Aug 26 18:38:31.855647: FIPS Product: YES Aug 26 18:38:31.855766: FIPS Kernel: NO Aug 26 18:38:31.855770: FIPS Mode: NO Aug 26 18:38:31.855772: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:38:31.855938: Initializing NSS Aug 26 18:38:31.855945: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:38:31.892617: NSS initialized Aug 26 18:38:31.892634: NSS crypto library initialized Aug 26 18:38:31.892638: FIPS HMAC integrity support [enabled] Aug 26 18:38:31.892640: FIPS mode disabled for pluto daemon Aug 26 18:38:31.938717: FIPS HMAC integrity verification self-test FAILED Aug 26 18:38:31.938826: libcap-ng support [enabled] Aug 26 18:38:31.938835: Linux audit support [enabled] Aug 26 18:38:31.939250: Linux audit activated Aug 26 18:38:31.939260: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:4933 Aug 26 18:38:31.939265: core dump dir: /tmp Aug 26 18:38:31.939268: secrets file: /etc/ipsec.secrets Aug 26 18:38:31.939270: leak-detective enabled Aug 26 18:38:31.939272: NSS crypto [enabled] Aug 26 18:38:31.939274: XAUTH PAM support [enabled] Aug 26 18:38:31.939355: | libevent is using pluto's memory allocator Aug 26 18:38:31.939366: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:38:31.939382: | libevent_malloc: new ptr-libevent@0x55fa519da8b8 size 40 Aug 26 18:38:31.939387: | libevent_malloc: new ptr-libevent@0x55fa519d9cd8 size 40 Aug 26 18:38:31.939391: | libevent_malloc: new ptr-libevent@0x55fa519d9dd8 size 40 Aug 26 18:38:31.939393: | creating event base Aug 26 18:38:31.939397: | libevent_malloc: new ptr-libevent@0x55fa51a5ca48 size 56 Aug 26 18:38:31.939402: | libevent_malloc: new ptr-libevent@0x55fa51a08e68 size 664 Aug 26 18:38:31.939416: | libevent_malloc: new ptr-libevent@0x55fa51a5cab8 size 24 Aug 26 18:38:31.939419: | libevent_malloc: new ptr-libevent@0x55fa51a5cb08 size 384 Aug 26 18:38:31.939430: | libevent_malloc: new ptr-libevent@0x55fa51a5ca08 size 16 Aug 26 18:38:31.939432: | libevent_malloc: new ptr-libevent@0x55fa519d9908 size 40 Aug 26 18:38:31.939435: | libevent_malloc: new ptr-libevent@0x55fa519d9d38 size 48 Aug 26 18:38:31.939440: | libevent_realloc: new ptr-libevent@0x55fa51a09968 size 256 Aug 26 18:38:31.939443: | libevent_malloc: new ptr-libevent@0x55fa51a5ccb8 size 16 Aug 26 18:38:31.939450: | libevent_free: release ptr-libevent@0x55fa51a5ca48 Aug 26 18:38:31.939454: | libevent initialized Aug 26 18:38:31.939458: | libevent_realloc: new ptr-libevent@0x55fa51a5ca48 size 64 Aug 26 18:38:31.939465: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:38:31.939479: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:38:31.939481: NAT-Traversal support [enabled] Aug 26 18:38:31.939484: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:38:31.939491: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:38:31.939495: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:38:31.939530: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:38:31.939533: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:38:31.939537: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:38:31.939587: Encryption algorithms: Aug 26 18:38:31.939594: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:38:31.939598: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:38:31.939602: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:38:31.939606: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:38:31.939609: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:38:31.939620: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:38:31.939624: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:38:31.939628: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:38:31.939632: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:38:31.939636: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:38:31.939640: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:38:31.939643: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:38:31.939647: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:38:31.939651: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:38:31.939655: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:38:31.939658: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:38:31.939662: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:38:31.939669: Hash algorithms: Aug 26 18:38:31.939672: MD5 IKEv1: IKE IKEv2: Aug 26 18:38:31.939675: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:38:31.939678: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:38:31.939682: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:38:31.939685: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:38:31.939700: PRF algorithms: Aug 26 18:38:31.939704: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:38:31.939707: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:38:31.939711: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:38:31.939714: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:38:31.939718: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:38:31.939721: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:38:31.939748: Integrity algorithms: Aug 26 18:38:31.939752: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:38:31.939756: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:38:31.939760: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:38:31.939764: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:38:31.939769: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:38:31.939772: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:38:31.939776: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:38:31.939779: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:38:31.939782: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:38:31.939795: DH algorithms: Aug 26 18:38:31.939798: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:38:31.939801: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:38:31.939805: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:38:31.939810: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:38:31.939813: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:38:31.939816: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:38:31.939819: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:38:31.939823: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:38:31.939826: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:38:31.939829: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:38:31.939832: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:38:31.939835: testing CAMELLIA_CBC: Aug 26 18:38:31.939838: Camellia: 16 bytes with 128-bit key Aug 26 18:38:31.939957: Camellia: 16 bytes with 128-bit key Aug 26 18:38:31.939986: Camellia: 16 bytes with 256-bit key Aug 26 18:38:31.940018: Camellia: 16 bytes with 256-bit key Aug 26 18:38:31.940046: testing AES_GCM_16: Aug 26 18:38:31.940049: empty string Aug 26 18:38:31.940078: one block Aug 26 18:38:31.940103: two blocks Aug 26 18:38:31.940129: two blocks with associated data Aug 26 18:38:31.940155: testing AES_CTR: Aug 26 18:38:31.940158: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:38:31.940184: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:38:31.940212: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:38:31.940241: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:38:31.940268: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:38:31.940302: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:38:31.940334: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:38:31.940360: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:38:31.940388: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:38:31.940417: testing AES_CBC: Aug 26 18:38:31.940420: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:38:31.940446: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:38:31.940475: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:38:31.940503: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:38:31.940539: testing AES_XCBC: Aug 26 18:38:31.940542: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:38:31.940663: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:38:31.940795: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:38:31.940920: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:38:31.941051: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:38:31.941178: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:38:31.941311: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:38:31.941608: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:38:31.941736: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:38:31.941876: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:38:31.942114: testing HMAC_MD5: Aug 26 18:38:31.942118: RFC 2104: MD5_HMAC test 1 Aug 26 18:38:31.942312: RFC 2104: MD5_HMAC test 2 Aug 26 18:38:31.942476: RFC 2104: MD5_HMAC test 3 Aug 26 18:38:31.942679: 8 CPU cores online Aug 26 18:38:31.942685: starting up 7 crypto helpers Aug 26 18:38:31.942723: started thread for crypto helper 0 Aug 26 18:38:31.942800: started thread for crypto helper 1 Aug 26 18:38:31.942807: | starting up helper thread 1 Aug 26 18:38:31.942822: started thread for crypto helper 2 Aug 26 18:38:31.942826: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:38:31.942834: | crypto helper 1 waiting (nothing to do) Aug 26 18:38:31.942841: started thread for crypto helper 3 Aug 26 18:38:31.942843: | starting up helper thread 3 Aug 26 18:38:31.942849: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:38:31.942852: | crypto helper 3 waiting (nothing to do) Aug 26 18:38:31.942863: started thread for crypto helper 4 Aug 26 18:38:31.942864: | starting up helper thread 4 Aug 26 18:38:31.942870: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:38:31.942873: | crypto helper 4 waiting (nothing to do) Aug 26 18:38:31.942883: started thread for crypto helper 5 Aug 26 18:38:31.942884: | starting up helper thread 5 Aug 26 18:38:31.942890: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:38:31.942892: | crypto helper 5 waiting (nothing to do) Aug 26 18:38:31.942903: started thread for crypto helper 6 Aug 26 18:38:31.942905: | starting up helper thread 6 Aug 26 18:38:31.942908: | checking IKEv1 state table Aug 26 18:38:31.942910: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:38:31.942914: | crypto helper 6 waiting (nothing to do) Aug 26 18:38:31.942918: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:38:31.942921: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:38:31.942924: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:38:31.942927: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:38:31.942930: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:38:31.942933: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:38:31.942936: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:31.942938: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:31.942942: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:38:31.942944: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:38:31.942947: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:31.942950: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:31.942953: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:38:31.942955: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:38:31.942958: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:38:31.942961: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:38:31.942964: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:38:31.942966: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:38:31.942969: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:38:31.942972: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:38:31.942975: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:38:31.942978: | -> UNDEFINED EVENT_NULL Aug 26 18:38:31.942981: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:38:31.942984: | -> UNDEFINED EVENT_NULL Aug 26 18:38:31.942988: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:38:31.942990: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:38:31.942993: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:38:31.942996: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:38:31.942999: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:38:31.943002: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:38:31.943005: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:38:31.943008: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:38:31.943011: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:38:31.943013: | -> UNDEFINED EVENT_NULL Aug 26 18:38:31.943016: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:38:31.943019: | -> UNDEFINED EVENT_NULL Aug 26 18:38:31.943022: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:38:31.943025: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:38:31.943028: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:38:31.943031: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:38:31.943034: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:38:31.943037: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:38:31.943040: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:38:31.943043: | -> UNDEFINED EVENT_NULL Aug 26 18:38:31.943051: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:38:31.943055: | -> UNDEFINED EVENT_NULL Aug 26 18:38:31.943058: | INFO: category: informational flags: 0: Aug 26 18:38:31.943060: | -> UNDEFINED EVENT_NULL Aug 26 18:38:31.943063: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:38:31.943066: | -> UNDEFINED EVENT_NULL Aug 26 18:38:31.943069: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:38:31.943072: | -> XAUTH_R1 EVENT_NULL Aug 26 18:38:31.943075: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:38:31.943078: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:38:31.943081: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:38:31.943084: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:38:31.943087: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:38:31.943090: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:38:31.943093: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:38:31.943095: | -> UNDEFINED EVENT_NULL Aug 26 18:38:31.943098: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:38:31.943101: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:38:31.943105: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:38:31.943108: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:38:31.943110: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:38:31.943113: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:38:31.943120: | checking IKEv2 state table Aug 26 18:38:31.943128: | PARENT_I0: category: ignore flags: 0: Aug 26 18:38:31.943131: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:38:31.943135: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:38:31.943138: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:38:31.943142: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:38:31.943145: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:38:31.943148: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:38:31.943151: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:38:31.943154: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:38:31.943157: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:38:31.943160: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:38:31.943164: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:38:31.943167: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:38:31.943170: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:38:31.943173: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:38:31.943176: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:38:31.943179: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:38:31.943182: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:38:31.943185: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:38:31.943188: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:38:31.943191: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:38:31.943194: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:38:31.943197: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:38:31.943200: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:38:31.943203: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:38:31.943206: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:38:31.943209: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:38:31.943212: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:38:31.943217: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:38:31.943221: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:38:31.943224: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:38:31.943227: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:38:31.943230: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:38:31.943233: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:38:31.943236: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:38:31.943239: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:38:31.943242: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:38:31.943246: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:38:31.943249: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:38:31.943252: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:38:31.943255: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:38:31.943258: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:38:31.943261: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:38:31.943264: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:38:31.943267: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:38:31.943270: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:38:31.943274: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:38:31.943295: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:38:31.943385: | starting up helper thread 2 Aug 26 18:38:31.943397: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:38:31.943400: | crypto helper 2 waiting (nothing to do) Aug 26 18:38:31.943788: | starting up helper thread 0 Aug 26 18:38:31.943798: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:38:31.943801: | crypto helper 0 waiting (nothing to do) Aug 26 18:38:31.954312: | Hard-wiring algorithms Aug 26 18:38:31.954326: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:38:31.954333: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:38:31.954336: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:38:31.954338: | adding 3DES_CBC to kernel algorithm db Aug 26 18:38:31.954341: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:38:31.954344: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:38:31.954347: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:38:31.954349: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:38:31.954352: | adding AES_CTR to kernel algorithm db Aug 26 18:38:31.954355: | adding AES_CBC to kernel algorithm db Aug 26 18:38:31.954358: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:38:31.954360: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:38:31.954363: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:38:31.954366: | adding NULL to kernel algorithm db Aug 26 18:38:31.954369: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:38:31.954372: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:38:31.954374: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:38:31.954377: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:38:31.954380: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:38:31.954383: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:38:31.954386: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:38:31.954388: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:38:31.954391: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:38:31.954393: | adding NONE to kernel algorithm db Aug 26 18:38:31.954428: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:38:31.954436: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:38:31.954439: | setup kernel fd callback Aug 26 18:38:31.954443: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55fa51a622c8 Aug 26 18:38:31.954448: | libevent_malloc: new ptr-libevent@0x55fa51a45b18 size 128 Aug 26 18:38:31.954452: | libevent_malloc: new ptr-libevent@0x55fa51a61828 size 16 Aug 26 18:38:31.954460: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55fa51a61718 Aug 26 18:38:31.954464: | libevent_malloc: new ptr-libevent@0x55fa51a0c058 size 128 Aug 26 18:38:31.954468: | libevent_malloc: new ptr-libevent@0x55fa51a62218 size 16 Aug 26 18:38:31.954721: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:38:31.954729: selinux support is enabled. Aug 26 18:38:31.955464: | unbound context created - setting debug level to 5 Aug 26 18:38:31.955498: | /etc/hosts lookups activated Aug 26 18:38:31.955513: | /etc/resolv.conf usage activated Aug 26 18:38:31.955579: | outgoing-port-avoid set 0-65535 Aug 26 18:38:31.955609: | outgoing-port-permit set 32768-60999 Aug 26 18:38:31.955612: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:38:31.955616: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:38:31.955619: | Setting up events, loop start Aug 26 18:38:31.955623: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55fa51a62258 Aug 26 18:38:31.955627: | libevent_malloc: new ptr-libevent@0x55fa51a6e518 size 128 Aug 26 18:38:31.955631: | libevent_malloc: new ptr-libevent@0x55fa51a79828 size 16 Aug 26 18:38:31.955638: | libevent_realloc: new ptr-libevent@0x55fa51a08af8 size 256 Aug 26 18:38:31.955641: | libevent_malloc: new ptr-libevent@0x55fa51a79868 size 8 Aug 26 18:38:31.955645: | libevent_realloc: new ptr-libevent@0x55fa51a093a8 size 144 Aug 26 18:38:31.955648: | libevent_malloc: new ptr-libevent@0x55fa51a09808 size 152 Aug 26 18:38:31.955652: | libevent_malloc: new ptr-libevent@0x55fa51a798a8 size 16 Aug 26 18:38:31.955655: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:38:31.955659: | libevent_malloc: new ptr-libevent@0x55fa51a798e8 size 8 Aug 26 18:38:31.955662: | libevent_malloc: new ptr-libevent@0x55fa51a79928 size 152 Aug 26 18:38:31.955665: | signal event handler PLUTO_SIGTERM installed Aug 26 18:38:31.955668: | libevent_malloc: new ptr-libevent@0x55fa51a799f8 size 8 Aug 26 18:38:31.955671: | libevent_malloc: new ptr-libevent@0x55fa51a79a38 size 152 Aug 26 18:38:31.955674: | signal event handler PLUTO_SIGHUP installed Aug 26 18:38:31.955678: | libevent_malloc: new ptr-libevent@0x55fa51a79b08 size 8 Aug 26 18:38:31.955681: | libevent_realloc: release ptr-libevent@0x55fa51a093a8 Aug 26 18:38:31.955684: | libevent_realloc: new ptr-libevent@0x55fa51a79b48 size 256 Aug 26 18:38:31.955687: | libevent_malloc: new ptr-libevent@0x55fa51a79c78 size 152 Aug 26 18:38:31.955690: | signal event handler PLUTO_SIGSYS installed Aug 26 18:38:31.956114: | created addconn helper (pid:5146) using fork+execve Aug 26 18:38:31.956135: | forked child 5146 Aug 26 18:38:31.956185: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:31.956554: listening for IKE messages Aug 26 18:38:31.961786: | Inspecting interface lo Aug 26 18:38:31.961813: | found lo with address 127.0.0.1 Aug 26 18:38:31.961819: | Inspecting interface eth0 Aug 26 18:38:31.961823: | found eth0 with address 192.0.2.254 Aug 26 18:38:31.961827: | Inspecting interface eth1 Aug 26 18:38:31.961832: | found eth1 with address 192.1.2.23 Aug 26 18:38:31.962256: Kernel supports NIC esp-hw-offload Aug 26 18:38:31.962274: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Aug 26 18:38:31.962343: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:38:31.962351: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:38:31.962356: adding interface eth1/eth1 192.1.2.23:4500 Aug 26 18:38:31.962388: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Aug 26 18:38:31.962409: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:38:31.962413: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:38:31.962417: adding interface eth0/eth0 192.0.2.254:4500 Aug 26 18:38:31.962439: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:38:31.962458: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:38:31.962463: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:38:31.962466: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:38:31.962557: | no interfaces to sort Aug 26 18:38:31.962563: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:38:31.962572: | add_fd_read_event_handler: new ethX-pe@0x55fa51a7a148 Aug 26 18:38:31.962577: | libevent_malloc: new ptr-libevent@0x55fa51a6e468 size 128 Aug 26 18:38:31.962582: | libevent_malloc: new ptr-libevent@0x55fa51a7a1b8 size 16 Aug 26 18:38:31.962590: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:38:31.962594: | add_fd_read_event_handler: new ethX-pe@0x55fa51a7a1f8 Aug 26 18:38:31.962598: | libevent_malloc: new ptr-libevent@0x55fa51a0a2b8 size 128 Aug 26 18:38:31.962601: | libevent_malloc: new ptr-libevent@0x55fa51a7a268 size 16 Aug 26 18:38:31.962606: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:38:31.962609: | add_fd_read_event_handler: new ethX-pe@0x55fa51a7a2a8 Aug 26 18:38:31.962611: | libevent_malloc: new ptr-libevent@0x55fa51a0c158 size 128 Aug 26 18:38:31.962614: | libevent_malloc: new ptr-libevent@0x55fa51a7a318 size 16 Aug 26 18:38:31.962618: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 18:38:31.962622: | add_fd_read_event_handler: new ethX-pe@0x55fa51a7a358 Aug 26 18:38:31.962625: | libevent_malloc: new ptr-libevent@0x55fa51a092a8 size 128 Aug 26 18:38:31.962628: | libevent_malloc: new ptr-libevent@0x55fa51a7a3c8 size 16 Aug 26 18:38:31.962633: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 18:38:31.962636: | add_fd_read_event_handler: new ethX-pe@0x55fa51a7a408 Aug 26 18:38:31.962640: | libevent_malloc: new ptr-libevent@0x55fa519da4e8 size 128 Aug 26 18:38:31.962643: | libevent_malloc: new ptr-libevent@0x55fa51a7a478 size 16 Aug 26 18:38:31.962648: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 18:38:31.962651: | add_fd_read_event_handler: new ethX-pe@0x55fa51a7a4b8 Aug 26 18:38:31.962654: | libevent_malloc: new ptr-libevent@0x55fa519da1d8 size 128 Aug 26 18:38:31.962657: | libevent_malloc: new ptr-libevent@0x55fa51a7a528 size 16 Aug 26 18:38:31.962662: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 18:38:31.962666: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:38:31.962669: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:38:31.962695: loading secrets from "/etc/ipsec.secrets" Aug 26 18:38:31.962711: | Processing PSK at line 1: passed Aug 26 18:38:31.962715: | certs and keys locked by 'process_secret' Aug 26 18:38:31.962719: | certs and keys unlocked by 'process_secret' Aug 26 18:38:31.962729: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:31.962738: | spent 1.74 milliseconds in whack Aug 26 18:38:32.000451: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:32.000471: listening for IKE messages Aug 26 18:38:32.000503: | Inspecting interface lo Aug 26 18:38:32.000510: | found lo with address 127.0.0.1 Aug 26 18:38:32.000513: | Inspecting interface eth0 Aug 26 18:38:32.000518: | found eth0 with address 192.0.2.254 Aug 26 18:38:32.000521: | Inspecting interface eth1 Aug 26 18:38:32.000525: | found eth1 with address 192.1.2.23 Aug 26 18:38:32.000587: | no interfaces to sort Aug 26 18:38:32.000597: | libevent_free: release ptr-libevent@0x55fa51a6e468 Aug 26 18:38:32.000601: | free_event_entry: release EVENT_NULL-pe@0x55fa51a7a148 Aug 26 18:38:32.000608: | add_fd_read_event_handler: new ethX-pe@0x55fa51a7a148 Aug 26 18:38:32.000612: | libevent_malloc: new ptr-libevent@0x55fa51a6e468 size 128 Aug 26 18:38:32.000620: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:38:32.000624: | libevent_free: release ptr-libevent@0x55fa51a0a2b8 Aug 26 18:38:32.000627: | free_event_entry: release EVENT_NULL-pe@0x55fa51a7a1f8 Aug 26 18:38:32.000630: | add_fd_read_event_handler: new ethX-pe@0x55fa51a7a1f8 Aug 26 18:38:32.000633: | libevent_malloc: new ptr-libevent@0x55fa51a0a2b8 size 128 Aug 26 18:38:32.000638: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:38:32.000641: | libevent_free: release ptr-libevent@0x55fa51a0c158 Aug 26 18:38:32.000644: | free_event_entry: release EVENT_NULL-pe@0x55fa51a7a2a8 Aug 26 18:38:32.000647: | add_fd_read_event_handler: new ethX-pe@0x55fa51a7a2a8 Aug 26 18:38:32.000650: | libevent_malloc: new ptr-libevent@0x55fa51a0c158 size 128 Aug 26 18:38:32.000655: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 18:38:32.000659: | libevent_free: release ptr-libevent@0x55fa51a092a8 Aug 26 18:38:32.000662: | free_event_entry: release EVENT_NULL-pe@0x55fa51a7a358 Aug 26 18:38:32.000664: | add_fd_read_event_handler: new ethX-pe@0x55fa51a7a358 Aug 26 18:38:32.000667: | libevent_malloc: new ptr-libevent@0x55fa51a092a8 size 128 Aug 26 18:38:32.000672: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 18:38:32.000675: | libevent_free: release ptr-libevent@0x55fa519da4e8 Aug 26 18:38:32.000678: | free_event_entry: release EVENT_NULL-pe@0x55fa51a7a408 Aug 26 18:38:32.000681: | add_fd_read_event_handler: new ethX-pe@0x55fa51a7a408 Aug 26 18:38:32.000684: | libevent_malloc: new ptr-libevent@0x55fa519da4e8 size 128 Aug 26 18:38:32.000689: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 18:38:32.000692: | libevent_free: release ptr-libevent@0x55fa519da1d8 Aug 26 18:38:32.000695: | free_event_entry: release EVENT_NULL-pe@0x55fa51a7a4b8 Aug 26 18:38:32.000698: | add_fd_read_event_handler: new ethX-pe@0x55fa51a7a4b8 Aug 26 18:38:32.000701: | libevent_malloc: new ptr-libevent@0x55fa519da1d8 size 128 Aug 26 18:38:32.000705: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 18:38:32.000709: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:38:32.000711: forgetting secrets Aug 26 18:38:32.000717: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:38:32.000730: loading secrets from "/etc/ipsec.secrets" Aug 26 18:38:32.000737: | Processing PSK at line 1: passed Aug 26 18:38:32.000740: | certs and keys locked by 'process_secret' Aug 26 18:38:32.000743: | certs and keys unlocked by 'process_secret' Aug 26 18:38:32.000751: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:32.000759: | spent 0.314 milliseconds in whack Aug 26 18:38:32.001211: | processing signal PLUTO_SIGCHLD Aug 26 18:38:32.001227: | waitpid returned pid 5146 (exited with status 0) Aug 26 18:38:32.001232: | reaped addconn helper child (status 0) Aug 26 18:38:32.001236: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:32.001242: | spent 0.022 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:32.050800: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:32.050832: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:32.050836: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:38:32.050839: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:32.050841: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:38:32.050846: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:32.050886: | Added new connection eastnet-any with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 18:38:32.050946: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:38:32.050956: | from whack: got --esp=aes256-sha2 Aug 26 18:38:32.050971: | ESP/AH string values: AES_CBC_256-HMAC_SHA2_256_128 Aug 26 18:38:32.050976: | counting wild cards for (none) is 15 Aug 26 18:38:32.050982: | counting wild cards for 192.1.2.23 is 0 Aug 26 18:38:32.050988: | add new addresspool to global pools 192.0.3.10-192.0.3.19 size 10 ptr 0x55fa51a69358 Aug 26 18:38:32.050994: | based upon policy, the connection is a template. Aug 26 18:38:32.050997: | reference addresspool of conn eastnet-any[0] kind CK_TEMPLATE refcnt 0 Aug 26 18:38:32.051004: | connect_to_host_pair: 192.1.2.23:500 0.0.0.0:500 -> hp@(nil): none Aug 26 18:38:32.051007: | new hp@0x55fa51a7c468 Aug 26 18:38:32.051011: added connection description "eastnet-any" Aug 26 18:38:32.051022: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 18:38:32.051031: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[MS+S=C]...%any[+MC+S=C] Aug 26 18:38:32.051038: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:32.051046: | spent 0.253 milliseconds in whack Aug 26 18:38:34.262958: | spent 0.00413 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:34.262997: | *received 828 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) Aug 26 18:38:34.263002: | f2 6d 48 f5 1b 4e 73 a7 00 00 00 00 00 00 00 00 Aug 26 18:38:34.263005: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:38:34.263007: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:38:34.263010: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:38:34.263013: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:38:34.263015: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:38:34.263017: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:38:34.263020: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:38:34.263022: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:38:34.263025: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:38:34.263028: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:38:34.263030: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:38:34.263033: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:38:34.263036: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:38:34.263038: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:38:34.263041: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:38:34.263043: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:38:34.263046: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:38:34.263048: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:38:34.263050: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:38:34.263053: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:38:34.263055: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:38:34.263058: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:38:34.263061: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:38:34.263063: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:38:34.263066: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:38:34.263068: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:38:34.263071: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:38:34.263073: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:38:34.263076: | 28 00 01 08 00 0e 00 00 08 14 e1 2f 17 fe a8 41 Aug 26 18:38:34.263078: | 23 02 97 dd bf dd 4d 55 0f 6c dc 9e c7 a5 47 76 Aug 26 18:38:34.263081: | c0 38 21 91 50 49 56 49 90 0b 75 b1 64 4d c4 f4 Aug 26 18:38:34.263087: | 8d f7 92 5e 45 3d 8f 37 c4 ee 50 cd 88 ea 26 69 Aug 26 18:38:34.263091: | 8d 74 10 86 f4 13 a7 63 72 30 77 3b 76 5e f8 31 Aug 26 18:38:34.263093: | ff bd be a7 6f 12 97 9a 83 6a c0 9b 16 b2 06 8e Aug 26 18:38:34.263096: | ed 44 45 1f 2d e0 25 70 45 fc 08 d4 56 88 05 10 Aug 26 18:38:34.263099: | c5 c4 2d 3f a5 a1 aa 16 33 ec 40 8b 8a 5a 12 de Aug 26 18:38:34.263101: | 11 3f 5c 60 75 b8 35 95 c4 93 04 20 25 57 75 06 Aug 26 18:38:34.263104: | 09 40 96 38 06 fa 18 0f df 59 8f b6 cd e8 d1 48 Aug 26 18:38:34.263106: | 28 8a 74 8e aa 18 1e c2 05 63 62 27 c1 d7 f7 5e Aug 26 18:38:34.263109: | 42 38 b6 66 15 57 1e 0a 71 73 26 90 a9 1d 74 f9 Aug 26 18:38:34.263112: | 59 26 b3 dd d6 a6 3d 2e 4a f9 77 37 80 2b e5 f7 Aug 26 18:38:34.263114: | 53 dd aa bb b9 53 39 f9 43 98 db 8a 65 cf e9 6b Aug 26 18:38:34.263117: | d7 17 b9 54 2f be 7f 3d 91 df 61 99 e6 26 05 b4 Aug 26 18:38:34.263119: | 06 98 fe 69 52 73 a5 e9 ed e6 1c d0 b8 4b 0b f0 Aug 26 18:38:34.263122: | a1 9e 07 f1 26 4b c3 1e 29 00 00 24 11 e1 5f 47 Aug 26 18:38:34.263125: | 76 94 4e 92 d7 fe f2 0c 07 12 70 27 16 8e fc 5e Aug 26 18:38:34.263128: | ea 0b 04 47 95 43 c7 0b b3 eb e9 f9 29 00 00 08 Aug 26 18:38:34.263130: | 00 00 40 2e 29 00 00 1c 00 00 40 04 34 28 7f 53 Aug 26 18:38:34.263133: | a4 28 9c 3b 72 00 8a 2d 35 05 13 20 7b d2 dc 9d Aug 26 18:38:34.263136: | 00 00 00 1c 00 00 40 05 fc 97 c2 33 d0 d9 86 e5 Aug 26 18:38:34.263138: | bb de 3d 22 31 af f1 84 2f 89 cd ad Aug 26 18:38:34.263145: | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) Aug 26 18:38:34.263150: | **parse ISAKMP Message: Aug 26 18:38:34.263154: | initiator cookie: Aug 26 18:38:34.263156: | f2 6d 48 f5 1b 4e 73 a7 Aug 26 18:38:34.263159: | responder cookie: Aug 26 18:38:34.263161: | 00 00 00 00 00 00 00 00 Aug 26 18:38:34.263164: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:38:34.263167: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:34.263170: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:38:34.263173: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:38:34.263175: | Message ID: 0 (0x0) Aug 26 18:38:34.263178: | length: 828 (0x33c) Aug 26 18:38:34.263181: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 18:38:34.263184: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Aug 26 18:38:34.263189: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Aug 26 18:38:34.263193: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:38:34.263196: | ***parse IKEv2 Security Association Payload: Aug 26 18:38:34.263199: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:38:34.263202: | flags: none (0x0) Aug 26 18:38:34.263204: | length: 436 (0x1b4) Aug 26 18:38:34.263207: | processing payload: ISAKMP_NEXT_v2SA (len=432) Aug 26 18:38:34.263209: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:38:34.263213: | ***parse IKEv2 Key Exchange Payload: Aug 26 18:38:34.263215: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:38:34.263218: | flags: none (0x0) Aug 26 18:38:34.263220: | length: 264 (0x108) Aug 26 18:38:34.263223: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.263226: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:38:34.263228: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:38:34.263231: | ***parse IKEv2 Nonce Payload: Aug 26 18:38:34.263234: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:34.263236: | flags: none (0x0) Aug 26 18:38:34.263239: | length: 36 (0x24) Aug 26 18:38:34.263242: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:38:34.263244: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:34.263247: | ***parse IKEv2 Notify Payload: Aug 26 18:38:34.263250: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:34.263252: | flags: none (0x0) Aug 26 18:38:34.263257: | length: 8 (0x8) Aug 26 18:38:34.263260: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.263263: | SPI size: 0 (0x0) Aug 26 18:38:34.263266: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:38:34.263269: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:38:34.263271: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:34.263274: | ***parse IKEv2 Notify Payload: Aug 26 18:38:34.263277: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:34.263279: | flags: none (0x0) Aug 26 18:38:34.263282: | length: 28 (0x1c) Aug 26 18:38:34.263285: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.263292: | SPI size: 0 (0x0) Aug 26 18:38:34.263299: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:34.263302: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:34.263304: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:34.263307: | ***parse IKEv2 Notify Payload: Aug 26 18:38:34.263310: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.263312: | flags: none (0x0) Aug 26 18:38:34.263315: | length: 28 (0x1c) Aug 26 18:38:34.263318: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.263320: | SPI size: 0 (0x0) Aug 26 18:38:34.263323: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:34.263326: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:34.263328: | DDOS disabled and no cookie sent, continuing Aug 26 18:38:34.263335: | find_host_connection local=192.1.2.23:500 remote=192.1.3.209:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 18:38:34.263338: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 18:38:34.263341: | find_next_host_connection returns empty Aug 26 18:38:34.263346: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 18:38:34.263352: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Aug 26 18:38:34.263356: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 18:38:34.263359: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO (eastnet-any) Aug 26 18:38:34.263362: | find_next_host_connection returns empty Aug 26 18:38:34.263366: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Aug 26 18:38:34.263371: | find_host_connection local=192.1.2.23:500 remote=192.1.3.209:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 18:38:34.263374: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 18:38:34.263376: | find_next_host_connection returns empty Aug 26 18:38:34.263380: | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 18:38:34.263385: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Aug 26 18:38:34.263388: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 18:38:34.263391: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO (eastnet-any) Aug 26 18:38:34.263394: | find_next_host_connection returns empty Aug 26 18:38:34.263398: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW Aug 26 18:38:34.263403: | find_host_connection local=192.1.2.23:500 remote=192.1.3.209:500 policy=PSK+IKEV2_ALLOW but ignoring ports Aug 26 18:38:34.263406: | find_next_host_connection policy=PSK+IKEV2_ALLOW Aug 26 18:38:34.263408: | find_next_host_connection returns empty Aug 26 18:38:34.263412: | find_host_connection local=192.1.2.23:500 remote= policy=PSK+IKEV2_ALLOW but ignoring ports Aug 26 18:38:34.263417: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Aug 26 18:38:34.263420: | find_next_host_connection policy=PSK+IKEV2_ALLOW Aug 26 18:38:34.263423: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO (eastnet-any) Aug 26 18:38:34.263429: | find_next_host_connection returns eastnet-any Aug 26 18:38:34.263432: | find_next_host_connection policy=PSK+IKEV2_ALLOW Aug 26 18:38:34.263434: | find_next_host_connection returns empty Aug 26 18:38:34.263437: | rw_instantiate Aug 26 18:38:34.263446: | reference addresspool of conn eastnet-any[1] kind CK_TEMPLATE refcnt 1 Aug 26 18:38:34.263453: | connect_to_host_pair: 192.1.2.23:500 192.1.3.209:500 -> hp@(nil): none Aug 26 18:38:34.263456: | new hp@0x55fa51a7e3b8 Aug 26 18:38:34.263462: | rw_instantiate() instantiated "eastnet-any"[1] 192.1.3.209 for 192.1.3.209 Aug 26 18:38:34.263467: | found connection: eastnet-any[1] 192.1.3.209 with policy PSK+IKEV2_ALLOW Aug 26 18:38:34.263472: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Aug 26 18:38:34.263508: | creating state object #1 at 0x55fa51a7e908 Aug 26 18:38:34.263513: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 18:38:34.263521: | pstats #1 ikev2.ike started Aug 26 18:38:34.263525: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:38:34.263529: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Aug 26 18:38:34.263535: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:38:34.263547: | start processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:34.263551: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:38:34.263557: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:38:34.263561: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 18:38:34.263566: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Aug 26 18:38:34.263571: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 18:38:34.263574: | #1 in state PARENT_R0: processing SA_INIT request Aug 26 18:38:34.263578: | selected state microcode Respond to IKE_SA_INIT Aug 26 18:38:34.263580: | Now let's proceed with state specific processing Aug 26 18:38:34.263583: | calling processor Respond to IKE_SA_INIT Aug 26 18:38:34.263590: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:38:34.263594: | constructing local IKE proposals for eastnet-any (IKE SA responder matching remote proposals) Aug 26 18:38:34.263604: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:34.263613: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:34.263617: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:34.263623: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:34.263628: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:34.263635: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:34.263639: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:34.263645: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:34.263661: "eastnet-any"[1] 192.1.3.209: constructed local IKE proposals for eastnet-any (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:34.263665: | Comparing remote proposals against IKE responder 4 local proposals Aug 26 18:38:34.263669: | local proposal 1 type ENCR has 1 transforms Aug 26 18:38:34.263672: | local proposal 1 type PRF has 2 transforms Aug 26 18:38:34.263675: | local proposal 1 type INTEG has 1 transforms Aug 26 18:38:34.263678: | local proposal 1 type DH has 8 transforms Aug 26 18:38:34.263680: | local proposal 1 type ESN has 0 transforms Aug 26 18:38:34.263684: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:38:34.263687: | local proposal 2 type ENCR has 1 transforms Aug 26 18:38:34.263690: | local proposal 2 type PRF has 2 transforms Aug 26 18:38:34.263693: | local proposal 2 type INTEG has 1 transforms Aug 26 18:38:34.263695: | local proposal 2 type DH has 8 transforms Aug 26 18:38:34.263698: | local proposal 2 type ESN has 0 transforms Aug 26 18:38:34.263701: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:38:34.263703: | local proposal 3 type ENCR has 1 transforms Aug 26 18:38:34.263706: | local proposal 3 type PRF has 2 transforms Aug 26 18:38:34.263709: | local proposal 3 type INTEG has 2 transforms Aug 26 18:38:34.263711: | local proposal 3 type DH has 8 transforms Aug 26 18:38:34.263714: | local proposal 3 type ESN has 0 transforms Aug 26 18:38:34.263717: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:38:34.263720: | local proposal 4 type ENCR has 1 transforms Aug 26 18:38:34.263722: | local proposal 4 type PRF has 2 transforms Aug 26 18:38:34.263725: | local proposal 4 type INTEG has 2 transforms Aug 26 18:38:34.263728: | local proposal 4 type DH has 8 transforms Aug 26 18:38:34.263730: | local proposal 4 type ESN has 0 transforms Aug 26 18:38:34.263733: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:38:34.263737: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.263741: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:34.263743: | length: 100 (0x64) Aug 26 18:38:34.263746: | prop #: 1 (0x1) Aug 26 18:38:34.263749: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:34.263752: | spi size: 0 (0x0) Aug 26 18:38:34.263754: | # transforms: 11 (0xb) Aug 26 18:38:34.263758: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Aug 26 18:38:34.263761: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.263764: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.263767: | length: 12 (0xc) Aug 26 18:38:34.263770: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.263772: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:34.263775: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.263778: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.263781: | length/value: 256 (0x100) Aug 26 18:38:34.263785: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:38:34.263788: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.263791: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.263796: | length: 8 (0x8) Aug 26 18:38:34.263799: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.263802: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:34.263806: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 18:38:34.263809: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Aug 26 18:38:34.263812: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Aug 26 18:38:34.263816: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Aug 26 18:38:34.263819: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.263821: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.263824: | length: 8 (0x8) Aug 26 18:38:34.263826: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.263829: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:34.263832: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.263835: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.263837: | length: 8 (0x8) Aug 26 18:38:34.263840: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.263843: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.263847: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:38:34.263850: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Aug 26 18:38:34.263853: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Aug 26 18:38:34.263857: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Aug 26 18:38:34.263859: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.263862: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.263865: | length: 8 (0x8) Aug 26 18:38:34.263867: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.263870: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:34.263873: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.263876: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.263878: | length: 8 (0x8) Aug 26 18:38:34.263881: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.263884: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:34.263887: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.263889: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.263892: | length: 8 (0x8) Aug 26 18:38:34.263895: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.263897: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:34.263900: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.263903: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.263906: | length: 8 (0x8) Aug 26 18:38:34.263908: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.263911: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:34.263914: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.263917: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.263919: | length: 8 (0x8) Aug 26 18:38:34.263922: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.263925: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:34.263928: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.263931: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.263933: | length: 8 (0x8) Aug 26 18:38:34.263936: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.263939: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:34.263942: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.263945: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.263947: | length: 8 (0x8) Aug 26 18:38:34.263952: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.263955: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:34.263959: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 18:38:34.263964: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 18:38:34.263967: | remote proposal 1 matches local proposal 1 Aug 26 18:38:34.263970: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.263973: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:34.263976: | length: 100 (0x64) Aug 26 18:38:34.263979: | prop #: 2 (0x2) Aug 26 18:38:34.263981: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:34.263984: | spi size: 0 (0x0) Aug 26 18:38:34.263987: | # transforms: 11 (0xb) Aug 26 18:38:34.263990: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:38:34.263993: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.263996: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.263998: | length: 12 (0xc) Aug 26 18:38:34.264001: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.264004: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:34.264007: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.264009: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.264012: | length/value: 128 (0x80) Aug 26 18:38:34.264015: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264018: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264021: | length: 8 (0x8) Aug 26 18:38:34.264024: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.264026: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:34.264029: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264032: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264035: | length: 8 (0x8) Aug 26 18:38:34.264037: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.264040: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:34.264043: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264046: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264049: | length: 8 (0x8) Aug 26 18:38:34.264051: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264054: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.264057: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264059: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264062: | length: 8 (0x8) Aug 26 18:38:34.264065: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264068: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:34.264071: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264073: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264076: | length: 8 (0x8) Aug 26 18:38:34.264079: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264081: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:34.264084: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264087: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264090: | length: 8 (0x8) Aug 26 18:38:34.264092: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264095: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:34.264098: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264101: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264103: | length: 8 (0x8) Aug 26 18:38:34.264106: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264108: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:34.264111: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264114: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264120: | length: 8 (0x8) Aug 26 18:38:34.264123: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264126: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:34.264129: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264132: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264134: | length: 8 (0x8) Aug 26 18:38:34.264137: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264140: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:34.264143: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264145: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.264148: | length: 8 (0x8) Aug 26 18:38:34.264150: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264153: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:34.264157: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Aug 26 18:38:34.264160: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Aug 26 18:38:34.264163: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.264166: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:34.264169: | length: 116 (0x74) Aug 26 18:38:34.264171: | prop #: 3 (0x3) Aug 26 18:38:34.264174: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:34.264177: | spi size: 0 (0x0) Aug 26 18:38:34.264179: | # transforms: 13 (0xd) Aug 26 18:38:34.264182: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:38:34.264185: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264188: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264191: | length: 12 (0xc) Aug 26 18:38:34.264194: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.264196: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:34.264199: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.264202: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.264204: | length/value: 256 (0x100) Aug 26 18:38:34.264207: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264210: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264213: | length: 8 (0x8) Aug 26 18:38:34.264215: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.264218: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:34.264221: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264224: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264226: | length: 8 (0x8) Aug 26 18:38:34.264229: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.264232: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:34.264235: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264238: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264240: | length: 8 (0x8) Aug 26 18:38:34.264243: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:34.264246: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:38:34.264249: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264252: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264254: | length: 8 (0x8) Aug 26 18:38:34.264256: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:34.264259: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:34.264262: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264265: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264268: | length: 8 (0x8) Aug 26 18:38:34.264271: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264273: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.264276: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264279: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264282: | length: 8 (0x8) Aug 26 18:38:34.264284: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264294: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:34.264302: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264305: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264308: | length: 8 (0x8) Aug 26 18:38:34.264310: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264313: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:34.264316: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264319: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264322: | length: 8 (0x8) Aug 26 18:38:34.264325: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264327: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:34.264330: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264333: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264336: | length: 8 (0x8) Aug 26 18:38:34.264338: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264341: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:34.264344: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264347: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264349: | length: 8 (0x8) Aug 26 18:38:34.264352: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264355: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:34.264357: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264361: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264363: | length: 8 (0x8) Aug 26 18:38:34.264366: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264368: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:34.264371: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264374: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.264377: | length: 8 (0x8) Aug 26 18:38:34.264379: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264382: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:34.264386: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 18:38:34.264390: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 18:38:34.264393: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.264395: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:34.264398: | length: 116 (0x74) Aug 26 18:38:34.264400: | prop #: 4 (0x4) Aug 26 18:38:34.264403: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:34.264406: | spi size: 0 (0x0) Aug 26 18:38:34.264409: | # transforms: 13 (0xd) Aug 26 18:38:34.264412: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 18:38:34.264415: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264418: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264420: | length: 12 (0xc) Aug 26 18:38:34.264423: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.264425: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:34.264428: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.264431: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.264434: | length/value: 128 (0x80) Aug 26 18:38:34.264437: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264440: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264443: | length: 8 (0x8) Aug 26 18:38:34.264446: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.264449: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:34.264452: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264455: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264457: | length: 8 (0x8) Aug 26 18:38:34.264460: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.264462: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:34.264468: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264471: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264474: | length: 8 (0x8) Aug 26 18:38:34.264477: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:34.264480: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:38:34.264483: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264486: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264488: | length: 8 (0x8) Aug 26 18:38:34.264491: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:34.264494: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:34.264497: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264500: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264502: | length: 8 (0x8) Aug 26 18:38:34.264505: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264508: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.264510: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264513: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264515: | length: 8 (0x8) Aug 26 18:38:34.264518: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264521: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:34.264524: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264527: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264530: | length: 8 (0x8) Aug 26 18:38:34.264533: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264536: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:34.264539: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264542: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264545: | length: 8 (0x8) Aug 26 18:38:34.264548: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264551: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:34.264554: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264556: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264558: | length: 8 (0x8) Aug 26 18:38:34.264561: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264564: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:34.264567: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264569: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264571: | length: 8 (0x8) Aug 26 18:38:34.264574: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264577: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:34.264580: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264582: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.264585: | length: 8 (0x8) Aug 26 18:38:34.264588: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264591: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:34.264594: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.264597: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.264600: | length: 8 (0x8) Aug 26 18:38:34.264603: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.264606: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:34.264610: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 18:38:34.264614: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 18:38:34.264621: "eastnet-any"[1] 192.1.3.209 #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Aug 26 18:38:34.264628: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Aug 26 18:38:34.264631: | converting proposal to internal trans attrs Aug 26 18:38:34.264636: | natd_hash: rcookie is zero Aug 26 18:38:34.264653: | natd_hash: hasher=0x55fa50184800(20) Aug 26 18:38:34.264657: | natd_hash: icookie= f2 6d 48 f5 1b 4e 73 a7 Aug 26 18:38:34.264659: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:38:34.264662: | natd_hash: ip= c0 01 02 17 Aug 26 18:38:34.264664: | natd_hash: port=500 Aug 26 18:38:34.264667: | natd_hash: hash= fc 97 c2 33 d0 d9 86 e5 bb de 3d 22 31 af f1 84 Aug 26 18:38:34.264670: | natd_hash: hash= 2f 89 cd ad Aug 26 18:38:34.264673: | natd_hash: rcookie is zero Aug 26 18:38:34.264681: | natd_hash: hasher=0x55fa50184800(20) Aug 26 18:38:34.264685: | natd_hash: icookie= f2 6d 48 f5 1b 4e 73 a7 Aug 26 18:38:34.264688: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:38:34.264690: | natd_hash: ip= c0 01 03 d1 Aug 26 18:38:34.264693: | natd_hash: port=500 Aug 26 18:38:34.264696: | natd_hash: hash= 34 28 7f 53 a4 28 9c 3b 72 00 8a 2d 35 05 13 20 Aug 26 18:38:34.264699: | natd_hash: hash= 7b d2 dc 9d Aug 26 18:38:34.264702: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:38:34.264705: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 18:38:34.264708: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:38:34.264712: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.209 Aug 26 18:38:34.264718: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Aug 26 18:38:34.264722: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55fa51a7e4e8 Aug 26 18:38:34.264727: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:38:34.264731: | libevent_malloc: new ptr-libevent@0x55fa51a80c68 size 128 Aug 26 18:38:34.264748: | #1 spent 1.15 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Aug 26 18:38:34.264752: | crypto helper 1 resuming Aug 26 18:38:34.264758: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:34.264769: | crypto helper 1 starting work-order 1 for state #1 Aug 26 18:38:34.264772: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Aug 26 18:38:34.264775: | crypto helper 1 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Aug 26 18:38:34.264776: | suspending state #1 and saving MD Aug 26 18:38:34.264785: | #1 is busy; has a suspended MD Aug 26 18:38:34.264791: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:38:34.264796: | "eastnet-any"[1] 192.1.3.209 #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:38:34.264802: | stop processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:34.264807: | #1 spent 1.82 milliseconds in ikev2_process_packet() Aug 26 18:38:34.264812: | stop processing: from 192.1.3.209:500 (in process_md() at demux.c:380) Aug 26 18:38:34.264815: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:34.264819: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:34.264823: | spent 1.83 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:34.265781: | crypto helper 1 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.001004 seconds Aug 26 18:38:34.265804: | (#1) spent 1 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Aug 26 18:38:34.265808: | crypto helper 1 sending results from work-order 1 for state #1 to event queue Aug 26 18:38:34.265812: | scheduling resume sending helper answer for #1 Aug 26 18:38:34.265816: | libevent_malloc: new ptr-libevent@0x7f5e08002888 size 128 Aug 26 18:38:34.265827: | crypto helper 1 waiting (nothing to do) Aug 26 18:38:34.265838: | processing resume sending helper answer for #1 Aug 26 18:38:34.265853: | start processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:797) Aug 26 18:38:34.265859: | crypto helper 1 replies to request ID 1 Aug 26 18:38:34.265862: | calling continuation function 0x55fa500afb50 Aug 26 18:38:34.265865: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Aug 26 18:38:34.265895: | **emit ISAKMP Message: Aug 26 18:38:34.265899: | initiator cookie: Aug 26 18:38:34.265902: | f2 6d 48 f5 1b 4e 73 a7 Aug 26 18:38:34.265904: | responder cookie: Aug 26 18:38:34.265907: | 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:34.265910: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:34.265913: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:34.265916: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:38:34.265919: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:38:34.265922: | Message ID: 0 (0x0) Aug 26 18:38:34.265925: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:34.265929: | Emitting ikev2_proposal ... Aug 26 18:38:34.265932: | ***emit IKEv2 Security Association Payload: Aug 26 18:38:34.265935: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.265937: | flags: none (0x0) Aug 26 18:38:34.265941: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:38:34.265944: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.265947: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.265950: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:34.265953: | prop #: 1 (0x1) Aug 26 18:38:34.265956: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:34.265958: | spi size: 0 (0x0) Aug 26 18:38:34.265961: | # transforms: 3 (0x3) Aug 26 18:38:34.265964: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:34.265967: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.265970: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.265973: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.265976: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:34.265979: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.265982: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.265985: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.265988: | length/value: 256 (0x100) Aug 26 18:38:34.265991: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:34.265993: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.265996: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.265999: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.266001: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:34.266005: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.266008: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.266011: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.266016: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.266019: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.266021: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.266024: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.266028: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.266031: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.266034: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.266036: | emitting length of IKEv2 Proposal Substructure Payload: 36 Aug 26 18:38:34.266039: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:34.266042: | emitting length of IKEv2 Security Association Payload: 40 Aug 26 18:38:34.266045: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:38:34.266049: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:38:34.266052: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.266054: | flags: none (0x0) Aug 26 18:38:34.266057: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.266061: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:38:34.266064: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.266067: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:38:34.266070: | ikev2 g^x 1a 8d 57 b4 21 53 72 0d 66 15 32 d3 01 ce b9 40 Aug 26 18:38:34.266073: | ikev2 g^x 51 56 d7 81 56 2e f0 a6 44 c5 9a 17 f0 0f 78 8f Aug 26 18:38:34.266075: | ikev2 g^x f3 3f e7 e6 7b 2e 03 1c 36 36 f9 5d 48 25 17 d3 Aug 26 18:38:34.266078: | ikev2 g^x 76 45 5c c2 97 d2 d2 8c 79 d9 bb 84 1d 55 49 89 Aug 26 18:38:34.266080: | ikev2 g^x 3d c3 da 0f 9d 10 74 d8 d3 31 0c 4c 6d 65 1a 43 Aug 26 18:38:34.266083: | ikev2 g^x 07 0f b9 3f be 09 da 66 7d 8d aa ed 0f 8d 5e 5d Aug 26 18:38:34.266085: | ikev2 g^x 8c 7a 48 a3 6a f7 8f 2c 76 24 40 06 45 e8 2c c1 Aug 26 18:38:34.266088: | ikev2 g^x a0 7f a2 6d c3 b1 02 08 b8 08 30 41 cb b4 0d bd Aug 26 18:38:34.266091: | ikev2 g^x 70 6f 62 3d 82 20 bf c3 85 18 20 ae b7 d8 48 28 Aug 26 18:38:34.266093: | ikev2 g^x fc b7 c9 d3 b5 32 e3 92 80 fc bb 94 b2 1a 14 43 Aug 26 18:38:34.266096: | ikev2 g^x 41 e0 c9 2d 7b bb f5 e4 30 4b 61 ba c6 35 29 2b Aug 26 18:38:34.266098: | ikev2 g^x 3e 9a b2 c2 7d 26 9c 5d ad 0e 45 c2 c5 4f a4 7d Aug 26 18:38:34.266101: | ikev2 g^x ca a8 b5 25 ad c9 69 8b 0e a2 13 62 b6 d5 40 e7 Aug 26 18:38:34.266103: | ikev2 g^x 6c 39 3c 09 61 aa 87 13 93 5b 1e c4 da 7b 8f 4b Aug 26 18:38:34.266106: | ikev2 g^x 29 96 eb 3e 51 5a c7 0e 86 34 ff cc ae b5 17 a6 Aug 26 18:38:34.266108: | ikev2 g^x 3d 9a e9 05 e5 44 31 c1 de 44 4a 1d 33 f7 f8 76 Aug 26 18:38:34.266111: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:38:34.266114: | ***emit IKEv2 Nonce Payload: Aug 26 18:38:34.266117: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:34.266119: | flags: none (0x0) Aug 26 18:38:34.266122: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:38:34.266126: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:38:34.266129: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.266132: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:38:34.266135: | IKEv2 nonce 79 16 72 71 15 10 13 b9 02 e3 2a e2 37 db f5 50 Aug 26 18:38:34.266139: | IKEv2 nonce 5a 28 c4 19 37 48 17 c0 36 e5 c4 72 59 7a c4 81 Aug 26 18:38:34.266141: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:38:34.266144: | Adding a v2N Payload Aug 26 18:38:34.266147: | ***emit IKEv2 Notify Payload: Aug 26 18:38:34.266149: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.266152: | flags: none (0x0) Aug 26 18:38:34.266155: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.266158: | SPI size: 0 (0x0) Aug 26 18:38:34.266161: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:38:34.266164: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:34.266167: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.266170: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:38:34.266173: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:38:34.266186: | natd_hash: hasher=0x55fa50184800(20) Aug 26 18:38:34.266190: | natd_hash: icookie= f2 6d 48 f5 1b 4e 73 a7 Aug 26 18:38:34.266192: | natd_hash: rcookie= 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:34.266195: | natd_hash: ip= c0 01 02 17 Aug 26 18:38:34.266197: | natd_hash: port=500 Aug 26 18:38:34.266200: | natd_hash: hash= e1 b0 f9 3e 6b 9d f8 b3 9e 74 98 d7 26 e1 fe d1 Aug 26 18:38:34.266203: | natd_hash: hash= 00 ca e3 30 Aug 26 18:38:34.266205: | Adding a v2N Payload Aug 26 18:38:34.266208: | ***emit IKEv2 Notify Payload: Aug 26 18:38:34.266210: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.266213: | flags: none (0x0) Aug 26 18:38:34.266216: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.266218: | SPI size: 0 (0x0) Aug 26 18:38:34.266221: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:34.266224: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:34.266227: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.266230: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:34.266233: | Notify data e1 b0 f9 3e 6b 9d f8 b3 9e 74 98 d7 26 e1 fe d1 Aug 26 18:38:34.266236: | Notify data 00 ca e3 30 Aug 26 18:38:34.266239: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:34.266245: | natd_hash: hasher=0x55fa50184800(20) Aug 26 18:38:34.266248: | natd_hash: icookie= f2 6d 48 f5 1b 4e 73 a7 Aug 26 18:38:34.266250: | natd_hash: rcookie= 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:34.266253: | natd_hash: ip= c0 01 03 d1 Aug 26 18:38:34.266255: | natd_hash: port=500 Aug 26 18:38:34.266258: | natd_hash: hash= d1 a1 90 7a 6c 9d 3c c7 24 b0 68 24 89 1a 00 06 Aug 26 18:38:34.266261: | natd_hash: hash= 64 3c 96 65 Aug 26 18:38:34.266263: | Adding a v2N Payload Aug 26 18:38:34.266266: | ***emit IKEv2 Notify Payload: Aug 26 18:38:34.266268: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.266271: | flags: none (0x0) Aug 26 18:38:34.266274: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.266276: | SPI size: 0 (0x0) Aug 26 18:38:34.266279: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:34.266282: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:34.266285: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.266305: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:34.266311: | Notify data d1 a1 90 7a 6c 9d 3c c7 24 b0 68 24 89 1a 00 06 Aug 26 18:38:34.266314: | Notify data 64 3c 96 65 Aug 26 18:38:34.266317: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:34.266319: | emitting length of ISAKMP Message: 432 Aug 26 18:38:34.266330: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:34.266336: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Aug 26 18:38:34.266339: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Aug 26 18:38:34.266343: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Aug 26 18:38:34.266346: | Message ID: updating counters for #1 to 0 after switching state Aug 26 18:38:34.266352: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 18:38:34.266357: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 18:38:34.266363: "eastnet-any"[1] 192.1.3.209 #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 18:38:34.266369: | sending V2 new request packet to 192.1.3.209:500 (from 192.1.2.23:500) Aug 26 18:38:34.266378: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) Aug 26 18:38:34.266381: | f2 6d 48 f5 1b 4e 73 a7 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:34.266384: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 18:38:34.266386: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 18:38:34.266389: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 18:38:34.266391: | 04 00 00 0e 28 00 01 08 00 0e 00 00 1a 8d 57 b4 Aug 26 18:38:34.266394: | 21 53 72 0d 66 15 32 d3 01 ce b9 40 51 56 d7 81 Aug 26 18:38:34.266396: | 56 2e f0 a6 44 c5 9a 17 f0 0f 78 8f f3 3f e7 e6 Aug 26 18:38:34.266399: | 7b 2e 03 1c 36 36 f9 5d 48 25 17 d3 76 45 5c c2 Aug 26 18:38:34.266401: | 97 d2 d2 8c 79 d9 bb 84 1d 55 49 89 3d c3 da 0f Aug 26 18:38:34.266404: | 9d 10 74 d8 d3 31 0c 4c 6d 65 1a 43 07 0f b9 3f Aug 26 18:38:34.266406: | be 09 da 66 7d 8d aa ed 0f 8d 5e 5d 8c 7a 48 a3 Aug 26 18:38:34.266408: | 6a f7 8f 2c 76 24 40 06 45 e8 2c c1 a0 7f a2 6d Aug 26 18:38:34.266411: | c3 b1 02 08 b8 08 30 41 cb b4 0d bd 70 6f 62 3d Aug 26 18:38:34.266414: | 82 20 bf c3 85 18 20 ae b7 d8 48 28 fc b7 c9 d3 Aug 26 18:38:34.266416: | b5 32 e3 92 80 fc bb 94 b2 1a 14 43 41 e0 c9 2d Aug 26 18:38:34.266419: | 7b bb f5 e4 30 4b 61 ba c6 35 29 2b 3e 9a b2 c2 Aug 26 18:38:34.266421: | 7d 26 9c 5d ad 0e 45 c2 c5 4f a4 7d ca a8 b5 25 Aug 26 18:38:34.266424: | ad c9 69 8b 0e a2 13 62 b6 d5 40 e7 6c 39 3c 09 Aug 26 18:38:34.266426: | 61 aa 87 13 93 5b 1e c4 da 7b 8f 4b 29 96 eb 3e Aug 26 18:38:34.266429: | 51 5a c7 0e 86 34 ff cc ae b5 17 a6 3d 9a e9 05 Aug 26 18:38:34.266431: | e5 44 31 c1 de 44 4a 1d 33 f7 f8 76 29 00 00 24 Aug 26 18:38:34.266434: | 79 16 72 71 15 10 13 b9 02 e3 2a e2 37 db f5 50 Aug 26 18:38:34.266436: | 5a 28 c4 19 37 48 17 c0 36 e5 c4 72 59 7a c4 81 Aug 26 18:38:34.266439: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 18:38:34.266442: | e1 b0 f9 3e 6b 9d f8 b3 9e 74 98 d7 26 e1 fe d1 Aug 26 18:38:34.266444: | 00 ca e3 30 00 00 00 1c 00 00 40 05 d1 a1 90 7a Aug 26 18:38:34.266447: | 6c 9d 3c c7 24 b0 68 24 89 1a 00 06 64 3c 96 65 Aug 26 18:38:34.266511: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:38:34.266517: | libevent_free: release ptr-libevent@0x55fa51a80c68 Aug 26 18:38:34.266521: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55fa51a7e4e8 Aug 26 18:38:34.266525: | event_schedule: new EVENT_SO_DISCARD-pe@0x55fa51a7e4e8 Aug 26 18:38:34.266529: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Aug 26 18:38:34.266532: | libevent_malloc: new ptr-libevent@0x55fa51a81db8 size 128 Aug 26 18:38:34.266537: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:38:34.266544: | #1 spent 0.635 milliseconds in resume sending helper answer Aug 26 18:38:34.266551: | stop processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:833) Aug 26 18:38:34.266556: | libevent_free: release ptr-libevent@0x7f5e08002888 Aug 26 18:38:34.269584: | spent 0.003 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:34.269605: | *received 269 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) Aug 26 18:38:34.269609: | f2 6d 48 f5 1b 4e 73 a7 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:34.269612: | 2e 20 23 08 00 00 00 01 00 00 01 0d 23 00 00 f1 Aug 26 18:38:34.269615: | de 1b a8 a1 c1 e1 2b ba 77 63 69 17 67 05 9e 43 Aug 26 18:38:34.269617: | b6 73 80 6c 7f ab 93 e4 b5 8c 45 84 25 c8 65 32 Aug 26 18:38:34.269620: | f2 ef c7 30 3e 51 ee 69 0d d5 62 79 4f 91 b8 51 Aug 26 18:38:34.269622: | 6b d1 b8 a9 3c 74 d9 04 db 2d 66 b0 41 f4 6a d5 Aug 26 18:38:34.269625: | 16 13 d6 e7 f1 fa a1 bb fb 90 ba 8b 9e f1 91 41 Aug 26 18:38:34.269627: | 31 5a d9 25 bc 7e b6 16 91 78 52 e7 8f cd ed be Aug 26 18:38:34.269630: | d1 74 82 1b a9 1f d4 d2 1b f6 e5 d9 52 0a 06 37 Aug 26 18:38:34.269632: | ea 8f 61 06 ef 96 ad 3d aa ea 2f 05 40 31 53 2a Aug 26 18:38:34.269635: | 84 55 c7 da 7b 73 f6 2e d3 9f 68 03 2c e2 61 21 Aug 26 18:38:34.269637: | 88 cf 3a 68 07 33 17 88 1a 06 b6 1d 1b 78 b4 64 Aug 26 18:38:34.269640: | f6 97 b4 4e e1 c2 92 0a 5b 5d bf d3 1b 65 83 ce Aug 26 18:38:34.269642: | 6c 62 1e 0e f6 e2 6f 6e 39 c4 dd b6 dd eb 8b 5c Aug 26 18:38:34.269645: | 73 a6 ad 56 d1 a4 28 df ba 80 7d 31 2b 4b 5b e6 Aug 26 18:38:34.269647: | aa 75 2c f8 e8 d5 1a b8 8b 63 76 e9 2c 85 e5 fb Aug 26 18:38:34.269650: | ef 75 3c 7f ea 00 97 07 65 76 bd 04 28 Aug 26 18:38:34.269655: | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) Aug 26 18:38:34.269659: | **parse ISAKMP Message: Aug 26 18:38:34.269661: | initiator cookie: Aug 26 18:38:34.269664: | f2 6d 48 f5 1b 4e 73 a7 Aug 26 18:38:34.269666: | responder cookie: Aug 26 18:38:34.269669: | 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:34.269672: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:38:34.269675: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:34.269677: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:38:34.269680: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:38:34.269683: | Message ID: 1 (0x1) Aug 26 18:38:34.269686: | length: 269 (0x10d) Aug 26 18:38:34.269689: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:38:34.269692: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 18:38:34.269696: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 18:38:34.269703: | start processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:34.269707: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:38:34.269712: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:38:34.269716: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:38:34.269720: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Aug 26 18:38:34.269723: | unpacking clear payload Aug 26 18:38:34.269726: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:38:34.269728: | ***parse IKEv2 Encryption Payload: Aug 26 18:38:34.269731: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 18:38:34.269734: | flags: none (0x0) Aug 26 18:38:34.269737: | length: 241 (0xf1) Aug 26 18:38:34.269740: | processing payload: ISAKMP_NEXT_v2SK (len=237) Aug 26 18:38:34.269744: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 18:38:34.269747: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 18:38:34.269751: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 18:38:34.269756: | Now let's proceed with state specific processing Aug 26 18:38:34.269759: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 18:38:34.269762: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Aug 26 18:38:34.269766: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 18:38:34.269770: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Aug 26 18:38:34.269773: | state #1 requesting EVENT_SO_DISCARD to be deleted Aug 26 18:38:34.269777: | libevent_free: release ptr-libevent@0x55fa51a81db8 Aug 26 18:38:34.269780: | free_event_entry: release EVENT_SO_DISCARD-pe@0x55fa51a7e4e8 Aug 26 18:38:34.269784: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55fa51a7e4e8 Aug 26 18:38:34.269788: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:38:34.269791: | libevent_malloc: new ptr-libevent@0x7f5e08002888 size 128 Aug 26 18:38:34.269802: | #1 spent 0.0385 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Aug 26 18:38:34.269809: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:34.269813: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Aug 26 18:38:34.269816: | suspending state #1 and saving MD Aug 26 18:38:34.269818: | #1 is busy; has a suspended MD Aug 26 18:38:34.269824: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:38:34.269829: | "eastnet-any"[1] 192.1.3.209 #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:38:34.269835: | stop processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:34.269832: | crypto helper 3 resuming Aug 26 18:38:34.269851: | crypto helper 3 starting work-order 2 for state #1 Aug 26 18:38:34.269842: | #1 spent 0.247 milliseconds in ikev2_process_packet() Aug 26 18:38:34.269858: | crypto helper 3 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Aug 26 18:38:34.269865: | stop processing: from 192.1.3.209:500 (in process_md() at demux.c:380) Aug 26 18:38:34.269869: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:34.269872: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:34.269876: | spent 0.269 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:34.270622: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 18:38:34.270975: | crypto helper 3 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001117 seconds Aug 26 18:38:34.270985: | (#1) spent 1.12 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Aug 26 18:38:34.270989: | crypto helper 3 sending results from work-order 2 for state #1 to event queue Aug 26 18:38:34.270993: | scheduling resume sending helper answer for #1 Aug 26 18:38:34.270997: | libevent_malloc: new ptr-libevent@0x7f5e00000f48 size 128 Aug 26 18:38:34.271006: | crypto helper 3 waiting (nothing to do) Aug 26 18:38:34.271014: | processing resume sending helper answer for #1 Aug 26 18:38:34.271026: | start processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:797) Aug 26 18:38:34.271031: | crypto helper 3 replies to request ID 2 Aug 26 18:38:34.271034: | calling continuation function 0x55fa500afb50 Aug 26 18:38:34.271037: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Aug 26 18:38:34.271040: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 18:38:34.271053: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 18:38:34.271056: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Aug 26 18:38:34.271060: | **parse IKEv2 Identification - Initiator - Payload: Aug 26 18:38:34.271068: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:38:34.271071: | flags: none (0x0) Aug 26 18:38:34.271074: | length: 12 (0xc) Aug 26 18:38:34.271076: | ID type: ID_IPV4_ADDR (0x1) Aug 26 18:38:34.271079: | processing payload: ISAKMP_NEXT_v2IDi (len=4) Aug 26 18:38:34.271082: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 18:38:34.271085: | **parse IKEv2 Authentication Payload: Aug 26 18:38:34.271088: | next payload type: ISAKMP_NEXT_v2CP (0x2f) Aug 26 18:38:34.271090: | flags: none (0x0) Aug 26 18:38:34.271093: | length: 72 (0x48) Aug 26 18:38:34.271096: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:38:34.271098: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 18:38:34.271101: | Now let's proceed with payload (ISAKMP_NEXT_v2CP) Aug 26 18:38:34.271104: | **parse IKEv2 Configuration Payload: Aug 26 18:38:34.271106: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:38:34.271109: | flags: none (0x0) Aug 26 18:38:34.271111: | length: 28 (0x1c) Aug 26 18:38:34.271114: | ikev2_cfg_type: IKEv2_CP_CFG_REQUEST (0x1) Aug 26 18:38:34.271117: | processing payload: ISAKMP_NEXT_v2CP (len=20) Aug 26 18:38:34.271120: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:38:34.271122: | **parse IKEv2 Security Association Payload: Aug 26 18:38:34.271125: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:38:34.271127: | flags: none (0x0) Aug 26 18:38:34.271130: | length: 44 (0x2c) Aug 26 18:38:34.271133: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 18:38:34.271135: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:38:34.271138: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:38:34.271141: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:38:34.271143: | flags: none (0x0) Aug 26 18:38:34.271146: | length: 24 (0x18) Aug 26 18:38:34.271148: | number of TS: 1 (0x1) Aug 26 18:38:34.271151: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:38:34.271153: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:38:34.271156: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:38:34.271159: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:34.271161: | flags: none (0x0) Aug 26 18:38:34.271164: | length: 24 (0x18) Aug 26 18:38:34.271166: | number of TS: 1 (0x1) Aug 26 18:38:34.271169: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:38:34.271171: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:34.271174: | **parse IKEv2 Notify Payload: Aug 26 18:38:34.271177: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.271179: | flags: none (0x0) Aug 26 18:38:34.271182: | length: 8 (0x8) Aug 26 18:38:34.271185: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.271187: | SPI size: 0 (0x0) Aug 26 18:38:34.271190: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 18:38:34.271193: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:38:34.271196: | selected state microcode Responder: process IKE_AUTH request Aug 26 18:38:34.271198: | Now let's proceed with state specific processing Aug 26 18:38:34.271200: | calling processor Responder: process IKE_AUTH request Aug 26 18:38:34.271208: "eastnet-any"[1] 192.1.3.209 #1: processing decrypted IKE_AUTH request: SK{IDi,AUTH,CP,SA,TSi,TSr,N} Aug 26 18:38:34.271214: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:38:34.271219: | parsing 4 raw bytes of IKEv2 Identification - Initiator - Payload into peer ID Aug 26 18:38:34.271222: | peer ID c0 01 03 d1 Aug 26 18:38:34.271227: | refine_host_connection for IKEv2: starting with "eastnet-any"[1] 192.1.3.209 Aug 26 18:38:34.271233: | match_id a=192.1.3.209 Aug 26 18:38:34.271236: | b=192.1.3.209 Aug 26 18:38:34.271238: | results matched Aug 26 18:38:34.271245: | refine_host_connection: checking "eastnet-any"[1] 192.1.3.209 against "eastnet-any"[1] 192.1.3.209, best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Aug 26 18:38:34.271249: | Warning: not switching back to template of current instance Aug 26 18:38:34.271252: | No IDr payload received from peer Aug 26 18:38:34.271257: | refine_host_connection: checked eastnet-any[1] 192.1.3.209 against eastnet-any[1] 192.1.3.209, now for see if best Aug 26 18:38:34.271262: | started looking for secret for 192.1.2.23->192.1.3.209 of kind PKK_PSK Aug 26 18:38:34.271266: | actually looking for secret for 192.1.2.23->192.1.3.209 of kind PKK_PSK Aug 26 18:38:34.271271: | line 1: key type PKK_PSK(192.1.2.23) to type PKK_PSK Aug 26 18:38:34.271275: | 1: compared key (none) to 192.1.2.23 / 192.1.3.209 -> 002 Aug 26 18:38:34.271278: | 2: compared key (none) to 192.1.2.23 / 192.1.3.209 -> 002 Aug 26 18:38:34.271281: | line 1: match=002 Aug 26 18:38:34.271284: | match 002 beats previous best_match 000 match=0x55fa519d5c48 (line=1) Aug 26 18:38:34.271287: | concluding with best_match=002 best=0x55fa519d5c48 (lineno=1) Aug 26 18:38:34.271316: | returning because exact peer id match Aug 26 18:38:34.271319: | offered CA: '%none' Aug 26 18:38:34.271324: "eastnet-any"[1] 192.1.3.209 #1: IKEv2 mode peer ID is ID_IPV4_ADDR: '192.1.3.209' Aug 26 18:38:34.271327: | received v2N_MOBIKE_SUPPORTED while it did not sent Aug 26 18:38:34.271348: | verifying AUTH payload Aug 26 18:38:34.271352: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret Aug 26 18:38:34.271357: | started looking for secret for 192.1.2.23->192.1.3.209 of kind PKK_PSK Aug 26 18:38:34.271361: | actually looking for secret for 192.1.2.23->192.1.3.209 of kind PKK_PSK Aug 26 18:38:34.271366: | line 1: key type PKK_PSK(192.1.2.23) to type PKK_PSK Aug 26 18:38:34.271369: | 1: compared key (none) to 192.1.2.23 / 192.1.3.209 -> 002 Aug 26 18:38:34.271372: | 2: compared key (none) to 192.1.2.23 / 192.1.3.209 -> 002 Aug 26 18:38:34.271374: | line 1: match=002 Aug 26 18:38:34.271377: | match 002 beats previous best_match 000 match=0x55fa519d5c48 (line=1) Aug 26 18:38:34.271380: | concluding with best_match=002 best=0x55fa519d5c48 (lineno=1) Aug 26 18:38:34.271442: "eastnet-any"[1] 192.1.3.209 #1: Authenticated using authby=secret Aug 26 18:38:34.271448: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Aug 26 18:38:34.271453: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Aug 26 18:38:34.271456: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:38:34.271460: | libevent_free: release ptr-libevent@0x7f5e08002888 Aug 26 18:38:34.271463: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55fa51a7e4e8 Aug 26 18:38:34.271467: | event_schedule: new EVENT_SA_REKEY-pe@0x55fa51a7e4e8 Aug 26 18:38:34.271470: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Aug 26 18:38:34.271473: | libevent_malloc: new ptr-libevent@0x55fa51a81db8 size 128 Aug 26 18:38:34.271720: | pstats #1 ikev2.ike established Aug 26 18:38:34.271729: | **emit ISAKMP Message: Aug 26 18:38:34.271733: | initiator cookie: Aug 26 18:38:34.271735: | f2 6d 48 f5 1b 4e 73 a7 Aug 26 18:38:34.271738: | responder cookie: Aug 26 18:38:34.271741: | 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:34.271744: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:34.271747: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:34.271750: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:38:34.271753: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:38:34.271756: | Message ID: 1 (0x1) Aug 26 18:38:34.271759: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:34.271762: | IKEv2 CERT: send a certificate? Aug 26 18:38:34.271766: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 18:38:34.271769: | ***emit IKEv2 Encryption Payload: Aug 26 18:38:34.271772: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.271774: | flags: none (0x0) Aug 26 18:38:34.271778: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:38:34.271784: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.271787: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:38:34.271795: | Adding a v2N Payload Aug 26 18:38:34.271798: | ****emit IKEv2 Notify Payload: Aug 26 18:38:34.271801: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.271804: | flags: none (0x0) Aug 26 18:38:34.271806: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.271809: | SPI size: 0 (0x0) Aug 26 18:38:34.271812: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 18:38:34.271815: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:34.271819: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.271822: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:38:34.271825: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:38:34.271840: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 18:38:34.271843: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.271846: | flags: none (0x0) Aug 26 18:38:34.271849: | ID type: ID_IPV4_ADDR (0x1) Aug 26 18:38:34.271852: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 18:38:34.271855: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.271859: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Aug 26 18:38:34.271862: | my identity c0 01 02 17 Aug 26 18:38:34.271865: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 18:38:34.271873: | assembled IDr payload Aug 26 18:38:34.271876: | CHILD SA proposals received Aug 26 18:38:34.271878: | going to assemble AUTH payload Aug 26 18:38:34.271881: | ****emit IKEv2 Authentication Payload: Aug 26 18:38:34.271884: | next payload type: ISAKMP_NEXT_v2CP (0x2f) Aug 26 18:38:34.271887: | flags: none (0x0) Aug 26 18:38:34.271889: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:38:34.271893: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 47:ISAKMP_NEXT_v2CP Aug 26 18:38:34.271896: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 18:38:34.271899: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.271903: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret Aug 26 18:38:34.271908: | started looking for secret for 192.1.2.23->192.1.3.209 of kind PKK_PSK Aug 26 18:38:34.271913: | actually looking for secret for 192.1.2.23->192.1.3.209 of kind PKK_PSK Aug 26 18:38:34.271917: | line 1: key type PKK_PSK(192.1.2.23) to type PKK_PSK Aug 26 18:38:34.271921: | 1: compared key (none) to 192.1.2.23 / 192.1.3.209 -> 002 Aug 26 18:38:34.271924: | 2: compared key (none) to 192.1.2.23 / 192.1.3.209 -> 002 Aug 26 18:38:34.271927: | line 1: match=002 Aug 26 18:38:34.271930: | match 002 beats previous best_match 000 match=0x55fa519d5c48 (line=1) Aug 26 18:38:34.271933: | concluding with best_match=002 best=0x55fa519d5c48 (lineno=1) Aug 26 18:38:34.271992: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 18:38:34.271996: | PSK auth d5 b4 16 4b 9a cb 70 b9 ed 20 65 21 1e fe 22 23 Aug 26 18:38:34.271999: | PSK auth fb cd 68 05 55 76 d0 93 dc f6 73 b6 dd 3f df ab Aug 26 18:38:34.272002: | PSK auth 14 10 3f 80 73 21 a7 9c 0a df f4 3a 35 04 d7 e9 Aug 26 18:38:34.272005: | PSK auth ad 61 1d 86 83 5a f2 6d 46 d8 07 a6 f7 81 de bc Aug 26 18:38:34.272009: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 18:38:34.272017: | request lease from addresspool 192.0.3.10-192.0.3.19 reference count 2 thatid '' that.client.addr 192.1.3.209 Aug 26 18:38:34.272020: | cannot share a lease, find a new lease IP Aug 26 18:38:34.272024: | New lease from addresspool index 0 Aug 26 18:38:34.272031: | new lease 192.0.3.10 from addresspool 192.0.3.10-192.0.3.19 to that.client.addr 192.1.3.209 thatid '192.1.3.209' Aug 26 18:38:34.272039: | creating state object #2 at 0x55fa51a82a48 Aug 26 18:38:34.272042: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 18:38:34.272047: | pstats #2 ikev2.child started Aug 26 18:38:34.272051: | duplicating state object #1 "eastnet-any"[1] 192.1.3.209 as #2 for IPSEC SA Aug 26 18:38:34.272056: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:38:34.272063: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:38:34.272068: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Aug 26 18:38:34.272072: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Aug 26 18:38:34.272076: | Send Configuration Payload reply Aug 26 18:38:34.272079: | ****emit IKEv2 Configuration Payload: Aug 26 18:38:34.272082: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:38:34.272084: | flags: none (0x0) Aug 26 18:38:34.272087: | ikev2_cfg_type: IKEv2_CP_CFG_REPLY (0x2) Aug 26 18:38:34.272091: | next payload chain: ignoring supplied 'IKEv2 Configuration Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Aug 26 18:38:34.272094: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Configuration Payload (47:ISAKMP_NEXT_v2CP) Aug 26 18:38:34.272097: | next payload chain: saving location 'IKEv2 Configuration Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.272100: | *****emit IKEv2 Configuration Payload Attribute: Aug 26 18:38:34.272103: | Attribute Type: IKEv2_INTERNAL_IP4_ADDRESS (0x1) Aug 26 18:38:34.272106: | emitting 4 raw bytes of Internal IP Address into IKEv2 Configuration Payload Attribute Aug 26 18:38:34.272109: | Internal IP Address c0 00 03 0a Aug 26 18:38:34.272112: | emitting length of IKEv2 Configuration Payload Attribute: 4 Aug 26 18:38:34.272115: | emitting length of IKEv2 Configuration Payload: 16 Aug 26 18:38:34.272119: | constructing ESP/AH proposals with all DH removed for eastnet-any (IKE_AUTH responder matching remote ESP/AH proposals) Aug 26 18:38:34.272124: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:38:34.272130: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:38:34.272136: "eastnet-any"[1] 192.1.3.209: constructed local ESP/AH proposals for eastnet-any (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:38:34.272139: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 1 local proposals Aug 26 18:38:34.272143: | local proposal 1 type ENCR has 1 transforms Aug 26 18:38:34.272146: | local proposal 1 type PRF has 0 transforms Aug 26 18:38:34.272148: | local proposal 1 type INTEG has 1 transforms Aug 26 18:38:34.272151: | local proposal 1 type DH has 1 transforms Aug 26 18:38:34.272153: | local proposal 1 type ESN has 1 transforms Aug 26 18:38:34.272157: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:38:34.272161: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.272163: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:34.272166: | length: 40 (0x28) Aug 26 18:38:34.272170: | prop #: 1 (0x1) Aug 26 18:38:34.272173: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:38:34.272176: | spi size: 4 (0x4) Aug 26 18:38:34.272178: | # transforms: 3 (0x3) Aug 26 18:38:34.272181: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:38:34.272184: | remote SPI ce c2 3d 1b Aug 26 18:38:34.272187: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Aug 26 18:38:34.272190: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.272193: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.272196: | length: 12 (0xc) Aug 26 18:38:34.272198: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.272201: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:34.272204: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.272206: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.272209: | length/value: 256 (0x100) Aug 26 18:38:34.272213: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:38:34.272216: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.272219: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.272221: | length: 8 (0x8) Aug 26 18:38:34.272224: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:34.272227: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:34.272231: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Aug 26 18:38:34.272233: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.272236: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.272239: | length: 8 (0x8) Aug 26 18:38:34.272241: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:38:34.272244: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:38:34.272247: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:38:34.272251: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Aug 26 18:38:34.272256: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Aug 26 18:38:34.272259: | remote proposal 1 matches local proposal 1 Aug 26 18:38:34.272266: "eastnet-any"[1] 192.1.3.209 #1: proposal 1:ESP:SPI=cec23d1b;ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] Aug 26 18:38:34.272271: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=cec23d1b;ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 18:38:34.272274: | converting proposal to internal trans attrs Aug 26 18:38:34.272313: | netlink_get_spi: allocated 0x719ea58c for esp.0@192.1.2.23 Aug 26 18:38:34.272320: | Emitting ikev2_proposal ... Aug 26 18:38:34.272323: | ****emit IKEv2 Security Association Payload: Aug 26 18:38:34.272325: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.272328: | flags: none (0x0) Aug 26 18:38:34.272332: | next payload chain: setting previous 'IKEv2 Configuration Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:38:34.272335: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.272338: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.272341: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:34.272343: | prop #: 1 (0x1) Aug 26 18:38:34.272346: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:38:34.272348: | spi size: 4 (0x4) Aug 26 18:38:34.272351: | # transforms: 3 (0x3) Aug 26 18:38:34.272354: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:34.272357: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:38:34.272362: | our spi 71 9e a5 8c Aug 26 18:38:34.272365: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.272368: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.272370: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.272373: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:34.272376: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.272379: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.272382: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.272385: | length/value: 256 (0x100) Aug 26 18:38:34.272387: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:34.272390: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.272393: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.272395: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:34.272398: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:34.272401: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.272404: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.272407: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.272410: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.272413: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.272415: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:38:34.272418: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:38:34.272421: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.272424: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.272427: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.272430: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:38:34.272433: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:34.272436: | emitting length of IKEv2 Security Association Payload: 44 Aug 26 18:38:34.272439: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:38:34.272441: | received v2N_MOBIKE_SUPPORTED Aug 26 18:38:34.272445: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:38:34.272447: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.272450: | flags: none (0x0) Aug 26 18:38:34.272453: | number of TS: 1 (0x1) Aug 26 18:38:34.272456: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:38:34.272459: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.272462: | *****emit IKEv2 Traffic Selector: Aug 26 18:38:34.272465: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:38:34.272467: | IP Protocol ID: 0 (0x0) Aug 26 18:38:34.272470: | start port: 0 (0x0) Aug 26 18:38:34.272473: | end port: 65535 (0xffff) Aug 26 18:38:34.272476: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:38:34.272479: | ipv4 start c0 00 03 0a Aug 26 18:38:34.272482: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:38:34.272484: | ipv4 end c0 00 03 0a Aug 26 18:38:34.272487: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:38:34.272490: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:38:34.272494: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:38:34.272497: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.272500: | flags: none (0x0) Aug 26 18:38:34.272503: | number of TS: 1 (0x1) Aug 26 18:38:34.272506: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:38:34.272509: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.272512: | *****emit IKEv2 Traffic Selector: Aug 26 18:38:34.272514: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:38:34.272517: | IP Protocol ID: 0 (0x0) Aug 26 18:38:34.272519: | start port: 0 (0x0) Aug 26 18:38:34.272522: | end port: 65535 (0xffff) Aug 26 18:38:34.272525: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:38:34.272527: | ipv4 start c0 00 02 00 Aug 26 18:38:34.272530: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:38:34.272533: | ipv4 end c0 00 02 ff Aug 26 18:38:34.272535: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:38:34.272538: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:38:34.272541: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:38:34.272545: | integ=sha2_256: .key_size=32 encrypt=aes: .key_size=32 .salt_size=0 keymat_len=64 Aug 26 18:38:34.272704: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Aug 26 18:38:34.272712: | #1 spent 1.32 milliseconds Aug 26 18:38:34.272716: | install_ipsec_sa() for #2: inbound and outbound Aug 26 18:38:34.272719: | could_route called for eastnet-any (kind=CK_INSTANCE) Aug 26 18:38:34.272722: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:38:34.272725: | conn eastnet-any mark 0/00000000, 0/00000000 vs Aug 26 18:38:34.272728: | conn eastnet-any mark 0/00000000, 0/00000000 Aug 26 18:38:34.272731: | conn eastnet-any mark 0/00000000, 0/00000000 vs Aug 26 18:38:34.272734: | conn eastnet-any mark 0/00000000, 0/00000000 Aug 26 18:38:34.272739: | route owner of "eastnet-any"[1] 192.1.3.209 unrouted: NULL; eroute owner: NULL Aug 26 18:38:34.272743: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Aug 26 18:38:34.272746: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Aug 26 18:38:34.272750: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Aug 26 18:38:34.272754: | setting IPsec SA replay-window to 32 Aug 26 18:38:34.272757: | NIC esp-hw-offload not for connection 'eastnet-any' not available on interface eth1 Aug 26 18:38:34.272760: | netlink: enabling tunnel mode Aug 26 18:38:34.272764: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:38:34.272767: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:38:34.272840: | netlink response for Add SA esp.cec23d1b@192.1.3.209 included non-error error Aug 26 18:38:34.272844: | set up outgoing SA, ref=0/0 Aug 26 18:38:34.272848: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Aug 26 18:38:34.272851: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Aug 26 18:38:34.272854: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Aug 26 18:38:34.272858: | setting IPsec SA replay-window to 32 Aug 26 18:38:34.272861: | NIC esp-hw-offload not for connection 'eastnet-any' not available on interface eth1 Aug 26 18:38:34.272864: | netlink: enabling tunnel mode Aug 26 18:38:34.272867: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:38:34.272870: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:38:34.272903: | netlink response for Add SA esp.719ea58c@192.1.2.23 included non-error error Aug 26 18:38:34.272908: | priority calculation of connection "eastnet-any" is 0xfe7df Aug 26 18:38:34.272915: | add inbound eroute 192.0.3.10/32:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 18:38:34.272923: | IPsec Sa SPD priority set to 1042399 Aug 26 18:38:34.272945: | raw_eroute result=success Aug 26 18:38:34.272949: | set up incoming SA, ref=0/0 Aug 26 18:38:34.272952: | sr for #2: unrouted Aug 26 18:38:34.272955: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:38:34.272957: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:38:34.272960: | conn eastnet-any mark 0/00000000, 0/00000000 vs Aug 26 18:38:34.272963: | conn eastnet-any mark 0/00000000, 0/00000000 Aug 26 18:38:34.272967: | conn eastnet-any mark 0/00000000, 0/00000000 vs Aug 26 18:38:34.272970: | conn eastnet-any mark 0/00000000, 0/00000000 Aug 26 18:38:34.272975: | route owner of "eastnet-any"[1] 192.1.3.209 unrouted: NULL; eroute owner: NULL Aug 26 18:38:34.272978: | route_and_eroute with c: eastnet-any (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 18:38:34.272982: | priority calculation of connection "eastnet-any" is 0xfe7df Aug 26 18:38:34.272989: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.3.10/32:0 => tun.0@192.1.3.209 (raw_eroute) Aug 26 18:38:34.272992: | IPsec Sa SPD priority set to 1042399 Aug 26 18:38:34.273006: | raw_eroute result=success Aug 26 18:38:34.273009: | running updown command "ipsec _updown" for verb up Aug 26 18:38:34.273012: | command executing up-client Aug 26 18:38:34.273042: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' S Aug 26 18:38:34.273045: | popen cmd is 1050 chars long Aug 26 18:38:34.273049: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUTO_: Aug 26 18:38:34.273052: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID=: Aug 26 18:38:34.273055: | cmd( 160):'192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUT: Aug 26 18:38:34.273058: | cmd( 240):O_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_S: Aug 26 18:38:34.273060: | cmd( 320):A_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID='192.: Aug 26 18:38:34.273063: | cmd( 400):1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PL: Aug 26 18:38:34.273066: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 18:38:34.273069: | cmd( 560):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PS: Aug 26 18:38:34.273072: | cmd( 640):K+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO: Aug 26 18:38:34.273074: | cmd( 720):_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PE: Aug 26 18:38:34.273076: | cmd( 800):ER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=: Aug 26 18:38:34.273079: | cmd( 880):'' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=': Aug 26 18:38:34.273081: | cmd( 960):' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xcec23d1b SPI_OUT=0x719ea58c ipsec _u: Aug 26 18:38:34.273084: | cmd(1040):pdown 2>&1: Aug 26 18:38:34.284264: | route_and_eroute: firewall_notified: true Aug 26 18:38:34.284292: | running updown command "ipsec _updown" for verb prepare Aug 26 18:38:34.284298: | command executing prepare-client Aug 26 18:38:34.284345: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA Aug 26 18:38:34.284365: | popen cmd is 1055 chars long Aug 26 18:38:34.284369: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' P: Aug 26 18:38:34.284372: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_M: Aug 26 18:38:34.284375: | cmd( 160):Y_ID='192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0': Aug 26 18:38:34.284378: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Aug 26 18:38:34.284380: | cmd( 320):UTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID=: Aug 26 18:38:34.284383: | cmd( 400):'192.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.1: Aug 26 18:38:34.284386: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 18:38:34.284389: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Aug 26 18:38:34.284392: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' : Aug 26 18:38:34.284394: | cmd( 720):PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Aug 26 18:38:34.284397: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Aug 26 18:38:34.284400: | cmd( 880):NNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Aug 26 18:38:34.284403: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xcec23d1b SPI_OUT=0x719ea58c ips: Aug 26 18:38:34.284405: | cmd(1040):ec _updown 2>&1: Aug 26 18:38:34.294587: | running updown command "ipsec _updown" for verb route Aug 26 18:38:34.294619: | command executing route-client Aug 26 18:38:34.294655: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED= Aug 26 18:38:34.294661: | popen cmd is 1053 chars long Aug 26 18:38:34.294668: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLU: Aug 26 18:38:34.294684: | cmd( 80):TO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_: Aug 26 18:38:34.294686: | cmd( 160):ID='192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' P: Aug 26 18:38:34.294688: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUT: Aug 26 18:38:34.294689: | cmd( 320):O_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID='1: Aug 26 18:38:34.294691: | cmd( 400):92.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10': Aug 26 18:38:34.294693: | cmd( 480): PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 18:38:34.294695: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=: Aug 26 18:38:34.294696: | cmd( 640):'PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PL: Aug 26 18:38:34.294698: | cmd( 720):UTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS: Aug 26 18:38:34.294700: | cmd( 800):_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANN: Aug 26 18:38:34.294702: | cmd( 880):ER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFAC: Aug 26 18:38:34.294703: | cmd( 960):E='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xcec23d1b SPI_OUT=0x719ea58c ipsec: Aug 26 18:38:34.294705: | cmd(1040): _updown 2>&1: Aug 26 18:38:34.309370: | route_and_eroute: instance "eastnet-any"[1] 192.1.3.209, setting eroute_owner {spd=0x55fa51a7de18,sr=0x55fa51a7de18} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 18:38:34.309466: | #1 spent 1.9 milliseconds in install_ipsec_sa() Aug 26 18:38:34.309473: | ISAKMP_v2_IKE_AUTH: instance eastnet-any[1], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 18:38:34.309477: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:38:34.309481: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:38:34.309486: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:38:34.309489: | emitting length of IKEv2 Encryption Payload: 229 Aug 26 18:38:34.309492: | emitting length of ISAKMP Message: 257 Aug 26 18:38:34.309528: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Aug 26 18:38:34.309534: | #1 spent 3.29 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Aug 26 18:38:34.309543: | suspend processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:34.309550: | start processing: state #2 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:34.309555: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Aug 26 18:38:34.309558: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Aug 26 18:38:34.309562: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Aug 26 18:38:34.309565: | Message ID: updating counters for #2 to 1 after switching state Aug 26 18:38:34.309571: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Aug 26 18:38:34.309576: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Aug 26 18:38:34.309579: | pstats #2 ikev2.child established Aug 26 18:38:34.309590: "eastnet-any"[1] 192.1.3.209 #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.10-192.0.3.10:0-65535 0] Aug 26 18:38:34.309595: | NAT-T: encaps is 'auto' Aug 26 18:38:34.309600: "eastnet-any"[1] 192.1.3.209 #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xcec23d1b <0x719ea58c xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=none NATD=none DPD=passive} Aug 26 18:38:34.309611: | sending V2 new request packet to 192.1.3.209:500 (from 192.1.2.23:500) Aug 26 18:38:34.309620: | sending 257 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) Aug 26 18:38:34.309623: | f2 6d 48 f5 1b 4e 73 a7 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:34.309625: | 2e 20 23 20 00 00 00 01 00 00 01 01 29 00 00 e5 Aug 26 18:38:34.309628: | 2d 26 f4 ec 09 35 26 ff 01 f8 b5 01 3f 02 47 fb Aug 26 18:38:34.309631: | ec d4 69 4e 9a 0a f2 50 7c 85 3e 45 dc 3c 4d f6 Aug 26 18:38:34.309633: | be 07 17 66 12 01 8a 1a fb 4d ad 79 78 d4 0c 44 Aug 26 18:38:34.309636: | 99 67 39 0b 5d f2 9f 4f d5 f4 0b cf 99 96 b5 b8 Aug 26 18:38:34.309638: | 93 b9 9e 90 05 8a 0c 8f a0 9e 46 7b cb b4 07 bb Aug 26 18:38:34.309641: | 19 6b 4c 55 a6 04 c9 33 98 d6 e8 f6 61 df e4 b1 Aug 26 18:38:34.309644: | 2d 00 a0 f7 3a 41 d7 98 8a 89 74 25 a1 a7 ac e0 Aug 26 18:38:34.309646: | d7 03 da 1b 35 75 63 aa 67 fa 16 fe a9 1f ee 92 Aug 26 18:38:34.309649: | 72 72 ee 89 8f e3 2a 5a 9d e9 53 3f 76 d0 18 ad Aug 26 18:38:34.309651: | a9 97 8d c9 c5 57 a2 7f ca ec 6c 56 82 33 6b 99 Aug 26 18:38:34.309654: | dc 15 0a 9c ce 42 a1 ad 27 7f cd aa a3 f9 12 d4 Aug 26 18:38:34.309657: | db c5 5a b3 16 d7 78 d9 f0 35 e3 a5 cc 2f 30 d6 Aug 26 18:38:34.309659: | ac 3e f1 0b b0 b2 bb f5 1f ee 67 fd 41 72 5e 9d Aug 26 18:38:34.309662: | 7d c2 1e 4e 0a 64 48 80 3a b7 72 03 71 2a f8 fa Aug 26 18:38:34.309664: | 26 Aug 26 18:38:34.309715: | releasing whack for #2 (sock=fd@-1) Aug 26 18:38:34.309719: | releasing whack and unpending for parent #1 Aug 26 18:38:34.309745: | unpending state #1 connection "eastnet-any"[1] 192.1.3.209 Aug 26 18:38:34.309750: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Aug 26 18:38:34.309754: | event_schedule: new EVENT_SA_REKEY-pe@0x7f5e08002b78 Aug 26 18:38:34.309757: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Aug 26 18:38:34.309761: | libevent_malloc: new ptr-libevent@0x55fa51a82908 size 128 Aug 26 18:38:34.309775: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:38:34.309783: | #1 spent 3.66 milliseconds in resume sending helper answer Aug 26 18:38:34.309789: | stop processing: state #2 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:833) Aug 26 18:38:34.309794: | libevent_free: release ptr-libevent@0x7f5e00000f48 Aug 26 18:38:34.309809: | processing signal PLUTO_SIGCHLD Aug 26 18:38:34.309815: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:34.309819: | spent 0.005 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:34.309822: | processing signal PLUTO_SIGCHLD Aug 26 18:38:34.309826: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:34.309829: | spent 0.00357 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:34.309832: | processing signal PLUTO_SIGCHLD Aug 26 18:38:34.309835: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:34.309839: | spent 0.0035 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:41.091984: | spent 0.00296 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:41.092005: | *received 121 bytes from 192.1.33.222:500 on eth1 (192.1.2.23:500) Aug 26 18:38:41.092008: | f2 6d 48 f5 1b 4e 73 a7 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:41.092010: | 2e 20 25 08 00 00 00 02 00 00 00 79 29 00 00 5d Aug 26 18:38:41.092011: | b7 4d 90 6f ec 47 93 3b 7f 4c 1d 52 a8 3f f3 e7 Aug 26 18:38:41.092013: | c2 9f 85 07 b3 f5 b2 66 a0 aa 39 21 16 cb 06 33 Aug 26 18:38:41.092015: | 0d 3d 0a 80 f2 1e cf 1c e3 3b 17 a9 ea 15 b7 2d Aug 26 18:38:41.092016: | a9 92 df 2e de 4b eb ba fb d9 87 0c 9b e9 39 72 Aug 26 18:38:41.092018: | 70 5c 27 4d 6d bc c1 b4 82 a1 e3 37 7e 3f 6c a0 Aug 26 18:38:41.092022: | f3 8b 2a a5 e8 20 8f e8 a2 Aug 26 18:38:41.092025: | start processing: from 192.1.33.222:500 (in process_md() at demux.c:378) Aug 26 18:38:41.092028: | **parse ISAKMP Message: Aug 26 18:38:41.092030: | initiator cookie: Aug 26 18:38:41.092031: | f2 6d 48 f5 1b 4e 73 a7 Aug 26 18:38:41.092033: | responder cookie: Aug 26 18:38:41.092034: | 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:41.092036: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:38:41.092038: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:41.092040: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:41.092044: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:38:41.092046: | Message ID: 2 (0x2) Aug 26 18:38:41.092047: | length: 121 (0x79) Aug 26 18:38:41.092049: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:38:41.092052: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request Aug 26 18:38:41.092055: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Aug 26 18:38:41.092061: | start processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:41.092063: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:38:41.092066: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.3.209 from 192.1.3.209:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:38:41.092069: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Aug 26 18:38:41.092071: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 Aug 26 18:38:41.092073: | unpacking clear payload Aug 26 18:38:41.092075: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:38:41.092077: | ***parse IKEv2 Encryption Payload: Aug 26 18:38:41.092079: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:41.092080: | flags: none (0x0) Aug 26 18:38:41.092082: | length: 93 (0x5d) Aug 26 18:38:41.092084: | processing payload: ISAKMP_NEXT_v2SK (len=89) Aug 26 18:38:41.092087: | Message ID: start-responder #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Aug 26 18:38:41.092089: | #1 in state PARENT_R2: received v2I2, PARENT SA established Aug 26 18:38:41.092102: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:38:41.092104: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:41.092106: | **parse IKEv2 Notify Payload: Aug 26 18:38:41.092108: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:41.092110: | flags: none (0x0) Aug 26 18:38:41.092111: | length: 8 (0x8) Aug 26 18:38:41.092113: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:41.092115: | SPI size: 0 (0x0) Aug 26 18:38:41.092117: | Notify Message Type: v2N_UPDATE_SA_ADDRESSES (0x4010) Aug 26 18:38:41.092119: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:38:41.092120: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:41.092122: | **parse IKEv2 Notify Payload: Aug 26 18:38:41.092124: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:41.092125: | flags: none (0x0) Aug 26 18:38:41.092127: | length: 28 (0x1c) Aug 26 18:38:41.092128: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:41.092130: | SPI size: 0 (0x0) Aug 26 18:38:41.092132: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:41.092133: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:41.092135: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:41.092137: | **parse IKEv2 Notify Payload: Aug 26 18:38:41.092138: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:41.092140: | flags: none (0x0) Aug 26 18:38:41.092141: | length: 28 (0x1c) Aug 26 18:38:41.092143: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:41.092145: | SPI size: 0 (0x0) Aug 26 18:38:41.092147: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:41.092149: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:41.092151: | selected state microcode R2: process Informational Request Aug 26 18:38:41.092153: | Now let's proceed with state specific processing Aug 26 18:38:41.092155: | calling processor R2: process Informational Request Aug 26 18:38:41.092157: | an informational request should send a response Aug 26 18:38:41.092159: | Need to process v2N_UPDATE_SA_ADDRESSES Aug 26 18:38:41.092161: | TODO: Need to process NAT DETECTION payload if we are initiator Aug 26 18:38:41.092163: | TODO: Need to process NAT DETECTION payload if we are initiator Aug 26 18:38:41.092167: | #2 pst=#1 MOBIKE update remote address 192.1.3.209:500 -> 192.1.33.222:500 Aug 26 18:38:41.092172: | responder migrate kernel SA esp.cec23d1b@192.1.3.209:500 to 192.1.33.222:500 reqid=16393 XFRM_OUT Aug 26 18:38:41.092233: | responder migrate kernel SA esp.719ea58c@192.1.3.209:500 to 192.1.33.222:500 reqid=16393 XFRM_IN Aug 26 18:38:41.092253: | responder migrate kernel SA esp.719ea58c@192.1.3.209:500 to 192.1.33.222:500 reqid=16393 XFRM_FWD Aug 26 18:38:41.092263: "eastnet-any"[1] 192.1.3.209 #1: success MOBIKE update remote address 192.1.3.209:500 -> 192.1.33.222:500 Aug 26 18:38:41.092267: | free hp@0x55fa51a7e3b8 Aug 26 18:38:41.092271: | connect_to_host_pair: 192.1.2.23:500 192.1.33.222:500 -> hp@(nil): none Aug 26 18:38:41.092272: | new hp@0x55fa51a7e3b8 Aug 26 18:38:41.092276: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:38:41.092279: "eastnet-any"[1] 192.1.33.222 #1: MOBIKE request: updating IPsec SA by request Aug 26 18:38:41.092300: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:38:41.092303: | **emit ISAKMP Message: Aug 26 18:38:41.092320: | initiator cookie: Aug 26 18:38:41.092322: | f2 6d 48 f5 1b 4e 73 a7 Aug 26 18:38:41.092325: | responder cookie: Aug 26 18:38:41.092327: | 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:41.092329: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:41.092331: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:41.092332: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:41.092334: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:38:41.092336: | Message ID: 2 (0x2) Aug 26 18:38:41.092338: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:41.092340: | ***emit IKEv2 Encryption Payload: Aug 26 18:38:41.092355: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:41.092356: | flags: none (0x0) Aug 26 18:38:41.092358: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:38:41.092361: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:38:41.092363: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:38:41.092372: | adding NATD payloads to MOBIKE response Aug 26 18:38:41.092374: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:38:41.092383: | natd_hash: hasher=0x55fa50184800(20) Aug 26 18:38:41.092385: | natd_hash: icookie= f2 6d 48 f5 1b 4e 73 a7 Aug 26 18:38:41.092387: | natd_hash: rcookie= 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:41.092388: | natd_hash: ip= c0 01 02 17 Aug 26 18:38:41.092390: | natd_hash: port=500 Aug 26 18:38:41.092392: | natd_hash: hash= e1 b0 f9 3e 6b 9d f8 b3 9e 74 98 d7 26 e1 fe d1 Aug 26 18:38:41.092393: | natd_hash: hash= 00 ca e3 30 Aug 26 18:38:41.092395: | Adding a v2N Payload Aug 26 18:38:41.092397: | ****emit IKEv2 Notify Payload: Aug 26 18:38:41.092398: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:41.092400: | flags: none (0x0) Aug 26 18:38:41.092402: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:41.092403: | SPI size: 0 (0x0) Aug 26 18:38:41.092405: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:41.092409: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:41.092411: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:38:41.092413: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:41.092415: | Notify data e1 b0 f9 3e 6b 9d f8 b3 9e 74 98 d7 26 e1 fe d1 Aug 26 18:38:41.092417: | Notify data 00 ca e3 30 Aug 26 18:38:41.092418: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:41.092423: | natd_hash: hasher=0x55fa50184800(20) Aug 26 18:38:41.092425: | natd_hash: icookie= f2 6d 48 f5 1b 4e 73 a7 Aug 26 18:38:41.092427: | natd_hash: rcookie= 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:41.092428: | natd_hash: ip= c0 01 21 de Aug 26 18:38:41.092430: | natd_hash: port=500 Aug 26 18:38:41.092431: | natd_hash: hash= 15 fd c4 90 8c b4 91 a0 f7 3f 7c 9a 3d 01 e6 21 Aug 26 18:38:41.092433: | natd_hash: hash= f2 fc 66 2c Aug 26 18:38:41.092435: | Adding a v2N Payload Aug 26 18:38:41.092436: | ****emit IKEv2 Notify Payload: Aug 26 18:38:41.092438: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:41.092440: | flags: none (0x0) Aug 26 18:38:41.092441: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:41.092443: | SPI size: 0 (0x0) Aug 26 18:38:41.092444: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:41.092447: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:41.092448: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:38:41.092450: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:41.092452: | Notify data 15 fd c4 90 8c b4 91 a0 f7 3f 7c 9a 3d 01 e6 21 Aug 26 18:38:41.092454: | Notify data f2 fc 66 2c Aug 26 18:38:41.092455: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:41.092457: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:38:41.092459: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:38:41.092461: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:38:41.092463: | emitting length of IKEv2 Encryption Payload: 85 Aug 26 18:38:41.092465: | emitting length of ISAKMP Message: 113 Aug 26 18:38:41.092473: | sending 113 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.33.222:500 (using #1) Aug 26 18:38:41.092475: | f2 6d 48 f5 1b 4e 73 a7 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:41.092477: | 2e 20 25 20 00 00 00 02 00 00 00 71 29 00 00 55 Aug 26 18:38:41.092478: | 54 69 7e 9f 19 ac a1 21 f5 b7 e6 b2 8b c6 ee 5c Aug 26 18:38:41.092480: | d1 cc 75 06 d8 c6 69 2d ca 5b 7f bb cb 5f 89 94 Aug 26 18:38:41.092482: | 58 d6 bf 94 c5 57 ed 12 6e 7f 7e cf 76 6e c7 b2 Aug 26 18:38:41.092483: | 57 98 e7 e6 c2 f9 e9 e6 12 da e6 f8 9c c5 18 81 Aug 26 18:38:41.092485: | f3 09 6f 0a ce 61 35 50 d7 53 3b 53 50 ef 5f 01 Aug 26 18:38:41.092486: | c0 Aug 26 18:38:41.092509: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 Aug 26 18:38:41.092514: | Message ID: sent #1 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 Aug 26 18:38:41.092519: | #1 spent 0.347 milliseconds in processing: R2: process Informational Request in ikev2_process_state_packet() Aug 26 18:38:41.092523: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:41.092527: | #1 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK Aug 26 18:38:41.092530: | Message ID: updating counters for #1 to 2 after switching state Aug 26 18:38:41.092533: | Message ID: recv #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 Aug 26 18:38:41.092535: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 Aug 26 18:38:41.092537: | STATE_PARENT_R2: received v2I2, PARENT SA established Aug 26 18:38:41.092541: | stop processing: state #1 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:41.092544: | #1 spent 0.535 milliseconds in ikev2_process_packet() Aug 26 18:38:41.092547: | stop processing: from 192.1.33.222:500 (in process_md() at demux.c:380) Aug 26 18:38:41.092549: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:41.092551: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:41.092554: | spent 0.544 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:44.140675: | spent 0.0102 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:44.140753: | *received 121 bytes from 192.1.33.222:500 on eth1 (192.1.2.23:500) Aug 26 18:38:44.140767: | f2 6d 48 f5 1b 4e 73 a7 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:44.140775: | 2e 20 25 08 00 00 00 03 00 00 00 79 29 00 00 5d Aug 26 18:38:44.140783: | 96 ab f7 83 fc 0b 88 6a fd 89 e3 d2 58 2e 80 c2 Aug 26 18:38:44.140791: | 40 46 c6 95 84 cb c5 07 cc cd 82 2c 0a 8f 1e a6 Aug 26 18:38:44.140799: | b7 88 bf a5 3d 4a f1 03 c4 a2 62 b8 4b 23 cc a4 Aug 26 18:38:44.140806: | 6f 92 a5 16 76 6f ff fc 69 86 c0 ea 34 cf 7e 9a Aug 26 18:38:44.140814: | 60 8b 98 93 6c b8 c0 32 e8 8a f6 af e4 cd c9 86 Aug 26 18:38:44.140822: | 9f fa c0 14 e6 d4 30 b8 3f Aug 26 18:38:44.140837: | start processing: from 192.1.33.222:500 (in process_md() at demux.c:378) Aug 26 18:38:44.140849: | **parse ISAKMP Message: Aug 26 18:38:44.140858: | initiator cookie: Aug 26 18:38:44.140866: | f2 6d 48 f5 1b 4e 73 a7 Aug 26 18:38:44.140874: | responder cookie: Aug 26 18:38:44.140882: | 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:44.140891: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:38:44.140900: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:44.140909: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:44.140918: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:38:44.140927: | Message ID: 3 (0x3) Aug 26 18:38:44.140936: | length: 121 (0x79) Aug 26 18:38:44.140946: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:38:44.140957: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request Aug 26 18:38:44.140969: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Aug 26 18:38:44.140993: | start processing: state #1 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:44.141004: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:38:44.141021: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:38:44.141031: | #1 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 Aug 26 18:38:44.141045: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 Aug 26 18:38:44.141053: | unpacking clear payload Aug 26 18:38:44.141062: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:38:44.141071: | ***parse IKEv2 Encryption Payload: Aug 26 18:38:44.141081: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:44.141089: | flags: none (0x0) Aug 26 18:38:44.141097: | length: 93 (0x5d) Aug 26 18:38:44.141106: | processing payload: ISAKMP_NEXT_v2SK (len=89) Aug 26 18:38:44.141134: | Message ID: start-responder #1 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 Aug 26 18:38:44.141145: | #1 in state PARENT_R2: received v2I2, PARENT SA established Aug 26 18:38:44.141184: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:38:44.141195: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:44.141205: | **parse IKEv2 Notify Payload: Aug 26 18:38:44.141213: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:44.141221: | flags: none (0x0) Aug 26 18:38:44.141229: | length: 8 (0x8) Aug 26 18:38:44.141238: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:44.141246: | SPI size: 0 (0x0) Aug 26 18:38:44.141256: | Notify Message Type: v2N_UPDATE_SA_ADDRESSES (0x4010) Aug 26 18:38:44.141265: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:38:44.141273: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:44.141281: | **parse IKEv2 Notify Payload: Aug 26 18:38:44.141310: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:44.141322: | flags: none (0x0) Aug 26 18:38:44.141330: | length: 28 (0x1c) Aug 26 18:38:44.141338: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:44.141352: | SPI size: 0 (0x0) Aug 26 18:38:44.141361: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:44.141369: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:44.141377: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:44.141386: | **parse IKEv2 Notify Payload: Aug 26 18:38:44.141394: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:44.141402: | flags: none (0x0) Aug 26 18:38:44.141410: | length: 28 (0x1c) Aug 26 18:38:44.141418: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:44.141425: | SPI size: 0 (0x0) Aug 26 18:38:44.141434: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:44.141442: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:44.141451: | selected state microcode R2: process Informational Request Aug 26 18:38:44.141460: | Now let's proceed with state specific processing Aug 26 18:38:44.141468: | calling processor R2: process Informational Request Aug 26 18:38:44.141480: | an informational request should send a response Aug 26 18:38:44.141489: | Need to process v2N_UPDATE_SA_ADDRESSES Aug 26 18:38:44.141497: | TODO: Need to process NAT DETECTION payload if we are initiator Aug 26 18:38:44.141505: | TODO: Need to process NAT DETECTION payload if we are initiator Aug 26 18:38:44.141524: | #2 pst=#1 MOBIKE update remote address 192.1.33.222:500 -> 192.1.33.222:500 Aug 26 18:38:44.141539: "eastnet-any"[1] 192.1.33.222 #1: MOBIKE success no change to kernel SA same IP address ad port 192.1.33.222:500 Aug 26 18:38:44.141557: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:38:44.141568: "eastnet-any"[1] 192.1.33.222 #1: MOBIKE request: updating IPsec SA by request Aug 26 18:38:44.141586: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:38:44.141598: | **emit ISAKMP Message: Aug 26 18:38:44.141607: | initiator cookie: Aug 26 18:38:44.141615: | f2 6d 48 f5 1b 4e 73 a7 Aug 26 18:38:44.141624: | responder cookie: Aug 26 18:38:44.141631: | 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:44.141640: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:44.141649: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:44.141657: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:44.141666: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:38:44.141674: | Message ID: 3 (0x3) Aug 26 18:38:44.141684: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:44.141694: | ***emit IKEv2 Encryption Payload: Aug 26 18:38:44.141703: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:44.141718: | flags: none (0x0) Aug 26 18:38:44.141730: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:38:44.141740: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:38:44.141751: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:38:44.141768: | adding NATD payloads to MOBIKE response Aug 26 18:38:44.141778: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:38:44.141808: | natd_hash: hasher=0x55fa50184800(20) Aug 26 18:38:44.141817: | natd_hash: icookie= f2 6d 48 f5 1b 4e 73 a7 Aug 26 18:38:44.141825: | natd_hash: rcookie= 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:44.141833: | natd_hash: ip= c0 01 02 17 Aug 26 18:38:44.141841: | natd_hash: port=500 Aug 26 18:38:44.141849: | natd_hash: hash= e1 b0 f9 3e 6b 9d f8 b3 9e 74 98 d7 26 e1 fe d1 Aug 26 18:38:44.141857: | natd_hash: hash= 00 ca e3 30 Aug 26 18:38:44.141865: | Adding a v2N Payload Aug 26 18:38:44.141874: | ****emit IKEv2 Notify Payload: Aug 26 18:38:44.141882: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:44.141890: | flags: none (0x0) Aug 26 18:38:44.141899: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:44.141907: | SPI size: 0 (0x0) Aug 26 18:38:44.141915: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:44.141926: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:44.141935: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:38:44.141946: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:44.141955: | Notify data e1 b0 f9 3e 6b 9d f8 b3 9e 74 98 d7 26 e1 fe d1 Aug 26 18:38:44.141963: | Notify data 00 ca e3 30 Aug 26 18:38:44.141972: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:44.141990: | natd_hash: hasher=0x55fa50184800(20) Aug 26 18:38:44.141999: | natd_hash: icookie= f2 6d 48 f5 1b 4e 73 a7 Aug 26 18:38:44.142007: | natd_hash: rcookie= 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:44.142014: | natd_hash: ip= c0 01 21 de Aug 26 18:38:44.142022: | natd_hash: port=500 Aug 26 18:38:44.142031: | natd_hash: hash= 15 fd c4 90 8c b4 91 a0 f7 3f 7c 9a 3d 01 e6 21 Aug 26 18:38:44.142039: | natd_hash: hash= f2 fc 66 2c Aug 26 18:38:44.142046: | Adding a v2N Payload Aug 26 18:38:44.142055: | ****emit IKEv2 Notify Payload: Aug 26 18:38:44.142063: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:44.142071: | flags: none (0x0) Aug 26 18:38:44.142079: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:44.142087: | SPI size: 0 (0x0) Aug 26 18:38:44.142095: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:44.142105: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:44.142114: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:38:44.142124: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:44.142133: | Notify data 15 fd c4 90 8c b4 91 a0 f7 3f 7c 9a 3d 01 e6 21 Aug 26 18:38:44.142140: | Notify data f2 fc 66 2c Aug 26 18:38:44.142148: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:44.142158: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:38:44.142168: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:38:44.142178: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:38:44.142187: | emitting length of IKEv2 Encryption Payload: 85 Aug 26 18:38:44.142195: | emitting length of ISAKMP Message: 113 Aug 26 18:38:44.142230: | sending 113 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.33.222:500 (using #1) Aug 26 18:38:44.142246: | f2 6d 48 f5 1b 4e 73 a7 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:44.142255: | 2e 20 25 20 00 00 00 03 00 00 00 71 29 00 00 55 Aug 26 18:38:44.142263: | 93 0a 1e fc 7a 69 a3 55 1a ef f4 8f 04 d2 60 9d Aug 26 18:38:44.142271: | 5d ee 48 89 4a 26 2f 42 71 8c 87 97 65 d0 df 50 Aug 26 18:38:44.142279: | c5 ca 8f f2 ab c6 c5 ab 13 59 b0 d5 53 3e 36 5b Aug 26 18:38:44.142287: | 30 a4 e4 5e 91 0c 72 f9 11 bd 1f 15 f1 7f 72 25 Aug 26 18:38:44.142314: | f5 1e c6 63 64 8b bf 85 8d a9 f8 96 dc 33 bf 14 Aug 26 18:38:44.142322: | a6 Aug 26 18:38:44.142426: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 Aug 26 18:38:44.142452: | Message ID: sent #1 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 Aug 26 18:38:44.142473: | #1 spent 0.928 milliseconds in processing: R2: process Informational Request in ikev2_process_state_packet() Aug 26 18:38:44.142493: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:44.142505: | #1 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK Aug 26 18:38:44.142515: | Message ID: updating counters for #1 to 3 after switching state Aug 26 18:38:44.142529: | Message ID: recv #1 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=3 responder.recv=2->3 wip.initiator=-1 wip.responder=3->-1 Aug 26 18:38:44.142543: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=3 responder.recv=3 wip.initiator=-1 wip.responder=-1 Aug 26 18:38:44.142552: | STATE_PARENT_R2: received v2I2, PARENT SA established Aug 26 18:38:44.142569: | stop processing: state #1 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:44.142584: | #1 spent 1.79 milliseconds in ikev2_process_packet() Aug 26 18:38:44.142597: | stop processing: from 192.1.33.222:500 (in process_md() at demux.c:380) Aug 26 18:38:44.142608: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:44.142618: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:44.142631: | spent 1.83 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:51.964354: | processing global timer EVENT_SHUNT_SCAN Aug 26 18:38:51.964403: | expiring aged bare shunts from shunt table Aug 26 18:38:51.964425: | spent 0.0176 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 18:38:54.539265: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:54.539354: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:38:54.539374: | FOR_EACH_STATE_... in sort_states Aug 26 18:38:54.539400: | get_sa_info esp.719ea58c@192.1.2.23 Aug 26 18:38:54.539449: | get_sa_info esp.cec23d1b@192.1.33.222 Aug 26 18:38:54.539520: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:54.539544: | spent 0.295 milliseconds in whack Aug 26 18:38:54.875860: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:54.876220: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:38:54.876233: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:38:54.876430: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:38:54.876442: | FOR_EACH_STATE_... in sort_states Aug 26 18:38:54.876463: | get_sa_info esp.719ea58c@192.1.2.23 Aug 26 18:38:54.876496: | get_sa_info esp.cec23d1b@192.1.33.222 Aug 26 18:38:54.876546: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:54.876563: | spent 0.709 milliseconds in whack Aug 26 18:38:56.848960: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:56.848982: shutting down Aug 26 18:38:56.849002: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 18:38:56.849005: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:38:56.849007: forgetting secrets Aug 26 18:38:56.849012: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:38:56.849018: | start processing: connection "eastnet-any"[1] 192.1.33.222 (in delete_connection() at connections.c:189) Aug 26 18:38:56.849022: "eastnet-any"[1] 192.1.33.222: deleting connection "eastnet-any"[1] 192.1.33.222 instance with peer 192.1.33.222 {isakmp=#1/ipsec=#2} Aug 26 18:38:56.849024: | addresspool free lease entry ptr 0x55fa51a829b8 refcnt 0 Aug 26 18:38:56.849029: | freed lease refcnt 0 192.0.3.10 from addresspool 192.0.3.10-192.0.3.19 index=0. pool size 10 used 0 lingering=0 address Aug 26 18:38:56.849031: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:38:56.849032: | pass 0 Aug 26 18:38:56.849034: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:38:56.849036: | state #2 Aug 26 18:38:56.849052: | suspend processing: connection "eastnet-any"[1] 192.1.33.222 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:38:56.849056: | start processing: state #2 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:38:56.849058: | pstats #2 ikev2.child deleted completed Aug 26 18:38:56.849062: | [RE]START processing: state #2 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in delete_state() at state.c:879) Aug 26 18:38:56.849066: "eastnet-any"[1] 192.1.33.222 #2: deleting state (STATE_V2_IPSEC_R) aged 22.577s and sending notification Aug 26 18:38:56.849068: | child state #2: V2_IPSEC_R(established CHILD SA) => delete Aug 26 18:38:56.849072: | get_sa_info esp.cec23d1b@192.1.33.222 Aug 26 18:38:56.849084: | get_sa_info esp.719ea58c@192.1.2.23 Aug 26 18:38:56.849090: "eastnet-any"[1] 192.1.33.222 #2: ESP traffic information: in=336B out=336B Aug 26 18:38:56.849093: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_R Aug 26 18:38:56.849095: | Opening output PBS informational exchange delete request Aug 26 18:38:56.849098: | **emit ISAKMP Message: Aug 26 18:38:56.849100: | initiator cookie: Aug 26 18:38:56.849101: | f2 6d 48 f5 1b 4e 73 a7 Aug 26 18:38:56.849103: | responder cookie: Aug 26 18:38:56.849104: | 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:56.849107: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:56.849108: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:56.849110: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:56.849112: | flags: none (0x0) Aug 26 18:38:56.849114: | Message ID: 0 (0x0) Aug 26 18:38:56.849116: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:56.849118: | ***emit IKEv2 Encryption Payload: Aug 26 18:38:56.849120: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:56.849122: | flags: none (0x0) Aug 26 18:38:56.849124: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:38:56.849126: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:38:56.849129: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:38:56.849137: | ****emit IKEv2 Delete Payload: Aug 26 18:38:56.849139: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:56.849141: | flags: none (0x0) Aug 26 18:38:56.849142: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:38:56.849144: | SPI size: 4 (0x4) Aug 26 18:38:56.849146: | number of SPIs: 1 (0x1) Aug 26 18:38:56.849148: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:38:56.849152: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:38:56.849155: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 18:38:56.849157: | local spis 71 9e a5 8c Aug 26 18:38:56.849158: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:38:56.849160: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:38:56.849163: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:38:56.849165: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:38:56.849167: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:38:56.849168: | emitting length of ISAKMP Message: 69 Aug 26 18:38:56.849189: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.33.222:500 (using #2) Aug 26 18:38:56.849192: | f2 6d 48 f5 1b 4e 73 a7 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:56.849193: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:38:56.849195: | 6d b4 ed 03 af 51 b1 20 cd 9f f4 b2 ac cf 0b 11 Aug 26 18:38:56.849197: | 01 86 a3 88 06 c1 70 fd b0 a9 c0 ab bf 07 12 f1 Aug 26 18:38:56.849198: | a0 ae 20 c4 8a Aug 26 18:38:56.849503: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Aug 26 18:38:56.849508: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Aug 26 18:38:56.849512: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=3 responder.recv=3 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:38:56.849515: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 18:38:56.849519: | libevent_free: release ptr-libevent@0x55fa51a82908 Aug 26 18:38:56.849521: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f5e08002b78 Aug 26 18:38:56.849562: | running updown command "ipsec _updown" for verb down Aug 26 18:38:56.849565: | command executing down-client Aug 26 18:38:56.849583: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.33.222' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844714' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V Aug 26 18:38:56.849586: | popen cmd is 1064 chars long Aug 26 18:38:56.849588: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUT: Aug 26 18:38:56.849590: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_I: Aug 26 18:38:56.849592: | cmd( 160):D='192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PL: Aug 26 18:38:56.849593: | cmd( 240):UTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO: Aug 26 18:38:56.849595: | cmd( 320):_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.33.222' PLUTO_PEER_ID='1: Aug 26 18:38:56.849597: | cmd( 400):92.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10': Aug 26 18:38:56.849598: | cmd( 480): PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 18:38:56.849602: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844714' PLUTO_CON: Aug 26 18:38:56.849603: | cmd( 640):N_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+E: Aug 26 18:38:56.849605: | cmd( 720):SN_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED: Aug 26 18:38:56.849607: | cmd( 800):=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUT: Aug 26 18:38:56.849609: | cmd( 880):O_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=': Aug 26 18:38:56.849610: | cmd( 960):0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xcec23d1b SPI_OUT=0x719: Aug 26 18:38:56.849612: | cmd(1040):ea58c ipsec _updown 2>&1: Aug 26 18:38:56.857361: | shunt_eroute() called for connection 'eastnet-any' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:38:56.857374: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:38:56.857377: | priority calculation of connection "eastnet-any" is 0xfe7df Aug 26 18:38:56.857381: | IPsec Sa SPD priority set to 1042399 Aug 26 18:38:56.857411: | delete esp.cec23d1b@192.1.33.222 Aug 26 18:38:56.857425: | netlink response for Del SA esp.cec23d1b@192.1.33.222 included non-error error Aug 26 18:38:56.857428: | priority calculation of connection "eastnet-any" is 0xfe7df Aug 26 18:38:56.857433: | delete inbound eroute 192.0.3.10/32:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 18:38:56.857471: | raw_eroute result=success Aug 26 18:38:56.857478: | delete esp.719ea58c@192.1.2.23 Aug 26 18:38:56.857491: | netlink response for Del SA esp.719ea58c@192.1.2.23 included non-error error Aug 26 18:38:56.857533: | stop processing: connection "eastnet-any"[1] 192.1.33.222 (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 18:38:56.857539: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 18:38:56.857542: | in connection_discard for connection eastnet-any Aug 26 18:38:56.857546: | State DB: deleting IKEv2 state #2 in V2_IPSEC_R Aug 26 18:38:56.857553: | child state #2: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Aug 26 18:38:56.857576: | stop processing: state #2 from 192.1.33.222:500 (in delete_state() at state.c:1143) Aug 26 18:38:56.857606: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:38:56.857609: | state #1 Aug 26 18:38:56.857612: | pass 1 Aug 26 18:38:56.857615: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:38:56.857618: | state #1 Aug 26 18:38:56.857625: | start processing: state #1 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:38:56.857642: | pstats #1 ikev2.ike deleted completed Aug 26 18:38:56.857650: | #1 spent 10.8 milliseconds in total Aug 26 18:38:56.857658: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.33.222 from 192.1.33.222:500 (in delete_state() at state.c:879) Aug 26 18:38:56.857664: "eastnet-any"[1] 192.1.33.222 #1: deleting state (STATE_PARENT_R2) aged 22.594s and sending notification Aug 26 18:38:56.857668: | parent state #1: PARENT_R2(established IKE SA) => delete Aug 26 18:38:56.857763: | #1 send IKEv2 delete notification for STATE_PARENT_R2 Aug 26 18:38:56.857770: | Opening output PBS informational exchange delete request Aug 26 18:38:56.857773: | **emit ISAKMP Message: Aug 26 18:38:56.857775: | initiator cookie: Aug 26 18:38:56.857777: | f2 6d 48 f5 1b 4e 73 a7 Aug 26 18:38:56.857779: | responder cookie: Aug 26 18:38:56.857780: | 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:56.857782: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:56.857785: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:56.857787: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:56.857791: | flags: none (0x0) Aug 26 18:38:56.857793: | Message ID: 1 (0x1) Aug 26 18:38:56.857800: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:56.857804: | ***emit IKEv2 Encryption Payload: Aug 26 18:38:56.857807: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:56.857810: | flags: none (0x0) Aug 26 18:38:56.857826: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:38:56.857829: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:38:56.857833: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:38:56.857854: | ****emit IKEv2 Delete Payload: Aug 26 18:38:56.857858: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:56.857861: | flags: none (0x0) Aug 26 18:38:56.857864: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 18:38:56.857866: | SPI size: 0 (0x0) Aug 26 18:38:56.857869: | number of SPIs: 0 (0x0) Aug 26 18:38:56.857872: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:38:56.857875: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 18:38:56.857878: | emitting length of IKEv2 Delete Payload: 8 Aug 26 18:38:56.857881: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:38:56.857885: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:38:56.857888: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:38:56.857891: | emitting length of IKEv2 Encryption Payload: 37 Aug 26 18:38:56.857893: | emitting length of ISAKMP Message: 65 Aug 26 18:38:56.857922: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.33.222:500 (using #1) Aug 26 18:38:56.857927: | f2 6d 48 f5 1b 4e 73 a7 1a dd 7f fd fe 52 e6 12 Aug 26 18:38:56.857929: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 18:38:56.857931: | ae 22 19 62 ec 04 ae 93 79 2d f4 60 1c 9c 8e 56 Aug 26 18:38:56.857932: | 42 a9 42 de 01 29 bf 16 d2 4c d3 a2 e4 6e 00 03 Aug 26 18:38:56.857934: | 7c Aug 26 18:38:56.857970: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Aug 26 18:38:56.857973: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Aug 26 18:38:56.857977: | Message ID: #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=3 responder.recv=3 wip.initiator=1 wip.responder=-1 Aug 26 18:38:56.857981: | Message ID: sent #1 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=3 responder.recv=3 wip.initiator=0->1 wip.responder=-1 Aug 26 18:38:56.857983: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 18:38:56.857991: | libevent_free: release ptr-libevent@0x55fa51a81db8 Aug 26 18:38:56.857994: | free_event_entry: release EVENT_SA_REKEY-pe@0x55fa51a7e4e8 Aug 26 18:38:56.857998: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:38:56.858000: | in connection_discard for connection eastnet-any Aug 26 18:38:56.858002: | State DB: deleting IKEv2 state #1 in PARENT_R2 Aug 26 18:38:56.858004: | parent state #1: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Aug 26 18:38:56.858032: | stop processing: state #1 from 192.1.33.222:500 (in delete_state() at state.c:1143) Aug 26 18:38:56.858054: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:38:56.858057: | shunt_eroute() called for connection 'eastnet-any' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:38:56.858060: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:38:56.858062: | priority calculation of connection "eastnet-any" is 0xfe7df Aug 26 18:38:56.858080: | priority calculation of connection "eastnet-any" is 0xfe7df Aug 26 18:38:56.858088: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:38:56.858091: | conn eastnet-any mark 0/00000000, 0/00000000 vs Aug 26 18:38:56.858092: | conn eastnet-any mark 0/00000000, 0/00000000 Aug 26 18:38:56.858094: | conn eastnet-any mark 0/00000000, 0/00000000 vs Aug 26 18:38:56.858096: | conn eastnet-any mark 0/00000000, 0/00000000 Aug 26 18:38:56.858099: | route owner of "eastnet-any" unrouted: NULL Aug 26 18:38:56.858101: | running updown command "ipsec _updown" for verb unroute Aug 26 18:38:56.858103: | command executing unroute-client Aug 26 18:38:56.858135: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.33.222' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI Aug 26 18:38:56.858138: | popen cmd is 1045 chars long Aug 26 18:38:56.858140: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' P: Aug 26 18:38:56.858142: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_M: Aug 26 18:38:56.858144: | cmd( 160):Y_ID='192.1.2.23' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0': Aug 26 18:38:56.858146: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Aug 26 18:38:56.858147: | cmd( 320):UTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.33.222' PLUTO_PEER_I: Aug 26 18:38:56.858149: | cmd( 400):D='192.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3: Aug 26 18:38:56.858151: | cmd( 480):.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: Aug 26 18:38:56.858153: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL: Aug 26 18:38:56.858155: | cmd( 640):ICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO: Aug 26 18:38:56.858156: | cmd( 720):' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PL: Aug 26 18:38:56.858158: | cmd( 800):UTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEE: Aug 26 18:38:56.858160: | cmd( 880):R_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VT: Aug 26 18:38:56.858162: | cmd( 960):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown: Aug 26 18:38:56.858163: | cmd(1040): 2>&1: Aug 26 18:38:56.865886: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:56.865907: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:56.865909: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:56.865911: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:56.865913: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:56.865915: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:56.865916: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:56.865918: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:56.865922: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:56.865931: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:56.872164: | unreference addresspool of conn eastnet-any[1] kind CK_GOING_AWAY refcnt 2 Aug 26 18:38:56.872187: | free hp@0x55fa51a7e3b8 Aug 26 18:38:56.872192: | flush revival: connection 'eastnet-any' wasn't on the list Aug 26 18:38:56.872196: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 18:38:56.872208: | start processing: connection "eastnet-any" (in delete_connection() at connections.c:189) Aug 26 18:38:56.872212: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:38:56.872215: | pass 0 Aug 26 18:38:56.872217: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:38:56.872220: | pass 1 Aug 26 18:38:56.872223: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:38:56.872226: | unreference addresspool of conn eastnet-any[1] kind CK_TEMPLATE refcnt 1 Aug 26 18:38:56.872229: | freeing memory for addresspool ptr 0x55fa51a69358 Aug 26 18:38:56.872232: | free_lease_list: addresspool free the lease list ptr (nil) Aug 26 18:38:56.872235: | free hp@0x55fa51a7c468 Aug 26 18:38:56.872238: | flush revival: connection 'eastnet-any' wasn't on the list Aug 26 18:38:56.872242: | stop processing: connection "eastnet-any" (in discard_connection() at connections.c:249) Aug 26 18:38:56.872254: | crl fetch request list locked by 'free_crl_fetch' Aug 26 18:38:56.872257: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 18:38:56.872267: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 18:38:56.872271: shutting down interface lo/lo 127.0.0.1:500 Aug 26 18:38:56.872275: shutting down interface eth0/eth0 192.0.2.254:4500 Aug 26 18:38:56.872278: shutting down interface eth0/eth0 192.0.2.254:500 Aug 26 18:38:56.872282: shutting down interface eth1/eth1 192.1.2.23:4500 Aug 26 18:38:56.872285: shutting down interface eth1/eth1 192.1.2.23:500 Aug 26 18:38:56.872294: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 18:38:56.872308: | libevent_free: release ptr-libevent@0x55fa51a6e468 Aug 26 18:38:56.872311: | free_event_entry: release EVENT_NULL-pe@0x55fa51a7a148 Aug 26 18:38:56.872335: | libevent_free: release ptr-libevent@0x55fa51a0a2b8 Aug 26 18:38:56.872338: | free_event_entry: release EVENT_NULL-pe@0x55fa51a7a1f8 Aug 26 18:38:56.872346: | libevent_free: release ptr-libevent@0x55fa51a0c158 Aug 26 18:38:56.872349: | free_event_entry: release EVENT_NULL-pe@0x55fa51a7a2a8 Aug 26 18:38:56.872357: | libevent_free: release ptr-libevent@0x55fa51a092a8 Aug 26 18:38:56.872360: | free_event_entry: release EVENT_NULL-pe@0x55fa51a7a358 Aug 26 18:38:56.872366: | libevent_free: release ptr-libevent@0x55fa519da4e8 Aug 26 18:38:56.872369: | free_event_entry: release EVENT_NULL-pe@0x55fa51a7a408 Aug 26 18:38:56.872375: | libevent_free: release ptr-libevent@0x55fa519da1d8 Aug 26 18:38:56.872378: | free_event_entry: release EVENT_NULL-pe@0x55fa51a7a4b8 Aug 26 18:38:56.872384: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:38:56.873710: | libevent_free: release ptr-libevent@0x55fa51a6e518 Aug 26 18:38:56.873719: | free_event_entry: release EVENT_NULL-pe@0x55fa51a62258 Aug 26 18:38:56.873723: | libevent_free: release ptr-libevent@0x55fa51a0c058 Aug 26 18:38:56.873726: | free_event_entry: release EVENT_NULL-pe@0x55fa51a61718 Aug 26 18:38:56.873730: | libevent_free: release ptr-libevent@0x55fa51a45b18 Aug 26 18:38:56.873732: | free_event_entry: release EVENT_NULL-pe@0x55fa51a622c8 Aug 26 18:38:56.873735: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 18:38:56.873737: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 18:38:56.873738: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 18:38:56.873740: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 18:38:56.873742: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 18:38:56.873743: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 18:38:56.873745: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 18:38:56.873750: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 18:38:56.873752: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 18:38:56.873756: | libevent_free: release ptr-libevent@0x55fa51a09808 Aug 26 18:38:56.873758: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 18:38:56.873760: | libevent_free: release ptr-libevent@0x55fa51a79928 Aug 26 18:38:56.873762: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 18:38:56.873764: | libevent_free: release ptr-libevent@0x55fa51a79a38 Aug 26 18:38:56.873765: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 18:38:56.873768: | libevent_free: release ptr-libevent@0x55fa51a79c78 Aug 26 18:38:56.873769: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 18:38:56.873771: | releasing event base Aug 26 18:38:56.873781: | libevent_free: release ptr-libevent@0x55fa51a79b48 Aug 26 18:38:56.873783: | libevent_free: release ptr-libevent@0x55fa51a5cb08 Aug 26 18:38:56.873786: | libevent_free: release ptr-libevent@0x55fa51a5cab8 Aug 26 18:38:56.873788: | libevent_free: release ptr-libevent@0x55fa51a5ca48 Aug 26 18:38:56.873789: | libevent_free: release ptr-libevent@0x55fa51a5ca08 Aug 26 18:38:56.873791: | libevent_free: release ptr-libevent@0x55fa51a79828 Aug 26 18:38:56.873793: | libevent_free: release ptr-libevent@0x55fa51a798a8 Aug 26 18:38:56.873795: | libevent_free: release ptr-libevent@0x55fa51a5ccb8 Aug 26 18:38:56.873796: | libevent_free: release ptr-libevent@0x55fa51a61828 Aug 26 18:38:56.873798: | libevent_free: release ptr-libevent@0x55fa51a62218 Aug 26 18:38:56.873800: | libevent_free: release ptr-libevent@0x55fa51a7a528 Aug 26 18:38:56.873801: | libevent_free: release ptr-libevent@0x55fa51a7a478 Aug 26 18:38:56.873803: | libevent_free: release ptr-libevent@0x55fa51a7a3c8 Aug 26 18:38:56.873805: | libevent_free: release ptr-libevent@0x55fa51a7a318 Aug 26 18:38:56.873806: | libevent_free: release ptr-libevent@0x55fa51a7a268 Aug 26 18:38:56.873808: | libevent_free: release ptr-libevent@0x55fa51a7a1b8 Aug 26 18:38:56.873809: | libevent_free: release ptr-libevent@0x55fa51a09968 Aug 26 18:38:56.873811: | libevent_free: release ptr-libevent@0x55fa51a799f8 Aug 26 18:38:56.873813: | libevent_free: release ptr-libevent@0x55fa51a798e8 Aug 26 18:38:56.873814: | libevent_free: release ptr-libevent@0x55fa51a79868 Aug 26 18:38:56.873816: | libevent_free: release ptr-libevent@0x55fa51a79b08 Aug 26 18:38:56.873818: | libevent_free: release ptr-libevent@0x55fa51a08af8 Aug 26 18:38:56.873820: | libevent_free: release ptr-libevent@0x55fa519d9908 Aug 26 18:38:56.873822: | libevent_free: release ptr-libevent@0x55fa519d9d38 Aug 26 18:38:56.873823: | libevent_free: release ptr-libevent@0x55fa51a08e68 Aug 26 18:38:56.873825: | releasing global libevent data Aug 26 18:38:56.873827: | libevent_free: release ptr-libevent@0x55fa519da8b8 Aug 26 18:38:56.873829: | libevent_free: release ptr-libevent@0x55fa519d9cd8 Aug 26 18:38:56.873831: | libevent_free: release ptr-libevent@0x55fa519d9dd8 Aug 26 18:38:56.873852: leak: copy of id, item size: 1 Aug 26 18:38:56.873857: leak detective found 1 leaks, total size 1