Aug 26 18:38:34.853637: FIPS Product: YES Aug 26 18:38:34.853688: FIPS Kernel: NO Aug 26 18:38:34.853691: FIPS Mode: NO Aug 26 18:38:34.853694: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:38:34.853853: Initializing NSS Aug 26 18:38:34.853860: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:38:34.890239: NSS initialized Aug 26 18:38:34.890250: NSS crypto library initialized Aug 26 18:38:34.890253: FIPS HMAC integrity support [enabled] Aug 26 18:38:34.890254: FIPS mode disabled for pluto daemon Aug 26 18:38:34.920729: FIPS HMAC integrity verification self-test FAILED Aug 26 18:38:34.920845: libcap-ng support [enabled] Aug 26 18:38:34.920855: Linux audit support [enabled] Aug 26 18:38:34.920890: Linux audit activated Aug 26 18:38:34.920897: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:13543 Aug 26 18:38:34.920902: core dump dir: /tmp Aug 26 18:38:34.920905: secrets file: /etc/ipsec.secrets Aug 26 18:38:34.920907: leak-detective enabled Aug 26 18:38:34.920909: NSS crypto [enabled] Aug 26 18:38:34.920912: XAUTH PAM support [enabled] Aug 26 18:38:34.920985: | libevent is using pluto's memory allocator Aug 26 18:38:34.920995: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:38:34.921009: | libevent_malloc: new ptr-libevent@0x55cff0578a08 size 40 Aug 26 18:38:34.921013: | libevent_malloc: new ptr-libevent@0x55cff0578cd8 size 40 Aug 26 18:38:34.921016: | libevent_malloc: new ptr-libevent@0x55cff0578dd8 size 40 Aug 26 18:38:34.921019: | creating event base Aug 26 18:38:34.921023: | libevent_malloc: new ptr-libevent@0x55cff05fb328 size 56 Aug 26 18:38:34.921028: | libevent_malloc: new ptr-libevent@0x55cff05a7e68 size 664 Aug 26 18:38:34.921039: | libevent_malloc: new ptr-libevent@0x55cff05fb398 size 24 Aug 26 18:38:34.921042: | libevent_malloc: new ptr-libevent@0x55cff05fb3e8 size 384 Aug 26 18:38:34.921052: | libevent_malloc: new ptr-libevent@0x55cff05fb2e8 size 16 Aug 26 18:38:34.921055: | libevent_malloc: new ptr-libevent@0x55cff0578908 size 40 Aug 26 18:38:34.921058: | libevent_malloc: new ptr-libevent@0x55cff0578d38 size 48 Aug 26 18:38:34.921064: | libevent_realloc: new ptr-libevent@0x55cff05a7af8 size 256 Aug 26 18:38:34.921067: | libevent_malloc: new ptr-libevent@0x55cff05fb598 size 16 Aug 26 18:38:34.921073: | libevent_free: release ptr-libevent@0x55cff05fb328 Aug 26 18:38:34.921077: | libevent initialized Aug 26 18:38:34.921081: | libevent_realloc: new ptr-libevent@0x55cff05fb328 size 64 Aug 26 18:38:34.921085: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:38:34.921104: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:38:34.921107: NAT-Traversal support [enabled] Aug 26 18:38:34.921110: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:38:34.921116: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:38:34.921120: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:38:34.921151: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:38:34.921155: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:38:34.921158: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:38:34.921210: Encryption algorithms: Aug 26 18:38:34.921219: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:38:34.921224: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:38:34.921229: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:38:34.921233: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:38:34.921237: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:38:34.921246: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:38:34.921251: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:38:34.921255: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:38:34.921259: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:38:34.921263: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:38:34.921268: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:38:34.921272: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:38:34.921276: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:38:34.921280: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:38:34.921285: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:38:34.921291: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:38:34.921314: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:38:34.921322: Hash algorithms: Aug 26 18:38:34.921325: MD5 IKEv1: IKE IKEv2: Aug 26 18:38:34.921329: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:38:34.921346: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:38:34.921350: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:38:34.921353: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:38:34.921367: PRF algorithms: Aug 26 18:38:34.921371: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:38:34.921375: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:38:34.921379: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:38:34.921382: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:38:34.921386: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:38:34.921390: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:38:34.921418: Integrity algorithms: Aug 26 18:38:34.921422: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:38:34.921426: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:38:34.921430: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:38:34.921435: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:38:34.921440: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:38:34.921443: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:38:34.921447: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:38:34.921451: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:38:34.921454: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:38:34.921468: DH algorithms: Aug 26 18:38:34.921472: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:38:34.921475: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:38:34.921479: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:38:34.921485: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:38:34.921488: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:38:34.921491: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:38:34.921495: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:38:34.921498: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:38:34.921502: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:38:34.921506: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:38:34.921509: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:38:34.921512: testing CAMELLIA_CBC: Aug 26 18:38:34.921515: Camellia: 16 bytes with 128-bit key Aug 26 18:38:34.921635: Camellia: 16 bytes with 128-bit key Aug 26 18:38:34.921666: Camellia: 16 bytes with 256-bit key Aug 26 18:38:34.921696: Camellia: 16 bytes with 256-bit key Aug 26 18:38:34.921725: testing AES_GCM_16: Aug 26 18:38:34.921728: empty string Aug 26 18:38:34.921757: one block Aug 26 18:38:34.921785: two blocks Aug 26 18:38:34.921811: two blocks with associated data Aug 26 18:38:34.921838: testing AES_CTR: Aug 26 18:38:34.921842: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:38:34.921869: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:38:34.921898: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:38:34.921928: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:38:34.921983: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:38:34.922012: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:38:34.922041: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:38:34.922068: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:38:34.922097: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:38:34.922127: testing AES_CBC: Aug 26 18:38:34.922130: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:38:34.922161: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:38:34.922191: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:38:34.922234: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:38:34.922269: testing AES_XCBC: Aug 26 18:38:34.922273: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:38:34.922411: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:38:34.922548: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:38:34.922678: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:38:34.922809: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:38:34.922957: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:38:34.923096: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:38:34.923431: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:38:34.923575: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:38:34.923721: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:38:34.923976: testing HMAC_MD5: Aug 26 18:38:34.923980: RFC 2104: MD5_HMAC test 1 Aug 26 18:38:34.924163: RFC 2104: MD5_HMAC test 2 Aug 26 18:38:34.924330: RFC 2104: MD5_HMAC test 3 Aug 26 18:38:34.924587: 8 CPU cores online Aug 26 18:38:34.924592: starting up 7 crypto helpers Aug 26 18:38:34.924629: started thread for crypto helper 0 Aug 26 18:38:34.924635: | starting up helper thread 0 Aug 26 18:38:34.924655: started thread for crypto helper 1 Aug 26 18:38:34.924658: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:38:34.924661: | starting up helper thread 1 Aug 26 18:38:34.924675: started thread for crypto helper 2 Aug 26 18:38:34.924662: | crypto helper 0 waiting (nothing to do) Aug 26 18:38:34.924698: | starting up helper thread 2 Aug 26 18:38:34.924705: started thread for crypto helper 3 Aug 26 18:38:34.924707: | starting up helper thread 3 Aug 26 18:38:34.924719: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:38:34.924723: | crypto helper 3 waiting (nothing to do) Aug 26 18:38:34.924679: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:38:34.924732: | starting up helper thread 4 Aug 26 18:38:34.924714: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:38:34.924739: | crypto helper 1 waiting (nothing to do) Aug 26 18:38:34.924729: started thread for crypto helper 4 Aug 26 18:38:34.924739: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:38:34.924751: | crypto helper 2 waiting (nothing to do) Aug 26 18:38:34.924765: | crypto helper 4 waiting (nothing to do) Aug 26 18:38:34.924777: started thread for crypto helper 5 Aug 26 18:38:34.924779: | starting up helper thread 5 Aug 26 18:38:34.924786: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:38:34.924789: | crypto helper 5 waiting (nothing to do) Aug 26 18:38:34.924796: started thread for crypto helper 6 Aug 26 18:38:34.924800: | checking IKEv1 state table Aug 26 18:38:34.924808: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:38:34.924811: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:38:34.924814: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:38:34.924817: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:38:34.924819: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:38:34.924822: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:38:34.924824: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:34.924827: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:34.924829: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:38:34.924832: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:38:34.924834: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:34.924837: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:34.924839: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:38:34.924842: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:38:34.924844: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:38:34.924847: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:38:34.924850: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:38:34.924852: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:38:34.924854: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:38:34.924857: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:38:34.924859: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:38:34.924862: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.924865: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:38:34.924867: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.924870: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:38:34.924872: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:38:34.924875: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:38:34.924878: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:38:34.924880: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:38:34.924883: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:38:34.924885: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:38:34.924888: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:38:34.924891: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:38:34.924893: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.924896: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:38:34.924898: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.924901: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:38:34.924903: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:38:34.924906: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:38:34.924908: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:38:34.924911: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:38:34.924917: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:38:34.924920: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:38:34.924922: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.924925: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:38:34.924928: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.924930: | INFO: category: informational flags: 0: Aug 26 18:38:34.924933: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.924935: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:38:34.924938: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.924941: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:38:34.924943: | -> XAUTH_R1 EVENT_NULL Aug 26 18:38:34.924946: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:38:34.924948: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:38:34.924951: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:38:34.924954: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:38:34.924956: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:38:34.924959: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:38:34.924962: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:38:34.924964: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.924967: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:38:34.924969: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:38:34.924972: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:38:34.924975: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:38:34.924977: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:38:34.924980: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:38:34.924985: | checking IKEv2 state table Aug 26 18:38:34.924991: | PARENT_I0: category: ignore flags: 0: Aug 26 18:38:34.924994: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:38:34.924997: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:38:34.925000: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:38:34.925003: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:38:34.925006: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:38:34.925008: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:38:34.925011: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:38:34.925014: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:38:34.925017: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:38:34.925020: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:38:34.925023: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:38:34.925025: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:38:34.925028: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:38:34.925031: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:38:34.925033: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:38:34.925036: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:38:34.925039: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:38:34.925042: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:38:34.925045: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:38:34.925047: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:38:34.925051: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:38:34.925054: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:38:34.925056: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:38:34.925059: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:38:34.925063: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:38:34.925067: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:38:34.925069: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:38:34.925072: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:38:34.925075: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:38:34.925078: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:38:34.925081: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:38:34.925084: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:38:34.925086: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:38:34.925089: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:38:34.925092: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:38:34.925095: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:38:34.925098: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:38:34.925101: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:38:34.925104: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:38:34.925106: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:38:34.925109: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:38:34.925112: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:38:34.925115: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:38:34.925118: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:38:34.925121: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:38:34.925124: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:38:34.925137: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:38:34.925166: | starting up helper thread 6 Aug 26 18:38:34.925176: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:38:34.925179: | crypto helper 6 waiting (nothing to do) Aug 26 18:38:34.925199: | Hard-wiring algorithms Aug 26 18:38:34.925203: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:38:34.925207: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:38:34.925210: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:38:34.925212: | adding 3DES_CBC to kernel algorithm db Aug 26 18:38:34.925215: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:38:34.925217: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:38:34.925220: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:38:34.925223: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:38:34.925225: | adding AES_CTR to kernel algorithm db Aug 26 18:38:34.925228: | adding AES_CBC to kernel algorithm db Aug 26 18:38:34.925230: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:38:34.925233: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:38:34.925235: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:38:34.925238: | adding NULL to kernel algorithm db Aug 26 18:38:34.925241: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:38:34.925244: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:38:34.925246: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:38:34.925249: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:38:34.925251: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:38:34.925254: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:38:34.925256: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:38:34.925259: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:38:34.925261: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:38:34.925264: | adding NONE to kernel algorithm db Aug 26 18:38:34.925286: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:38:34.925301: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:38:34.925304: | setup kernel fd callback Aug 26 18:38:34.925308: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55cff0600ba8 Aug 26 18:38:34.925313: | libevent_malloc: new ptr-libevent@0x55cff05e4418 size 128 Aug 26 18:38:34.925316: | libevent_malloc: new ptr-libevent@0x55cff0600108 size 16 Aug 26 18:38:34.925322: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55cff05ffff8 Aug 26 18:38:34.925327: | libevent_malloc: new ptr-libevent@0x55cff05aad68 size 128 Aug 26 18:38:34.925330: | libevent_malloc: new ptr-libevent@0x55cff0600af8 size 16 Aug 26 18:38:34.925554: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:38:34.925562: selinux support is enabled. Aug 26 18:38:34.925884: | unbound context created - setting debug level to 5 Aug 26 18:38:34.925921: | /etc/hosts lookups activated Aug 26 18:38:34.925931: | /etc/resolv.conf usage activated Aug 26 18:38:34.925993: | outgoing-port-avoid set 0-65535 Aug 26 18:38:34.926034: | outgoing-port-permit set 32768-60999 Aug 26 18:38:34.926037: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:38:34.926041: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:38:34.926044: | Setting up events, loop start Aug 26 18:38:34.926047: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55cff0600b38 Aug 26 18:38:34.926050: | libevent_malloc: new ptr-libevent@0x55cff060cdf8 size 128 Aug 26 18:38:34.926053: | libevent_malloc: new ptr-libevent@0x55cff0618108 size 16 Aug 26 18:38:34.926060: | libevent_realloc: new ptr-libevent@0x55cff0618148 size 256 Aug 26 18:38:34.926063: | libevent_malloc: new ptr-libevent@0x55cff0618278 size 8 Aug 26 18:38:34.926066: | libevent_realloc: new ptr-libevent@0x55cff05aa798 size 144 Aug 26 18:38:34.926069: | libevent_malloc: new ptr-libevent@0x55cff05ac048 size 152 Aug 26 18:38:34.926073: | libevent_malloc: new ptr-libevent@0x55cff06182b8 size 16 Aug 26 18:38:34.926077: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:38:34.926080: | libevent_malloc: new ptr-libevent@0x55cff06182f8 size 8 Aug 26 18:38:34.926083: | libevent_malloc: new ptr-libevent@0x55cff0618338 size 152 Aug 26 18:38:34.926086: | signal event handler PLUTO_SIGTERM installed Aug 26 18:38:34.926088: | libevent_malloc: new ptr-libevent@0x55cff0618408 size 8 Aug 26 18:38:34.926091: | libevent_malloc: new ptr-libevent@0x55cff0618448 size 152 Aug 26 18:38:34.926094: | signal event handler PLUTO_SIGHUP installed Aug 26 18:38:34.926097: | libevent_malloc: new ptr-libevent@0x55cff0618518 size 8 Aug 26 18:38:34.926100: | libevent_realloc: release ptr-libevent@0x55cff05aa798 Aug 26 18:38:34.926103: | libevent_realloc: new ptr-libevent@0x55cff0618558 size 256 Aug 26 18:38:34.926105: | libevent_malloc: new ptr-libevent@0x55cff0618688 size 152 Aug 26 18:38:34.926108: | signal event handler PLUTO_SIGSYS installed Aug 26 18:38:34.926464: | created addconn helper (pid:13604) using fork+execve Aug 26 18:38:34.926485: | forked child 13604 Aug 26 18:38:34.926530: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:34.926545: listening for IKE messages Aug 26 18:38:34.926580: | Inspecting interface lo Aug 26 18:38:34.926586: | found lo with address 127.0.0.1 Aug 26 18:38:34.926589: | Inspecting interface eth0 Aug 26 18:38:34.926593: | found eth0 with address 192.0.3.254 Aug 26 18:38:34.926598: | Inspecting interface eth1 Aug 26 18:38:34.926602: | found eth1 with address 192.1.3.33 Aug 26 18:38:34.926605: | Inspecting interface eth1 Aug 26 18:38:34.926609: | found eth1 with address 192.1.8.22 Aug 26 18:38:34.926706: Kernel supports NIC esp-hw-offload Aug 26 18:38:34.926717: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.8.22:500 Aug 26 18:38:34.926738: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:38:34.926743: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:38:34.926750: adding interface eth1/eth1 192.1.8.22:4500 Aug 26 18:38:34.926772: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Aug 26 18:38:34.926790: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:38:34.926794: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:38:34.926798: adding interface eth1/eth1 192.1.3.33:4500 Aug 26 18:38:34.926823: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Aug 26 18:38:34.926841: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:38:34.926845: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:38:34.926849: adding interface eth0/eth0 192.0.3.254:4500 Aug 26 18:38:34.926871: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:38:34.926890: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:38:34.926894: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:38:34.926897: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:38:34.926956: | no interfaces to sort Aug 26 18:38:34.926960: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:38:34.926970: | add_fd_read_event_handler: new ethX-pe@0x55cff0618db8 Aug 26 18:38:34.926974: | libevent_malloc: new ptr-libevent@0x55cff060cd48 size 128 Aug 26 18:38:34.926977: | libevent_malloc: new ptr-libevent@0x55cff0618e28 size 16 Aug 26 18:38:34.926983: | setup callback for interface lo 127.0.0.1:4500 fd 24 Aug 26 18:38:34.926986: | add_fd_read_event_handler: new ethX-pe@0x55cff0618e68 Aug 26 18:38:34.926991: | libevent_malloc: new ptr-libevent@0x55cff05aaf68 size 128 Aug 26 18:38:34.926994: | libevent_malloc: new ptr-libevent@0x55cff0618ed8 size 16 Aug 26 18:38:34.926999: | setup callback for interface lo 127.0.0.1:500 fd 23 Aug 26 18:38:34.927001: | add_fd_read_event_handler: new ethX-pe@0x55cff0618f18 Aug 26 18:38:34.927004: | libevent_malloc: new ptr-libevent@0x55cff05aae68 size 128 Aug 26 18:38:34.927007: | libevent_malloc: new ptr-libevent@0x55cff0618f88 size 16 Aug 26 18:38:34.927012: | setup callback for interface eth0 192.0.3.254:4500 fd 22 Aug 26 18:38:34.927014: | add_fd_read_event_handler: new ethX-pe@0x55cff0618fc8 Aug 26 18:38:34.927017: | libevent_malloc: new ptr-libevent@0x55cff05aa698 size 128 Aug 26 18:38:34.927020: | libevent_malloc: new ptr-libevent@0x55cff0619038 size 16 Aug 26 18:38:34.927024: | setup callback for interface eth0 192.0.3.254:500 fd 21 Aug 26 18:38:34.927027: | add_fd_read_event_handler: new ethX-pe@0x55cff0619528 Aug 26 18:38:34.927032: | libevent_malloc: new ptr-libevent@0x55cff05794e8 size 128 Aug 26 18:38:34.927035: | libevent_malloc: new ptr-libevent@0x55cff0619078 size 16 Aug 26 18:38:34.927040: | setup callback for interface eth1 192.1.3.33:4500 fd 20 Aug 26 18:38:34.927043: | add_fd_read_event_handler: new ethX-pe@0x55cff0619598 Aug 26 18:38:34.927046: | libevent_malloc: new ptr-libevent@0x55cff05791d8 size 128 Aug 26 18:38:34.927048: | libevent_malloc: new ptr-libevent@0x55cff0619608 size 16 Aug 26 18:38:34.927053: | setup callback for interface eth1 192.1.3.33:500 fd 19 Aug 26 18:38:34.927055: | add_fd_read_event_handler: new ethX-pe@0x55cff0619648 Aug 26 18:38:34.927058: | libevent_malloc: new ptr-libevent@0x55cff06196b8 size 128 Aug 26 18:38:34.927061: | libevent_malloc: new ptr-libevent@0x55cff0619768 size 16 Aug 26 18:38:34.927066: | setup callback for interface eth1 192.1.8.22:4500 fd 18 Aug 26 18:38:34.927069: | add_fd_read_event_handler: new ethX-pe@0x55cff06197a8 Aug 26 18:38:34.927072: | libevent_malloc: new ptr-libevent@0x55cff0619818 size 128 Aug 26 18:38:34.927075: | libevent_malloc: new ptr-libevent@0x55cff06198c8 size 16 Aug 26 18:38:34.927079: | setup callback for interface eth1 192.1.8.22:500 fd 17 Aug 26 18:38:34.927085: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:38:34.927088: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:38:34.927110: loading secrets from "/etc/ipsec.secrets" Aug 26 18:38:34.927124: | Processing PSK at line 1: passed Aug 26 18:38:34.927128: | certs and keys locked by 'process_secret' Aug 26 18:38:34.927132: | certs and keys unlocked by 'process_secret' Aug 26 18:38:34.927142: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:34.927149: | spent 0.626 milliseconds in whack Aug 26 18:38:34.946936: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:34.946964: listening for IKE messages Aug 26 18:38:34.947003: | Inspecting interface lo Aug 26 18:38:34.947012: | found lo with address 127.0.0.1 Aug 26 18:38:34.947015: | Inspecting interface eth0 Aug 26 18:38:34.947020: | found eth0 with address 192.0.3.254 Aug 26 18:38:34.947023: | Inspecting interface eth1 Aug 26 18:38:34.947028: | found eth1 with address 192.1.3.33 Aug 26 18:38:34.947031: | Inspecting interface eth1 Aug 26 18:38:34.947035: | found eth1 with address 192.1.8.22 Aug 26 18:38:34.947102: | no interfaces to sort Aug 26 18:38:34.947112: | libevent_free: release ptr-libevent@0x55cff060cd48 Aug 26 18:38:34.947116: | free_event_entry: release EVENT_NULL-pe@0x55cff0618db8 Aug 26 18:38:34.947120: | add_fd_read_event_handler: new ethX-pe@0x55cff0618db8 Aug 26 18:38:34.947123: | libevent_malloc: new ptr-libevent@0x55cff060cd48 size 128 Aug 26 18:38:34.947131: | setup callback for interface lo 127.0.0.1:4500 fd 24 Aug 26 18:38:34.947136: | libevent_free: release ptr-libevent@0x55cff05aaf68 Aug 26 18:38:34.947139: | free_event_entry: release EVENT_NULL-pe@0x55cff0618e68 Aug 26 18:38:34.947142: | add_fd_read_event_handler: new ethX-pe@0x55cff0618e68 Aug 26 18:38:34.947145: | libevent_malloc: new ptr-libevent@0x55cff05aaf68 size 128 Aug 26 18:38:34.947151: | setup callback for interface lo 127.0.0.1:500 fd 23 Aug 26 18:38:34.947155: | libevent_free: release ptr-libevent@0x55cff05aae68 Aug 26 18:38:34.947158: | free_event_entry: release EVENT_NULL-pe@0x55cff0618f18 Aug 26 18:38:34.947161: | add_fd_read_event_handler: new ethX-pe@0x55cff0618f18 Aug 26 18:38:34.947164: | libevent_malloc: new ptr-libevent@0x55cff05aae68 size 128 Aug 26 18:38:34.947169: | setup callback for interface eth0 192.0.3.254:4500 fd 22 Aug 26 18:38:34.947173: | libevent_free: release ptr-libevent@0x55cff05aa698 Aug 26 18:38:34.947176: | free_event_entry: release EVENT_NULL-pe@0x55cff0618fc8 Aug 26 18:38:34.947179: | add_fd_read_event_handler: new ethX-pe@0x55cff0618fc8 Aug 26 18:38:34.947182: | libevent_malloc: new ptr-libevent@0x55cff05aa698 size 128 Aug 26 18:38:34.947187: | setup callback for interface eth0 192.0.3.254:500 fd 21 Aug 26 18:38:34.947191: | libevent_free: release ptr-libevent@0x55cff05794e8 Aug 26 18:38:34.947194: | free_event_entry: release EVENT_NULL-pe@0x55cff0619528 Aug 26 18:38:34.947197: | add_fd_read_event_handler: new ethX-pe@0x55cff0619528 Aug 26 18:38:34.947200: | libevent_malloc: new ptr-libevent@0x55cff05794e8 size 128 Aug 26 18:38:34.947205: | setup callback for interface eth1 192.1.3.33:4500 fd 20 Aug 26 18:38:34.947209: | libevent_free: release ptr-libevent@0x55cff05791d8 Aug 26 18:38:34.947212: | free_event_entry: release EVENT_NULL-pe@0x55cff0619598 Aug 26 18:38:34.947214: | add_fd_read_event_handler: new ethX-pe@0x55cff0619598 Aug 26 18:38:34.947217: | libevent_malloc: new ptr-libevent@0x55cff05791d8 size 128 Aug 26 18:38:34.947222: | setup callback for interface eth1 192.1.3.33:500 fd 19 Aug 26 18:38:34.947226: | libevent_free: release ptr-libevent@0x55cff06196b8 Aug 26 18:38:34.947229: | free_event_entry: release EVENT_NULL-pe@0x55cff0619648 Aug 26 18:38:34.947232: | add_fd_read_event_handler: new ethX-pe@0x55cff0619648 Aug 26 18:38:34.947234: | libevent_malloc: new ptr-libevent@0x55cff06196b8 size 128 Aug 26 18:38:34.947239: | setup callback for interface eth1 192.1.8.22:4500 fd 18 Aug 26 18:38:34.947243: | libevent_free: release ptr-libevent@0x55cff0619818 Aug 26 18:38:34.947246: | free_event_entry: release EVENT_NULL-pe@0x55cff06197a8 Aug 26 18:38:34.947249: | add_fd_read_event_handler: new ethX-pe@0x55cff06197a8 Aug 26 18:38:34.947256: | libevent_malloc: new ptr-libevent@0x55cff0619818 size 128 Aug 26 18:38:34.947261: | setup callback for interface eth1 192.1.8.22:500 fd 17 Aug 26 18:38:34.947265: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:38:34.947268: forgetting secrets Aug 26 18:38:34.947277: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:38:34.947295: loading secrets from "/etc/ipsec.secrets" Aug 26 18:38:34.947308: | Processing PSK at line 1: passed Aug 26 18:38:34.947311: | certs and keys locked by 'process_secret' Aug 26 18:38:34.947313: | certs and keys unlocked by 'process_secret' Aug 26 18:38:34.947324: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:34.947333: | spent 0.402 milliseconds in whack Aug 26 18:38:34.947773: | processing signal PLUTO_SIGCHLD Aug 26 18:38:34.947784: | waitpid returned pid 13604 (exited with status 0) Aug 26 18:38:34.947788: | reaped addconn helper child (status 0) Aug 26 18:38:34.947791: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:34.947795: | spent 0.0137 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:35.008270: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:35.008309: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:35.008316: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:38:35.008319: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:35.008321: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:38:35.008326: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:35.008363: | Added new connection northnet-eastnet with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 18:38:35.008425: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:38:35.008430: | from whack: got --esp=aes_gcm Aug 26 18:38:35.008436: | ESP/AH string values: AES_GCM_16-NONE Aug 26 18:38:35.008442: | counting wild cards for 192.1.3.33 is 0 Aug 26 18:38:35.008446: | counting wild cards for 192.1.2.23 is 0 Aug 26 18:38:35.008456: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Aug 26 18:38:35.008460: | new hp@0x55cff061b338 Aug 26 18:38:35.008464: added connection description "northnet-eastnet" Aug 26 18:38:35.008476: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 18:38:35.008487: | 192.0.3.0/24===192.1.3.33<192.1.3.33>...192.1.2.23<192.1.2.23>===192.0.2.0/24 Aug 26 18:38:35.008496: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:35.008504: | spent 0.227 milliseconds in whack Aug 26 18:38:35.121586: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:35.121612: | dup_any(fd@16) -> fd@25 (in whack_process() at rcv_whack.c:590) Aug 26 18:38:35.121617: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:35.121623: | start processing: connection "northnet-eastnet" (in initiate_a_connection() at initiate.c:186) Aug 26 18:38:35.121626: | connection 'northnet-eastnet' +POLICY_UP Aug 26 18:38:35.121629: | dup_any(fd@25) -> fd@26 (in initiate_a_connection() at initiate.c:342) Aug 26 18:38:35.121631: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:38:35.121649: | creating state object #1 at 0x55cff061b418 Aug 26 18:38:35.121651: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 18:38:35.121657: | pstats #1 ikev2.ike started Aug 26 18:38:35.121660: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:38:35.121667: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:38:35.121671: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:38:35.121677: | suspend processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:38:35.121681: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:38:35.121683: | dup_any(fd@26) -> fd@27 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:38:35.121686: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet" IKE SA #1 "northnet-eastnet" Aug 26 18:38:35.121689: "northnet-eastnet" #1: initiating v2 parent SA Aug 26 18:38:35.121699: | constructing local IKE proposals for northnet-eastnet (IKE SA initiator selecting KE) Aug 26 18:38:35.121709: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:35.121717: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:35.121721: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:35.121726: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:35.121730: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:35.121735: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:35.121738: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:35.121743: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:35.121753: "northnet-eastnet": constructed local IKE proposals for northnet-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:35.121766: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 18:38:35.121770: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55cff061db88 Aug 26 18:38:35.121774: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:38:35.121777: | libevent_malloc: new ptr-libevent@0x55cff061dbf8 size 128 Aug 26 18:38:35.121790: | #1 spent 0.165 milliseconds in ikev2_parent_outI1() Aug 26 18:38:35.121793: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:38:35.121793: | crypto helper 0 resuming Aug 26 18:38:35.121799: | RESET processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:38:35.121810: | crypto helper 0 starting work-order 1 for state #1 Aug 26 18:38:35.121813: | RESET processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:38:35.121815: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 18:38:35.121821: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:38:35.121833: | close_any(fd@25) (in initiate_connection() at initiate.c:372) Aug 26 18:38:35.121837: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:35.121841: | spent 0.257 milliseconds in whack Aug 26 18:38:35.122850: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001035 seconds Aug 26 18:38:35.122863: | (#1) spent 1.04 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 18:38:35.122866: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 18:38:35.122869: | scheduling resume sending helper answer for #1 Aug 26 18:38:35.122873: | libevent_malloc: new ptr-libevent@0x7f97dc002888 size 128 Aug 26 18:38:35.122880: | crypto helper 0 waiting (nothing to do) Aug 26 18:38:35.122909: | processing resume sending helper answer for #1 Aug 26 18:38:35.122919: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:38:35.122923: | crypto helper 0 replies to request ID 1 Aug 26 18:38:35.122925: | calling continuation function 0x55cfeea06b50 Aug 26 18:38:35.122927: | ikev2_parent_outI1_continue for #1 Aug 26 18:38:35.122953: | **emit ISAKMP Message: Aug 26 18:38:35.122955: | initiator cookie: Aug 26 18:38:35.122957: | 8d 28 fa 2f 37 b2 de 6b Aug 26 18:38:35.122958: | responder cookie: Aug 26 18:38:35.122960: | 00 00 00 00 00 00 00 00 Aug 26 18:38:35.122962: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:35.122964: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:35.122966: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:38:35.122968: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:38:35.122970: | Message ID: 0 (0x0) Aug 26 18:38:35.122972: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:35.122982: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:35.122985: | Emitting ikev2_proposals ... Aug 26 18:38:35.122987: | ***emit IKEv2 Security Association Payload: Aug 26 18:38:35.122989: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:35.122990: | flags: none (0x0) Aug 26 18:38:35.122993: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:38:35.122995: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:38:35.122997: | discarding INTEG=NONE Aug 26 18:38:35.122999: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:35.123001: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:35.123003: | prop #: 1 (0x1) Aug 26 18:38:35.123004: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:35.123006: | spi size: 0 (0x0) Aug 26 18:38:35.123008: | # transforms: 11 (0xb) Aug 26 18:38:35.123010: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:35.123011: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123016: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123018: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:35.123020: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:35.123022: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123024: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:35.123026: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:35.123027: | length/value: 256 (0x100) Aug 26 18:38:35.123029: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:35.123031: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123033: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123034: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:35.123036: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:35.123038: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123040: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123042: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123044: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123045: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123047: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:35.123049: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:35.123050: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123052: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123054: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123056: | discarding INTEG=NONE Aug 26 18:38:35.123057: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123059: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123061: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123062: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:35.123064: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123066: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123068: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123069: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123071: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123073: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123074: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:35.123076: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123078: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123080: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123081: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123083: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123085: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123086: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:35.123088: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123090: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123093: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123095: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123096: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123098: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123100: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:35.123102: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123104: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123105: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123107: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123108: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123110: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123112: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:35.123114: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123116: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123117: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123119: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123120: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123122: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123124: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:35.123126: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123128: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123129: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123131: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123133: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123134: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123136: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:35.123138: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123140: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123141: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123143: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123145: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:35.123146: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123148: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:35.123150: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123152: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123153: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123155: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:38:35.123157: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:35.123159: | discarding INTEG=NONE Aug 26 18:38:35.123160: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:35.123163: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:35.123165: | prop #: 2 (0x2) Aug 26 18:38:35.123167: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:35.123168: | spi size: 0 (0x0) Aug 26 18:38:35.123170: | # transforms: 11 (0xb) Aug 26 18:38:35.123172: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:35.123174: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:35.123176: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123177: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123179: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:35.123181: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:35.123183: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123184: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:35.123186: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:35.123188: | length/value: 128 (0x80) Aug 26 18:38:35.123189: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:35.123191: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123193: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123194: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:35.123196: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:35.123198: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123200: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123202: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123203: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123205: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123206: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:35.123208: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:35.123210: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123212: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123214: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123215: | discarding INTEG=NONE Aug 26 18:38:35.123217: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123218: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123220: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123221: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:35.123223: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123225: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123227: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123229: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123230: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123232: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123233: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:35.123235: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123237: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123240: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123242: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123243: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123245: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123247: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:35.123249: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123251: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123252: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123254: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123255: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123257: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123259: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:35.123261: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123262: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123264: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123266: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123267: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123269: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123271: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:35.123273: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123274: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123276: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123278: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123279: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123281: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123283: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:35.123285: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123286: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123301: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123307: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123310: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123312: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123315: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:35.123317: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123319: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123321: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123323: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123324: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:35.123326: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123328: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:35.123329: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123335: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123337: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123338: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:38:35.123340: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:35.123342: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:35.123344: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:35.123345: | prop #: 3 (0x3) Aug 26 18:38:35.123347: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:35.123348: | spi size: 0 (0x0) Aug 26 18:38:35.123350: | # transforms: 13 (0xd) Aug 26 18:38:35.123352: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:35.123354: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:35.123356: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123357: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123359: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:35.123360: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:35.123362: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123364: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:35.123366: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:35.123367: | length/value: 256 (0x100) Aug 26 18:38:35.123369: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:35.123371: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123372: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123374: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:35.123376: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:35.123378: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123379: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123381: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123383: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123384: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123386: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:35.123388: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:35.123390: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123391: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123393: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123395: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123396: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123398: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:35.123400: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:38:35.123402: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123403: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123405: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123408: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123410: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123411: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:35.123413: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:35.123415: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123417: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123418: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123420: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123422: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123423: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123425: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:35.123427: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123429: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123430: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123432: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123434: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123435: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123437: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:35.123439: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123441: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123442: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123444: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123446: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123447: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123449: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:35.123451: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123453: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123454: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123456: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123458: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123459: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123461: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:35.123463: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123465: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123466: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123468: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123469: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123471: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123473: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:35.123475: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123477: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123479: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123481: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123482: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123484: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123486: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:35.123488: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123490: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123491: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123493: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123494: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123496: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123498: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:35.123500: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123501: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123503: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123505: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123506: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:35.123508: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123510: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:35.123512: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123514: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123515: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123517: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:38:35.123519: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:35.123520: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:35.123522: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:35.123524: | prop #: 4 (0x4) Aug 26 18:38:35.123525: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:35.123527: | spi size: 0 (0x0) Aug 26 18:38:35.123528: | # transforms: 13 (0xd) Aug 26 18:38:35.123530: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:35.123532: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:35.123534: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123536: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123537: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:35.123539: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:35.123541: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123542: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:35.123544: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:35.123546: | length/value: 128 (0x80) Aug 26 18:38:35.123547: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:35.123549: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123551: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123553: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:35.123555: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:35.123557: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123559: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123561: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123562: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123564: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123565: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:35.123567: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:35.123569: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123571: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123573: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123574: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123576: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123577: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:35.123579: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:38:35.123581: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123583: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123585: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123586: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123588: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123589: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:35.123591: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:35.123593: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123595: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123597: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123598: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123600: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123601: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123603: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:35.123605: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123607: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123609: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123610: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123612: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123613: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123615: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:35.123617: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123619: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123620: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123623: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123625: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123626: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123628: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:35.123630: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123632: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123633: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123635: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123637: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123638: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123640: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:35.123642: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123644: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123645: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123647: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123649: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123650: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123652: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:35.123654: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123656: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123657: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123659: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123661: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123662: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123664: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:35.123666: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123668: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123669: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123671: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123673: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123674: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123676: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:35.123678: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123680: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123681: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123683: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.123684: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:35.123686: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.123688: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:35.123690: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.123693: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.123694: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.123696: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:38:35.123698: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:35.123700: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:38:35.123701: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:38:35.123703: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:38:35.123705: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:35.123707: | flags: none (0x0) Aug 26 18:38:35.123708: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:35.123711: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:38:35.123712: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:38:35.123715: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:38:35.123717: | ikev2 g^x 40 55 0b 1c bc dd 65 ba 17 98 90 ee 07 cc c3 50 Aug 26 18:38:35.123718: | ikev2 g^x b8 bd 4f 0b 57 d0 39 f5 21 3a 35 53 f9 50 26 15 Aug 26 18:38:35.123720: | ikev2 g^x 75 21 de 9b b3 76 44 46 9f ac 87 19 ee 74 ca 36 Aug 26 18:38:35.123722: | ikev2 g^x 38 20 b9 26 fb b0 69 13 33 41 aa 44 09 0a 27 3f Aug 26 18:38:35.123723: | ikev2 g^x 5f 13 ef 5d 54 4d 03 bd 5e fe fc c1 ed 9e ba 1c Aug 26 18:38:35.123725: | ikev2 g^x f0 c7 d0 0f ff 2d 82 f3 19 6a f9 f8 ce 5b 09 e7 Aug 26 18:38:35.123726: | ikev2 g^x bf 30 85 a5 d9 38 5b 48 68 52 3f cf b6 77 8f 1b Aug 26 18:38:35.123728: | ikev2 g^x 33 ff ca 32 3b f9 39 df 82 93 38 74 39 68 23 72 Aug 26 18:38:35.123730: | ikev2 g^x be 0c 24 7f 94 7c 17 12 0e 73 51 23 16 32 26 e2 Aug 26 18:38:35.123731: | ikev2 g^x a1 57 fa 8b 91 66 34 34 e5 44 23 26 14 da 0e 4a Aug 26 18:38:35.123733: | ikev2 g^x 9c 12 af e7 59 bc f4 aa 62 f0 29 c0 74 05 1a 11 Aug 26 18:38:35.123734: | ikev2 g^x 50 80 bc 29 7f 6f c9 67 11 cb 15 14 ef f2 e9 4c Aug 26 18:38:35.123736: | ikev2 g^x 25 58 46 7e 7f 96 85 28 1b 27 9b 24 e5 ca 8a 44 Aug 26 18:38:35.123738: | ikev2 g^x b6 df 77 3a 79 61 8d fa 4f ee ea 14 97 0c 92 5f Aug 26 18:38:35.123739: | ikev2 g^x 02 8d 5e a9 da 69 95 3e 1a ea ab af 9a b9 b4 10 Aug 26 18:38:35.123741: | ikev2 g^x 99 3f d8 56 47 20 46 9b 83 7b 4f 5b 4e 7d 9d bb Aug 26 18:38:35.123743: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:38:35.123744: | ***emit IKEv2 Nonce Payload: Aug 26 18:38:35.123746: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:35.123748: | flags: none (0x0) Aug 26 18:38:35.123750: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:38:35.123752: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:38:35.123753: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:38:35.123755: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:38:35.123757: | IKEv2 nonce d7 f0 48 de ba de 98 fb 93 44 bc 8f 8e ef a0 47 Aug 26 18:38:35.123759: | IKEv2 nonce 29 76 91 a7 9c 5b 05 de 5c cb b8 9c 4b 89 79 da Aug 26 18:38:35.123760: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:38:35.123762: | Adding a v2N Payload Aug 26 18:38:35.123764: | ***emit IKEv2 Notify Payload: Aug 26 18:38:35.123766: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:35.123767: | flags: none (0x0) Aug 26 18:38:35.123769: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:35.123772: | SPI size: 0 (0x0) Aug 26 18:38:35.123773: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:38:35.123776: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:35.123777: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:35.123779: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:38:35.123781: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:38:35.123783: | natd_hash: rcookie is zero Aug 26 18:38:35.123792: | natd_hash: hasher=0x55cfeeadb800(20) Aug 26 18:38:35.123794: | natd_hash: icookie= 8d 28 fa 2f 37 b2 de 6b Aug 26 18:38:35.123796: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:38:35.123797: | natd_hash: ip= c0 01 03 21 Aug 26 18:38:35.123799: | natd_hash: port=500 Aug 26 18:38:35.123801: | natd_hash: hash= 01 95 de 55 80 29 55 8a cf 12 20 40 4d 0e 54 13 Aug 26 18:38:35.123802: | natd_hash: hash= 7d 15 e4 f1 Aug 26 18:38:35.123804: | Adding a v2N Payload Aug 26 18:38:35.123805: | ***emit IKEv2 Notify Payload: Aug 26 18:38:35.123807: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:35.123809: | flags: none (0x0) Aug 26 18:38:35.123810: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:35.123812: | SPI size: 0 (0x0) Aug 26 18:38:35.123814: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:35.123816: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:35.123817: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:35.123819: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:35.123821: | Notify data 01 95 de 55 80 29 55 8a cf 12 20 40 4d 0e 54 13 Aug 26 18:38:35.123823: | Notify data 7d 15 e4 f1 Aug 26 18:38:35.123824: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:35.123826: | natd_hash: rcookie is zero Aug 26 18:38:35.123832: | natd_hash: hasher=0x55cfeeadb800(20) Aug 26 18:38:35.123833: | natd_hash: icookie= 8d 28 fa 2f 37 b2 de 6b Aug 26 18:38:35.123835: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:38:35.123836: | natd_hash: ip= c0 01 02 17 Aug 26 18:38:35.123838: | natd_hash: port=500 Aug 26 18:38:35.123840: | natd_hash: hash= 96 3b 13 e8 95 b2 f7 1f db ff 2b c7 32 e0 b1 ca Aug 26 18:38:35.123841: | natd_hash: hash= 95 fc 8e bc Aug 26 18:38:35.123843: | Adding a v2N Payload Aug 26 18:38:35.123844: | ***emit IKEv2 Notify Payload: Aug 26 18:38:35.123846: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:35.123847: | flags: none (0x0) Aug 26 18:38:35.123849: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:35.123851: | SPI size: 0 (0x0) Aug 26 18:38:35.123852: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:35.123854: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:35.123856: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:35.123858: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:35.123860: | Notify data 96 3b 13 e8 95 b2 f7 1f db ff 2b c7 32 e0 b1 ca Aug 26 18:38:35.123861: | Notify data 95 fc 8e bc Aug 26 18:38:35.123863: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:35.123865: | emitting length of ISAKMP Message: 828 Aug 26 18:38:35.123869: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:38:35.123877: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:35.123880: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:38:35.123882: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:38:35.123887: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:38:35.123889: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 18:38:35.123891: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 18:38:35.123894: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:38:35.123896: "northnet-eastnet" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:38:35.123904: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:38:35.123913: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:38:35.123918: | 8d 28 fa 2f 37 b2 de 6b 00 00 00 00 00 00 00 00 Aug 26 18:38:35.123921: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:38:35.123923: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:38:35.123924: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:38:35.123926: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:38:35.123927: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:38:35.123929: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:38:35.123930: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:38:35.123932: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:38:35.123934: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:38:35.123935: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:38:35.123937: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:38:35.123938: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:38:35.123940: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:38:35.123941: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:38:35.123943: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:38:35.123945: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:38:35.123946: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:38:35.123948: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:38:35.123949: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:38:35.123951: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:38:35.123952: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:38:35.123954: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:38:35.123956: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:38:35.123957: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:38:35.123959: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:38:35.123960: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:38:35.123962: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:38:35.123963: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:38:35.123965: | 28 00 01 08 00 0e 00 00 40 55 0b 1c bc dd 65 ba Aug 26 18:38:35.123967: | 17 98 90 ee 07 cc c3 50 b8 bd 4f 0b 57 d0 39 f5 Aug 26 18:38:35.123968: | 21 3a 35 53 f9 50 26 15 75 21 de 9b b3 76 44 46 Aug 26 18:38:35.123970: | 9f ac 87 19 ee 74 ca 36 38 20 b9 26 fb b0 69 13 Aug 26 18:38:35.123971: | 33 41 aa 44 09 0a 27 3f 5f 13 ef 5d 54 4d 03 bd Aug 26 18:38:35.123973: | 5e fe fc c1 ed 9e ba 1c f0 c7 d0 0f ff 2d 82 f3 Aug 26 18:38:35.123974: | 19 6a f9 f8 ce 5b 09 e7 bf 30 85 a5 d9 38 5b 48 Aug 26 18:38:35.123976: | 68 52 3f cf b6 77 8f 1b 33 ff ca 32 3b f9 39 df Aug 26 18:38:35.123978: | 82 93 38 74 39 68 23 72 be 0c 24 7f 94 7c 17 12 Aug 26 18:38:35.123979: | 0e 73 51 23 16 32 26 e2 a1 57 fa 8b 91 66 34 34 Aug 26 18:38:35.123981: | e5 44 23 26 14 da 0e 4a 9c 12 af e7 59 bc f4 aa Aug 26 18:38:35.123982: | 62 f0 29 c0 74 05 1a 11 50 80 bc 29 7f 6f c9 67 Aug 26 18:38:35.123984: | 11 cb 15 14 ef f2 e9 4c 25 58 46 7e 7f 96 85 28 Aug 26 18:38:35.123987: | 1b 27 9b 24 e5 ca 8a 44 b6 df 77 3a 79 61 8d fa Aug 26 18:38:35.123988: | 4f ee ea 14 97 0c 92 5f 02 8d 5e a9 da 69 95 3e Aug 26 18:38:35.123990: | 1a ea ab af 9a b9 b4 10 99 3f d8 56 47 20 46 9b Aug 26 18:38:35.123991: | 83 7b 4f 5b 4e 7d 9d bb 29 00 00 24 d7 f0 48 de Aug 26 18:38:35.123993: | ba de 98 fb 93 44 bc 8f 8e ef a0 47 29 76 91 a7 Aug 26 18:38:35.123995: | 9c 5b 05 de 5c cb b8 9c 4b 89 79 da 29 00 00 08 Aug 26 18:38:35.123996: | 00 00 40 2e 29 00 00 1c 00 00 40 04 01 95 de 55 Aug 26 18:38:35.123998: | 80 29 55 8a cf 12 20 40 4d 0e 54 13 7d 15 e4 f1 Aug 26 18:38:35.123999: | 00 00 00 1c 00 00 40 05 96 3b 13 e8 95 b2 f7 1f Aug 26 18:38:35.124001: | db ff 2b c7 32 e0 b1 ca 95 fc 8e bc Aug 26 18:38:35.124075: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:38:35.124081: | libevent_free: release ptr-libevent@0x55cff061dbf8 Aug 26 18:38:35.124084: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55cff061db88 Aug 26 18:38:35.124087: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:38:35.124091: | event_schedule: new EVENT_RETRANSMIT-pe@0x55cff061db88 Aug 26 18:38:35.124094: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 18:38:35.124097: | libevent_malloc: new ptr-libevent@0x55cff061dbf8 size 128 Aug 26 18:38:35.124103: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 30000.866557 Aug 26 18:38:35.124107: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 18:38:35.124113: | #1 spent 1.13 milliseconds in resume sending helper answer Aug 26 18:38:35.124118: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:38:35.124122: | libevent_free: release ptr-libevent@0x7f97dc002888 Aug 26 18:38:35.126574: | spent 0.00226 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:35.126596: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:38:35.126601: | 8d 28 fa 2f 37 b2 de 6b f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:35.126604: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 18:38:35.126606: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 18:38:35.126609: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 18:38:35.126611: | 04 00 00 0e 28 00 01 08 00 0e 00 00 71 f3 0a a4 Aug 26 18:38:35.126614: | b5 94 15 70 28 1e 32 c6 b8 77 95 29 8f 94 b9 ec Aug 26 18:38:35.126616: | a2 4d b7 44 22 af bc 0e 2a 06 ce 14 98 07 11 54 Aug 26 18:38:35.126619: | e7 68 f8 c6 5c 8f fc 5f 1a e7 1b 4f 66 ff 2c fa Aug 26 18:38:35.126621: | 0a 69 bd b5 a4 1a 47 4d de 7b bd 77 0d b1 09 f2 Aug 26 18:38:35.126624: | 80 14 f8 9e 78 cb 59 97 7f bc 56 30 8c f9 de 2a Aug 26 18:38:35.126626: | 0b c3 c6 6e 95 c1 67 a9 7b 7d d8 3a 8d c7 52 2e Aug 26 18:38:35.126629: | 4c 30 2c 1d 91 55 f7 d3 66 84 34 00 a4 fc 6c 8a Aug 26 18:38:35.126631: | 7a 25 d3 34 dc 48 a9 3f 21 82 14 cd 5d 02 38 ba Aug 26 18:38:35.126633: | 63 22 d7 50 d0 56 3e d4 58 7a 15 2e 26 95 17 c6 Aug 26 18:38:35.126636: | 0a 78 31 2c 2f 0d 56 b3 10 d0 a1 94 fc 56 d1 9e Aug 26 18:38:35.126638: | c8 30 d1 9c 9e 2f 41 4a f0 52 94 c8 d8 3d f4 2c Aug 26 18:38:35.126641: | 24 a8 19 a4 48 16 0a 87 6b 1f 01 4d 2f 08 93 58 Aug 26 18:38:35.126643: | 23 cb d3 79 15 1f b7 83 fa 27 d3 b1 ea 87 09 76 Aug 26 18:38:35.126646: | 1d dc 34 13 65 1c 44 7c ef 46 ce 38 af d5 6c 02 Aug 26 18:38:35.126648: | 36 36 43 84 bf 98 a2 d3 2c 69 4f 51 e8 31 d5 db Aug 26 18:38:35.126651: | 31 19 31 6c 2f 79 a4 8c 09 90 fb 15 29 00 00 24 Aug 26 18:38:35.126653: | 28 b2 4f 05 a0 a9 c0 c2 bd 99 18 60 95 bb 3b 0c Aug 26 18:38:35.126656: | 32 cd 17 85 2b 31 53 de ec ee a3 ab be 1a ce 68 Aug 26 18:38:35.126658: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 18:38:35.126663: | a7 75 b3 2c 1f 59 ab f0 05 48 c2 36 66 55 5e 5f Aug 26 18:38:35.126666: | 6a f4 8f 12 00 00 00 1c 00 00 40 05 70 91 fc d3 Aug 26 18:38:35.126668: | 17 46 cf ba dd 77 5e ff 81 7d 80 cc 02 56 a4 19 Aug 26 18:38:35.126673: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:38:35.126677: | **parse ISAKMP Message: Aug 26 18:38:35.126680: | initiator cookie: Aug 26 18:38:35.126682: | 8d 28 fa 2f 37 b2 de 6b Aug 26 18:38:35.126685: | responder cookie: Aug 26 18:38:35.126687: | f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:35.126691: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:38:35.126693: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:35.126696: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:38:35.126699: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:38:35.126702: | Message ID: 0 (0x0) Aug 26 18:38:35.126705: | length: 432 (0x1b0) Aug 26 18:38:35.126707: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 18:38:35.126709: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 18:38:35.126712: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 18:38:35.126716: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:35.126719: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:38:35.126721: | #1 is idle Aug 26 18:38:35.126723: | #1 idle Aug 26 18:38:35.126724: | unpacking clear payload Aug 26 18:38:35.126726: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:38:35.126728: | ***parse IKEv2 Security Association Payload: Aug 26 18:38:35.126730: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:38:35.126732: | flags: none (0x0) Aug 26 18:38:35.126733: | length: 40 (0x28) Aug 26 18:38:35.126735: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 18:38:35.126737: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:38:35.126739: | ***parse IKEv2 Key Exchange Payload: Aug 26 18:38:35.126740: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:38:35.126742: | flags: none (0x0) Aug 26 18:38:35.126744: | length: 264 (0x108) Aug 26 18:38:35.126745: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:35.126747: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:38:35.126749: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:38:35.126750: | ***parse IKEv2 Nonce Payload: Aug 26 18:38:35.126752: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:35.126754: | flags: none (0x0) Aug 26 18:38:35.126755: | length: 36 (0x24) Aug 26 18:38:35.126757: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:38:35.126758: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:35.126760: | ***parse IKEv2 Notify Payload: Aug 26 18:38:35.126762: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:35.126763: | flags: none (0x0) Aug 26 18:38:35.126765: | length: 8 (0x8) Aug 26 18:38:35.126767: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:35.126768: | SPI size: 0 (0x0) Aug 26 18:38:35.126770: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:38:35.126772: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:38:35.126773: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:35.126775: | ***parse IKEv2 Notify Payload: Aug 26 18:38:35.126777: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:35.126778: | flags: none (0x0) Aug 26 18:38:35.126780: | length: 28 (0x1c) Aug 26 18:38:35.126781: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:35.126783: | SPI size: 0 (0x0) Aug 26 18:38:35.126786: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:35.126788: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:35.126790: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:35.126794: | ***parse IKEv2 Notify Payload: Aug 26 18:38:35.126797: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:35.126799: | flags: none (0x0) Aug 26 18:38:35.126802: | length: 28 (0x1c) Aug 26 18:38:35.126804: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:35.126806: | SPI size: 0 (0x0) Aug 26 18:38:35.126808: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:35.126810: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:35.126813: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 18:38:35.126818: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:38:35.126821: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:38:35.126824: | Now let's proceed with state specific processing Aug 26 18:38:35.126826: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:38:35.126831: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 18:38:35.126846: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:35.126849: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 18:38:35.126852: | local proposal 1 type ENCR has 1 transforms Aug 26 18:38:35.126854: | local proposal 1 type PRF has 2 transforms Aug 26 18:38:35.126855: | local proposal 1 type INTEG has 1 transforms Aug 26 18:38:35.126857: | local proposal 1 type DH has 8 transforms Aug 26 18:38:35.126859: | local proposal 1 type ESN has 0 transforms Aug 26 18:38:35.126861: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:38:35.126863: | local proposal 2 type ENCR has 1 transforms Aug 26 18:38:35.126864: | local proposal 2 type PRF has 2 transforms Aug 26 18:38:35.126866: | local proposal 2 type INTEG has 1 transforms Aug 26 18:38:35.126868: | local proposal 2 type DH has 8 transforms Aug 26 18:38:35.126869: | local proposal 2 type ESN has 0 transforms Aug 26 18:38:35.126871: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:38:35.126873: | local proposal 3 type ENCR has 1 transforms Aug 26 18:38:35.126875: | local proposal 3 type PRF has 2 transforms Aug 26 18:38:35.126876: | local proposal 3 type INTEG has 2 transforms Aug 26 18:38:35.126878: | local proposal 3 type DH has 8 transforms Aug 26 18:38:35.126880: | local proposal 3 type ESN has 0 transforms Aug 26 18:38:35.126882: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:38:35.126883: | local proposal 4 type ENCR has 1 transforms Aug 26 18:38:35.126885: | local proposal 4 type PRF has 2 transforms Aug 26 18:38:35.126887: | local proposal 4 type INTEG has 2 transforms Aug 26 18:38:35.126888: | local proposal 4 type DH has 8 transforms Aug 26 18:38:35.126890: | local proposal 4 type ESN has 0 transforms Aug 26 18:38:35.126892: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:38:35.126894: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:38:35.126896: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:35.126900: | length: 36 (0x24) Aug 26 18:38:35.126905: | prop #: 1 (0x1) Aug 26 18:38:35.126908: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:35.126910: | spi size: 0 (0x0) Aug 26 18:38:35.126913: | # transforms: 3 (0x3) Aug 26 18:38:35.126919: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:38:35.126923: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:35.126927: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.126930: | length: 12 (0xc) Aug 26 18:38:35.126933: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:35.126936: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:35.126939: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:38:35.126942: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:35.126945: | length/value: 256 (0x100) Aug 26 18:38:35.126951: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:38:35.126954: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:35.126957: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.126960: | length: 8 (0x8) Aug 26 18:38:35.126963: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:35.126966: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:35.126971: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 18:38:35.126974: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:35.126977: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:35.126980: | length: 8 (0x8) Aug 26 18:38:35.126983: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:35.126986: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:35.126991: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:38:35.126995: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 18:38:35.127001: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 18:38:35.127005: | remote proposal 1 matches local proposal 1 Aug 26 18:38:35.127009: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 18:38:35.127012: | converting proposal to internal trans attrs Aug 26 18:38:35.127029: | natd_hash: hasher=0x55cfeeadb800(20) Aug 26 18:38:35.127033: | natd_hash: icookie= 8d 28 fa 2f 37 b2 de 6b Aug 26 18:38:35.127037: | natd_hash: rcookie= f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:35.127039: | natd_hash: ip= c0 01 03 21 Aug 26 18:38:35.127042: | natd_hash: port=500 Aug 26 18:38:35.127045: | natd_hash: hash= 70 91 fc d3 17 46 cf ba dd 77 5e ff 81 7d 80 cc Aug 26 18:38:35.127048: | natd_hash: hash= 02 56 a4 19 Aug 26 18:38:35.127056: | natd_hash: hasher=0x55cfeeadb800(20) Aug 26 18:38:35.127060: | natd_hash: icookie= 8d 28 fa 2f 37 b2 de 6b Aug 26 18:38:35.127063: | natd_hash: rcookie= f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:35.127066: | natd_hash: ip= c0 01 02 17 Aug 26 18:38:35.127069: | natd_hash: port=500 Aug 26 18:38:35.127073: | natd_hash: hash= a7 75 b3 2c 1f 59 ab f0 05 48 c2 36 66 55 5e 5f Aug 26 18:38:35.127075: | natd_hash: hash= 6a f4 8f 12 Aug 26 18:38:35.127078: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:38:35.127081: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 18:38:35.127083: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:38:35.127087: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 18:38:35.127095: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 18:38:35.127100: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 18:38:35.127103: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:38:35.127107: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 18:38:35.127111: | libevent_free: release ptr-libevent@0x55cff061dbf8 Aug 26 18:38:35.127114: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55cff061db88 Aug 26 18:38:35.127119: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55cff061db88 Aug 26 18:38:35.127124: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:38:35.127130: | libevent_malloc: new ptr-libevent@0x55cff061d928 size 128 Aug 26 18:38:35.127142: | #1 spent 0.309 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 18:38:35.127148: | crypto helper 3 resuming Aug 26 18:38:35.127148: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:35.127163: | crypto helper 3 starting work-order 2 for state #1 Aug 26 18:38:35.127165: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 18:38:35.127170: | crypto helper 3 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 18:38:35.127171: | suspending state #1 and saving MD Aug 26 18:38:35.127177: | #1 is busy; has a suspended MD Aug 26 18:38:35.127180: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:38:35.127183: | "northnet-eastnet" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:38:35.127185: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:35.127189: | #1 spent 0.594 milliseconds in ikev2_process_packet() Aug 26 18:38:35.127191: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:38:35.127193: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:35.127195: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:35.127198: | spent 0.603 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:35.128107: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 18:38:35.128512: | crypto helper 3 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001341 seconds Aug 26 18:38:35.128524: | (#1) spent 1.34 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 18:38:35.128528: | crypto helper 3 sending results from work-order 2 for state #1 to event queue Aug 26 18:38:35.128532: | scheduling resume sending helper answer for #1 Aug 26 18:38:35.128536: | libevent_malloc: new ptr-libevent@0x7f97d4000f48 size 128 Aug 26 18:38:35.128542: | crypto helper 3 waiting (nothing to do) Aug 26 18:38:35.128551: | processing resume sending helper answer for #1 Aug 26 18:38:35.128558: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:38:35.128562: | crypto helper 3 replies to request ID 2 Aug 26 18:38:35.128564: | calling continuation function 0x55cfeea06b50 Aug 26 18:38:35.128566: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 18:38:35.128571: | creating state object #2 at 0x55cff0620808 Aug 26 18:38:35.128574: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 18:38:35.128576: | pstats #2 ikev2.child started Aug 26 18:38:35.128579: | duplicating state object #1 "northnet-eastnet" as #2 for IPSEC SA Aug 26 18:38:35.128582: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:38:35.128587: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:38:35.128590: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 18:38:35.128593: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 18:38:35.128595: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:38:35.128597: | libevent_free: release ptr-libevent@0x55cff061d928 Aug 26 18:38:35.128599: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55cff061db88 Aug 26 18:38:35.128604: | event_schedule: new EVENT_SA_REPLACE-pe@0x55cff061db88 Aug 26 18:38:35.128607: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 18:38:35.128609: | libevent_malloc: new ptr-libevent@0x55cff061d928 size 128 Aug 26 18:38:35.128611: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 18:38:35.128616: | **emit ISAKMP Message: Aug 26 18:38:35.128618: | initiator cookie: Aug 26 18:38:35.128620: | 8d 28 fa 2f 37 b2 de 6b Aug 26 18:38:35.128622: | responder cookie: Aug 26 18:38:35.128623: | f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:35.128625: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:35.128627: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:35.128629: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:38:35.128631: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:38:35.128632: | Message ID: 1 (0x1) Aug 26 18:38:35.128634: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:35.128637: | ***emit IKEv2 Encryption Payload: Aug 26 18:38:35.128638: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:35.128640: | flags: none (0x0) Aug 26 18:38:35.128642: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:38:35.128644: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:38:35.128647: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:38:35.128653: | IKEv2 CERT: send a certificate? Aug 26 18:38:35.128656: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 18:38:35.128658: | IDr payload will NOT be sent Aug 26 18:38:35.128667: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 18:38:35.128669: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:35.128671: | flags: none (0x0) Aug 26 18:38:35.128673: | ID type: ID_IPV4_ADDR (0x1) Aug 26 18:38:35.128675: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 18:38:35.128677: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:38:35.128679: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 18:38:35.128681: | my identity c0 01 03 21 Aug 26 18:38:35.128683: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 18:38:35.128688: | not sending INITIAL_CONTACT Aug 26 18:38:35.128691: | ****emit IKEv2 Authentication Payload: Aug 26 18:38:35.128692: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:35.128694: | flags: none (0x0) Aug 26 18:38:35.128696: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:38:35.128698: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 18:38:35.128700: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 18:38:35.128702: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Aug 26 18:38:35.128706: | started looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 18:38:35.128708: | actually looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 18:38:35.128712: | line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK Aug 26 18:38:35.128714: | 1: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 18:38:35.128716: | 2: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 18:38:35.128718: | line 1: match=002 Aug 26 18:38:35.128720: | match 002 beats previous best_match 000 match=0x55cff0574c48 (line=1) Aug 26 18:38:35.128722: | concluding with best_match=002 best=0x55cff0574c48 (lineno=1) Aug 26 18:38:35.128758: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 18:38:35.128762: | PSK auth 90 a1 2d 67 74 22 85 60 e1 eb 67 f1 97 62 eb 4e Aug 26 18:38:35.128764: | PSK auth 23 67 f7 5e b0 ef d5 31 cb 5c 96 2c 86 a6 7c 2e Aug 26 18:38:35.128766: | PSK auth 0a 46 ab 5a d1 9a bd 75 6d 17 11 c0 d6 7f b3 9f Aug 26 18:38:35.128767: | PSK auth 9f 5b ce c9 b3 dd 51 30 bd 3f 0c ad 6d 20 7d 07 Aug 26 18:38:35.128769: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 18:38:35.128771: | getting first pending from state #1 Aug 26 18:38:35.128788: | netlink_get_spi: allocated 0x785da986 for esp.0@192.1.3.33 Aug 26 18:38:35.128792: | constructing ESP/AH proposals with all DH removed for northnet-eastnet (IKE SA initiator emitting ESP/AH proposals) Aug 26 18:38:35.128796: | converting proposal AES_GCM_16-NONE to ikev2 ... Aug 26 18:38:35.128799: | forcing IKEv2 PROTO_v2_ESP aes_gcm_16 ENCRYPT transform low-to-high key lengths: 128 256 Aug 26 18:38:35.128803: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_128,AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:38:35.128806: "northnet-eastnet": constructed local ESP/AH proposals for northnet-eastnet (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_128,AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:38:35.128814: | Emitting ikev2_proposals ... Aug 26 18:38:35.128816: | ****emit IKEv2 Security Association Payload: Aug 26 18:38:35.128818: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:35.128820: | flags: none (0x0) Aug 26 18:38:35.128822: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:38:35.128824: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:38:35.128826: | discarding INTEG=NONE Aug 26 18:38:35.128827: | discarding DH=NONE Aug 26 18:38:35.128829: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:35.128831: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:35.128832: | prop #: 1 (0x1) Aug 26 18:38:35.128834: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:38:35.128835: | spi size: 4 (0x4) Aug 26 18:38:35.128837: | # transforms: 3 (0x3) Aug 26 18:38:35.128839: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:35.128841: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:38:35.128843: | our spi 78 5d a9 86 Aug 26 18:38:35.128845: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.128847: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.128849: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:35.128850: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:35.128852: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.128854: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:35.128856: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:35.128858: | length/value: 128 (0x80) Aug 26 18:38:35.128860: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:35.128861: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.128863: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.128865: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:35.128866: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:35.128868: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.128870: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.128872: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:35.128874: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:35.128875: | length/value: 256 (0x100) Aug 26 18:38:35.128878: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:35.128880: | discarding INTEG=NONE Aug 26 18:38:35.128881: | discarding DH=NONE Aug 26 18:38:35.128883: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:38:35.128885: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:35.128886: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:38:35.128888: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:38:35.128890: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.128892: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:35.128894: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:35.128895: | emitting length of IKEv2 Proposal Substructure Payload: 44 Aug 26 18:38:35.128897: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:35.128899: | emitting length of IKEv2 Security Association Payload: 48 Aug 26 18:38:35.128901: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:38:35.128903: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:38:35.128905: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:35.128907: | flags: none (0x0) Aug 26 18:38:35.128908: | number of TS: 1 (0x1) Aug 26 18:38:35.128910: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:38:35.128912: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:38:35.128914: | *****emit IKEv2 Traffic Selector: Aug 26 18:38:35.128916: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:38:35.128917: | IP Protocol ID: 0 (0x0) Aug 26 18:38:35.128919: | start port: 0 (0x0) Aug 26 18:38:35.128921: | end port: 65535 (0xffff) Aug 26 18:38:35.128923: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:38:35.128924: | ipv4 start c0 00 03 00 Aug 26 18:38:35.128926: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:38:35.128928: | ipv4 end c0 00 03 ff Aug 26 18:38:35.128930: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:38:35.128931: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:38:35.128933: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:38:35.128935: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:35.128936: | flags: none (0x0) Aug 26 18:38:35.128938: | number of TS: 1 (0x1) Aug 26 18:38:35.128940: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:38:35.128942: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:38:35.128944: | *****emit IKEv2 Traffic Selector: Aug 26 18:38:35.128945: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:38:35.128947: | IP Protocol ID: 0 (0x0) Aug 26 18:38:35.128948: | start port: 0 (0x0) Aug 26 18:38:35.128950: | end port: 65535 (0xffff) Aug 26 18:38:35.128952: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:38:35.128953: | ipv4 start c0 00 02 00 Aug 26 18:38:35.128955: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:38:35.128957: | ipv4 end c0 00 02 ff Aug 26 18:38:35.128958: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:38:35.128960: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:38:35.128962: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 18:38:35.128965: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:38:35.128967: | Adding a v2N Payload Aug 26 18:38:35.128969: | ****emit IKEv2 Notify Payload: Aug 26 18:38:35.128970: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:35.128972: | flags: none (0x0) Aug 26 18:38:35.128974: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:35.128975: | SPI size: 0 (0x0) Aug 26 18:38:35.128977: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 18:38:35.128979: | next payload chain: setting previous 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:35.128981: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:35.128983: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:38:35.128985: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:38:35.128987: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:38:35.128989: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:38:35.128991: | emitting length of IKEv2 Encryption Payload: 217 Aug 26 18:38:35.128992: | emitting length of ISAKMP Message: 245 Aug 26 18:38:35.129002: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:35.129005: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:35.129008: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 18:38:35.129010: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 18:38:35.129012: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 18:38:35.129014: | Message ID: updating counters for #2 to 0 after switching state Aug 26 18:38:35.129018: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 18:38:35.129021: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 18:38:35.129024: "northnet-eastnet" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 18:38:35.129030: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:38:35.129034: | sending 245 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:38:35.129036: | 8d 28 fa 2f 37 b2 de 6b f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:35.129037: | 2e 20 23 08 00 00 00 01 00 00 00 f5 23 00 00 d9 Aug 26 18:38:35.129039: | c4 cd 57 19 91 3a d3 ad 86 0c 76 40 cf fc 08 1f Aug 26 18:38:35.129040: | 48 79 5d eb a0 49 2f e6 e8 52 3e 92 ba 65 c4 7a Aug 26 18:38:35.129042: | 5a 2e 2c 54 44 6c 30 38 1e 4d c1 2f 75 64 39 61 Aug 26 18:38:35.129044: | dd 20 00 2f 37 86 31 6e 6a ad 8d c5 d1 ef b2 b5 Aug 26 18:38:35.129045: | 72 54 68 55 3e dd f7 8f 0b 21 f2 1a 4c 37 88 3d Aug 26 18:38:35.129047: | eb 04 66 04 d0 c5 3a 1a c8 39 66 9e 23 32 2f 92 Aug 26 18:38:35.129048: | b9 f2 77 c2 26 ff 9b 7f d0 b6 c6 a6 2b 62 7f 60 Aug 26 18:38:35.129050: | b5 70 df 69 c3 53 68 fb 70 a2 80 06 34 09 b8 94 Aug 26 18:38:35.129051: | ca 66 42 a8 36 c6 e0 64 bd b2 f6 26 74 7b 24 42 Aug 26 18:38:35.129053: | de 94 59 51 8e 1f 6a f6 8e db 44 da 94 09 86 2e Aug 26 18:38:35.129055: | fc 52 1c bd ea b4 f2 fc 29 c2 44 59 6d ef c8 10 Aug 26 18:38:35.129056: | 0e 08 37 91 3d 5c 4a 44 68 3f 62 03 e0 94 d9 76 Aug 26 18:38:35.129058: | 57 4d ac 98 cf 6f a0 c4 e3 99 7d f4 f4 e9 5d c7 Aug 26 18:38:35.129059: | 5e 82 1c be 76 Aug 26 18:38:35.129100: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:38:35.129104: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f97dc002b78 Aug 26 18:38:35.129107: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Aug 26 18:38:35.129109: | libevent_malloc: new ptr-libevent@0x55cff06214d8 size 128 Aug 26 18:38:35.129112: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 30000.87157 Aug 26 18:38:35.129115: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:38:35.129119: | #1 spent 0.534 milliseconds in resume sending helper answer Aug 26 18:38:35.129123: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:38:35.129125: | libevent_free: release ptr-libevent@0x7f97d4000f48 Aug 26 18:38:35.166210: | spent 0.00322 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:35.166234: | *received 233 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:38:35.166238: | 8d 28 fa 2f 37 b2 de 6b f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:35.166240: | 2e 20 23 20 00 00 00 01 00 00 00 e9 29 00 00 cd Aug 26 18:38:35.166242: | e5 23 e5 c0 30 23 1e 86 7d 69 43 90 fd ad be d1 Aug 26 18:38:35.166245: | cd ac 1d a0 0d 3e 32 32 62 ee d8 6b c3 7c a9 aa Aug 26 18:38:35.166247: | fb 9f fc 0d a4 32 ce 16 39 dd 91 bc 05 92 67 e0 Aug 26 18:38:35.166249: | 2c 3e c2 17 fd 67 95 9b ed 15 3f 15 35 31 80 bf Aug 26 18:38:35.166251: | c3 ee 15 c2 28 75 8e 68 6c 33 ca 6e 1d 03 17 d7 Aug 26 18:38:35.166253: | 28 75 e8 fe 13 26 d7 d6 fe 29 ac 39 80 8a 13 3c Aug 26 18:38:35.166256: | 85 c7 f9 c5 eb 97 f5 14 a2 fb d1 74 80 aa 7e 04 Aug 26 18:38:35.166258: | 18 c4 c2 37 97 31 34 b4 1c 8d 19 29 9b cc 95 61 Aug 26 18:38:35.166260: | 42 43 6f 47 07 10 c3 01 c1 58 84 0f d0 7e 42 62 Aug 26 18:38:35.166262: | 13 ee 3c e5 5c 83 35 00 34 88 ff af 23 ff 97 f8 Aug 26 18:38:35.166264: | e6 7a a7 78 c5 94 63 a5 1d 08 ec e8 de 31 6c 04 Aug 26 18:38:35.166266: | 04 e5 f8 12 f5 fa 9d b3 15 15 c5 32 42 5f 49 a7 Aug 26 18:38:35.166268: | 90 0e 63 a8 b8 7e bc 1f 0f Aug 26 18:38:35.166274: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:38:35.166278: | **parse ISAKMP Message: Aug 26 18:38:35.166281: | initiator cookie: Aug 26 18:38:35.166283: | 8d 28 fa 2f 37 b2 de 6b Aug 26 18:38:35.166285: | responder cookie: Aug 26 18:38:35.166292: | f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:35.166297: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:38:35.166300: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:35.166303: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:38:35.166306: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:38:35.166308: | Message ID: 1 (0x1) Aug 26 18:38:35.166311: | length: 233 (0xe9) Aug 26 18:38:35.166313: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:38:35.166317: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:38:35.166322: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:38:35.166328: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:35.166332: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:38:35.166338: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:38:35.166342: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:38:35.166345: | #2 is idle Aug 26 18:38:35.166348: | #2 idle Aug 26 18:38:35.166350: | unpacking clear payload Aug 26 18:38:35.166353: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:38:35.166356: | ***parse IKEv2 Encryption Payload: Aug 26 18:38:35.166365: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:35.166368: | flags: none (0x0) Aug 26 18:38:35.166370: | length: 205 (0xcd) Aug 26 18:38:35.166373: | processing payload: ISAKMP_NEXT_v2SK (len=201) Aug 26 18:38:35.166376: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:38:35.166397: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 18:38:35.166400: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:35.166403: | **parse IKEv2 Notify Payload: Aug 26 18:38:35.166406: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:38:35.166409: | flags: none (0x0) Aug 26 18:38:35.166411: | length: 8 (0x8) Aug 26 18:38:35.166414: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:35.166417: | SPI size: 0 (0x0) Aug 26 18:38:35.166420: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 18:38:35.166423: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:38:35.166426: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 18:38:35.166429: | **parse IKEv2 Identification - Responder - Payload: Aug 26 18:38:35.166432: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:38:35.166434: | flags: none (0x0) Aug 26 18:38:35.166437: | length: 12 (0xc) Aug 26 18:38:35.166440: | ID type: ID_IPV4_ADDR (0x1) Aug 26 18:38:35.166442: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 18:38:35.166445: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 18:38:35.166448: | **parse IKEv2 Authentication Payload: Aug 26 18:38:35.166451: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:38:35.166453: | flags: none (0x0) Aug 26 18:38:35.166456: | length: 72 (0x48) Aug 26 18:38:35.166459: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:38:35.166461: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 18:38:35.166464: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:38:35.166467: | **parse IKEv2 Security Association Payload: Aug 26 18:38:35.166469: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:38:35.166472: | flags: none (0x0) Aug 26 18:38:35.166475: | length: 36 (0x24) Aug 26 18:38:35.166477: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 18:38:35.166480: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:38:35.166483: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:38:35.166486: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:38:35.166488: | flags: none (0x0) Aug 26 18:38:35.166491: | length: 24 (0x18) Aug 26 18:38:35.166494: | number of TS: 1 (0x1) Aug 26 18:38:35.166496: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:38:35.166499: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:38:35.166502: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:38:35.166504: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:35.166507: | flags: none (0x0) Aug 26 18:38:35.166510: | length: 24 (0x18) Aug 26 18:38:35.166512: | number of TS: 1 (0x1) Aug 26 18:38:35.166515: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:38:35.166519: | selected state microcode Initiator: process IKE_AUTH response Aug 26 18:38:35.166521: | Now let's proceed with state specific processing Aug 26 18:38:35.166524: | calling processor Initiator: process IKE_AUTH response Aug 26 18:38:35.166529: | received v2N_MOBIKE_SUPPORTED and sent Aug 26 18:38:35.166533: | parsing 4 raw bytes of IKEv2 Identification - Responder - Payload into peer ID Aug 26 18:38:35.166536: | peer ID c0 01 02 17 Aug 26 18:38:35.166540: | offered CA: '%none' Aug 26 18:38:35.166545: "northnet-eastnet" #2: IKEv2 mode peer ID is ID_IPV4_ADDR: '192.1.2.23' Aug 26 18:38:35.166586: | verifying AUTH payload Aug 26 18:38:35.166592: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Aug 26 18:38:35.166599: | started looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 18:38:35.166603: | actually looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Aug 26 18:38:35.166623: | line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK Aug 26 18:38:35.166627: | 1: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 18:38:35.166630: | 2: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Aug 26 18:38:35.166632: | line 1: match=002 Aug 26 18:38:35.166636: | match 002 beats previous best_match 000 match=0x55cff0574c48 (line=1) Aug 26 18:38:35.166639: | concluding with best_match=002 best=0x55cff0574c48 (lineno=1) Aug 26 18:38:35.166733: "northnet-eastnet" #2: Authenticated using authby=secret Aug 26 18:38:35.166743: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 18:38:35.166763: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 18:38:35.166766: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:38:35.166771: | libevent_free: release ptr-libevent@0x55cff061d928 Aug 26 18:38:35.166774: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55cff061db88 Aug 26 18:38:35.166777: | event_schedule: new EVENT_SA_REKEY-pe@0x55cff061db88 Aug 26 18:38:35.166781: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 18:38:35.166784: | libevent_malloc: new ptr-libevent@0x7f97d4000f48 size 128 Aug 26 18:38:35.166923: | pstats #1 ikev2.ike established Aug 26 18:38:35.166930: | TSi: parsing 1 traffic selectors Aug 26 18:38:35.166933: | ***parse IKEv2 Traffic Selector: Aug 26 18:38:35.166936: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:38:35.166939: | IP Protocol ID: 0 (0x0) Aug 26 18:38:35.166942: | length: 16 (0x10) Aug 26 18:38:35.166945: | start port: 0 (0x0) Aug 26 18:38:35.166948: | end port: 65535 (0xffff) Aug 26 18:38:35.166951: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:38:35.166953: | TS low c0 00 03 00 Aug 26 18:38:35.166957: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:38:35.166959: | TS high c0 00 03 ff Aug 26 18:38:35.166962: | TSi: parsed 1 traffic selectors Aug 26 18:38:35.166965: | TSr: parsing 1 traffic selectors Aug 26 18:38:35.166968: | ***parse IKEv2 Traffic Selector: Aug 26 18:38:35.166970: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:38:35.166973: | IP Protocol ID: 0 (0x0) Aug 26 18:38:35.166975: | length: 16 (0x10) Aug 26 18:38:35.166978: | start port: 0 (0x0) Aug 26 18:38:35.166980: | end port: 65535 (0xffff) Aug 26 18:38:35.166983: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:38:35.166986: | TS low c0 00 02 00 Aug 26 18:38:35.166989: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:38:35.166992: | TS high c0 00 02 ff Aug 26 18:38:35.166994: | TSr: parsed 1 traffic selectors Aug 26 18:38:35.167001: | evaluating our conn="northnet-eastnet" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:38:35.167006: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:38:35.167013: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 18:38:35.167017: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:38:35.167020: | TSi[0] port match: YES fitness 65536 Aug 26 18:38:35.167024: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:38:35.167027: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:38:35.167032: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:38:35.167038: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 18:38:35.167041: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:38:35.167044: | TSr[0] port match: YES fitness 65536 Aug 26 18:38:35.167047: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:38:35.167050: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:38:35.167053: | best fit so far: TSi[0] TSr[0] Aug 26 18:38:35.167055: | found an acceptable TSi/TSr Traffic Selector Aug 26 18:38:35.167058: | printing contents struct traffic_selector Aug 26 18:38:35.167063: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:38:35.167066: | ipprotoid: 0 Aug 26 18:38:35.167068: | port range: 0-65535 Aug 26 18:38:35.167073: | ip range: 192.0.3.0-192.0.3.255 Aug 26 18:38:35.167075: | printing contents struct traffic_selector Aug 26 18:38:35.167078: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:38:35.167080: | ipprotoid: 0 Aug 26 18:38:35.167083: | port range: 0-65535 Aug 26 18:38:35.167087: | ip range: 192.0.2.0-192.0.2.255 Aug 26 18:38:35.167096: | using existing local ESP/AH proposals for northnet-eastnet (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_128,AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:38:35.167100: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals Aug 26 18:38:35.167104: | local proposal 1 type ENCR has 2 transforms Aug 26 18:38:35.167107: | local proposal 1 type PRF has 0 transforms Aug 26 18:38:35.167110: | local proposal 1 type INTEG has 1 transforms Aug 26 18:38:35.167112: | local proposal 1 type DH has 1 transforms Aug 26 18:38:35.167115: | local proposal 1 type ESN has 1 transforms Aug 26 18:38:35.167119: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:38:35.167122: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:38:35.167125: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:35.167128: | length: 32 (0x20) Aug 26 18:38:35.167131: | prop #: 1 (0x1) Aug 26 18:38:35.167134: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:38:35.167136: | spi size: 4 (0x4) Aug 26 18:38:35.167139: | # transforms: 2 (0x2) Aug 26 18:38:35.167142: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:38:35.167145: | remote SPI 2d 55 6a 18 Aug 26 18:38:35.167148: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 1 local proposals Aug 26 18:38:35.167151: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:35.167154: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:35.167157: | length: 12 (0xc) Aug 26 18:38:35.167160: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:35.167163: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:35.167166: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:38:35.167169: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:35.167172: | length/value: 128 (0x80) Aug 26 18:38:35.167177: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_128) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:38:35.167180: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:35.167183: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:35.167186: | length: 8 (0x8) Aug 26 18:38:35.167188: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:38:35.167191: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:38:35.167195: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:38:35.167199: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 18:38:35.167204: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 18:38:35.167207: | remote proposal 1 matches local proposal 1 Aug 26 18:38:35.167210: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match] Aug 26 18:38:35.167215: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=2d556a18;ENCR=AES_GCM_C_128;ESN=DISABLED Aug 26 18:38:35.167218: | converting proposal to internal trans attrs Aug 26 18:38:35.167224: | ignored received NOTIFY (16396): v2N_MOBIKE_SUPPORTED Aug 26 18:38:35.167228: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=16 .salt_size=4 keymat_len=20 Aug 26 18:38:35.167344: | #1 spent 1.11 milliseconds Aug 26 18:38:35.167353: | install_ipsec_sa() for #2: inbound and outbound Aug 26 18:38:35.167359: | could_route called for northnet-eastnet (kind=CK_PERMANENT) Aug 26 18:38:35.167362: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:38:35.167366: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 18:38:35.167369: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 18:38:35.167373: | route owner of "northnet-eastnet" unrouted: NULL; eroute owner: NULL Aug 26 18:38:35.167377: | looking for alg with encrypt: AES_GCM_16 keylen: 128 integ: NONE Aug 26 18:38:35.167380: | encrypt AES_GCM_16 keylen=128 transid=20, key_size=16, encryptalg=20 Aug 26 18:38:35.167383: | AES_GCM_16 requires 4 salt bytes Aug 26 18:38:35.167386: | st->st_esp.keymat_len=20 is encrypt_keymat_size=20 + integ_keymat_size=0 Aug 26 18:38:35.167392: | setting IPsec SA replay-window to 32 Aug 26 18:38:35.167395: | NIC esp-hw-offload not for connection 'northnet-eastnet' not available on interface eth1 Aug 26 18:38:35.167398: | netlink: enabling tunnel mode Aug 26 18:38:35.167402: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:38:35.167405: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:38:35.167478: | netlink response for Add SA esp.2d556a18@192.1.2.23 included non-error error Aug 26 18:38:35.167484: | set up outgoing SA, ref=0/0 Aug 26 18:38:35.167488: | looking for alg with encrypt: AES_GCM_16 keylen: 128 integ: NONE Aug 26 18:38:35.167491: | encrypt AES_GCM_16 keylen=128 transid=20, key_size=16, encryptalg=20 Aug 26 18:38:35.167497: | AES_GCM_16 requires 4 salt bytes Aug 26 18:38:35.167502: | st->st_esp.keymat_len=20 is encrypt_keymat_size=20 + integ_keymat_size=0 Aug 26 18:38:35.167506: | setting IPsec SA replay-window to 32 Aug 26 18:38:35.167510: | NIC esp-hw-offload not for connection 'northnet-eastnet' not available on interface eth1 Aug 26 18:38:35.167513: | netlink: enabling tunnel mode Aug 26 18:38:35.167516: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:38:35.167520: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:38:35.167559: | netlink response for Add SA esp.785da986@192.1.3.33 included non-error error Aug 26 18:38:35.167565: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:35.167574: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 18:38:35.167579: | IPsec Sa SPD priority set to 1042407 Aug 26 18:38:35.167605: | raw_eroute result=success Aug 26 18:38:35.167610: | set up incoming SA, ref=0/0 Aug 26 18:38:35.167614: | sr for #2: unrouted Aug 26 18:38:35.167618: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:38:35.167622: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:38:35.167626: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 18:38:35.167630: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 18:38:35.167635: | route owner of "northnet-eastnet" unrouted: NULL; eroute owner: NULL Aug 26 18:38:35.167640: | route_and_eroute with c: northnet-eastnet (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 18:38:35.167644: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:35.167651: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 18:38:35.167653: | IPsec Sa SPD priority set to 1042407 Aug 26 18:38:35.167663: | raw_eroute result=success Aug 26 18:38:35.167666: | running updown command "ipsec _updown" for verb up Aug 26 18:38:35.167668: | command executing up-client Aug 26 18:38:35.167685: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Aug 26 18:38:35.167690: | popen cmd is 1052 chars long Aug 26 18:38:35.167693: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' P: Aug 26 18:38:35.167700: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY: Aug 26 18:38:35.167704: | cmd( 160):_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' : Aug 26 18:38:35.167707: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Aug 26 18:38:35.167711: | cmd( 320):TO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='1: Aug 26 18:38:35.167714: | cmd( 400):92.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Aug 26 18:38:35.167717: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 18:38:35.167720: | cmd( 560): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+: Aug 26 18:38:35.167724: | cmd( 640):ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUT: Aug 26 18:38:35.167727: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Aug 26 18:38:35.167731: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Aug 26 18:38:35.167734: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Aug 26 18:38:35.167738: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2d556a18 SPI_OUT=0x785da986 ipsec : Aug 26 18:38:35.167741: | cmd(1040):_updown 2>&1: Aug 26 18:38:35.175802: | route_and_eroute: firewall_notified: true Aug 26 18:38:35.175820: | running updown command "ipsec _updown" for verb prepare Aug 26 18:38:35.175823: | command executing prepare-client Aug 26 18:38:35.175860: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Aug 26 18:38:35.175864: | popen cmd is 1057 chars long Aug 26 18:38:35.175866: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:38:35.175868: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLU: Aug 26 18:38:35.175870: | cmd( 160):TO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 18:38:35.175871: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Aug 26 18:38:35.175873: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Aug 26 18:38:35.175875: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Aug 26 18:38:35.175879: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 18:38:35.175881: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=: Aug 26 18:38:35.175882: | cmd( 640):'PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO': Aug 26 18:38:35.175884: | cmd( 720): PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUT: Aug 26 18:38:35.175886: | cmd( 800):O_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_: Aug 26 18:38:35.175887: | cmd( 880):BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_: Aug 26 18:38:35.175889: | cmd( 960):IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2d556a18 SPI_OUT=0x785da986 i: Aug 26 18:38:35.175890: | cmd(1040):psec _updown 2>&1: Aug 26 18:38:35.186075: | running updown command "ipsec _updown" for verb route Aug 26 18:38:35.186098: | command executing route-client Aug 26 18:38:35.186134: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARE Aug 26 18:38:35.186140: | popen cmd is 1055 chars long Aug 26 18:38:35.186143: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 18:38:35.186146: | cmd( 80):' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO: Aug 26 18:38:35.186149: | cmd( 160):_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Aug 26 18:38:35.186152: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Aug 26 18:38:35.186155: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Aug 26 18:38:35.186158: | cmd( 400):='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Aug 26 18:38:35.186160: | cmd( 480): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Aug 26 18:38:35.186163: | cmd( 560):'0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='P: Aug 26 18:38:35.186166: | cmd( 640):SK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' P: Aug 26 18:38:35.186169: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Aug 26 18:38:35.186172: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Aug 26 18:38:35.186175: | cmd( 880):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Aug 26 18:38:35.186178: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2d556a18 SPI_OUT=0x785da986 ips: Aug 26 18:38:35.186180: | cmd(1040):ec _updown 2>&1: Aug 26 18:38:35.198064: | route_and_eroute: instance "northnet-eastnet", setting eroute_owner {spd=0x55cff0619ab8,sr=0x55cff0619ab8} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 18:38:35.198152: | #1 spent 1.85 milliseconds in install_ipsec_sa() Aug 26 18:38:35.198159: | inR2: instance northnet-eastnet[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 18:38:35.198165: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:38:35.198168: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 18:38:35.198179: | libevent_free: release ptr-libevent@0x55cff06214d8 Aug 26 18:38:35.198184: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f97dc002b78 Aug 26 18:38:35.198189: | #2 spent 2.7 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 18:38:35.198195: | [RE]START processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:35.198198: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 18:38:35.198201: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 18:38:35.198203: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 18:38:35.198205: | Message ID: updating counters for #2 to 1 after switching state Aug 26 18:38:35.198209: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 18:38:35.198212: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:38:35.198215: | pstats #2 ikev2.child established Aug 26 18:38:35.198222: "northnet-eastnet" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 18:38:35.198231: | NAT-T: encaps is 'auto' Aug 26 18:38:35.198235: "northnet-eastnet" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x2d556a18 <0x785da986 xfrm=AES_GCM_16_128-NONE NATOA=none NATD=none DPD=passive} Aug 26 18:38:35.198238: | releasing whack for #2 (sock=fd@27) Aug 26 18:38:35.198241: | close_any(fd@27) (in release_whack() at state.c:654) Aug 26 18:38:35.198243: | releasing whack and unpending for parent #1 Aug 26 18:38:35.198245: | unpending state #1 connection "northnet-eastnet" Aug 26 18:38:35.198249: | delete from pending Child SA with 192.1.2.23 "northnet-eastnet" Aug 26 18:38:35.198251: | removing pending policy for no connection {0x55cff060c1d8} Aug 26 18:38:35.198256: | close_any(fd@26) (in release_whack() at state.c:654) Aug 26 18:38:35.198261: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 18:38:35.198265: | event_schedule: new EVENT_SA_REKEY-pe@0x7f97dc002b78 Aug 26 18:38:35.198269: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 18:38:35.198272: | libevent_malloc: new ptr-libevent@0x55cff061d928 size 128 Aug 26 18:38:35.198278: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:35.198284: | #1 spent 3.09 milliseconds in ikev2_process_packet() Aug 26 18:38:35.198293: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:38:35.198301: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:35.198305: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:35.198309: | spent 3.12 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:35.198322: | processing signal PLUTO_SIGCHLD Aug 26 18:38:35.198328: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:35.198332: | spent 0.00531 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:35.198335: | processing signal PLUTO_SIGCHLD Aug 26 18:38:35.198341: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:35.198344: | spent 0.00553 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:35.198347: | processing signal PLUTO_SIGCHLD Aug 26 18:38:35.198350: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:35.198353: | spent 0.00339 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:36.357057: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:36.357082: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:38:36.357087: | FOR_EACH_STATE_... in sort_states Aug 26 18:38:36.357094: | get_sa_info esp.785da986@192.1.3.33 Aug 26 18:38:36.357115: | get_sa_info esp.2d556a18@192.1.2.23 Aug 26 18:38:36.357134: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:36.357141: | spent 0.093 milliseconds in whack Aug 26 18:38:41.687877: | kernel_process_msg_cb process netlink message Aug 26 18:38:41.687941: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:38:41.687966: | spent 0.0317 milliseconds in kernel message Aug 26 18:38:41.747473: | kernel_process_msg_cb process netlink message Aug 26 18:38:41.747512: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:38:41.747526: | spent 0.017 milliseconds in kernel message Aug 26 18:38:41.801128: | kernel_process_msg_cb process netlink message Aug 26 18:38:41.801150: | netlink_get: XFRM_MSG_GETPOLICY message Aug 26 18:38:41.801155: | xfrm netlink address change RTM_DELADDR msg len 80 Aug 26 18:38:41.801161: | XFRM RTM_DELADDR 192.1.3.33 IFA_LOCAL Aug 26 18:38:41.801165: | FOR_EACH_STATE_... in record_deladdr (for_each_state) Aug 26 18:38:41.801173: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:38:41.801179: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:38:41.801184: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:38:41.801188: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:38:41.801192: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 18:38:41.801195: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 18:38:41.801199: | route owner of "northnet-eastnet" unrouted: NULL Aug 26 18:38:41.801203: | running updown command "ipsec _updown" for verb down Aug 26 18:38:41.801206: | command executing down-client Aug 26 18:38:41.801238: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VT Aug 26 18:38:41.801245: | popen cmd is 1063 chars long Aug 26 18:38:41.801249: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet': Aug 26 18:38:41.801252: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_: Aug 26 18:38:41.801255: | cmd( 160):MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0: Aug 26 18:38:41.801258: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Aug 26 18:38:41.801261: | cmd( 320):LUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Aug 26 18:38:41.801263: | cmd( 400):'192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' : Aug 26 18:38:41.801265: | cmd( 480):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 18:38:41.801267: | cmd( 560):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CONN_P: Aug 26 18:38:41.801274: | cmd( 640):OLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+E: Aug 26 18:38:41.801277: | cmd( 720):SN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=: Aug 26 18:38:41.801280: | cmd( 800):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO: Aug 26 18:38:41.801283: | cmd( 880):_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0: Aug 26 18:38:41.801286: | cmd( 960):' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2d556a18 SPI_OUT=0x785d: Aug 26 18:38:41.801297: | cmd(1040):a986 ipsec _updown 2>&1: Aug 26 18:38:41.809033: | running updown command "ipsec _updown" for verb unroute Aug 26 18:38:41.809052: | command executing unroute-client Aug 26 18:38:41.809076: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING=' Aug 26 18:38:41.809080: | popen cmd is 1066 chars long Aug 26 18:38:41.809082: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:38:41.809084: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLU: Aug 26 18:38:41.809086: | cmd( 160):TO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 18:38:41.809088: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Aug 26 18:38:41.809090: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Aug 26 18:38:41.809092: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Aug 26 18:38:41.809094: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 18:38:41.809095: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CON: Aug 26 18:38:41.809097: | cmd( 640):N_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIK: Aug 26 18:38:41.809099: | cmd( 720):E+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAIL: Aug 26 18:38:41.809101: | cmd( 800):ED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PL: Aug 26 18:38:41.809103: | cmd( 880):UTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED: Aug 26 18:38:41.809105: | cmd( 960):='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2d556a18 SPI_OUT=0x7: Aug 26 18:38:41.809106: | cmd(1040):85da986 ipsec _updown 2>&1: Aug 26 18:38:41.817738: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.817761: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.817765: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.817767: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.817769: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.817771: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.817778: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.817793: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.817844: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.817852: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.817855: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.817858: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.817859: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.817874: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.817889: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.817896: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.817936: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.817940: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.817942: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.817945: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:41.822925: | event_schedule: new EVENT_v2_ADDR_CHANGE-pe@0x55cff0620038 Aug 26 18:38:41.822945: | inserting event EVENT_v2_ADDR_CHANGE, timeout in 0 seconds for #1 Aug 26 18:38:41.822950: | libevent_malloc: new ptr-libevent@0x55cff061d878 size 128 Aug 26 18:38:41.822965: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:38:41.822971: | IKEv2 received address RTM_DELADDR type 3 Aug 26 18:38:41.822974: | IKEv2 received address RTM_DELADDR type 8 Aug 26 18:38:41.822977: | IKEv2 received address RTM_DELADDR type 6 Aug 26 18:38:41.822985: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:38:41.822990: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:38:41.822993: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:38:41.822998: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:38:41.823007: | spent 1.33 milliseconds in kernel message Aug 26 18:38:41.823023: | timer_event_cb: processing event@0x55cff0620038 Aug 26 18:38:41.823026: | handling event EVENT_v2_ADDR_CHANGE for parent state #1 Aug 26 18:38:41.823032: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:38:41.823036: | #1 IKEv2 local address change Aug 26 18:38:41.823250: | #1 MOBIKE new source address 192.1.8.22 remote 192.1.2.23 and gateway 192.1.8.254 Aug 26 18:38:41.823257: | Opening output PBS mobike informational request Aug 26 18:38:41.823261: | **emit ISAKMP Message: Aug 26 18:38:41.823265: | initiator cookie: Aug 26 18:38:41.823267: | 8d 28 fa 2f 37 b2 de 6b Aug 26 18:38:41.823270: | responder cookie: Aug 26 18:38:41.823273: | f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:41.823276: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:41.823280: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:41.823283: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:41.823292: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:38:41.823298: | Message ID: 2 (0x2) Aug 26 18:38:41.823302: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:41.823306: | ***emit IKEv2 Encryption Payload: Aug 26 18:38:41.823309: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:41.823312: | flags: none (0x0) Aug 26 18:38:41.823315: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:38:41.823322: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'mobike informational request' Aug 26 18:38:41.823326: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:38:41.823341: | Adding a v2N Payload Aug 26 18:38:41.823345: | ****emit IKEv2 Notify Payload: Aug 26 18:38:41.823348: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:41.823351: | flags: none (0x0) Aug 26 18:38:41.823354: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:41.823357: | SPI size: 0 (0x0) Aug 26 18:38:41.823360: | Notify Message Type: v2N_UPDATE_SA_ADDRESSES (0x4010) Aug 26 18:38:41.823363: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:41.823367: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 18:38:41.823370: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:38:41.823373: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:38:41.823397: | natd_hash: hasher=0x55cfeeadb800(20) Aug 26 18:38:41.823400: | natd_hash: icookie= 8d 28 fa 2f 37 b2 de 6b Aug 26 18:38:41.823403: | natd_hash: rcookie= f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:41.823406: | natd_hash: ip= c0 01 08 16 Aug 26 18:38:41.823409: | natd_hash: port=500 Aug 26 18:38:41.823412: | natd_hash: hash= ae 01 ea 37 41 03 0d dc 9c 61 ef d3 23 a7 fd 17 Aug 26 18:38:41.823414: | natd_hash: hash= ea 84 08 da Aug 26 18:38:41.823417: | Adding a v2N Payload Aug 26 18:38:41.823420: | ****emit IKEv2 Notify Payload: Aug 26 18:38:41.823423: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:41.823426: | flags: none (0x0) Aug 26 18:38:41.823428: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:41.823431: | SPI size: 0 (0x0) Aug 26 18:38:41.823434: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:41.823438: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:41.823441: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 18:38:41.823445: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:41.823448: | Notify data ae 01 ea 37 41 03 0d dc 9c 61 ef d3 23 a7 fd 17 Aug 26 18:38:41.823450: | Notify data ea 84 08 da Aug 26 18:38:41.823453: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:41.823462: | natd_hash: hasher=0x55cfeeadb800(20) Aug 26 18:38:41.823465: | natd_hash: icookie= 8d 28 fa 2f 37 b2 de 6b Aug 26 18:38:41.823468: | natd_hash: rcookie= f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:41.823470: | natd_hash: ip= c0 01 02 17 Aug 26 18:38:41.823473: | natd_hash: port=500 Aug 26 18:38:41.823476: | natd_hash: hash= a7 75 b3 2c 1f 59 ab f0 05 48 c2 36 66 55 5e 5f Aug 26 18:38:41.823479: | natd_hash: hash= 6a f4 8f 12 Aug 26 18:38:41.823481: | Adding a v2N Payload Aug 26 18:38:41.823484: | ****emit IKEv2 Notify Payload: Aug 26 18:38:41.823487: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:41.823490: | flags: none (0x0) Aug 26 18:38:41.823493: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:41.823495: | SPI size: 0 (0x0) Aug 26 18:38:41.823498: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:41.823502: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:41.823505: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Aug 26 18:38:41.823508: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:41.823511: | Notify data a7 75 b3 2c 1f 59 ab f0 05 48 c2 36 66 55 5e 5f Aug 26 18:38:41.823514: | Notify data 6a f4 8f 12 Aug 26 18:38:41.823517: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:41.823522: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:38:41.823526: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:38:41.823529: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:38:41.823532: | emitting length of IKEv2 Encryption Payload: 93 Aug 26 18:38:41.823535: | emitting length of ISAKMP Message: 121 Aug 26 18:38:41.823557: | sending 121 bytes for mobike informational request through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Aug 26 18:38:41.823562: | 8d 28 fa 2f 37 b2 de 6b f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:41.823565: | 2e 20 25 08 00 00 00 02 00 00 00 79 29 00 00 5d Aug 26 18:38:41.823567: | f4 bf 0f 10 56 2f 15 2c 1b f5 cf a0 70 d6 b6 21 Aug 26 18:38:41.823570: | 60 57 16 2e 58 a6 e5 03 2d 8c 26 bf 57 02 5c f9 Aug 26 18:38:41.823573: | 5e da 49 93 2f 6c 86 e5 74 04 fa 7c f8 f6 7d 87 Aug 26 18:38:41.823576: | fe 1a 06 80 ca b1 2d 18 d7 d1 d1 bd 72 d6 64 f9 Aug 26 18:38:41.823578: | 4f 84 97 52 9d c6 0c 7e 3d 08 49 c8 68 48 9a e9 Aug 26 18:38:41.823581: | be 84 ec 90 b5 96 5f 18 e1 Aug 26 18:38:41.823661: | Message ID: #1 XXX: in initiate_mobike_probe() hacking around record'n'send bypassing send queue; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:38:41.823669: | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 Aug 26 18:38:41.823674: | libevent_free: release ptr-libevent@0x55cff061d878 Aug 26 18:38:41.823677: | free_event_entry: release EVENT_v2_ADDR_CHANGE-pe@0x55cff0620038 Aug 26 18:38:41.823684: | #1 spent 0.605 milliseconds in timer_event_cb() EVENT_v2_ADDR_CHANGE Aug 26 18:38:41.823690: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:38:41.823693: | processing signal PLUTO_SIGCHLD Aug 26 18:38:41.823699: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:41.823704: | spent 0.0056 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:41.823706: | processing signal PLUTO_SIGCHLD Aug 26 18:38:41.823710: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:41.823714: | spent 0.00381 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:41.824499: | spent 0.00209 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:41.824518: | *received 113 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Aug 26 18:38:41.824522: | 8d 28 fa 2f 37 b2 de 6b f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:41.824524: | 2e 20 25 20 00 00 00 02 00 00 00 71 29 00 00 55 Aug 26 18:38:41.824527: | 01 09 91 2b 47 ca 0f f3 ff 06 82 0d 81 bb 0f 1f Aug 26 18:38:41.824530: | 88 00 53 97 8c 1c 61 9b 4d df af b8 a7 45 33 f0 Aug 26 18:38:41.824533: | a6 a4 45 23 4e 9c 80 34 3c 42 f4 14 c1 33 2b 2e Aug 26 18:38:41.824536: | 45 20 f0 50 71 9f d6 8f 8e fc 05 32 8d 89 d0 95 Aug 26 18:38:41.824538: | 5d ab ef 5b 46 e6 dd 1c af 7e eb 50 52 20 3e 59 Aug 26 18:38:41.824541: | 5e Aug 26 18:38:41.824546: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:38:41.824550: | **parse ISAKMP Message: Aug 26 18:38:41.824553: | initiator cookie: Aug 26 18:38:41.824556: | 8d 28 fa 2f 37 b2 de 6b Aug 26 18:38:41.824559: | responder cookie: Aug 26 18:38:41.824561: | f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:41.824564: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:38:41.824568: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:41.824571: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:41.824574: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:38:41.824576: | Message ID: 2 (0x2) Aug 26 18:38:41.824579: | length: 113 (0x71) Aug 26 18:38:41.824583: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:38:41.824586: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response Aug 26 18:38:41.824592: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:38:41.824599: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:41.824603: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:38:41.824606: | #1 is idle Aug 26 18:38:41.824609: | #1 idle Aug 26 18:38:41.824612: | unpacking clear payload Aug 26 18:38:41.824615: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:38:41.824618: | ***parse IKEv2 Encryption Payload: Aug 26 18:38:41.824621: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:41.824624: | flags: none (0x0) Aug 26 18:38:41.824627: | length: 85 (0x55) Aug 26 18:38:41.824630: | processing payload: ISAKMP_NEXT_v2SK (len=81) Aug 26 18:38:41.824633: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:38:41.824649: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:38:41.824652: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:41.824655: | **parse IKEv2 Notify Payload: Aug 26 18:38:41.824658: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:41.824661: | flags: none (0x0) Aug 26 18:38:41.824664: | length: 28 (0x1c) Aug 26 18:38:41.824667: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:41.824669: | SPI size: 0 (0x0) Aug 26 18:38:41.824672: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:41.824675: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:41.824678: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:41.824681: | **parse IKEv2 Notify Payload: Aug 26 18:38:41.824684: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:41.824687: | flags: none (0x0) Aug 26 18:38:41.824689: | length: 28 (0x1c) Aug 26 18:38:41.824693: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:41.824695: | SPI size: 0 (0x0) Aug 26 18:38:41.824698: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:41.824701: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:41.824704: | selected state microcode I3: Informational Request Aug 26 18:38:41.824707: | Now let's proceed with state specific processing Aug 26 18:38:41.824710: | calling processor I3: Informational Request Aug 26 18:38:41.824714: | an informational response Aug 26 18:38:41.824717: | TODO: process v2N_NAT_DETECTION_SOURCE_IP in MOBIKE response Aug 26 18:38:41.824720: | TODO: process v2N_NAT_DETECTION_DESTINATION_IP in MOBIKE response Aug 26 18:38:41.824726: | #2 pst=#1 MOBIKE update local address 192.1.3.33:500 -> 192.1.8.22:500 Aug 26 18:38:41.824733: | initiator migrate kernel SA esp.2d556a18@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_OUT Aug 26 18:38:41.824787: | initiator migrate kernel SA esp.785da986@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_IN Aug 26 18:38:41.824820: | initiator migrate kernel SA esp.785da986@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_FWD Aug 26 18:38:41.824832: "northnet-eastnet" #1: success MOBIKE update local address 192.1.3.33:500 -> 192.1.8.22:500 Aug 26 18:38:41.824838: | free hp@0x55cff061b338 Aug 26 18:38:41.824844: | connect_to_host_pair: 192.1.8.22:500 192.1.2.23:500 -> hp@(nil): none Aug 26 18:38:41.824847: | new hp@0x55cff061b338 Aug 26 18:38:41.824851: | running updown command "ipsec _updown" for verb up Aug 26 18:38:41.824854: | command executing up-client Aug 26 18:38:41.824885: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Aug 26 18:38:41.824891: | popen cmd is 1062 chars long Aug 26 18:38:41.824894: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' P: Aug 26 18:38:41.824898: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_M: Aug 26 18:38:41.824901: | cmd( 160):Y_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0': Aug 26 18:38:41.824904: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Aug 26 18:38:41.824907: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=': Aug 26 18:38:41.824910: | cmd( 400):192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' P: Aug 26 18:38:41.824912: | cmd( 480):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0: Aug 26 18:38:41.824916: | cmd( 560):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CONN_PO: Aug 26 18:38:41.824918: | cmd( 640):LICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ES: Aug 26 18:38:41.824921: | cmd( 720):N_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0: Aug 26 18:38:41.824924: | cmd( 800): PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_: Aug 26 18:38:41.824927: | cmd( 880):PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0': Aug 26 18:38:41.824930: | cmd( 960): VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2d556a18 SPI_OUT=0x785da: Aug 26 18:38:41.824933: | cmd(1040):986 ipsec _updown 2>&1: Aug 26 18:38:41.835476: | running updown command "ipsec _updown" for verb route Aug 26 18:38:41.835491: | command executing route-client Aug 26 18:38:41.835514: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' Aug 26 18:38:41.835517: | popen cmd is 1065 chars long Aug 26 18:38:41.835519: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 18:38:41.835521: | cmd( 80):' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUT: Aug 26 18:38:41.835523: | cmd( 160):O_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3: Aug 26 18:38:41.835525: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0': Aug 26 18:38:41.835526: | cmd( 320): PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_I: Aug 26 18:38:41.835528: | cmd( 400):D='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0: Aug 26 18:38:41.835534: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 18:38:41.835536: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CONN: Aug 26 18:38:41.835538: | cmd( 640):_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE: Aug 26 18:38:41.835539: | cmd( 720):+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILE: Aug 26 18:38:41.835541: | cmd( 800):D=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLU: Aug 26 18:38:41.835543: | cmd( 880):TO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=: Aug 26 18:38:41.835544: | cmd( 960):'0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2d556a18 SPI_OUT=0x78: Aug 26 18:38:41.835546: | cmd(1040):5da986 ipsec _updown 2>&1: Aug 26 18:38:41.847854: | #1 updating local interface from 192.1.8.22:500 to 192.1.8.22:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:38:41.847871: "northnet-eastnet" #1: MOBIKE response: updating IPsec SA Aug 26 18:38:41.847876: | Received an INFORMATIONAL non-delete request; updating liveness, no longer pending. Aug 26 18:38:41.847885: | #1 spent 1.03 milliseconds in processing: I3: Informational Request in ikev2_process_state_packet() Aug 26 18:38:41.847889: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:41.847891: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 18:38:41.847894: | Message ID: updating counters for #1 to 2 after switching state Aug 26 18:38:41.847897: | Message ID: recv #1 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1 wip.initiator=2->-1 wip.responder=-1 Aug 26 18:38:41.847900: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:38:41.847902: | STATE_PARENT_I3: PARENT SA established Aug 26 18:38:41.847905: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:41.847910: | #1 spent 1.26 milliseconds in ikev2_process_packet() Aug 26 18:38:41.847913: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:38:41.847920: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:41.847922: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:41.847925: | spent 1.28 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:41.847941: | processing signal PLUTO_SIGCHLD Aug 26 18:38:41.847945: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:41.847948: | spent 0.00367 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:41.847949: | processing signal PLUTO_SIGCHLD Aug 26 18:38:41.847952: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:41.847954: | spent 0.00238 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:54.939356: | processing global timer EVENT_SHUNT_SCAN Aug 26 18:38:54.939410: | expiring aged bare shunts from shunt table Aug 26 18:38:54.939431: | spent 0.0174 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 18:38:56.353032: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:56.353082: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:38:56.353093: | FOR_EACH_STATE_... in sort_states Aug 26 18:38:56.353110: | get_sa_info esp.785da986@192.1.8.22 Aug 26 18:38:56.353155: | get_sa_info esp.2d556a18@192.1.2.23 Aug 26 18:38:56.353200: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:56.353212: | spent 0.206 milliseconds in whack Aug 26 18:38:56.575000: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:56.575602: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:38:56.575624: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:38:56.575799: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:38:56.575812: | FOR_EACH_STATE_... in sort_states Aug 26 18:38:56.575845: | get_sa_info esp.785da986@192.1.8.22 Aug 26 18:38:56.575888: | get_sa_info esp.2d556a18@192.1.2.23 Aug 26 18:38:56.575954: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:56.575969: | spent 0.972 milliseconds in whack Aug 26 18:38:56.868195: | spent 0.00257 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:56.868216: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Aug 26 18:38:56.868219: | 8d 28 fa 2f 37 b2 de 6b f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:56.868221: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:38:56.868223: | 7e 32 a2 e5 c2 d2 7a 71 89 ef 9c 90 e8 2e 1c d5 Aug 26 18:38:56.868224: | 1b 2b 27 b2 f6 25 2b e0 3d 08 22 dc fc b9 88 7f Aug 26 18:38:56.868226: | 7e f8 e0 72 fa Aug 26 18:38:56.868232: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:38:56.868239: | **parse ISAKMP Message: Aug 26 18:38:56.868242: | initiator cookie: Aug 26 18:38:56.868245: | 8d 28 fa 2f 37 b2 de 6b Aug 26 18:38:56.868247: | responder cookie: Aug 26 18:38:56.868250: | f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:56.868253: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:38:56.868256: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:56.868260: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:56.868264: | flags: none (0x0) Aug 26 18:38:56.868267: | Message ID: 0 (0x0) Aug 26 18:38:56.868269: | length: 69 (0x45) Aug 26 18:38:56.868273: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:38:56.868277: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:38:56.868282: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:38:56.868293: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:56.868312: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:38:56.868319: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:38:56.868323: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 18:38:56.868328: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Aug 26 18:38:56.868331: | unpacking clear payload Aug 26 18:38:56.868334: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:38:56.868350: | ***parse IKEv2 Encryption Payload: Aug 26 18:38:56.868353: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:38:56.868356: | flags: none (0x0) Aug 26 18:38:56.868359: | length: 41 (0x29) Aug 26 18:38:56.868362: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 18:38:56.868367: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 18:38:56.868371: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:38:56.868392: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:38:56.868396: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:38:56.868400: | **parse IKEv2 Delete Payload: Aug 26 18:38:56.868402: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:56.868403: | flags: none (0x0) Aug 26 18:38:56.868405: | length: 12 (0xc) Aug 26 18:38:56.868406: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:38:56.868408: | SPI size: 4 (0x4) Aug 26 18:38:56.868410: | number of SPIs: 1 (0x1) Aug 26 18:38:56.868411: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 18:38:56.868413: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:38:56.868417: | Now let's proceed with state specific processing Aug 26 18:38:56.868419: | calling processor I3: INFORMATIONAL Request Aug 26 18:38:56.868421: | an informational request should send a response Aug 26 18:38:56.868441: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:38:56.868443: | **emit ISAKMP Message: Aug 26 18:38:56.868445: | initiator cookie: Aug 26 18:38:56.868446: | 8d 28 fa 2f 37 b2 de 6b Aug 26 18:38:56.868448: | responder cookie: Aug 26 18:38:56.868449: | f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:56.868451: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:56.868453: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:56.868455: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:56.868457: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:38:56.868458: | Message ID: 0 (0x0) Aug 26 18:38:56.868460: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:56.868462: | ***emit IKEv2 Encryption Payload: Aug 26 18:38:56.868464: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:56.868466: | flags: none (0x0) Aug 26 18:38:56.868468: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:38:56.868470: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:38:56.868472: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:38:56.868481: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 18:38:56.868483: | SPI 2d 55 6a 18 Aug 26 18:38:56.868484: | delete PROTO_v2_ESP SA(0x2d556a18) Aug 26 18:38:56.868487: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 18:38:56.868489: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 18:38:56.868491: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x2d556a18) Aug 26 18:38:56.868493: "northnet-eastnet" #1: received Delete SA payload: replace IPsec State #2 now Aug 26 18:38:56.868495: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 18:38:56.868498: | libevent_free: release ptr-libevent@0x55cff061d928 Aug 26 18:38:56.868501: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f97dc002b78 Aug 26 18:38:56.868505: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f97dc002b78 Aug 26 18:38:56.868507: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 18:38:56.868510: | libevent_malloc: new ptr-libevent@0x55cff05a8258 size 128 Aug 26 18:38:56.868512: | ****emit IKEv2 Delete Payload: Aug 26 18:38:56.868514: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:56.868515: | flags: none (0x0) Aug 26 18:38:56.868517: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:38:56.868518: | SPI size: 4 (0x4) Aug 26 18:38:56.868520: | number of SPIs: 1 (0x1) Aug 26 18:38:56.868522: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:38:56.868524: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:38:56.868526: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 18:38:56.868528: | local SPIs 78 5d a9 86 Aug 26 18:38:56.868530: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:38:56.868536: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:38:56.868541: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:38:56.868545: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:38:56.868547: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:38:56.868550: | emitting length of ISAKMP Message: 69 Aug 26 18:38:56.868570: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Aug 26 18:38:56.868575: | 8d 28 fa 2f 37 b2 de 6b f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:56.868578: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:38:56.868581: | ab 7f 93 04 c7 23 1f a5 bd 0b 10 67 89 d7 7e 52 Aug 26 18:38:56.868583: | 3a 01 f1 43 14 b8 bd 62 6e a1 d4 43 83 41 c1 59 Aug 26 18:38:56.868586: | aa 3a e7 74 a3 Aug 26 18:38:56.868621: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:38:56.868628: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:38:56.868633: | #1 spent 0.192 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 18:38:56.868637: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:56.868639: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 18:38:56.868642: | Message ID: updating counters for #1 to 0 after switching state Aug 26 18:38:56.868644: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 18:38:56.868647: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 18:38:56.868649: "northnet-eastnet" #1: STATE_PARENT_I3: PARENT SA established Aug 26 18:38:56.868652: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:56.868655: | #1 spent 0.427 milliseconds in ikev2_process_packet() Aug 26 18:38:56.868658: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:38:56.868660: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:56.868662: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:56.868665: | spent 0.437 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:56.868670: | timer_event_cb: processing event@0x7f97dc002b78 Aug 26 18:38:56.868672: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 18:38:56.868675: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:38:56.868678: | picked newest_ipsec_sa #2 for #2 Aug 26 18:38:56.868680: | replacing stale CHILD SA Aug 26 18:38:56.868683: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:38:56.868684: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:38:56.868686: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 18:38:56.868689: | creating state object #3 at 0x55cff06249c8 Aug 26 18:38:56.868691: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 18:38:56.868698: | pstats #3 ikev2.child started Aug 26 18:38:56.868700: | duplicating state object #1 "northnet-eastnet" as #3 for IPSEC SA Aug 26 18:38:56.868704: | #3 setting local endpoint to 192.1.8.22:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:38:56.868710: | Message ID: init_child #1.#3; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:38:56.868713: | suspend processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:38:56.868716: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:38:56.868719: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 18:38:56.868722: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 18:38:56.868726: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnet (ESP/AH initiator emitting proposals) Aug 26 18:38:56.868729: | converting proposal AES_GCM_16-NONE to ikev2 ... Aug 26 18:38:56.868731: | forcing IKEv2 PROTO_v2_ESP aes_gcm_16 ENCRYPT transform low-to-high key lengths: 128 256 Aug 26 18:38:56.868735: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_128,AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:38:56.868738: "northnet-eastnet": constructed local ESP/AH proposals for northnet-eastnet (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_128,AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:38:56.868742: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 18:38:56.868744: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55cff0620038 Aug 26 18:38:56.868747: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 18:38:56.868749: | libevent_malloc: new ptr-libevent@0x55cff061d878 size 128 Aug 26 18:38:56.868752: | RESET processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:38:56.868754: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55cff061dcf8 Aug 26 18:38:56.868756: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 18:38:56.868758: | libevent_malloc: new ptr-libevent@0x55cff06214d8 size 128 Aug 26 18:38:56.868760: | libevent_free: release ptr-libevent@0x55cff05a8258 Aug 26 18:38:56.868762: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f97dc002b78 Aug 26 18:38:56.868765: | #2 spent 0.0944 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:38:56.868767: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:38:56.868770: | timer_event_cb: processing event@0x55cff0620038 Aug 26 18:38:56.868772: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 18:38:56.868775: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 18:38:56.868779: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Aug 26 18:38:56.868781: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f97dc002b78 Aug 26 18:38:56.868783: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:38:56.868785: | libevent_malloc: new ptr-libevent@0x55cff05a8258 size 128 Aug 26 18:38:56.868790: | libevent_free: release ptr-libevent@0x55cff061d878 Aug 26 18:38:56.868792: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55cff0620038 Aug 26 18:38:56.868810: | #3 spent 0.0391 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 18:38:56.868813: | stop processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 18:38:56.868815: | timer_event_cb: processing event@0x55cff061dcf8 Aug 26 18:38:56.868817: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 18:38:56.868819: | crypto helper 1 resuming Aug 26 18:38:56.868820: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:38:56.868832: | crypto helper 1 starting work-order 3 for state #3 Aug 26 18:38:56.868838: | picked newest_ipsec_sa #2 for #2 Aug 26 18:38:56.868847: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:38:56.868850: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 18:38:56.868854: | pstats #2 ikev2.child deleted completed Aug 26 18:38:56.868843: | crypto helper 1 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Aug 26 18:38:56.868858: | #2 spent 2.79 milliseconds in total Aug 26 18:38:56.868871: | [RE]START processing: state #2 connection "northnet-eastnet" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:38:56.868874: "northnet-eastnet" #2: deleting state (STATE_V2_IPSEC_I) aged 21.740s and NOT sending notification Aug 26 18:38:56.868878: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 18:38:56.868881: | get_sa_info esp.2d556a18@192.1.2.23 Aug 26 18:38:56.868892: | get_sa_info esp.785da986@192.1.8.22 Aug 26 18:38:56.868897: "northnet-eastnet" #2: ESP traffic information: in=336B out=336B Aug 26 18:38:56.868900: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:38:56.868943: | running updown command "ipsec _updown" for verb down Aug 26 18:38:56.868950: | command executing down-client Aug 26 18:38:56.868984: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V Aug 26 18:38:56.868989: | popen cmd is 1064 chars long Aug 26 18:38:56.868993: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet': Aug 26 18:38:56.868997: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO: Aug 26 18:38:56.869001: | cmd( 160):_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Aug 26 18:38:56.869004: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Aug 26 18:38:56.869008: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Aug 26 18:38:56.869011: | cmd( 400):='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Aug 26 18:38:56.869015: | cmd( 480): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Aug 26 18:38:56.869018: | cmd( 560):'0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844715' PLUTO_CONN_: Aug 26 18:38:56.869021: | cmd( 640):POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+: Aug 26 18:38:56.869023: | cmd( 720):ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED: Aug 26 18:38:56.869025: | cmd( 800):=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUT: Aug 26 18:38:56.869027: | cmd( 880):O_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=': Aug 26 18:38:56.869028: | cmd( 960):0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2d556a18 SPI_OUT=0x785: Aug 26 18:38:56.869030: | cmd(1040):da986 ipsec _updown 2>&1: Aug 26 18:38:56.869484: | crypto helper 1 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.000641 seconds Aug 26 18:38:56.869498: | (#3) spent 0.636 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 18:38:56.869500: | crypto helper 1 sending results from work-order 3 for state #3 to event queue Aug 26 18:38:56.869503: | scheduling resume sending helper answer for #3 Aug 26 18:38:56.869505: | libevent_malloc: new ptr-libevent@0x7f97d8002888 size 128 Aug 26 18:38:56.869517: | crypto helper 1 waiting (nothing to do) Aug 26 18:38:56.876997: | shunt_eroute() called for connection 'northnet-eastnet' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:38:56.877008: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:38:56.877013: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:56.877017: | IPsec Sa SPD priority set to 1042407 Aug 26 18:38:56.877038: | delete esp.2d556a18@192.1.2.23 Aug 26 18:38:56.877057: | netlink response for Del SA esp.2d556a18@192.1.2.23 included non-error error Aug 26 18:38:56.877064: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:56.877073: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.8.22 (raw_eroute) Aug 26 18:38:56.877096: | raw_eroute result=success Aug 26 18:38:56.877102: | delete esp.785da986@192.1.8.22 Aug 26 18:38:56.877115: | netlink response for Del SA esp.785da986@192.1.8.22 included non-error error Aug 26 18:38:56.877128: | in connection_discard for connection northnet-eastnet Aug 26 18:38:56.877132: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 18:38:56.877137: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:38:56.877145: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:38:56.877156: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 18:38:56.877158: | can't expire unused IKE SA #1; it has the child #3 Aug 26 18:38:56.877162: | libevent_free: release ptr-libevent@0x55cff06214d8 Aug 26 18:38:56.877164: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55cff061dcf8 Aug 26 18:38:56.877166: | in statetime_stop() and could not find #2 Aug 26 18:38:56.877168: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:38:56.877181: | spent 0.002 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:56.877197: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Aug 26 18:38:56.877199: | 8d 28 fa 2f 37 b2 de 6b f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:56.877201: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 18:38:56.877202: | e2 44 7f de 2b 93 cf c2 d2 32 a4 67 94 67 58 88 Aug 26 18:38:56.877204: | db 9f 4f 20 d0 87 97 b8 87 99 9f a0 f7 ac 90 f1 Aug 26 18:38:56.877205: | 90 Aug 26 18:38:56.877209: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:38:56.877212: | **parse ISAKMP Message: Aug 26 18:38:56.877214: | initiator cookie: Aug 26 18:38:56.877215: | 8d 28 fa 2f 37 b2 de 6b Aug 26 18:38:56.877217: | responder cookie: Aug 26 18:38:56.877218: | f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:56.877221: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:38:56.877222: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:56.877224: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:56.877227: | flags: none (0x0) Aug 26 18:38:56.877228: | Message ID: 1 (0x1) Aug 26 18:38:56.877230: | length: 65 (0x41) Aug 26 18:38:56.877232: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:38:56.877235: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:38:56.877237: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:38:56.877241: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:56.877243: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:38:56.877246: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:38:56.877248: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:38:56.877251: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Aug 26 18:38:56.877252: | unpacking clear payload Aug 26 18:38:56.877254: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:38:56.877256: | ***parse IKEv2 Encryption Payload: Aug 26 18:38:56.877258: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:38:56.877259: | flags: none (0x0) Aug 26 18:38:56.877263: | length: 37 (0x25) Aug 26 18:38:56.877265: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 18:38:56.877268: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 18:38:56.877270: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:38:56.877283: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:38:56.877285: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:38:56.877287: | **parse IKEv2 Delete Payload: Aug 26 18:38:56.877295: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:56.877297: | flags: none (0x0) Aug 26 18:38:56.877299: | length: 8 (0x8) Aug 26 18:38:56.877300: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 18:38:56.877302: | SPI size: 0 (0x0) Aug 26 18:38:56.877304: | number of SPIs: 0 (0x0) Aug 26 18:38:56.877305: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 18:38:56.877307: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:38:56.877309: | Now let's proceed with state specific processing Aug 26 18:38:56.877310: | calling processor I3: INFORMATIONAL Request Aug 26 18:38:56.877313: | an informational request should send a response Aug 26 18:38:56.877345: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:38:56.877347: | **emit ISAKMP Message: Aug 26 18:38:56.877349: | initiator cookie: Aug 26 18:38:56.877350: | 8d 28 fa 2f 37 b2 de 6b Aug 26 18:38:56.877352: | responder cookie: Aug 26 18:38:56.877353: | f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:56.877355: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:56.877357: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:56.877359: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:38:56.877361: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:38:56.877362: | Message ID: 1 (0x1) Aug 26 18:38:56.877364: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:56.877366: | ***emit IKEv2 Encryption Payload: Aug 26 18:38:56.877368: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:56.877370: | flags: none (0x0) Aug 26 18:38:56.877372: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:38:56.877374: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:38:56.877376: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:38:56.877383: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:38:56.877385: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:38:56.877387: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:38:56.877389: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 18:38:56.877391: | emitting length of ISAKMP Message: 57 Aug 26 18:38:56.877405: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Aug 26 18:38:56.877407: | 8d 28 fa 2f 37 b2 de 6b f1 aa 63 66 93 7e d2 d8 Aug 26 18:38:56.877408: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Aug 26 18:38:56.877410: | c7 b6 c6 58 f5 d9 58 22 e5 64 a1 75 75 d1 35 e7 Aug 26 18:38:56.877411: | cb 1d 5d a1 7f d4 b3 cf 1d Aug 26 18:38:56.877440: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:38:56.877445: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:38:56.877448: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 18:38:56.877451: | pstats #3 ikev2.child deleted other Aug 26 18:38:56.877454: | #3 spent 0.0391 milliseconds in total Aug 26 18:38:56.877457: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:38:56.877460: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:38:56.877462: "northnet-eastnet" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.008s and NOT sending notification Aug 26 18:38:56.877464: | child state #3: CHILDSA_DEL(informational) => delete Aug 26 18:38:56.877466: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:38:56.877469: | libevent_free: release ptr-libevent@0x55cff05a8258 Aug 26 18:38:56.877472: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f97dc002b78 Aug 26 18:38:56.877474: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:56.877478: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.8.22 (raw_eroute) Aug 26 18:38:56.877487: | raw_eroute result=success Aug 26 18:38:56.877491: | in connection_discard for connection northnet-eastnet Aug 26 18:38:56.877493: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 18:38:56.877498: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:38:56.877501: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:38:56.877503: | resume processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:38:56.877506: | State DB: IKEv2 state not found (delete_my_family) Aug 26 18:38:56.877508: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 18:38:56.877510: | pstats #1 ikev2.ike deleted completed Aug 26 18:38:56.877513: | #1 spent 10.2 milliseconds in total Aug 26 18:38:56.877516: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:38:56.877518: "northnet-eastnet" #1: deleting state (STATE_IKESA_DEL) aged 21.755s and NOT sending notification Aug 26 18:38:56.877520: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 18:38:56.877580: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 18:38:56.877586: | libevent_free: release ptr-libevent@0x7f97d4000f48 Aug 26 18:38:56.877591: | free_event_entry: release EVENT_SA_REKEY-pe@0x55cff061db88 Aug 26 18:38:56.877594: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:38:56.877598: | picked newest_isakmp_sa #0 for #1 Aug 26 18:38:56.877601: "northnet-eastnet" #1: deleting IKE SA for connection 'northnet-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:38:56.877605: | add revival: connection 'northnet-eastnet' added to the list and scheduled for 0 seconds Aug 26 18:38:56.877610: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 18:38:56.877615: | in connection_discard for connection northnet-eastnet Aug 26 18:38:56.877618: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 18:38:56.877620: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 18:38:56.877643: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:38:56.877676: | in statetime_stop() and could not find #1 Aug 26 18:38:56.877679: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:56.877682: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 18:38:56.877683: | STF_OK but no state object remains Aug 26 18:38:56.877685: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:56.877687: | in statetime_stop() and could not find #1 Aug 26 18:38:56.877690: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:38:56.877693: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:56.877695: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:56.877699: | spent 0.493 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:56.877705: | processing resume sending helper answer for #3 Aug 26 18:38:56.877708: | crypto helper 1 replies to request ID 3 Aug 26 18:38:56.877709: | calling continuation function 0x55cfeea06b50 Aug 26 18:38:56.877711: | work-order 3 state #3 crypto result suppressed Aug 26 18:38:56.877719: | (#3) spent 0.0111 milliseconds in resume sending helper answer Aug 26 18:38:56.877722: | libevent_free: release ptr-libevent@0x7f97d8002888 Aug 26 18:38:56.877724: | processing signal PLUTO_SIGCHLD Aug 26 18:38:56.877728: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:56.877730: | spent 0.00398 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:56.877734: | processing global timer EVENT_REVIVE_CONNS Aug 26 18:38:56.877736: Initiating connection northnet-eastnet which received a Delete/Notify but must remain up per local policy Aug 26 18:38:56.877738: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:56.877741: | start processing: connection "northnet-eastnet" (in initiate_a_connection() at initiate.c:186) Aug 26 18:38:56.877743: | connection 'northnet-eastnet' +POLICY_UP Aug 26 18:38:56.877745: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 18:38:56.877747: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:38:56.877751: | creating state object #4 at 0x55cff0620808 Aug 26 18:38:56.877752: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 18:38:56.877757: | pstats #4 ikev2.ike started Aug 26 18:38:56.877759: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:38:56.877761: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:38:56.877764: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:38:56.877768: | suspend processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:38:56.877771: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:38:56.877773: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:38:56.877776: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet" IKE SA #4 "northnet-eastnet" Aug 26 18:38:56.877778: "northnet-eastnet" #4: initiating v2 parent SA Aug 26 18:38:56.877788: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:56.877792: | adding ikev2_outI1 KE work-order 4 for state #4 Aug 26 18:38:56.877794: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f97d4002bb8 Aug 26 18:38:56.877796: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 18:38:56.877798: | libevent_malloc: new ptr-libevent@0x55cff06214d8 size 128 Aug 26 18:38:56.877808: | #4 spent 0.0645 milliseconds in ikev2_parent_outI1() Aug 26 18:38:56.877812: | crypto helper 2 resuming Aug 26 18:38:56.877816: | RESET processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:38:56.877819: | crypto helper 2 starting work-order 4 for state #4 Aug 26 18:38:56.877821: | RESET processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:38:56.877828: | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Aug 26 18:38:56.877831: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:38:56.877836: | spent 0.0967 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 18:38:56.878431: | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.000603 seconds Aug 26 18:38:56.878439: | (#4) spent 0.608 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Aug 26 18:38:56.878441: | crypto helper 2 sending results from work-order 4 for state #4 to event queue Aug 26 18:38:56.878443: | scheduling resume sending helper answer for #4 Aug 26 18:38:56.878445: | libevent_malloc: new ptr-libevent@0x7f97cc002888 size 128 Aug 26 18:38:56.878451: | crypto helper 2 waiting (nothing to do) Aug 26 18:38:56.878457: | processing resume sending helper answer for #4 Aug 26 18:38:56.878464: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:38:56.878468: | crypto helper 2 replies to request ID 4 Aug 26 18:38:56.878471: | calling continuation function 0x55cfeea06b50 Aug 26 18:38:56.878474: | ikev2_parent_outI1_continue for #4 Aug 26 18:38:56.878479: | **emit ISAKMP Message: Aug 26 18:38:56.878482: | initiator cookie: Aug 26 18:38:56.878484: | 9a 31 57 13 53 4d ed 32 Aug 26 18:38:56.878487: | responder cookie: Aug 26 18:38:56.878490: | 00 00 00 00 00 00 00 00 Aug 26 18:38:56.878493: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:56.878496: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:56.878499: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:38:56.878502: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:38:56.878505: | Message ID: 0 (0x0) Aug 26 18:38:56.878508: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:56.878523: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:56.878526: | Emitting ikev2_proposals ... Aug 26 18:38:56.878529: | ***emit IKEv2 Security Association Payload: Aug 26 18:38:56.878532: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:56.878535: | flags: none (0x0) Aug 26 18:38:56.878538: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:38:56.878541: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:38:56.878544: | discarding INTEG=NONE Aug 26 18:38:56.878547: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:56.878550: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:56.878553: | prop #: 1 (0x1) Aug 26 18:38:56.878555: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:56.878558: | spi size: 0 (0x0) Aug 26 18:38:56.878560: | # transforms: 11 (0xb) Aug 26 18:38:56.878563: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:56.878566: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.878571: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878574: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:56.878577: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:56.878580: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.878583: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:56.878586: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:56.878589: | length/value: 256 (0x100) Aug 26 18:38:56.878592: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:56.878595: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.878597: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878600: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:56.878603: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:56.878606: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878609: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.878612: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.878615: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.878618: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878620: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:56.878623: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:56.878626: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878629: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.878632: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.878635: | discarding INTEG=NONE Aug 26 18:38:56.878638: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.878640: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878643: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.878646: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:56.878649: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878652: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.878655: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.878658: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.878660: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878663: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.878666: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:56.878669: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878672: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.878675: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.878678: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.878681: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878684: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.878687: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:56.878690: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878693: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.878699: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.878702: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.878705: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878708: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.878710: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:56.878714: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878717: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.878720: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.878723: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.878726: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878729: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.878732: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:56.878735: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878739: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.878742: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.878745: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.878748: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878750: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.878753: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:56.878756: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878760: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.878763: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.878766: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.878769: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878771: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.878774: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:56.878777: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878781: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.878784: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.878787: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.878790: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:56.878792: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.878795: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:56.878799: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878802: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.878804: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.878807: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:38:56.878810: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:56.878813: | discarding INTEG=NONE Aug 26 18:38:56.878816: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:56.878824: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:56.878827: | prop #: 2 (0x2) Aug 26 18:38:56.878830: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:56.878832: | spi size: 0 (0x0) Aug 26 18:38:56.878835: | # transforms: 11 (0xb) Aug 26 18:38:56.878838: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:56.878842: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:56.878845: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.878847: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878850: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:56.878853: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:56.878856: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.878859: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:56.878862: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:56.878864: | length/value: 128 (0x80) Aug 26 18:38:56.878867: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:56.878870: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.878872: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878875: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:56.878878: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:56.878881: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878885: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.878888: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.878891: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.878894: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878897: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:56.878899: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:56.878903: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878906: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.878909: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.878911: | discarding INTEG=NONE Aug 26 18:38:56.878914: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.878916: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878919: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.878921: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:56.878925: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878928: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.878930: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.878933: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.878936: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878938: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.878941: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:56.878944: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878947: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.878952: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.878955: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.878957: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878959: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.878962: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:56.878965: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878968: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.878971: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.878974: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.878976: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878979: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.878981: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:56.878985: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878988: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.878991: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.878994: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.878996: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.878999: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879001: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:56.879005: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879008: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879011: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879013: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879016: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879018: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879021: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:56.879024: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879026: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879029: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879032: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879034: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879037: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879040: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:56.879043: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879046: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879049: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879052: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879055: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:56.879058: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879060: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:56.879064: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879068: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879071: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879074: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:38:56.879077: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:56.879080: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:56.879083: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:56.879086: | prop #: 3 (0x3) Aug 26 18:38:56.879089: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:56.879092: | spi size: 0 (0x0) Aug 26 18:38:56.879095: | # transforms: 13 (0xd) Aug 26 18:38:56.879098: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:56.879101: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:56.879105: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879108: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879110: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:56.879113: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:56.879116: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879120: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:56.879123: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:56.879126: | length/value: 256 (0x100) Aug 26 18:38:56.879129: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:56.879132: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879135: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879137: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:56.879140: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:56.879144: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879147: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879150: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879153: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879156: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879158: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:56.879161: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:56.879165: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879168: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879171: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879175: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879177: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879180: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:56.879183: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:38:56.879186: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879190: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879193: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879199: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879202: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879204: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:56.879207: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:56.879210: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879214: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879217: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879220: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879223: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879226: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879229: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:56.879232: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879235: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879239: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879241: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879244: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879247: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879250: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:56.879253: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879256: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879259: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879262: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879265: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879268: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879270: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:56.879274: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879277: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879279: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879282: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879285: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879307: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879312: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:56.879315: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879318: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879321: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879324: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879327: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879330: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879345: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:56.879349: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879352: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879356: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879359: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879362: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879364: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879367: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:56.879370: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879373: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879376: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879379: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879381: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879384: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879387: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:56.879390: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879393: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879396: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879399: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879402: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:56.879404: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879407: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:56.879410: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879413: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879416: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879419: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:38:56.879422: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:56.879426: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:56.879429: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:56.879431: | prop #: 4 (0x4) Aug 26 18:38:56.879434: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:56.879436: | spi size: 0 (0x0) Aug 26 18:38:56.879439: | # transforms: 13 (0xd) Aug 26 18:38:56.879442: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:56.879445: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:56.879447: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879450: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879453: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:56.879455: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:56.879458: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879462: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:56.879464: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:56.879467: | length/value: 128 (0x80) Aug 26 18:38:56.879470: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:56.879473: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879475: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879480: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:56.879482: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:56.879485: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879488: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879491: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879494: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879496: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879499: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:56.879502: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:56.879505: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879508: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879511: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879513: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879516: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879519: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:56.879522: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:38:56.879525: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879528: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879531: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879534: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879537: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879539: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:56.879542: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:56.879545: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879548: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879551: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879554: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879557: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879560: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879563: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:56.879566: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879569: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879572: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879575: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879577: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879580: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879583: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:56.879586: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879588: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879593: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879596: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879598: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879601: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879603: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:56.879606: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879609: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879612: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879615: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879617: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879620: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879622: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:56.879625: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879628: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879631: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879633: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879636: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879639: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879641: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:56.879644: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879647: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879650: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879653: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879655: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879658: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879660: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:56.879664: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879666: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879669: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879672: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879674: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879677: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879680: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:56.879683: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879686: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879689: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879691: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:56.879694: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:56.879697: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:56.879699: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:56.879703: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:56.879707: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:56.879710: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:56.879713: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:38:56.879716: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:56.879719: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:38:56.879722: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:38:56.879725: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:38:56.879728: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:56.879731: | flags: none (0x0) Aug 26 18:38:56.879734: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:56.879738: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:38:56.879741: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:38:56.879745: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:38:56.879748: | ikev2 g^x 23 e3 e4 fd 00 71 5e bb 54 12 a7 dd 89 12 0b 64 Aug 26 18:38:56.879751: | ikev2 g^x 11 7f 07 c3 1a a2 14 4a 68 c5 7e cb e0 fa 73 5d Aug 26 18:38:56.879753: | ikev2 g^x 3c 6a 3b 6d 60 27 c4 bd f7 8a cd 0f a9 51 9e da Aug 26 18:38:56.879756: | ikev2 g^x 71 c3 3c ac db 6b eb 74 84 00 79 03 14 24 3d e5 Aug 26 18:38:56.879759: | ikev2 g^x 41 1e 8e 48 8d 2d b3 9e c0 30 2c 61 45 c7 48 23 Aug 26 18:38:56.879761: | ikev2 g^x 6b 44 9c 3a 8b db af a9 46 9d 43 de a2 c9 3c 11 Aug 26 18:38:56.879764: | ikev2 g^x f8 9c 5c fd a4 65 1e 16 57 e6 5d a8 82 4b 28 bd Aug 26 18:38:56.879767: | ikev2 g^x e5 a5 6a 73 d4 ab 37 e1 e9 e6 d0 4f 8e 75 54 81 Aug 26 18:38:56.879769: | ikev2 g^x b3 94 51 b8 78 3e e7 e4 36 82 ea 8b 35 1d 6a 4c Aug 26 18:38:56.879772: | ikev2 g^x 99 ed 35 81 98 9f 42 17 37 6f 4a 14 a5 34 f6 de Aug 26 18:38:56.879775: | ikev2 g^x 2e 2a cb 40 29 7b ff 90 42 b0 65 00 64 de 89 22 Aug 26 18:38:56.879777: | ikev2 g^x 7a 5f 2b 06 06 e5 a1 74 db 21 ff f4 33 6e e3 07 Aug 26 18:38:56.879780: | ikev2 g^x 98 43 36 3a 42 5e 83 c6 8d a2 9b 83 50 1f b0 4d Aug 26 18:38:56.879783: | ikev2 g^x 33 60 d9 f3 24 9d 88 d6 64 8b 2d 7d f8 9f 17 ff Aug 26 18:38:56.879785: | ikev2 g^x 83 4d b7 a3 21 d9 88 df 23 9a e2 c6 b1 a5 c8 e3 Aug 26 18:38:56.879788: | ikev2 g^x cb 98 5d 92 39 12 a0 25 23 3a 03 a0 cf 7c 6c eb Aug 26 18:38:56.879791: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:38:56.879794: | ***emit IKEv2 Nonce Payload: Aug 26 18:38:56.879796: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:56.879799: | flags: none (0x0) Aug 26 18:38:56.879802: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:38:56.879805: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:38:56.879808: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:38:56.879811: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:38:56.879814: | IKEv2 nonce ca 6b 76 b8 7f 35 db 66 eb 49 30 a7 ca 8f d1 f7 Aug 26 18:38:56.879817: | IKEv2 nonce dc 2c 43 c7 26 f6 15 7a d0 1f b6 fb e4 57 af 2a Aug 26 18:38:56.879820: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:38:56.879823: | Adding a v2N Payload Aug 26 18:38:56.879826: | ***emit IKEv2 Notify Payload: Aug 26 18:38:56.879828: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:56.879831: | flags: none (0x0) Aug 26 18:38:56.879834: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:56.879838: | SPI size: 0 (0x0) Aug 26 18:38:56.879841: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:38:56.879845: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:56.879847: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:56.879851: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:38:56.879854: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:38:56.879857: | natd_hash: rcookie is zero Aug 26 18:38:56.879868: | natd_hash: hasher=0x55cfeeadb800(20) Aug 26 18:38:56.879871: | natd_hash: icookie= 9a 31 57 13 53 4d ed 32 Aug 26 18:38:56.879874: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:38:56.879876: | natd_hash: ip= c0 01 08 16 Aug 26 18:38:56.879879: | natd_hash: port=500 Aug 26 18:38:56.879881: | natd_hash: hash= 8d 75 f6 d3 c4 75 99 e4 82 14 43 b4 c3 a8 fb cd Aug 26 18:38:56.879884: | natd_hash: hash= 62 ae 3f 4a Aug 26 18:38:56.879886: | Adding a v2N Payload Aug 26 18:38:56.879889: | ***emit IKEv2 Notify Payload: Aug 26 18:38:56.879892: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:56.879895: | flags: none (0x0) Aug 26 18:38:56.879897: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:56.879900: | SPI size: 0 (0x0) Aug 26 18:38:56.879903: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:56.879906: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:56.879909: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:56.879912: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:56.879915: | Notify data 8d 75 f6 d3 c4 75 99 e4 82 14 43 b4 c3 a8 fb cd Aug 26 18:38:56.879918: | Notify data 62 ae 3f 4a Aug 26 18:38:56.879920: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:56.879923: | natd_hash: rcookie is zero Aug 26 18:38:56.879930: | natd_hash: hasher=0x55cfeeadb800(20) Aug 26 18:38:56.879933: | natd_hash: icookie= 9a 31 57 13 53 4d ed 32 Aug 26 18:38:56.879936: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:38:56.879938: | natd_hash: ip= c0 01 02 17 Aug 26 18:38:56.879941: | natd_hash: port=500 Aug 26 18:38:56.879944: | natd_hash: hash= 95 cc 66 d1 72 b6 32 b3 dc a1 38 6f 31 b1 f4 72 Aug 26 18:38:56.879946: | natd_hash: hash= 8d 46 a9 d7 Aug 26 18:38:56.879948: | Adding a v2N Payload Aug 26 18:38:56.879951: | ***emit IKEv2 Notify Payload: Aug 26 18:38:56.879954: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:56.879956: | flags: none (0x0) Aug 26 18:38:56.879959: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:56.879961: | SPI size: 0 (0x0) Aug 26 18:38:56.879964: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:56.879968: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:56.879970: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:56.879974: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:56.879977: | Notify data 95 cc 66 d1 72 b6 32 b3 dc a1 38 6f 31 b1 f4 72 Aug 26 18:38:56.879979: | Notify data 8d 46 a9 d7 Aug 26 18:38:56.879982: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:56.879985: | emitting length of ISAKMP Message: 828 Aug 26 18:38:56.879992: | stop processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:38:56.879998: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:56.880002: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:38:56.880005: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:38:56.880010: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:38:56.880013: | Message ID: updating counters for #4 to 4294967295 after switching state Aug 26 18:38:56.880016: | Message ID: IKE #4 skipping update_recv as MD is fake Aug 26 18:38:56.880021: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:38:56.880025: "northnet-eastnet" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:38:56.880030: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.8.22:500) Aug 26 18:38:56.880036: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #4) Aug 26 18:38:56.880039: | 9a 31 57 13 53 4d ed 32 00 00 00 00 00 00 00 00 Aug 26 18:38:56.880041: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:38:56.880044: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:38:56.880046: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:38:56.880049: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:38:56.880052: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:38:56.880054: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:38:56.880057: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:38:56.880059: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:38:56.880062: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:38:56.880065: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:38:56.880067: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:38:56.880070: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:38:56.880072: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:38:56.880075: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:38:56.880077: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:38:56.880080: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:38:56.880082: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:38:56.880085: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:38:56.880087: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:38:56.880090: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:38:56.880092: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:38:56.880095: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:38:56.880097: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:38:56.880100: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:38:56.880102: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:38:56.880105: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:38:56.880107: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:38:56.880110: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:38:56.880113: | 28 00 01 08 00 0e 00 00 23 e3 e4 fd 00 71 5e bb Aug 26 18:38:56.880115: | 54 12 a7 dd 89 12 0b 64 11 7f 07 c3 1a a2 14 4a Aug 26 18:38:56.880118: | 68 c5 7e cb e0 fa 73 5d 3c 6a 3b 6d 60 27 c4 bd Aug 26 18:38:56.880120: | f7 8a cd 0f a9 51 9e da 71 c3 3c ac db 6b eb 74 Aug 26 18:38:56.880123: | 84 00 79 03 14 24 3d e5 41 1e 8e 48 8d 2d b3 9e Aug 26 18:38:56.880125: | c0 30 2c 61 45 c7 48 23 6b 44 9c 3a 8b db af a9 Aug 26 18:38:56.880128: | 46 9d 43 de a2 c9 3c 11 f8 9c 5c fd a4 65 1e 16 Aug 26 18:38:56.880131: | 57 e6 5d a8 82 4b 28 bd e5 a5 6a 73 d4 ab 37 e1 Aug 26 18:38:56.880133: | e9 e6 d0 4f 8e 75 54 81 b3 94 51 b8 78 3e e7 e4 Aug 26 18:38:56.880135: | 36 82 ea 8b 35 1d 6a 4c 99 ed 35 81 98 9f 42 17 Aug 26 18:38:56.880138: | 37 6f 4a 14 a5 34 f6 de 2e 2a cb 40 29 7b ff 90 Aug 26 18:38:56.880140: | 42 b0 65 00 64 de 89 22 7a 5f 2b 06 06 e5 a1 74 Aug 26 18:38:56.880143: | db 21 ff f4 33 6e e3 07 98 43 36 3a 42 5e 83 c6 Aug 26 18:38:56.880147: | 8d a2 9b 83 50 1f b0 4d 33 60 d9 f3 24 9d 88 d6 Aug 26 18:38:56.880150: | 64 8b 2d 7d f8 9f 17 ff 83 4d b7 a3 21 d9 88 df Aug 26 18:38:56.880152: | 23 9a e2 c6 b1 a5 c8 e3 cb 98 5d 92 39 12 a0 25 Aug 26 18:38:56.880155: | 23 3a 03 a0 cf 7c 6c eb 29 00 00 24 ca 6b 76 b8 Aug 26 18:38:56.880157: | 7f 35 db 66 eb 49 30 a7 ca 8f d1 f7 dc 2c 43 c7 Aug 26 18:38:56.880160: | 26 f6 15 7a d0 1f b6 fb e4 57 af 2a 29 00 00 08 Aug 26 18:38:56.880162: | 00 00 40 2e 29 00 00 1c 00 00 40 04 8d 75 f6 d3 Aug 26 18:38:56.880165: | c4 75 99 e4 82 14 43 b4 c3 a8 fb cd 62 ae 3f 4a Aug 26 18:38:56.880167: | 00 00 00 1c 00 00 40 05 95 cc 66 d1 72 b6 32 b3 Aug 26 18:38:56.880170: | dc a1 38 6f 31 b1 f4 72 8d 46 a9 d7 Aug 26 18:38:56.880206: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:38:56.880211: | libevent_free: release ptr-libevent@0x55cff06214d8 Aug 26 18:38:56.880215: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f97d4002bb8 Aug 26 18:38:56.880218: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:38:56.880222: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f97d4002bb8 Aug 26 18:38:56.880226: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Aug 26 18:38:56.880229: | libevent_malloc: new ptr-libevent@0x55cff0620478 size 128 Aug 26 18:38:56.880235: | #4 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 30022.622688 Aug 26 18:38:56.880239: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Aug 26 18:38:56.880245: | #4 spent 1.75 milliseconds in resume sending helper answer Aug 26 18:38:56.880251: | stop processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:38:56.880254: | libevent_free: release ptr-libevent@0x7f97cc002888 Aug 26 18:38:57.354162: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:57.354183: shutting down Aug 26 18:38:57.354191: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 18:38:57.354193: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:38:57.354195: forgetting secrets Aug 26 18:38:57.354201: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:38:57.354205: | start processing: connection "northnet-eastnet" (in delete_connection() at connections.c:189) Aug 26 18:38:57.354207: | removing pending policy for no connection {0x55cff060c1d8} Aug 26 18:38:57.354210: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:38:57.354211: | pass 0 Aug 26 18:38:57.354213: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:38:57.354215: | state #4 Aug 26 18:38:57.354217: | suspend processing: connection "northnet-eastnet" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:38:57.354221: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:38:57.354223: | pstats #4 ikev2.ike deleted other Aug 26 18:38:57.354227: | #4 spent 2.43 milliseconds in total Aug 26 18:38:57.354230: | [RE]START processing: state #4 connection "northnet-eastnet" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:38:57.354233: "northnet-eastnet" #4: deleting state (STATE_PARENT_I1) aged 0.476s and NOT sending notification Aug 26 18:38:57.354235: | parent state #4: PARENT_I1(half-open IKE SA) => delete Aug 26 18:38:57.354238: | state #4 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:38:57.354240: | #4 STATE_PARENT_I1: retransmits: cleared Aug 26 18:38:57.354243: | libevent_free: release ptr-libevent@0x55cff0620478 Aug 26 18:38:57.354245: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f97d4002bb8 Aug 26 18:38:57.354248: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:38:57.354252: | picked newest_isakmp_sa #0 for #4 Aug 26 18:38:57.354255: "northnet-eastnet" #4: deleting IKE SA for connection 'northnet-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:38:57.354257: | add revival: connection 'northnet-eastnet' added to the list and scheduled for 5 seconds Aug 26 18:38:57.354259: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 18:38:57.354263: | stop processing: connection "northnet-eastnet" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 18:38:57.354265: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 18:38:57.354267: | in connection_discard for connection northnet-eastnet Aug 26 18:38:57.354269: | State DB: deleting IKEv2 state #4 in PARENT_I1 Aug 26 18:38:57.354271: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 18:38:57.354287: | stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:38:57.354310: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:38:57.354312: | pass 1 Aug 26 18:38:57.354315: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:38:57.354318: | shunt_eroute() called for connection 'northnet-eastnet' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:38:57.354320: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:38:57.354323: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:57.354362: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Aug 26 18:38:57.354370: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:38:57.354372: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Aug 26 18:38:57.354374: | conn northnet-eastnet mark 0/00000000, 0/00000000 Aug 26 18:38:57.354376: | route owner of "northnet-eastnet" unrouted: NULL Aug 26 18:38:57.354378: | running updown command "ipsec _updown" for verb unroute Aug 26 18:38:57.354380: | command executing unroute-client Aug 26 18:38:57.354399: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI Aug 26 18:38:57.354401: | popen cmd is 1045 chars long Aug 26 18:38:57.354403: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:38:57.354405: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PL: Aug 26 18:38:57.354407: | cmd( 160):UTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0: Aug 26 18:38:57.354409: | cmd( 240):.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=': Aug 26 18:38:57.354410: | cmd( 320):0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEE: Aug 26 18:38:57.354412: | cmd( 400):R_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 18:38:57.354413: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 18:38:57.354415: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Aug 26 18:38:57.354419: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_N: Aug 26 18:38:57.354420: | cmd( 720):O' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PL: Aug 26 18:38:57.354422: | cmd( 800):UTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEE: Aug 26 18:38:57.354424: | cmd( 880):R_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VT: Aug 26 18:38:57.354425: | cmd( 960):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown: Aug 26 18:38:57.354427: | cmd(1040): 2>&1: Aug 26 18:38:57.362309: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:57.362325: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:57.362327: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:57.362330: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:57.362332: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:57.362333: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:57.362335: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:57.362361: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:57.362365: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:57.362377: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:57.362382: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:57.362430: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:57.362437: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:57.362439: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:57.362440: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:38:57.366810: | free hp@0x55cff061b338 Aug 26 18:38:57.366824: | flush revival: connection 'northnet-eastnet' revival flushed Aug 26 18:38:57.366829: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 18:38:57.366841: | crl fetch request list locked by 'free_crl_fetch' Aug 26 18:38:57.366843: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 18:38:57.366852: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 18:38:57.366854: shutting down interface lo/lo 127.0.0.1:500 Aug 26 18:38:57.366856: shutting down interface eth0/eth0 192.0.3.254:4500 Aug 26 18:38:57.366858: shutting down interface eth0/eth0 192.0.3.254:500 Aug 26 18:38:57.366860: shutting down interface eth1/eth1 192.1.3.33:4500 Aug 26 18:38:57.366862: shutting down interface eth1/eth1 192.1.3.33:500 Aug 26 18:38:57.366864: shutting down interface eth1/eth1 192.1.8.22:4500 Aug 26 18:38:57.366866: shutting down interface eth1/eth1 192.1.8.22:500 Aug 26 18:38:57.366869: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 18:38:57.366879: | libevent_free: release ptr-libevent@0x55cff060cd48 Aug 26 18:38:57.366882: | free_event_entry: release EVENT_NULL-pe@0x55cff0618db8 Aug 26 18:38:57.366890: | libevent_free: release ptr-libevent@0x55cff05aaf68 Aug 26 18:38:57.366892: | free_event_entry: release EVENT_NULL-pe@0x55cff0618e68 Aug 26 18:38:57.366897: | libevent_free: release ptr-libevent@0x55cff05aae68 Aug 26 18:38:57.366899: | free_event_entry: release EVENT_NULL-pe@0x55cff0618f18 Aug 26 18:38:57.366904: | libevent_free: release ptr-libevent@0x55cff05aa698 Aug 26 18:38:57.366906: | free_event_entry: release EVENT_NULL-pe@0x55cff0618fc8 Aug 26 18:38:57.366910: | libevent_free: release ptr-libevent@0x55cff05794e8 Aug 26 18:38:57.366912: | free_event_entry: release EVENT_NULL-pe@0x55cff0619528 Aug 26 18:38:57.366916: | libevent_free: release ptr-libevent@0x55cff05791d8 Aug 26 18:38:57.366918: | free_event_entry: release EVENT_NULL-pe@0x55cff0619598 Aug 26 18:38:57.366923: | libevent_free: release ptr-libevent@0x55cff06196b8 Aug 26 18:38:57.366927: | free_event_entry: release EVENT_NULL-pe@0x55cff0619648 Aug 26 18:38:57.366932: | libevent_free: release ptr-libevent@0x55cff0619818 Aug 26 18:38:57.366934: | free_event_entry: release EVENT_NULL-pe@0x55cff06197a8 Aug 26 18:38:57.366938: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:38:57.367352: | libevent_free: release ptr-libevent@0x55cff060cdf8 Aug 26 18:38:57.367358: | free_event_entry: release EVENT_NULL-pe@0x55cff0600b38 Aug 26 18:38:57.367363: | libevent_free: release ptr-libevent@0x55cff05aad68 Aug 26 18:38:57.367365: | free_event_entry: release EVENT_NULL-pe@0x55cff05ffff8 Aug 26 18:38:57.367369: | libevent_free: release ptr-libevent@0x55cff05e4418 Aug 26 18:38:57.367370: | free_event_entry: release EVENT_NULL-pe@0x55cff0600ba8 Aug 26 18:38:57.367373: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 18:38:57.367375: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 18:38:57.367377: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 18:38:57.367378: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 18:38:57.367380: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 18:38:57.367382: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 18:38:57.367383: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 18:38:57.367385: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 18:38:57.367386: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 18:38:57.367390: | libevent_free: release ptr-libevent@0x55cff05ac048 Aug 26 18:38:57.367392: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 18:38:57.367394: | libevent_free: release ptr-libevent@0x55cff0618338 Aug 26 18:38:57.367396: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 18:38:57.367398: | libevent_free: release ptr-libevent@0x55cff0618448 Aug 26 18:38:57.367399: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 18:38:57.367401: | libevent_free: release ptr-libevent@0x55cff0618688 Aug 26 18:38:57.367403: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 18:38:57.367404: | releasing event base Aug 26 18:38:57.367413: | libevent_free: release ptr-libevent@0x55cff0618558 Aug 26 18:38:57.367415: | libevent_free: release ptr-libevent@0x55cff05fb3e8 Aug 26 18:38:57.367418: | libevent_free: release ptr-libevent@0x55cff05fb398 Aug 26 18:38:57.367420: | libevent_free: release ptr-libevent@0x55cff05fb328 Aug 26 18:38:57.367421: | libevent_free: release ptr-libevent@0x55cff05fb2e8 Aug 26 18:38:57.367423: | libevent_free: release ptr-libevent@0x55cff0618108 Aug 26 18:38:57.367425: | libevent_free: release ptr-libevent@0x55cff06182b8 Aug 26 18:38:57.367426: | libevent_free: release ptr-libevent@0x55cff05fb598 Aug 26 18:38:57.367428: | libevent_free: release ptr-libevent@0x55cff0600108 Aug 26 18:38:57.367429: | libevent_free: release ptr-libevent@0x55cff0600af8 Aug 26 18:38:57.367431: | libevent_free: release ptr-libevent@0x55cff06198c8 Aug 26 18:38:57.367432: | libevent_free: release ptr-libevent@0x55cff0619768 Aug 26 18:38:57.367434: | libevent_free: release ptr-libevent@0x55cff0619608 Aug 26 18:38:57.367436: | libevent_free: release ptr-libevent@0x55cff0619078 Aug 26 18:38:57.367437: | libevent_free: release ptr-libevent@0x55cff0619038 Aug 26 18:38:57.367439: | libevent_free: release ptr-libevent@0x55cff0618f88 Aug 26 18:38:57.367440: | libevent_free: release ptr-libevent@0x55cff0618ed8 Aug 26 18:38:57.367442: | libevent_free: release ptr-libevent@0x55cff0618e28 Aug 26 18:38:57.367443: | libevent_free: release ptr-libevent@0x55cff05a7af8 Aug 26 18:38:57.367445: | libevent_free: release ptr-libevent@0x55cff0618408 Aug 26 18:38:57.367447: | libevent_free: release ptr-libevent@0x55cff06182f8 Aug 26 18:38:57.367448: | libevent_free: release ptr-libevent@0x55cff0618278 Aug 26 18:38:57.367450: | libevent_free: release ptr-libevent@0x55cff0618518 Aug 26 18:38:57.367451: | libevent_free: release ptr-libevent@0x55cff0618148 Aug 26 18:38:57.367453: | libevent_free: release ptr-libevent@0x55cff0578908 Aug 26 18:38:57.367455: | libevent_free: release ptr-libevent@0x55cff0578d38 Aug 26 18:38:57.367458: | libevent_free: release ptr-libevent@0x55cff05a7e68 Aug 26 18:38:57.367460: | releasing global libevent data Aug 26 18:38:57.367462: | libevent_free: release ptr-libevent@0x55cff0578a08 Aug 26 18:38:57.367464: | libevent_free: release ptr-libevent@0x55cff0578cd8 Aug 26 18:38:57.367465: | libevent_free: release ptr-libevent@0x55cff0578dd8 Aug 26 18:38:57.367489: leak detective found no leaks