:53.077736: | netlink response for Del SA esp.852abbc@192.1.8.22 included non-error error Aug 26 18:38:53.077748: | in connection_discard for connection northnet-eastnet Aug 26 18:38:53.077752: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 18:38:53.077757: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:38:53.077764: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:38:53.077778: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 18:38:53.077782: | can't expire unused IKE SA #1; it has the child #3 Aug 26 18:38:53.077788: | libevent_free: release ptr-libevent@0x55d4c8db0698 Aug 26 18:38:53.077792: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55d4c8db04c8 Aug 26 18:38:53.077796: | in statetime_stop() and could not find #2 Aug 26 18:38:53.077800: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:38:53.077821: | spent 0.00215 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:53.077837: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Aug 26 18:38:53.077843: | c9 74 af 35 05 84 b2 d5 bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:53.077846: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 18:38:53.077849: | 1a 2c 90 07 0d 9b 6f db 36 3b 66 c1 25 24 9f 09 Aug 26 18:38:53.077852: | b2 b6 c3 77 b3 05 17 54 61 98 54 a3 0d b5 80 7f Aug 26 18:38:53.077855: | e7 Aug 26 18:38:53.077862: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:38:53.077866: | **parse ISAKMP Message: Aug 26 18:38:53.077869: | initiator cookie: Aug 26 18:38:53.077872: | c9 74 af 35 05 84 b2 d5 Aug 26 18:38:53.077875: | responder cookie: Aug 26 18:38:53.077878: | bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:53.077882: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:38:53.077885: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:53.077889: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:53.077893: | flags: none (0x0) Aug 26 18:38:53.077895: | Message ID: 1 (0x1) Aug 26 18:38:53.077897: | length: 65 (0x41) Aug 26 18:38:53.077899: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:38:53.077902: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:38:53.077904: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:38:53.077908: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:53.077910: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:38:53.077913: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:38:53.077915: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:38:53.077918: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Aug 26 18:38:53.077919: | unpacking clear payload Aug 26 18:38:53.077921: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:38:53.077923: | ***parse IKEv2 Encryption Payload: Aug 26 18:38:53.077925: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:38:53.077926: | flags: none (0x0) Aug 26 18:38:53.077928: | length: 37 (0x25) Aug 26 18:38:53.077930: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 18:38:53.077933: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 18:38:53.077935: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:38:53.077951: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:38:53.077955: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:38:53.077959: | **parse IKEv2 Delete Payload: Aug 26 18:38:53.077962: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:53.077968: | flags: none (0x0) Aug 26 18:38:53.077971: | length: 8 (0x8) Aug 26 18:38:53.077974: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 18:38:53.077977: | SPI size: 0 (0x0) Aug 26 18:38:53.077980: | number of SPIs: 0 (0x0) Aug 26 18:38:53.077982: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 18:38:53.077984: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:38:53.077986: | Now let's proceed with state specific processing Aug 26 18:38:53.077988: | calling processor I3: INFORMATIONAL Request Aug 26 18:38:53.077990: | an informational request should send a response Aug 26 18:38:53.078009: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:38:53.078011: | **emit ISAKMP Message: Aug 26 18:38:53.078013: | initiator cookie: Aug 26 18:38:53.078015: | c9 74 af 35 05 84 b2 d5 Aug 26 18:38:53.078016: | responder cookie: Aug 26 18:38:53.078018: | bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:53.078019: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:53.078021: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:53.078023: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:53.078025: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:38:53.078026: | Message ID: 1 (0x1) Aug 26 18:38:53.078028: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:53.078030: | ***emit IKEv2 Encryption Payload: Aug 26 18:38:53.078032: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:53.078033: | flags: none (0x0) Aug 26 18:38:53.078035: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:38:53.078037: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:38:53.078040: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:38:53.078046: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:38:53.078048: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:38:53.078050: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:38:53.078052: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 18:38:53.078054: | emitting length of ISAKMP Message: 57 Aug 26 18:38:53.078065: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Aug 26 18:38:53.078068: | c9 74 af 35 05 84 b2 d5 bc e1 cd a6 b7 47 b3 05 Aug 26 18:38:53.078070: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Aug 26 18:38:53.078071: | 95 33 20 5c 20 05 ef 99 11 64 94 9a 06 c3 30 f8 Aug 26 18:38:53.078073: | 49 b2 03 60 9c ba c2 b4 6f Aug 26 18:38:53.078100: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:38:53.078106: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:38:53.078108: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 18:38:53.078110: | pstats #3 ikev2.child deleted other Aug 26 18:38:53.078113: | #3 spent 0.0276 milliseconds in total Aug 26 18:38:53.078116: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:38:53.078118: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:38:53.078121: "northnet-eastnet" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.008s and NOT sending notification Aug 26 18:38:53.078123: | child state #3: CHILDSA_DEL(informational) => delete Aug 26 18:38:53.078127: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:38:53.078130: | libevent_free: release ptr-libevent@0x55d4c8db07f8 Aug 26 18:38:53.078133: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fb074002b78 Aug 26 18:38:53.078135: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:53.078140: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.8.22 (raw_eroute) Aug 26 18:38:53.078149: | raw_eroute result=success Aug 26 18:38:53.078153: | in connection_discard for connection northnet-eastnet Aug 26 18:38:53.078155: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 18:38:53.078160: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:38:53.078163: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:38:53.078166: | resume processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:38:53.078168: | State DB: IKEv2 state not found (delete_my_family) Aug 26 18:38:53.078170: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 18:38:53.078172: | pstats #1 ikev2.ike deleted completed Aug 26 18:38:53.078176: | #1 spent 10.9 milliseconds in total Aug 26 18:38:53.078179: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:38:53.078181: "northnet-eastnet" #1: deleting state (STATE_IKESA_DEL) aged 18.117s and NOT sending notification Aug 26 18:38:53.078183: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 18:38:53.078214: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 18:38:53.078218: | libevent_free: release ptr-libevent@0x7fb06c000f48 Aug 26 18:38:53.078221: | free_event_entry: release EVENT_SA_REKEY-pe@0x55d4c8da7d18 Aug 26 18:38:53.078223: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:38:53.078225: | picked newest_isakmp_sa #0 for #1 Aug 26 18:38:53.078227: "northnet-eastnet" #1: deleting IKE SA for connection 'northnet-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:38:53.078229: | add revival: connection 'northnet-eastnet' added to the list and scheduled for 0 seconds Aug 26 18:38:53.078231: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 18:38:53.078234: | in connection_discard for connection northnet-eastnet Aug 26 18:38:53.078236: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 18:38:53.078240: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 18:38:53.078284: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:38:53.078316: | in statetime_stop() and could not find #1 Aug 26 18:38:53.078336: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:53.078342: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 18:38:53.078345: | STF_OK but no state object remains Aug 26 18:38:53.078348: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:53.078352: | in statetime_stop() and could not find #1 Aug 26 18:38:53.078357: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:38:53.078361: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:53.078365: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:53.078371: | spent 0.525 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:53.078375: | processing resume sending helper answer for #3 Aug 26 18:38:53.078379: | crypto helper 3 replies to request ID 3 Aug 26 18:38:53.078381: | calling continuation function 0x55d4c84a3b50 Aug 26 18:38:53.078382: | work-order 3 state #3 crypto result suppressed Aug 26 18:38:53.078391: | (#3) spent 0.0119 milliseconds in resume sending helper answer Aug 26 18:38:53.078395: | libevent_free: release ptr-libevent@0x7fb070002888 Aug 26 18:38:53.078398: | processing signal PLUTO_SIGCHLD Aug 26 18:38:53.078402: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:53.078404: | spent 0.00403 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:53.078408: | processing global timer EVENT_REVIVE_CONNS Aug 26 18:38:53.078410: Initiating connection northnet-eastnet which received a Delete/Notify but must remain up per local policy Aug 26 18:38:53.078412: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:53.078415: | start processing: connection "northnet-eastnet" (in initiate_a_connection() at initiate.c:186) Aug 26 18:38:53.078417: | connection 'northnet-eastnet' +POLICY_UP Aug 26 18:38:53.078419: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 18:38:53.078421: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:38:53.078425: | creating state object #4 at 0x55d4c8daa998 Aug 26 18:38:53.078427: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 18:38:53.078429: | pstats #4 ikev2.ike started Aug 26 18:38:53.078431: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:38:53.078434: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:38:53.078437: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:38:53.078441: | suspend processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:38:53.078444: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:38:53.078446: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:38:53.078449: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet" IKE SA #4 "northnet-eastnet" Aug 26 18:38:53.078451: "northnet-eastnet" #4: initiating v2 parent SA Aug 26 18:38:53.078462: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:53.078465: | adding ikev2_outI1 KE work-order 4 for state #4 Aug 26 18:38:53.078467: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fb06c002fc8 Aug 26 18:38:53.078470: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 18:38:53.078472: | libevent_malloc: new ptr-libevent@0x55d4c8db0698 size 128 Aug 26 18:38:53.078479: | #4 spent 0.0636 milliseconds in ikev2_parent_outI1() Aug 26 18:38:53.078482: | RESET processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:38:53.078484: | RESET processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:38:53.078485: | crypto helper 4 resuming Aug 26 18:38:53.078486: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:38:53.078497: | crypto helper 4 starting work-order 4 for state #4 Aug 26 18:38:53.078505: | spent 0.092 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 18:38:53.078510: | crypto helper 4 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Aug 26 18:38:53.079486: | crypto helper 4 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.000975 seconds Aug 26 18:38:53.079517: | (#4) spent 0.989 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Aug 26 18:38:53.079523: | crypto helper 4 sending results from work-order 4 for state #4 to event queue Aug 26 18:38:53.079527: | scheduling resume sending helper answer for #4 Aug 26 18:38:53.079531: | libevent_malloc: new ptr-libevent@0x7fb064002888 size 128 Aug 26 18:38:53.079539: | crypto helper 4 waiting (nothing to do) Aug 26 18:38:53.079574: | processing resume sending helper answer for #4 Aug 26 18:38:53.079583: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:38:53.079587: | crypto helper 4 replies to request ID 4 Aug 26 18:38:53.079588: | calling continuation function 0x55d4c84a3b50 Aug 26 18:38:53.079590: | ikev2_parent_outI1_continue for #4 Aug 26 18:38:53.079594: | **emit ISAKMP Message: Aug 26 18:38:53.079596: | initiator cookie: Aug 26 18:38:53.079597: | 1c e4 f0 88 8b a3 ed fe Aug 26 18:38:53.079599: | responder cookie: Aug 26 18:38:53.079601: | 00 00 00 00 00 00 00 00 Aug 26 18:38:53.079602: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:53.079604: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:53.079606: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:38:53.079608: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:38:53.079610: | Message ID: 0 (0x0) Aug 26 18:38:53.079611: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:53.079621: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:53.079623: | Emitting ikev2_proposals ... Aug 26 18:38:53.079625: | ***emit IKEv2 Security Association Payload: Aug 26 18:38:53.079627: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:53.079629: | flags: none (0x0) Aug 26 18:38:53.079631: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:38:53.079633: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:38:53.079635: | discarding INTEG=NONE Aug 26 18:38:53.079636: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:53.079638: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:53.079640: | prop #: 1 (0x1) Aug 26 18:38:53.079642: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:53.079643: | spi size: 0 (0x0) Aug 26 18:38:53.079645: | # transforms: 11 (0xb) Aug 26 18:38:53.079647: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:53.079649: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079651: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079653: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:53.079654: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:53.079656: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079658: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:53.079660: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:53.079662: | length/value: 256 (0x100) Aug 26 18:38:53.079664: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:53.079665: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079669: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079671: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:53.079673: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:53.079675: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079677: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079679: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079680: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079682: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079683: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:53.079685: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:53.079687: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079689: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079691: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079692: | discarding INTEG=NONE Aug 26 18:38:53.079694: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079695: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079697: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.079699: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:53.079701: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079703: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079704: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079706: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079707: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079709: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.079711: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:53.079713: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079715: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079716: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079718: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079719: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079721: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.079723: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:53.079725: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079727: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079728: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079730: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079731: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079733: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.079735: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:53.079737: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079738: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079741: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079743: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079744: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079746: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.079748: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:53.079750: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079752: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079753: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079755: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079756: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079758: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.079760: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:53.079762: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079764: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079765: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079767: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079768: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079770: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.079772: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:53.079774: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079776: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079777: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079779: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079781: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:53.079782: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.079784: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:53.079786: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079788: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079789: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079791: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:38:53.079793: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:53.079795: | discarding INTEG=NONE Aug 26 18:38:53.079796: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:53.079798: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:53.079800: | prop #: 2 (0x2) Aug 26 18:38:53.079801: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:53.079803: | spi size: 0 (0x0) Aug 26 18:38:53.079804: | # transforms: 11 (0xb) Aug 26 18:38:53.079807: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:53.079809: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:53.079810: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079813: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079815: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:53.079816: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:53.079818: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079820: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:53.079822: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:53.079823: | length/value: 128 (0x80) Aug 26 18:38:53.079825: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:53.079827: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079828: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079830: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:53.079832: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:53.079833: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079835: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079837: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079839: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079840: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079842: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:53.079844: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:53.079846: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079847: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079849: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079851: | discarding INTEG=NONE Aug 26 18:38:53.079852: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079854: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079855: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.079857: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:53.079859: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079861: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079863: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079864: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079866: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079868: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.079869: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:53.079871: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079873: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079875: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079876: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079878: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079880: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.079881: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:53.079883: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079885: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079888: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079889: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079891: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079892: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.079894: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:53.079896: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079898: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079900: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079901: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079903: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079904: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.079906: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:53.079908: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079910: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079912: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079913: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079915: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079916: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.079918: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:53.079920: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079922: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079924: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079925: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079927: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079928: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.079930: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:53.079932: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079934: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079936: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079937: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079939: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:53.079940: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.079942: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:53.079944: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079946: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079948: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079949: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:38:53.079951: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:53.079953: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:53.079955: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:53.079958: | prop #: 3 (0x3) Aug 26 18:38:53.079960: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:53.079961: | spi size: 0 (0x0) Aug 26 18:38:53.079963: | # transforms: 13 (0xd) Aug 26 18:38:53.079965: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:53.079967: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:53.079968: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079970: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079972: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:53.079973: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:53.079975: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079977: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:53.079978: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:53.079980: | length/value: 256 (0x100) Aug 26 18:38:53.079982: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:53.079983: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079985: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079987: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:53.079988: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:53.079990: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079992: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.079994: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.079995: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.079997: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.079999: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:53.080000: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:53.080002: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080004: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080006: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080007: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080009: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080011: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:53.080012: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:38:53.080014: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080016: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080018: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080019: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080021: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080023: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:53.080024: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:53.080026: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080028: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080030: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080032: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080034: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080036: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.080037: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:53.080039: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080041: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080043: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080045: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080046: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080048: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.080050: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:53.080051: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080053: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080055: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080057: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080058: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080060: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.080062: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:53.080063: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080065: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080067: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080069: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080070: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080072: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.080073: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:53.080075: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080077: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080079: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080081: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080082: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080084: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.080085: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:53.080087: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080089: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080091: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080093: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080094: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080096: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.080097: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:53.080099: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080104: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080106: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080107: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080109: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080110: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.080112: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:53.080114: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080116: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080118: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080119: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080121: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:53.080123: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.080124: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:53.080126: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080128: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080130: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080131: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:38:53.080133: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:53.080135: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:53.080137: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:53.080138: | prop #: 4 (0x4) Aug 26 18:38:53.080140: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:53.080141: | spi size: 0 (0x0) Aug 26 18:38:53.080143: | # transforms: 13 (0xd) Aug 26 18:38:53.080145: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:53.080147: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:53.080149: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080150: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080152: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:53.080153: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:53.080155: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080157: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:53.080159: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:53.080160: | length/value: 128 (0x80) Aug 26 18:38:53.080162: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:53.080164: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080165: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080167: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:53.080169: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:53.080170: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080172: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080174: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080176: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080178: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080180: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:53.080181: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:53.080183: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080185: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080187: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080189: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080190: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080192: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:53.080193: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:38:53.080195: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080197: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080199: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080201: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080202: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080204: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:53.080206: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:53.080207: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080209: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080211: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080213: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080214: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080216: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.080218: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:53.080219: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080221: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080223: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080225: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080226: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080228: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.080230: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:53.080231: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080233: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080235: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080237: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080238: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080240: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.080241: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:53.080243: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080245: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080248: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080249: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080251: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080253: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.080254: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:53.080256: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080258: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080260: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080261: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080263: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080265: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.080266: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:53.080268: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080270: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080272: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080273: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080275: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080277: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.080278: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:53.080280: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080282: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080284: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080285: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080287: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080300: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.080302: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:53.080321: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080323: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080325: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080327: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:53.080329: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:53.080330: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:53.080332: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:53.080334: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:53.080336: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:53.080337: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:53.080339: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:38:53.080341: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:53.080343: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:38:53.080345: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:38:53.080360: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:38:53.080362: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:53.080364: | flags: none (0x0) Aug 26 18:38:53.080366: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:53.080368: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:38:53.080370: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:38:53.080372: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:38:53.080374: | ikev2 g^x b6 52 f8 2a d2 70 da fe b0 c9 ea b9 1e c2 45 68 Aug 26 18:38:53.080375: | ikev2 g^x e9 34 f3 e0 37 37 70 73 7a 9c cb 53 44 0c f1 92 Aug 26 18:38:53.080377: | ikev2 g^x 69 2c d5 58 08 e6 8a a5 7b 21 a0 5c 36 02 7a 59 Aug 26 18:38:53.080379: | ikev2 g^x b9 0b 28 35 27 52 1e 67 a6 b2 35 57 5f 5d 2a 06 Aug 26 18:38:53.080380: | ikev2 g^x c5 23 c2 5f c6 9d d4 80 0b aa 01 32 7a 25 eb 0b Aug 26 18:38:53.080382: | ikev2 g^x 24 3a 9a 5e f4 19 da e0 41 94 a7 a5 3b 8a 8e eb Aug 26 18:38:53.080383: | ikev2 g^x 09 85 2c f0 fa a0 43 f0 c0 76 bb 5b a5 93 94 33 Aug 26 18:38:53.080385: | ikev2 g^x b8 ff 48 75 0e ff ab 3a d3 6d ae bc ec 8a 8f 83 Aug 26 18:38:53.080386: | ikev2 g^x e7 a0 d7 74 17 27 ca 23 3d 74 51 20 b7 31 6a dd Aug 26 18:38:53.080388: | ikev2 g^x 2f 45 d1 f4 07 55 05 ad 4f 02 60 d5 89 c9 40 be Aug 26 18:38:53.080389: | ikev2 g^x f0 ae 0b fb 1a 19 05 56 61 c7 0a 22 29 31 3e 25 Aug 26 18:38:53.080391: | ikev2 g^x aa f9 ea 8d 60 4d 4f 4c 70 9e 75 ea 4a 14 63 84 Aug 26 18:38:53.080392: | ikev2 g^x 9c 2c 4b f4 6d 54 15 24 86 4d e0 3f 7d 63 74 48 Aug 26 18:38:53.080394: | ikev2 g^x c3 1d 81 9b 89 bb c8 aa f6 d8 c6 ab c0 3c d7 70 Aug 26 18:38:53.080395: | ikev2 g^x d5 d3 43 fb 11 04 d8 d8 bc ff 12 2c b5 f4 2f 1d Aug 26 18:38:53.080397: | ikev2 g^x 4f c3 21 cb a1 d6 2c 7c ab cc 41 21 84 a9 80 86 Aug 26 18:38:53.080399: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:38:53.080400: | ***emit IKEv2 Nonce Payload: Aug 26 18:38:53.080402: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:53.080403: | flags: none (0x0) Aug 26 18:38:53.080405: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:38:53.080407: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:38:53.080409: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:38:53.080411: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:38:53.080413: | IKEv2 nonce f7 a4 07 aa 8a f4 0d ac c4 4f 51 69 77 bf c5 03 Aug 26 18:38:53.080414: | IKEv2 nonce db 20 a2 d3 3e 53 1f 95 2c 3d 66 d7 b7 e1 e5 48 Aug 26 18:38:53.080416: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:38:53.080418: | Adding a v2N Payload Aug 26 18:38:53.080419: | ***emit IKEv2 Notify Payload: Aug 26 18:38:53.080421: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:53.080422: | flags: none (0x0) Aug 26 18:38:53.080424: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:53.080426: | SPI size: 0 (0x0) Aug 26 18:38:53.080428: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:38:53.080430: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:53.080431: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:53.080433: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:38:53.080435: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:38:53.080437: | natd_hash: rcookie is zero Aug 26 18:38:53.080445: | natd_hash: hasher=0x55d4c8578800(20) Aug 26 18:38:53.080448: | natd_hash: icookie= 1c e4 f0 88 8b a3 ed fe Aug 26 18:38:53.080450: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:38:53.080452: | natd_hash: ip= c0 01 08 16 Aug 26 18:38:53.080453: | natd_hash: port=500 Aug 26 18:38:53.080455: | natd_hash: hash= ea c8 d7 88 40 3e e2 15 57 d8 88 c0 b8 9c 33 20 Aug 26 18:38:53.080457: | natd_hash: hash= 94 e3 85 dd Aug 26 18:38:53.080458: | Adding a v2N Payload Aug 26 18:38:53.080460: | ***emit IKEv2 Notify Payload: Aug 26 18:38:53.080461: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:53.080463: | flags: none (0x0) Aug 26 18:38:53.080465: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:53.080466: | SPI size: 0 (0x0) Aug 26 18:38:53.080468: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:53.080470: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:53.080472: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:53.080474: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:53.080475: | Notify data ea c8 d7 88 40 3e e2 15 57 d8 88 c0 b8 9c 33 20 Aug 26 18:38:53.080477: | Notify data 94 e3 85 dd Aug 26 18:38:53.080479: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:53.080480: | natd_hash: rcookie is zero Aug 26 18:38:53.080484: | natd_hash: hasher=0x55d4c8578800(20) Aug 26 18:38:53.080486: | natd_hash: icookie= 1c e4 f0 88 8b a3 ed fe Aug 26 18:38:53.080487: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:38:53.080489: | natd_hash: ip= c0 01 02 17 Aug 26 18:38:53.080490: | natd_hash: port=500 Aug 26 18:38:53.080492: | natd_hash: hash= a1 58 12 7d 59 e1 fe 68 00 03 4d 19 69 12 77 54 Aug 26 18:38:53.080494: | natd_hash: hash= a5 33 7a 1c Aug 26 18:38:53.080495: | Adding a v2N Payload Aug 26 18:38:53.080497: | ***emit IKEv2 Notify Payload: Aug 26 18:38:53.080498: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:53.080500: | flags: none (0x0) Aug 26 18:38:53.080501: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:53.080503: | SPI size: 0 (0x0) Aug 26 18:38:53.080505: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:53.080507: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:53.080509: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:53.080510: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:53.080512: | Notify data a1 58 12 7d 59 e1 fe 68 00 03 4d 19 69 12 77 54 Aug 26 18:38:53.080514: | Notify data a5 33 7a 1c Aug 26 18:38:53.080515: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:53.080517: | emitting length of ISAKMP Message: 828 Aug 26 18:38:53.080521: | stop processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:38:53.080525: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:53.080528: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:38:53.080530: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:38:53.080532: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:38:53.080534: | Message ID: updating counters for #4 to 4294967295 after switching state Aug 26 18:38:53.080536: | Message ID: IKE #4 skipping update_recv as MD is fake Aug 26 18:38:53.080539: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:38:53.080541: "northnet-eastnet" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:38:53.080545: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.8.22:500) Aug 26 18:38:53.080549: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #4) Aug 26 18:38:53.080551: | 1c e4 f0 88 8b a3 ed fe 00 00 00 00 00 00 00 00 Aug 26 18:38:53.080553: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:38:53.080554: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:38:53.080556: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:38:53.080557: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:38:53.080559: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:38:53.080560: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:38:53.080562: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:38:53.080563: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:38:53.080565: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:38:53.080566: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:38:53.080568: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:38:53.080569: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:38:53.080571: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:38:53.080572: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:38:53.080574: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:38:53.080575: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:38:53.080577: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:38:53.080578: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:38:53.080580: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:38:53.080581: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:38:53.080583: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:38:53.080584: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:38:53.080586: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:38:53.080587: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:38:53.080589: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:38:53.080590: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:38:53.080592: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:38:53.080593: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:38:53.080595: | 28 00 01 08 00 0e 00 00 b6 52 f8 2a d2 70 da fe Aug 26 18:38:53.080596: | b0 c9 ea b9 1e c2 45 68 e9 34 f3 e0 37 37 70 73 Aug 26 18:38:53.080598: | 7a 9c cb 53 44 0c f1 92 69 2c d5 58 08 e6 8a a5 Aug 26 18:38:53.080599: | 7b 21 a0 5c 36 02 7a 59 b9 0b 28 35 27 52 1e 67 Aug 26 18:38:53.080601: | a6 b2 35 57 5f 5d 2a 06 c5 23 c2 5f c6 9d d4 80 Aug 26 18:38:53.080602: | 0b aa 01 32 7a 25 eb 0b 24 3a 9a 5e f4 19 da e0 Aug 26 18:38:53.080604: | 41 94 a7 a5 3b 8a 8e eb 09 85 2c f0 fa a0 43 f0 Aug 26 18:38:53.080605: | c0 76 bb 5b a5 93 94 33 b8 ff 48 75 0e ff ab 3a Aug 26 18:38:53.080607: | d3 6d ae bc ec 8a 8f 83 e7 a0 d7 74 17 27 ca 23 Aug 26 18:38:53.080608: | 3d 74 51 20 b7 31 6a dd 2f 45 d1 f4 07 55 05 ad Aug 26 18:38:53.080610: | 4f 02 60 d5 89 c9 40 be f0 ae 0b fb 1a 19 05 56 Aug 26 18:38:53.080611: | 61 c7 0a 22 29 31 3e 25 aa f9 ea 8d 60 4d 4f 4c Aug 26 18:38:53.080613: | 70 9e 75 ea 4a 14 63 84 9c 2c 4b f4 6d 54 15 24 Aug 26 18:38:53.080614: | 86 4d e0 3f 7d 63 74 48 c3 1d 81 9b 89 bb c8 aa Aug 26 18:38:53.080616: | f6 d8 c6 ab c0 3c d7 70 d5 d3 43 fb 11 04 d8 d8 Aug 26 18:38:53.080617: | bc ff 12 2c b5 f4 2f 1d 4f c3 21 cb a1 d6 2c 7c Aug 26 18:38:53.080619: | ab cc 41 21 84 a9 80 86 29 00 00 24 f7 a4 07 aa Aug 26 18:38:53.080620: | 8a f4 0d ac c4 4f 51 69 77 bf c5 03 db 20 a2 d3 Aug 26 18:38:53.080622: | 3e 53 1f 95 2c 3d 66 d7 b7 e1 e5 48 29 00 00 08 Aug 26 18:38:53.080623: | 00 00 40 2e 29 00 00 1c 00 00 40 04 ea c8 d7 88 Aug 26 18:38:53.080625: | 40 3e e2 15 57 d8 88 c0 b8 9c 33 20 94 e3 85 dd Aug 26 18:38:53.080627: | 00 00 00 1c 00 00 40 05 a1 58 12 7d 59 e1 fe 68 Aug 26 18:38:53.080629: | 00 03 4d 19 69 12 77 54 a5 33 7a 1c Aug 26 18:38:53.080651: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:38:53.080655: | libevent_free: release ptr-libevent@0x55d4c8db0698 Aug 26 18:38:53.080657: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fb06c002fc8 Aug 26 18:38:53.080659: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:38:53.080661: "northnet-eastnet" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 18:38:53.080663: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fb06c002fc8 Aug 26 18:38:53.080666: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #4 Aug 26 18:38:53.080668: | libevent_malloc: new ptr-libevent@0x55d4c8da55a8 size 128 Aug 26 18:38:53.080671: | #4 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 30018.82313 Aug 26 18:38:53.080673: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Aug 26 18:38:53.080677: | #4 spent 1.07 milliseconds in resume sending helper answer Aug 26 18:38:53.080680: | stop processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:38:53.080682: | libevent_free: release ptr-libevent@0x7fb064002888 Aug 26 18:38:53.560737: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@24 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:53.560756: shutting down Aug 26 18:38:53.560762: | processing: RESET whack log_fd (was fd@24) (in exit_pluto() at plutomain.c:1825) Aug 26 18:38:53.560765: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:38:53.560766: forgetting secrets Aug 26 18:38:53.560770: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:38:53.560774: | start processing: connection "northnet-eastnet" (in delete_connection() at connections.c:189) Aug 26 18:38:53.560776: | removing pending policy for no connection {0x55d4c8d96908} Aug 26 18:38:53.560778: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:38:53.560780: | pass 0 Aug 26 18:38:53.560782: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:38:53.560784: | state #4 Aug 26 18:38:53.560786: | suspend processing: connection "northnet-eastnet" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:38:53.560790: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:38:53.560792: | pstats #4 ikev2.ike deleted other Aug 26 18:38:53.560796: | #4 spent 2.13 milliseconds in total Aug 26 18:38:53.560799: | [RE]START processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:38:53.560802: "northnet-eastnet" #4: deleting state (STATE_PARENT_I1) aged 0.482s and NOT sending notification Aug 26 18:38:53.560804: | parent state #4: PARENT_I1(half-open IKE SA) => delete Aug 26 18:38:53.560807: | state #4 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:38:53.560809: | #4 STATE_PARENT_I1: retransmits: cleared Aug 26 18:38:53.560812: | libevent_free: release ptr-libevent@0x55d4c8da55a8 Aug 26 18:38:53.560814: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fb06c002fc8 Aug 26 18:38:53.560817: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:38:53.560819: | picked newest_isakmp_sa #0 for #4 Aug 26 18:38:53.560821: "northnet-eastnet" #4: deleting IKE SA for connection 'northnet-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:38:53.560824: | add revival: connection 'northnet-eastnet' added to the list and scheduled for 5 seconds Aug 26 18:38:53.560826: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 18:38:53.560830: | stop processing: connection "northnet-eastnet" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 18:38:53.560835: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 18:38:53.560837: | in connection_discard for connection northnet-eastnet Aug 26 18:38:53.560839: | State DB: deleting IKEv2 state #4 in PARENT_I1 Aug 26 18:38:53.560842: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 18:38:53.560857: | stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:38:53.560861: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:38:53.560863: | pass 1 Aug 26 18:38:53.560864: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:38:53.560867: | shunt_eroute() called for connection 'northnet-eastnet' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:38:53.560869: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:38:53.560872: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:53.560899: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:53.560907: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:38:53.560909: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 18:38:53.560911: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 18:38:53.560914: | route owner of "northnet-eastnet" unrouted: NULL Aug 26 18:38:53.560916: | running updown command "ipsec _updown" for verb unroute Aug 26 18:38:53.560918: | command executing unroute-client Aug 26 18:38:53.560936: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI Aug 26 18:38:53.560939: | popen cmd is 1045 chars long Aug 26 18:38:53.560941: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:38:53.560943: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PL: Aug 26 18:38:53.560944: | cmd( 160):UTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0: Aug 26 18:38:53.560946: | cmd( 240):.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=': Aug 26 18:38:53.560948: | cmd( 320):0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEE: Aug 26 18:38:53.560949: | cmd( 400):R_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 18:38:53.560951: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 18:38:53.560953: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Aug 26 18:38:53.560955: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_N: Aug 26 18:38:53.560956: | cmd( 720):O' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PL: Aug 26 18:38:53.560958: | cmd( 800):UTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEE: Aug 26 18:38:53.560959: | cmd( 880):R_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VT: Aug 26 18:38:53.560962: | cmd( 960):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown: Aug 26 18:38:53.560964: | cmd(1040): 2>&1: Aug 26 18:38:53.568716: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:53.568731: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:53.568733: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:53.568736: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:53.568738: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:53.572965: | free hp@0x55d4c8da54c8 Aug 26 18:38:53.572977: | flush revival: connection 'northnet-eastnet' revival flushed Aug 26 18:38:53.572983: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 18:38:53.572995: | crl fetch request list locked by 'free_crl_fetch' Aug 26 18:38:53.572997: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 18:38:53.573005: shutting down interface eth1/eth1 192.1.8.22:4500 Aug 26 18:38:53.573008: shutting down interface eth1/eth1 192.1.8.22:500 Aug 26 18:38:53.573010: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 18:38:53.573012: shutting down interface lo/lo 127.0.0.1:500 Aug 26 18:38:53.573014: shutting down interface eth0/eth0 192.0.3.254:4500 Aug 26 18:38:53.573016: shutting down interface eth0/eth0 192.0.3.254:500 Aug 26 18:38:53.573017: shutting down interface eth1/eth1 192.1.3.33:4500 Aug 26 18:38:53.573019: shutting down interface eth1/eth1 192.1.3.33:500 Aug 26 18:38:53.573022: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 18:38:53.573032: | libevent_free: release ptr-libevent@0x7fb074002888 Aug 26 18:38:53.573035: | free_event_entry: release EVENT_NULL-pe@0x55d4c8db03e8 Aug 26 18:38:53.573042: | libevent_free: release ptr-libevent@0x55d4c8da8228 Aug 26 18:38:53.573044: | free_event_entry: release EVENT_NULL-pe@0x55d4c8db0458 Aug 26 18:38:53.573050: | libevent_free: release ptr-libevent@0x55d4c8d97478 Aug 26 18:38:53.573052: | free_event_entry: release EVENT_NULL-pe@0x55d4c8da3158 Aug 26 18:38:53.573058: | libevent_free: release ptr-libevent@0x55d4c8d332c8 Aug 26 18:38:53.573060: | free_event_entry: release EVENT_NULL-pe@0x55d4c8da3208 Aug 26 18:38:53.573066: | libevent_free: release ptr-libevent@0x55d4c8d35168 Aug 26 18:38:53.573068: | free_event_entry: release EVENT_NULL-pe@0x55d4c8da32b8 Aug 26 18:38:53.573073: | libevent_free: release ptr-libevent@0x55d4c8d322b8 Aug 26 18:38:53.573075: | free_event_entry: release EVENT_NULL-pe@0x55d4c8da3368 Aug 26 18:38:53.573079: | libevent_free: release ptr-libevent@0x55d4c8d034e8 Aug 26 18:38:53.573081: | free_event_entry: release EVENT_NULL-pe@0x55d4c8da3418 Aug 26 18:38:53.573086: | libevent_free: release ptr-libevent@0x55d4c8d031d8 Aug 26 18:38:53.573088: | free_event_entry: release EVENT_NULL-pe@0x55d4c8da34c8 Aug 26 18:38:53.573091: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:38:53.573482: | libevent_free: release ptr-libevent@0x55d4c8d97528 Aug 26 18:38:53.573488: | free_event_entry: release EVENT_NULL-pe@0x55d4c8d8b268 Aug 26 18:38:53.573492: | libevent_free: release ptr-libevent@0x55d4c8d35068 Aug 26 18:38:53.573495: | free_event_entry: release EVENT_NULL-pe@0x55d4c8d8a728 Aug 26 18:38:53.573498: | libevent_free: release ptr-libevent@0x55d4c8d6eb28 Aug 26 18:38:53.573500: | free_event_entry: release EVENT_NULL-pe@0x55d4c8d8b2d8 Aug 26 18:38:53.573504: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 18:38:53.573506: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 18:38:53.573507: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 18:38:53.573509: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 18:38:53.573510: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 18:38:53.573512: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 18:38:53.573514: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 18:38:53.573515: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 18:38:53.573517: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 18:38:53.573523: | libevent_free: release ptr-libevent@0x55d4c8d32818 Aug 26 18:38:53.573525: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 18:38:53.573527: | libevent_free: release ptr-libevent@0x55d4c8da2938 Aug 26 18:38:53.573529: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 18:38:53.573531: | libevent_free: release ptr-libevent@0x55d4c8da2a48 Aug 26 18:38:53.573533: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 18:38:53.573535: | libevent_free: release ptr-libevent@0x55d4c8da2c88 Aug 26 18:38:53.573537: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 18:38:53.573538: | releasing event base Aug 26 18:38:53.573548: | libevent_free: release ptr-libevent@0x55d4c8da2b58 Aug 26 18:38:53.573550: | libevent_free: release ptr-libevent@0x55d4c8d85b18 Aug 26 18:38:53.573553: | libevent_free: release ptr-libevent@0x55d4c8d85ac8 Aug 26 18:38:53.573555: | libevent_free: release ptr-libevent@0x55d4c8d85a58 Aug 26 18:38:53.573556: | libevent_free: release ptr-libevent@0x55d4c8d85a18 Aug 26 18:38:53.573558: | libevent_free: release ptr-libevent@0x55d4c8da2838 Aug 26 18:38:53.573560: | libevent_free: release ptr-libevent@0x55d4c8da28b8 Aug 26 18:38:53.573561: | libevent_free: release ptr-libevent@0x55d4c8d85cc8 Aug 26 18:38:53.573563: | libevent_free: release ptr-libevent@0x55d4c8d8a838 Aug 26 18:38:53.573565: | libevent_free: release ptr-libevent@0x55d4c8d8b228 Aug 26 18:38:53.573566: | libevent_free: release ptr-libevent@0x55d4c8dab6d8 Aug 26 18:38:53.573568: | libevent_free: release ptr-libevent@0x55d4c8da3538 Aug 26 18:38:53.573570: | libevent_free: release ptr-libevent@0x55d4c8da3488 Aug 26 18:38:53.573571: | libevent_free: release ptr-libevent@0x55d4c8da33d8 Aug 26 18:38:53.573573: | libevent_free: release ptr-libevent@0x55d4c8da3328 Aug 26 18:38:53.573574: | libevent_free: release ptr-libevent@0x55d4c8da3278 Aug 26 18:38:53.573576: | libevent_free: release ptr-libevent@0x55d4c8da31c8 Aug 26 18:38:53.573577: | libevent_free: release ptr-libevent@0x55d4c8dab7c8 Aug 26 18:38:53.573579: | libevent_free: release ptr-libevent@0x55d4c8d32978 Aug 26 18:38:53.573581: | libevent_free: release ptr-libevent@0x55d4c8da2a08 Aug 26 18:38:53.573582: | libevent_free: release ptr-libevent@0x55d4c8da28f8 Aug 26 18:38:53.573584: | libevent_free: release ptr-libevent@0x55d4c8da2878 Aug 26 18:38:53.573586: | libevent_free: release ptr-libevent@0x55d4c8da2b18 Aug 26 18:38:53.573587: | libevent_free: release ptr-libevent@0x55d4c8d31b08 Aug 26 18:38:53.573589: | libevent_free: release ptr-libevent@0x55d4c8d02908 Aug 26 18:38:53.573591: | libevent_free: release ptr-libevent@0x55d4c8d02d38 Aug 26 18:38:53.573593: | libevent_free: release ptr-libevent@0x55d4c8d31e78 Aug 26 18:38:53.573595: | releasing global libevent data Aug 26 18:38:53.573597: | libevent_free: release ptr-libevent@0x55d4c8d03488 Aug 26 18:38:53.573598: | libevent_free: release ptr-libevent@0x55d4c8d02cd8 Aug 26 18:38:53.573600: | libevent_free: release ptr-libevent@0x55d4c8d02dd8 Aug 26 18:38:53.573626: leak detective found no leaks