Aug 26 18:38:34.379087: FIPS Product: YES Aug 26 18:38:34.379125: FIPS Kernel: NO Aug 26 18:38:34.379128: FIPS Mode: NO Aug 26 18:38:34.379131: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:38:34.379300: Initializing NSS Aug 26 18:38:34.379309: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:38:34.422982: NSS initialized Aug 26 18:38:34.422998: NSS crypto library initialized Aug 26 18:38:34.423001: FIPS HMAC integrity support [enabled] Aug 26 18:38:34.423003: FIPS mode disabled for pluto daemon Aug 26 18:38:34.468265: FIPS HMAC integrity verification self-test FAILED Aug 26 18:38:34.468378: libcap-ng support [enabled] Aug 26 18:38:34.468392: Linux audit support [enabled] Aug 26 18:38:34.468419: Linux audit activated Aug 26 18:38:34.468424: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:12390 Aug 26 18:38:34.468429: core dump dir: /tmp Aug 26 18:38:34.468432: secrets file: /etc/ipsec.secrets Aug 26 18:38:34.468434: leak-detective enabled Aug 26 18:38:34.468436: NSS crypto [enabled] Aug 26 18:38:34.468439: XAUTH PAM support [enabled] Aug 26 18:38:34.468515: | libevent is using pluto's memory allocator Aug 26 18:38:34.468523: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:38:34.468539: | libevent_malloc: new ptr-libevent@0x55d3cdfca6b8 size 40 Aug 26 18:38:34.468547: | libevent_malloc: new ptr-libevent@0x55d3cdfcc108 size 40 Aug 26 18:38:34.468551: | libevent_malloc: new ptr-libevent@0x55d3cdfcc088 size 40 Aug 26 18:38:34.468554: | creating event base Aug 26 18:38:34.468558: | libevent_malloc: new ptr-libevent@0x55d3cdfcae88 size 56 Aug 26 18:38:34.468564: | libevent_malloc: new ptr-libevent@0x55d3cdf5ced8 size 664 Aug 26 18:38:34.468576: | libevent_malloc: new ptr-libevent@0x55d3cdffc258 size 24 Aug 26 18:38:34.468579: | libevent_malloc: new ptr-libevent@0x55d3cdffc2a8 size 384 Aug 26 18:38:34.468590: | libevent_malloc: new ptr-libevent@0x55d3cdffc218 size 16 Aug 26 18:38:34.468594: | libevent_malloc: new ptr-libevent@0x55d3cdfcc008 size 40 Aug 26 18:38:34.468597: | libevent_malloc: new ptr-libevent@0x55d3cdfcbf88 size 48 Aug 26 18:38:34.468603: | libevent_realloc: new ptr-libevent@0x55d3cdf5cb68 size 256 Aug 26 18:38:34.468606: | libevent_malloc: new ptr-libevent@0x55d3cdffc458 size 16 Aug 26 18:38:34.468613: | libevent_free: release ptr-libevent@0x55d3cdfcae88 Aug 26 18:38:34.468617: | libevent initialized Aug 26 18:38:34.468621: | libevent_realloc: new ptr-libevent@0x55d3cdfcae88 size 64 Aug 26 18:38:34.468625: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:38:34.468641: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:38:34.468644: NAT-Traversal support [enabled] Aug 26 18:38:34.468647: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:38:34.468653: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:38:34.468657: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:38:34.468691: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:38:34.468696: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:38:34.468700: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:38:34.468749: Encryption algorithms: Aug 26 18:38:34.468759: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:38:34.468763: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:38:34.468767: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:38:34.468770: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:38:34.468774: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:38:34.468783: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:38:34.468788: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:38:34.468792: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:38:34.468796: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:38:34.468800: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:38:34.468804: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:38:34.468808: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:38:34.468812: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:38:34.468815: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:38:34.468819: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:38:34.468822: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:38:34.468826: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:38:34.468833: Hash algorithms: Aug 26 18:38:34.468836: MD5 IKEv1: IKE IKEv2: Aug 26 18:38:34.468840: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:38:34.468843: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:38:34.468846: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:38:34.468849: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:38:34.468862: PRF algorithms: Aug 26 18:38:34.468865: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:38:34.468868: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:38:34.468872: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:38:34.468875: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:38:34.468878: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:38:34.468881: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:38:34.468908: Integrity algorithms: Aug 26 18:38:34.468912: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:38:34.468916: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:38:34.468920: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:38:34.468924: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:38:34.468929: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:38:34.468932: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:38:34.468936: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:38:34.468939: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:38:34.468942: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:38:34.468954: DH algorithms: Aug 26 18:38:34.468958: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:38:34.468961: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:38:34.468964: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:38:34.468970: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:38:34.468973: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:38:34.468976: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:38:34.468979: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:38:34.468983: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:38:34.468986: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:38:34.468990: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:38:34.468993: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:38:34.468996: testing CAMELLIA_CBC: Aug 26 18:38:34.468999: Camellia: 16 bytes with 128-bit key Aug 26 18:38:34.469126: Camellia: 16 bytes with 128-bit key Aug 26 18:38:34.469160: Camellia: 16 bytes with 256-bit key Aug 26 18:38:34.470833: Camellia: 16 bytes with 256-bit key Aug 26 18:38:34.470883: testing AES_GCM_16: Aug 26 18:38:34.470888: empty string Aug 26 18:38:34.470921: one block Aug 26 18:38:34.470953: two blocks Aug 26 18:38:34.470981: two blocks with associated data Aug 26 18:38:34.471011: testing AES_CTR: Aug 26 18:38:34.471015: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:38:34.471043: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:38:34.471073: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:38:34.471106: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:38:34.471133: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:38:34.471160: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:38:34.471187: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:38:34.471213: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:38:34.471239: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:38:34.471265: testing AES_CBC: Aug 26 18:38:34.471269: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:38:34.471304: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:38:34.471336: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:38:34.471359: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:38:34.471381: testing AES_XCBC: Aug 26 18:38:34.471384: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:38:34.471467: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:38:34.471599: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:38:34.471699: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:38:34.471823: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:38:34.471961: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:38:34.472102: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:38:34.472425: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:38:34.472569: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:38:34.472721: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:38:34.472966: testing HMAC_MD5: Aug 26 18:38:34.472973: RFC 2104: MD5_HMAC test 1 Aug 26 18:38:34.473160: RFC 2104: MD5_HMAC test 2 Aug 26 18:38:34.473330: RFC 2104: MD5_HMAC test 3 Aug 26 18:38:34.473520: 8 CPU cores online Aug 26 18:38:34.473526: starting up 7 crypto helpers Aug 26 18:38:34.473560: started thread for crypto helper 0 Aug 26 18:38:34.473582: started thread for crypto helper 1 Aug 26 18:38:34.473588: | starting up helper thread 1 Aug 26 18:38:34.473603: started thread for crypto helper 2 Aug 26 18:38:34.473604: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:38:34.473628: | crypto helper 1 waiting (nothing to do) Aug 26 18:38:34.473634: started thread for crypto helper 3 Aug 26 18:38:34.473654: started thread for crypto helper 4 Aug 26 18:38:34.473674: started thread for crypto helper 5 Aug 26 18:38:34.473693: started thread for crypto helper 6 Aug 26 18:38:34.473698: | checking IKEv1 state table Aug 26 18:38:34.473706: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:38:34.473710: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:38:34.473713: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:38:34.473716: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:38:34.473719: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:38:34.473722: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:38:34.473724: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:34.473727: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:34.473730: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:38:34.473733: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:38:34.473735: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:34.473738: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:38:34.473741: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:38:34.473743: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:38:34.473746: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:38:34.473748: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:38:34.473751: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:38:34.473754: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:38:34.473756: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:38:34.473759: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:38:34.473762: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:38:34.473764: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.473768: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:38:34.473770: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.473773: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:38:34.473776: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:38:34.473779: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:38:34.473782: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:38:34.473784: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:38:34.473787: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:38:34.473789: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:38:34.473792: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:38:34.473795: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:38:34.473798: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.473801: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:38:34.473804: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.473807: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:38:34.473810: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:38:34.473813: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:38:34.473816: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:38:34.473819: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:38:34.473821: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:38:34.473825: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:38:34.473827: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.473830: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:38:34.473833: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.473836: | INFO: category: informational flags: 0: Aug 26 18:38:34.473839: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.473842: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:38:34.473844: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.473847: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:38:34.473850: | -> XAUTH_R1 EVENT_NULL Aug 26 18:38:34.473853: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:38:34.473855: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:38:34.473858: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:38:34.473861: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:38:34.473863: | starting up helper thread 0 Aug 26 18:38:34.473870: | starting up helper thread 6 Aug 26 18:38:34.473865: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:38:34.473899: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:38:34.473911: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:38:34.473880: | starting up helper thread 5 Aug 26 18:38:34.473918: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:38:34.473921: | -> UNDEFINED EVENT_NULL Aug 26 18:38:34.473913: | crypto helper 6 waiting (nothing to do) Aug 26 18:38:34.473926: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:38:34.473921: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:38:34.473929: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:38:34.473890: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:38:34.473941: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:38:34.473947: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:38:34.473885: | starting up helper thread 2 Aug 26 18:38:34.473935: | crypto helper 5 waiting (nothing to do) Aug 26 18:38:34.473953: | starting up helper thread 3 Aug 26 18:38:34.473955: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:38:34.473950: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:38:34.473975: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:38:34.473981: | checking IKEv2 state table Aug 26 18:38:34.473988: | PARENT_I0: category: ignore flags: 0: Aug 26 18:38:34.473991: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:38:34.473994: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:38:34.473997: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:38:34.474000: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:38:34.473969: | crypto helper 2 waiting (nothing to do) Aug 26 18:38:34.473968: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:38:34.474003: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:38:34.474021: | starting up helper thread 4 Aug 26 18:38:34.474022: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:38:34.474012: | crypto helper 0 waiting (nothing to do) Aug 26 18:38:34.474036: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:38:34.474039: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:38:34.474044: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:38:34.474047: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:38:34.474030: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:38:34.474054: | crypto helper 3 waiting (nothing to do) Aug 26 18:38:34.474051: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:38:34.474064: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:38:34.474067: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:38:34.474069: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:38:34.474072: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:38:34.474075: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:38:34.474077: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:38:34.474080: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:38:34.474083: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:38:34.474086: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:38:34.474089: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:38:34.474092: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:38:34.474097: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:38:34.474100: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:38:34.474102: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:38:34.474105: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:38:34.474108: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:38:34.474111: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:38:34.474114: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:38:34.474117: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:38:34.474120: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:38:34.474123: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:38:34.474125: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:38:34.474128: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:38:34.474131: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:38:34.474134: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:38:34.474137: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:38:34.474140: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:38:34.474143: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:38:34.474146: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:38:34.474149: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:38:34.474152: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:38:34.474155: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:38:34.474158: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:38:34.474161: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:38:34.474164: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:38:34.474180: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:38:34.474252: | Hard-wiring algorithms Aug 26 18:38:34.474257: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:38:34.474262: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:38:34.474264: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:38:34.474267: | adding 3DES_CBC to kernel algorithm db Aug 26 18:38:34.474270: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:38:34.474272: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:38:34.474275: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:38:34.474278: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:38:34.474280: | adding AES_CTR to kernel algorithm db Aug 26 18:38:34.474283: | adding AES_CBC to kernel algorithm db Aug 26 18:38:34.474285: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:38:34.474300: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:38:34.474307: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:38:34.474310: | adding NULL to kernel algorithm db Aug 26 18:38:34.474312: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:38:34.474315: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:38:34.474318: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:38:34.474321: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:38:34.474323: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:38:34.474326: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:38:34.474328: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:38:34.474331: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:38:34.474334: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:38:34.474336: | adding NONE to kernel algorithm db Aug 26 18:38:34.474357: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:38:34.474367: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:38:34.474370: | setup kernel fd callback Aug 26 18:38:34.474373: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55d3cdffbc78 Aug 26 18:38:34.474377: | libevent_malloc: new ptr-libevent@0x55d3cdffa488 size 128 Aug 26 18:38:34.474380: | libevent_malloc: new ptr-libevent@0x55d3ce001678 size 16 Aug 26 18:38:34.474388: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55d3ce0019e8 Aug 26 18:38:34.474392: | libevent_malloc: new ptr-libevent@0x55d3cdfcfda8 size 128 Aug 26 18:38:34.474395: | libevent_malloc: new ptr-libevent@0x55d3ce001f98 size 16 Aug 26 18:38:34.474592: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:38:34.474600: selinux support is enabled. Aug 26 18:38:34.474833: | unbound context created - setting debug level to 5 Aug 26 18:38:34.474854: | /etc/hosts lookups activated Aug 26 18:38:34.474867: | /etc/resolv.conf usage activated Aug 26 18:38:34.474903: | outgoing-port-avoid set 0-65535 Aug 26 18:38:34.474920: | outgoing-port-permit set 32768-60999 Aug 26 18:38:34.474922: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:38:34.474925: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:38:34.474927: | Setting up events, loop start Aug 26 18:38:34.474929: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55d3ce001e88 Aug 26 18:38:34.474932: | libevent_malloc: new ptr-libevent@0x55d3ce00dde8 size 128 Aug 26 18:38:34.474934: | libevent_malloc: new ptr-libevent@0x55d3ce0190b8 size 16 Aug 26 18:38:34.474939: | libevent_realloc: new ptr-libevent@0x55d3ce0190f8 size 256 Aug 26 18:38:34.474941: | libevent_malloc: new ptr-libevent@0x55d3ce019228 size 8 Aug 26 18:38:34.474943: | libevent_realloc: new ptr-libevent@0x55d3ce019268 size 144 Aug 26 18:38:34.474945: | libevent_malloc: new ptr-libevent@0x55d3cdf5d598 size 152 Aug 26 18:38:34.474948: | libevent_malloc: new ptr-libevent@0x55d3ce019328 size 16 Aug 26 18:38:34.474951: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:38:34.474953: | libevent_malloc: new ptr-libevent@0x55d3ce019368 size 8 Aug 26 18:38:34.474954: | libevent_malloc: new ptr-libevent@0x55d3ce0193a8 size 152 Aug 26 18:38:34.474957: | signal event handler PLUTO_SIGTERM installed Aug 26 18:38:34.474958: | libevent_malloc: new ptr-libevent@0x55d3ce019478 size 8 Aug 26 18:38:34.474960: | libevent_malloc: new ptr-libevent@0x55d3ce0194b8 size 152 Aug 26 18:38:34.474962: | signal event handler PLUTO_SIGHUP installed Aug 26 18:38:34.474964: | libevent_malloc: new ptr-libevent@0x55d3ce019588 size 8 Aug 26 18:38:34.474965: | libevent_realloc: release ptr-libevent@0x55d3ce019268 Aug 26 18:38:34.474967: | libevent_realloc: new ptr-libevent@0x55d3ce0195c8 size 256 Aug 26 18:38:34.474969: | libevent_malloc: new ptr-libevent@0x55d3ce0196f8 size 152 Aug 26 18:38:34.474971: | signal event handler PLUTO_SIGSYS installed Aug 26 18:38:34.475233: | created addconn helper (pid:12581) using fork+execve Aug 26 18:38:34.475247: | forked child 12581 Aug 26 18:38:34.475287: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:34.475313: listening for IKE messages Aug 26 18:38:34.475338: | crypto helper 4 waiting (nothing to do) Aug 26 18:38:34.475355: | Inspecting interface lo Aug 26 18:38:34.475363: | found lo with address 127.0.0.1 Aug 26 18:38:34.475366: | Inspecting interface eth0 Aug 26 18:38:34.475370: | found eth0 with address 192.1.3.209 Aug 26 18:38:34.475456: Kernel supports NIC esp-hw-offload Aug 26 18:38:34.475468: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.1.3.209:500 Aug 26 18:38:34.475491: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:38:34.475496: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:38:34.475500: adding interface eth0/eth0 192.1.3.209:4500 Aug 26 18:38:34.475525: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:38:34.475551: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:38:34.475555: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:38:34.475558: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:38:34.475618: | no interfaces to sort Aug 26 18:38:34.475623: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:38:34.475631: | add_fd_read_event_handler: new ethX-pe@0x55d3ce019a68 Aug 26 18:38:34.475635: | libevent_malloc: new ptr-libevent@0x55d3ce00dd38 size 128 Aug 26 18:38:34.475638: | libevent_malloc: new ptr-libevent@0x55d3ce019ad8 size 16 Aug 26 18:38:34.475645: | setup callback for interface lo 127.0.0.1:4500 fd 20 Aug 26 18:38:34.475649: | add_fd_read_event_handler: new ethX-pe@0x55d3ce019b18 Aug 26 18:38:34.475653: | libevent_malloc: new ptr-libevent@0x55d3cdfcfe58 size 128 Aug 26 18:38:34.475657: | libevent_malloc: new ptr-libevent@0x55d3ce019b88 size 16 Aug 26 18:38:34.475662: | setup callback for interface lo 127.0.0.1:500 fd 19 Aug 26 18:38:34.475665: | add_fd_read_event_handler: new ethX-pe@0x55d3ce019bc8 Aug 26 18:38:34.475669: | libevent_malloc: new ptr-libevent@0x55d3cdfd1088 size 128 Aug 26 18:38:34.475673: | libevent_malloc: new ptr-libevent@0x55d3ce019c38 size 16 Aug 26 18:38:34.475678: | setup callback for interface eth0 192.1.3.209:4500 fd 18 Aug 26 18:38:34.475681: | add_fd_read_event_handler: new ethX-pe@0x55d3ce019c78 Aug 26 18:38:34.475685: | libevent_malloc: new ptr-libevent@0x55d3cdfcaa88 size 128 Aug 26 18:38:34.475688: | libevent_malloc: new ptr-libevent@0x55d3ce019ce8 size 16 Aug 26 18:38:34.475693: | setup callback for interface eth0 192.1.3.209:500 fd 17 Aug 26 18:38:34.475698: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:38:34.475701: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:38:34.475721: loading secrets from "/etc/ipsec.secrets" Aug 26 18:38:34.475733: | Processing PSK at line 1: passed Aug 26 18:38:34.475737: | certs and keys locked by 'process_secret' Aug 26 18:38:34.475740: | certs and keys unlocked by 'process_secret' Aug 26 18:38:34.475752: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:34.475760: | spent 0.474 milliseconds in whack Aug 26 18:38:34.525254: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:34.525274: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:34.525277: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:38:34.525279: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:34.525280: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:38:34.525284: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:34.525286: Failed to add connection "clear": shunt connection cannot have authentication method other then authby=never Aug 26 18:38:34.525303: | flush revival: connection 'clear' wasn't on the list Aug 26 18:38:34.525309: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 18:38:34.525317: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:34.525324: | spent 0.0691 milliseconds in whack Aug 26 18:38:34.525341: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:34.525348: listening for IKE messages Aug 26 18:38:34.525374: | Inspecting interface lo Aug 26 18:38:34.525379: | found lo with address 127.0.0.1 Aug 26 18:38:34.525381: | Inspecting interface eth0 Aug 26 18:38:34.525383: | found eth0 with address 192.1.3.209 Aug 26 18:38:34.525436: | no interfaces to sort Aug 26 18:38:34.525445: | libevent_free: release ptr-libevent@0x55d3ce00dd38 Aug 26 18:38:34.525449: | free_event_entry: release EVENT_NULL-pe@0x55d3ce019a68 Aug 26 18:38:34.525453: | add_fd_read_event_handler: new ethX-pe@0x55d3ce019a68 Aug 26 18:38:34.525456: | libevent_malloc: new ptr-libevent@0x55d3ce00dd38 size 128 Aug 26 18:38:34.525464: | setup callback for interface lo 127.0.0.1:4500 fd 20 Aug 26 18:38:34.525468: | libevent_free: release ptr-libevent@0x55d3cdfcfe58 Aug 26 18:38:34.525476: | free_event_entry: release EVENT_NULL-pe@0x55d3ce019b18 Aug 26 18:38:34.525479: | add_fd_read_event_handler: new ethX-pe@0x55d3ce019b18 Aug 26 18:38:34.525482: | libevent_malloc: new ptr-libevent@0x55d3cdfcfe58 size 128 Aug 26 18:38:34.525487: | setup callback for interface lo 127.0.0.1:500 fd 19 Aug 26 18:38:34.525491: | libevent_free: release ptr-libevent@0x55d3cdfd1088 Aug 26 18:38:34.525494: | free_event_entry: release EVENT_NULL-pe@0x55d3ce019bc8 Aug 26 18:38:34.525497: | add_fd_read_event_handler: new ethX-pe@0x55d3ce019bc8 Aug 26 18:38:34.525499: | libevent_malloc: new ptr-libevent@0x55d3cdfd1088 size 128 Aug 26 18:38:34.525504: | setup callback for interface eth0 192.1.3.209:4500 fd 18 Aug 26 18:38:34.525508: | libevent_free: release ptr-libevent@0x55d3cdfcaa88 Aug 26 18:38:34.525510: | free_event_entry: release EVENT_NULL-pe@0x55d3ce019c78 Aug 26 18:38:34.525513: | add_fd_read_event_handler: new ethX-pe@0x55d3ce019c78 Aug 26 18:38:34.525516: | libevent_malloc: new ptr-libevent@0x55d3cdfcaa88 size 128 Aug 26 18:38:34.525521: | setup callback for interface eth0 192.1.3.209:500 fd 17 Aug 26 18:38:34.525525: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:38:34.525527: forgetting secrets Aug 26 18:38:34.525536: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:38:34.525550: loading secrets from "/etc/ipsec.secrets" Aug 26 18:38:34.525559: | Processing PSK at line 1: passed Aug 26 18:38:34.525562: | certs and keys locked by 'process_secret' Aug 26 18:38:34.525565: | certs and keys unlocked by 'process_secret' Aug 26 18:38:34.525573: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:34.525579: | spent 0.24 milliseconds in whack Aug 26 18:38:34.525625: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:34.525640: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:34.525645: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:38:34.525654: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:34.525659: | spent 0.0349 milliseconds in whack Aug 26 18:38:34.526158: | processing signal PLUTO_SIGCHLD Aug 26 18:38:34.526175: | waitpid returned pid 12581 (exited with status 0) Aug 26 18:38:34.526180: | reaped addconn helper child (status 0) Aug 26 18:38:34.526185: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:34.526190: | spent 0.022 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:34.562853: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:34.562888: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:34.562897: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:38:34.562901: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:34.562903: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:38:34.562908: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:34.562947: | Added new connection road-eastnet with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 18:38:34.563008: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:38:34.563015: | from whack: got --esp=aes256-sha2 Aug 26 18:38:34.563030: | ESP/AH string values: AES_CBC_256-HMAC_SHA2_256_128 Aug 26 18:38:34.563036: | counting wild cards for (none) is 15 Aug 26 18:38:34.563041: | counting wild cards for 192.1.2.23 is 0 Aug 26 18:38:34.563048: | based upon policy narrowing=yes, the connection is a template. Aug 26 18:38:34.563055: | connect_to_host_pair: 192.1.3.209:500 192.1.2.23:500 -> hp@(nil): none Aug 26 18:38:34.563062: | new hp@0x55d3ce01bbc8 Aug 26 18:38:34.563068: added connection description "road-eastnet" Aug 26 18:38:34.563082: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Aug 26 18:38:34.563093: | 192.1.3.209[+MC+S=C]---192.1.3.254...192.1.2.23<192.1.2.23>===0.0.0.0/0 Aug 26 18:38:34.563100: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:34.563107: | spent 0.256 milliseconds in whack Aug 26 18:38:34.678125: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:34.678154: | dup_any(fd@16) -> fd@21 (in whack_process() at rcv_whack.c:590) Aug 26 18:38:34.678159: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:38:34.678164: | start processing: connection "road-eastnet" (in initiate_a_connection() at initiate.c:186) Aug 26 18:38:34.678177: | find_host_pair: comparing 192.1.3.209:500 to 192.1.2.23:500 but ignoring ports Aug 26 18:38:34.678184: | connect_to_host_pair: 192.1.3.209:500 192.1.2.23:500 -> hp@0x55d3ce01bbc8: road-eastnet Aug 26 18:38:34.678187: | connection 'road-eastnet' +POLICY_UP Aug 26 18:38:34.678190: | dup_any(fd@21) -> fd@22 (in initiate_a_connection() at initiate.c:342) Aug 26 18:38:34.678193: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:38:34.678208: | creating state object #1 at 0x55d3ce01c398 Aug 26 18:38:34.678212: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 18:38:34.678221: | pstats #1 ikev2.ike started Aug 26 18:38:34.678225: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:38:34.678228: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:38:34.678234: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:38:34.678242: | suspend processing: connection "road-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:38:34.678249: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:38:34.678254: | dup_any(fd@22) -> fd@23 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:38:34.678260: | Queuing pending IPsec SA negotiating with 192.1.2.23 "road-eastnet"[1] 192.1.2.23 IKE SA #1 "road-eastnet"[1] 192.1.2.23 Aug 26 18:38:34.678266: "road-eastnet"[1] 192.1.2.23 #1: initiating v2 parent SA Aug 26 18:38:34.678279: | constructing local IKE proposals for road-eastnet (IKE SA initiator selecting KE) Aug 26 18:38:34.678302: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:34.678315: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:34.678320: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:34.678327: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:34.678331: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:34.678337: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:34.678342: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:38:34.678348: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:34.678368: "road-eastnet"[1] 192.1.2.23: constructed local IKE proposals for road-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:34.678382: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 18:38:34.678387: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d3ce01eb08 Aug 26 18:38:34.678392: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:38:34.678396: | libevent_malloc: new ptr-libevent@0x55d3cdfcab88 size 128 Aug 26 18:38:34.678411: | #1 spent 0.232 milliseconds in ikev2_parent_outI1() Aug 26 18:38:34.678415: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:38:34.678435: | RESET processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:38:34.678439: | RESET processing: connection "road-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:38:34.678443: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:38:34.678447: | close_any(fd@21) (in initiate_connection() at initiate.c:372) Aug 26 18:38:34.678451: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:34.678456: | spent 0.326 milliseconds in whack Aug 26 18:38:34.678414: | crypto helper 1 resuming Aug 26 18:38:34.678469: | crypto helper 1 starting work-order 1 for state #1 Aug 26 18:38:34.678473: | crypto helper 1 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 18:38:34.679401: | crypto helper 1 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000927 seconds Aug 26 18:38:34.679413: | (#1) spent 0.927 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 18:38:34.679416: | crypto helper 1 sending results from work-order 1 for state #1 to event queue Aug 26 18:38:34.679419: | scheduling resume sending helper answer for #1 Aug 26 18:38:34.679421: | libevent_malloc: new ptr-libevent@0x7fbf50002888 size 128 Aug 26 18:38:34.679428: | crypto helper 1 waiting (nothing to do) Aug 26 18:38:34.679438: | processing resume sending helper answer for #1 Aug 26 18:38:34.679449: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:38:34.679455: | crypto helper 1 replies to request ID 1 Aug 26 18:38:34.679458: | calling continuation function 0x55d3cd45db50 Aug 26 18:38:34.679461: | ikev2_parent_outI1_continue for #1 Aug 26 18:38:34.679495: | **emit ISAKMP Message: Aug 26 18:38:34.679499: | initiator cookie: Aug 26 18:38:34.679501: | ec 6c 1e 62 86 78 8d 28 Aug 26 18:38:34.679504: | responder cookie: Aug 26 18:38:34.679506: | 00 00 00 00 00 00 00 00 Aug 26 18:38:34.679510: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:34.679513: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:34.679516: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:38:34.679519: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:38:34.679522: | Message ID: 0 (0x0) Aug 26 18:38:34.679525: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:34.679542: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:34.679550: | Emitting ikev2_proposals ... Aug 26 18:38:34.679553: | ***emit IKEv2 Security Association Payload: Aug 26 18:38:34.679557: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.679560: | flags: none (0x0) Aug 26 18:38:34.679564: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:38:34.679568: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.679572: | discarding INTEG=NONE Aug 26 18:38:34.679575: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.679578: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:34.679580: | prop #: 1 (0x1) Aug 26 18:38:34.679583: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:34.679585: | spi size: 0 (0x0) Aug 26 18:38:34.679588: | # transforms: 11 (0xb) Aug 26 18:38:34.679591: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:34.679594: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679596: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679599: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.679600: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:34.679602: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679604: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.679606: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.679608: | length/value: 256 (0x100) Aug 26 18:38:34.679610: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:34.679612: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679613: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679615: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.679616: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:34.679618: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679620: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679622: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679624: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679625: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679627: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.679628: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:34.679630: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679632: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679634: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679635: | discarding INTEG=NONE Aug 26 18:38:34.679637: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679638: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679640: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.679644: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.679646: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679648: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679650: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679651: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679653: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679654: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.679656: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:34.679659: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679662: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679665: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679667: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679670: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679672: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.679675: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:34.679678: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679681: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679684: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679687: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679689: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679692: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.679695: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:34.679698: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679701: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679704: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679707: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679710: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679712: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.679715: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:34.679718: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679721: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679723: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679726: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679729: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679731: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.679734: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:34.679737: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679740: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679743: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679748: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679751: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679753: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.679756: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:34.679759: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679762: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679765: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679768: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679770: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.679773: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.679775: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:34.679777: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679778: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679780: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679782: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:38:34.679784: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:34.679785: | discarding INTEG=NONE Aug 26 18:38:34.679787: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.679789: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:34.679790: | prop #: 2 (0x2) Aug 26 18:38:34.679792: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:34.679793: | spi size: 0 (0x0) Aug 26 18:38:34.679795: | # transforms: 11 (0xb) Aug 26 18:38:34.679797: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:34.679799: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:34.679801: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679802: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679804: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.679805: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:34.679807: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679809: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.679810: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.679812: | length/value: 128 (0x80) Aug 26 18:38:34.679814: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:34.679815: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679817: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679818: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.679820: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:34.679822: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679824: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679825: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679827: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679829: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679830: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.679832: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:34.679840: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679842: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679844: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679845: | discarding INTEG=NONE Aug 26 18:38:34.679847: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679848: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679850: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.679851: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.679853: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679855: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679857: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679858: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679860: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679861: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.679863: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:34.679865: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679867: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679868: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679870: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679871: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679873: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.679875: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:34.679876: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679878: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679880: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679881: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679883: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679885: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.679886: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:34.679888: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679890: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679892: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679893: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679895: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679896: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.679898: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:34.679900: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679902: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679903: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679905: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679908: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679909: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.679911: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:34.679913: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679915: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679916: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679918: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679919: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679921: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.679922: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:34.679924: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679926: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679928: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679929: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679931: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.679932: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.679934: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:34.679936: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679938: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679939: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679941: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:38:34.679943: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:34.679945: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.679946: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:34.679948: | prop #: 3 (0x3) Aug 26 18:38:34.679949: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:34.679951: | spi size: 0 (0x0) Aug 26 18:38:34.679952: | # transforms: 13 (0xd) Aug 26 18:38:34.679954: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:34.679956: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:34.679958: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679959: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679961: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.679962: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:34.679964: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679966: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.679967: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.679969: | length/value: 256 (0x100) Aug 26 18:38:34.679971: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:34.679972: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679974: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679975: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.679977: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:34.679979: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679983: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679985: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679987: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.679988: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679990: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.679991: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:34.679993: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.679995: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.679997: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.679998: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680000: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680001: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:34.680003: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:38:34.680005: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680007: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680008: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680010: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680011: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680013: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:34.680015: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:34.680016: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680018: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680020: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680021: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680023: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680025: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.680026: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.680028: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680030: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680031: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680033: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680035: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680036: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.680038: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:34.680040: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680041: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680043: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680044: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680046: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680048: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.680050: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:34.680052: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680054: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680055: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680057: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680059: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680060: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.680062: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:34.680064: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680065: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680067: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680069: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680070: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680072: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.680073: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:34.680075: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680077: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680079: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680080: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680082: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680083: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.680085: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:34.680087: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680089: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680090: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680092: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680093: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680095: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.680096: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:34.680098: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680100: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680102: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680103: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680105: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.680106: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.680108: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:34.680110: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680112: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680118: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680122: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:38:34.680124: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:34.680126: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.680129: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:34.680131: | prop #: 4 (0x4) Aug 26 18:38:34.680133: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:34.680135: | spi size: 0 (0x0) Aug 26 18:38:34.680137: | # transforms: 13 (0xd) Aug 26 18:38:34.680140: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:38:34.680143: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:34.680145: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680147: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680150: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.680152: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:34.680154: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680157: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.680159: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.680161: | length/value: 128 (0x80) Aug 26 18:38:34.680164: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:34.680166: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680168: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680171: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.680173: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:34.680176: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680178: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680181: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680183: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680185: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680188: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.680190: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:38:34.680193: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680195: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680198: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680200: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680203: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680205: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:34.680207: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:38:34.680210: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680213: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680215: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680218: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680220: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680222: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:34.680225: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:34.680229: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680232: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680234: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680237: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680239: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680241: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.680243: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.680247: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680249: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680252: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680254: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680256: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680258: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.680261: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:38:34.680264: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680266: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680269: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680272: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680274: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680276: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.680278: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:38:34.680281: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680284: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680287: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680319: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680322: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680325: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.680327: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:38:34.680330: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680333: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680335: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680338: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680340: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680343: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.680345: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:38:34.680348: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680351: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680354: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680356: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680362: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680365: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.680367: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:38:34.680370: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680373: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680376: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680378: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680380: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680383: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.680386: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:38:34.680390: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680393: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680397: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680400: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.680403: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.680406: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.680409: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:38:34.680413: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.680416: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.680419: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.680422: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:38:34.680426: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:34.680429: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:38:34.680432: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:38:34.680434: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:38:34.680438: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.680440: | flags: none (0x0) Aug 26 18:38:34.680442: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.680446: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:38:34.680449: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.680453: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:38:34.680457: | ikev2 g^x 3f 3d 7b 00 e2 2d b4 d8 64 33 31 65 08 dd c0 fe Aug 26 18:38:34.680459: | ikev2 g^x 1e 1a 5c 24 ee 1b dc 0f dd 95 b0 91 1c da 98 86 Aug 26 18:38:34.680462: | ikev2 g^x e8 7b 8e 8f 40 3f 78 8e f0 6d 8a 62 6f 91 cc a6 Aug 26 18:38:34.680464: | ikev2 g^x a3 10 0c a4 a3 33 f8 b0 ad f9 e8 38 c1 21 f0 47 Aug 26 18:38:34.680467: | ikev2 g^x a9 08 1c b3 0e 60 22 fb 99 08 39 4e 0e 7c 26 1c Aug 26 18:38:34.680469: | ikev2 g^x dd 2a cf 44 07 e3 a9 ea 75 87 b2 2b bb d8 d8 98 Aug 26 18:38:34.680472: | ikev2 g^x e1 10 da 8a 0b 9e 88 21 77 de d0 a9 ee c6 19 7a Aug 26 18:38:34.680474: | ikev2 g^x 1c ed 9d 03 29 7b ad 96 c1 e9 8a da 2e dd ef 4b Aug 26 18:38:34.680477: | ikev2 g^x 14 ce 47 73 56 9f 6e 58 1d 8b 02 d2 9f 32 25 56 Aug 26 18:38:34.680479: | ikev2 g^x 1f b1 a4 99 7e 66 00 88 5d e5 c2 eb 01 f3 df 18 Aug 26 18:38:34.680481: | ikev2 g^x 87 8c 5b 1e 29 a8 e7 93 fa ff 54 ce 8e a9 9a 2e Aug 26 18:38:34.680486: | ikev2 g^x 66 80 be a8 97 b1 8a b4 9c 6f 9a b4 35 3a 6a 94 Aug 26 18:38:34.680489: | ikev2 g^x 3a ee 26 02 27 92 42 53 e0 c8 03 33 0f 4b 60 65 Aug 26 18:38:34.680492: | ikev2 g^x 47 7e 56 0a 91 69 f9 65 ca 70 0d cd 9b 74 a3 7b Aug 26 18:38:34.680495: | ikev2 g^x 38 a4 ec 5f 45 ed e0 04 02 95 dc 6c 1c 57 48 de Aug 26 18:38:34.680498: | ikev2 g^x f7 73 90 a4 b1 ee aa 4a 14 75 02 ee 2e 56 35 34 Aug 26 18:38:34.680501: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:38:34.680505: | ***emit IKEv2 Nonce Payload: Aug 26 18:38:34.680508: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:34.680510: | flags: none (0x0) Aug 26 18:38:34.680514: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:38:34.680517: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:38:34.680520: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.680523: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:38:34.680526: | IKEv2 nonce 2a 5a a4 e2 f1 80 6d 06 b1 d8 4f 70 dd 48 05 3f Aug 26 18:38:34.680528: | IKEv2 nonce 7e 06 ec d0 d0 f6 72 99 28 29 80 8c 37 53 bc a7 Aug 26 18:38:34.680531: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:38:34.680533: | Adding a v2N Payload Aug 26 18:38:34.680536: | ***emit IKEv2 Notify Payload: Aug 26 18:38:34.680538: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.680541: | flags: none (0x0) Aug 26 18:38:34.680543: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.680545: | SPI size: 0 (0x0) Aug 26 18:38:34.680547: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:38:34.680550: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:34.680552: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.680555: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:38:34.680558: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:38:34.680560: | natd_hash: rcookie is zero Aug 26 18:38:34.680575: | natd_hash: hasher=0x55d3cd532800(20) Aug 26 18:38:34.680578: | natd_hash: icookie= ec 6c 1e 62 86 78 8d 28 Aug 26 18:38:34.680581: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:38:34.680583: | natd_hash: ip= c0 01 03 d1 Aug 26 18:38:34.680585: | natd_hash: port=500 Aug 26 18:38:34.680588: | natd_hash: hash= 32 73 79 92 f1 7e 33 d2 d1 15 af 68 24 9d 45 a6 Aug 26 18:38:34.680590: | natd_hash: hash= bc bf 92 9d Aug 26 18:38:34.680592: | Adding a v2N Payload Aug 26 18:38:34.680595: | ***emit IKEv2 Notify Payload: Aug 26 18:38:34.680597: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.680599: | flags: none (0x0) Aug 26 18:38:34.680602: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.680604: | SPI size: 0 (0x0) Aug 26 18:38:34.680607: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:34.680610: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:34.680612: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.680615: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:34.680618: | Notify data 32 73 79 92 f1 7e 33 d2 d1 15 af 68 24 9d 45 a6 Aug 26 18:38:34.680620: | Notify data bc bf 92 9d Aug 26 18:38:34.680623: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:34.680625: | natd_hash: rcookie is zero Aug 26 18:38:34.680631: | natd_hash: hasher=0x55d3cd532800(20) Aug 26 18:38:34.680634: | natd_hash: icookie= ec 6c 1e 62 86 78 8d 28 Aug 26 18:38:34.680637: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:38:34.680642: | natd_hash: ip= c0 01 02 17 Aug 26 18:38:34.680644: | natd_hash: port=500 Aug 26 18:38:34.680647: | natd_hash: hash= e4 a8 b4 a3 3f fe 2a a1 1c 55 c9 22 b9 41 86 84 Aug 26 18:38:34.680650: | natd_hash: hash= ed 4b 6c 65 Aug 26 18:38:34.680652: | Adding a v2N Payload Aug 26 18:38:34.680655: | ***emit IKEv2 Notify Payload: Aug 26 18:38:34.680658: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.680660: | flags: none (0x0) Aug 26 18:38:34.680663: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.680666: | SPI size: 0 (0x0) Aug 26 18:38:34.680669: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:34.680672: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:34.680675: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.680678: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:38:34.680681: | Notify data e4 a8 b4 a3 3f fe 2a a1 1c 55 c9 22 b9 41 86 84 Aug 26 18:38:34.680684: | Notify data ed 4b 6c 65 Aug 26 18:38:34.680687: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:38:34.680689: | emitting length of ISAKMP Message: 828 Aug 26 18:38:34.680701: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:38:34.680712: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:34.680717: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:38:34.680721: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:38:34.680725: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:38:34.680728: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 18:38:34.680731: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 18:38:34.680737: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:38:34.680742: "road-eastnet"[1] 192.1.2.23 #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:38:34.680758: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) Aug 26 18:38:34.680769: | sending 828 bytes for STATE_PARENT_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Aug 26 18:38:34.680773: | ec 6c 1e 62 86 78 8d 28 00 00 00 00 00 00 00 00 Aug 26 18:38:34.680775: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:38:34.680778: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:38:34.680779: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:38:34.680781: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:38:34.680782: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:38:34.680784: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:38:34.680785: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:38:34.680787: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:38:34.680788: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:38:34.680790: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:38:34.680791: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:38:34.680793: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:38:34.680794: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:38:34.680796: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:38:34.680797: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:38:34.680799: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:38:34.680800: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:38:34.680802: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:38:34.680805: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:38:34.680806: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:38:34.680808: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:38:34.680809: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:38:34.680811: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:38:34.680812: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:38:34.680814: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:38:34.680815: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:38:34.680817: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:38:34.680818: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:38:34.680820: | 28 00 01 08 00 0e 00 00 3f 3d 7b 00 e2 2d b4 d8 Aug 26 18:38:34.680821: | 64 33 31 65 08 dd c0 fe 1e 1a 5c 24 ee 1b dc 0f Aug 26 18:38:34.680823: | dd 95 b0 91 1c da 98 86 e8 7b 8e 8f 40 3f 78 8e Aug 26 18:38:34.680824: | f0 6d 8a 62 6f 91 cc a6 a3 10 0c a4 a3 33 f8 b0 Aug 26 18:38:34.680826: | ad f9 e8 38 c1 21 f0 47 a9 08 1c b3 0e 60 22 fb Aug 26 18:38:34.680827: | 99 08 39 4e 0e 7c 26 1c dd 2a cf 44 07 e3 a9 ea Aug 26 18:38:34.680829: | 75 87 b2 2b bb d8 d8 98 e1 10 da 8a 0b 9e 88 21 Aug 26 18:38:34.680830: | 77 de d0 a9 ee c6 19 7a 1c ed 9d 03 29 7b ad 96 Aug 26 18:38:34.680832: | c1 e9 8a da 2e dd ef 4b 14 ce 47 73 56 9f 6e 58 Aug 26 18:38:34.680833: | 1d 8b 02 d2 9f 32 25 56 1f b1 a4 99 7e 66 00 88 Aug 26 18:38:34.680835: | 5d e5 c2 eb 01 f3 df 18 87 8c 5b 1e 29 a8 e7 93 Aug 26 18:38:34.680836: | fa ff 54 ce 8e a9 9a 2e 66 80 be a8 97 b1 8a b4 Aug 26 18:38:34.680837: | 9c 6f 9a b4 35 3a 6a 94 3a ee 26 02 27 92 42 53 Aug 26 18:38:34.680839: | e0 c8 03 33 0f 4b 60 65 47 7e 56 0a 91 69 f9 65 Aug 26 18:38:34.680840: | ca 70 0d cd 9b 74 a3 7b 38 a4 ec 5f 45 ed e0 04 Aug 26 18:38:34.680842: | 02 95 dc 6c 1c 57 48 de f7 73 90 a4 b1 ee aa 4a Aug 26 18:38:34.680843: | 14 75 02 ee 2e 56 35 34 29 00 00 24 2a 5a a4 e2 Aug 26 18:38:34.680845: | f1 80 6d 06 b1 d8 4f 70 dd 48 05 3f 7e 06 ec d0 Aug 26 18:38:34.680846: | d0 f6 72 99 28 29 80 8c 37 53 bc a7 29 00 00 08 Aug 26 18:38:34.680848: | 00 00 40 2e 29 00 00 1c 00 00 40 04 32 73 79 92 Aug 26 18:38:34.680849: | f1 7e 33 d2 d1 15 af 68 24 9d 45 a6 bc bf 92 9d Aug 26 18:38:34.680851: | 00 00 00 1c 00 00 40 05 e4 a8 b4 a3 3f fe 2a a1 Aug 26 18:38:34.680852: | 1c 55 c9 22 b9 41 86 84 ed 4b 6c 65 Aug 26 18:38:34.680876: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:38:34.680880: | libevent_free: release ptr-libevent@0x55d3cdfcab88 Aug 26 18:38:34.680882: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d3ce01eb08 Aug 26 18:38:34.680884: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:38:34.680887: | event_schedule: new EVENT_RETRANSMIT-pe@0x55d3ce01eb08 Aug 26 18:38:34.680889: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 18:38:34.680891: | libevent_malloc: new ptr-libevent@0x55d3cdfcab88 size 128 Aug 26 18:38:34.680895: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 30000.423353 Aug 26 18:38:34.680898: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 18:38:34.680902: | #1 spent 1.42 milliseconds in resume sending helper answer Aug 26 18:38:34.680905: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:38:34.680907: | libevent_free: release ptr-libevent@0x7fbf50002888 Aug 26 18:38:34.684272: | spent 0.00272 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:34.684303: | *received 432 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) Aug 26 18:38:34.684309: | ec 6c 1e 62 86 78 8d 28 49 14 94 7c 33 bc ab d4 Aug 26 18:38:34.684315: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 18:38:34.684318: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 18:38:34.684320: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 18:38:34.684323: | 04 00 00 0e 28 00 01 08 00 0e 00 00 21 49 75 01 Aug 26 18:38:34.684325: | e2 17 97 48 46 42 d7 e8 f5 b7 e1 75 8c d3 3b 6f Aug 26 18:38:34.684328: | a4 e1 af c6 74 d3 ee 00 a5 07 97 f1 9a 62 ab 4a Aug 26 18:38:34.684330: | e2 79 b3 d7 f4 f6 39 3b a4 db c9 8f ba 45 c4 2b Aug 26 18:38:34.684333: | 7b 77 83 d7 59 30 db ab 9a 89 15 7c 35 04 5d 71 Aug 26 18:38:34.684335: | 5d 98 4c 92 c6 15 a7 ea bc 2a 60 6a 75 d0 6c 6f Aug 26 18:38:34.684338: | 35 d4 06 7c 4a f2 38 e0 3d 06 9c cd 79 69 5b a5 Aug 26 18:38:34.684341: | 15 60 17 65 0c 00 1a 0c 94 1f f5 18 26 29 97 db Aug 26 18:38:34.684344: | f6 1d 8f 5a 9c e1 63 df d0 28 4e d3 47 9f 17 55 Aug 26 18:38:34.684346: | e4 1e ba 09 4f a1 9d 1f 06 ff 2e 16 6b f2 89 a3 Aug 26 18:38:34.684349: | 7a b1 57 de 5a 55 dd d2 b0 f4 e9 34 64 4c be b8 Aug 26 18:38:34.684352: | 6f a8 3a 4b 15 64 f8 e1 93 67 3a 36 a4 17 ab 9d Aug 26 18:38:34.684354: | 20 4d 50 c0 9a dd 7e 6b 24 59 b3 6c 01 71 6c 90 Aug 26 18:38:34.684357: | ba 98 88 a4 a5 e7 74 4c 38 77 db 15 ca 37 37 aa Aug 26 18:38:34.684360: | 1b 72 d8 08 9d 8b f2 ef 1f 59 74 a8 aa 35 1d 24 Aug 26 18:38:34.684362: | 06 03 5d 9d bd ed b2 08 1a 75 8f f7 20 f6 74 6c Aug 26 18:38:34.684365: | 28 17 4b 46 6b 60 07 68 a1 76 8e c1 29 00 00 24 Aug 26 18:38:34.684368: | 55 98 8d 06 11 ff 8a d3 fc 4a 51 72 c6 71 cd 0f Aug 26 18:38:34.684370: | 24 d7 e4 2f 5f 44 c3 5f 4a 7e 0e 20 c1 81 b4 22 Aug 26 18:38:34.684373: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 18:38:34.684376: | 5e 86 f9 70 f4 43 fc 90 fe 1e 30 1a 1f aa 64 67 Aug 26 18:38:34.684378: | eb c9 54 c4 00 00 00 1c 00 00 40 05 e2 3c fc 2d Aug 26 18:38:34.684381: | b6 fd 76 53 5e ac 83 c1 d0 1d 7c d2 c9 5d 10 a6 Aug 26 18:38:34.684387: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:38:34.684391: | **parse ISAKMP Message: Aug 26 18:38:34.684394: | initiator cookie: Aug 26 18:38:34.684397: | ec 6c 1e 62 86 78 8d 28 Aug 26 18:38:34.684399: | responder cookie: Aug 26 18:38:34.684402: | 49 14 94 7c 33 bc ab d4 Aug 26 18:38:34.684405: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:38:34.684408: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:34.684411: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:38:34.684414: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:38:34.684417: | Message ID: 0 (0x0) Aug 26 18:38:34.684421: | length: 432 (0x1b0) Aug 26 18:38:34.684424: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 18:38:34.684428: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 18:38:34.684434: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 18:38:34.684443: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:34.684449: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:38:34.684452: | #1 is idle Aug 26 18:38:34.684454: | #1 idle Aug 26 18:38:34.684457: | unpacking clear payload Aug 26 18:38:34.684460: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:38:34.684463: | ***parse IKEv2 Security Association Payload: Aug 26 18:38:34.684466: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:38:34.684469: | flags: none (0x0) Aug 26 18:38:34.684471: | length: 40 (0x28) Aug 26 18:38:34.684474: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 18:38:34.684477: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:38:34.684480: | ***parse IKEv2 Key Exchange Payload: Aug 26 18:38:34.684485: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:38:34.684487: | flags: none (0x0) Aug 26 18:38:34.684490: | length: 264 (0x108) Aug 26 18:38:34.684493: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.684495: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:38:34.684498: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:38:34.684501: | ***parse IKEv2 Nonce Payload: Aug 26 18:38:34.684503: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:34.684506: | flags: none (0x0) Aug 26 18:38:34.684508: | length: 36 (0x24) Aug 26 18:38:34.684511: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:38:34.684514: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:34.684516: | ***parse IKEv2 Notify Payload: Aug 26 18:38:34.684519: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:34.684522: | flags: none (0x0) Aug 26 18:38:34.684524: | length: 8 (0x8) Aug 26 18:38:34.684527: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.684529: | SPI size: 0 (0x0) Aug 26 18:38:34.684532: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:38:34.684535: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:38:34.684538: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:34.684540: | ***parse IKEv2 Notify Payload: Aug 26 18:38:34.684543: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:34.684546: | flags: none (0x0) Aug 26 18:38:34.684548: | length: 28 (0x1c) Aug 26 18:38:34.684551: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.684553: | SPI size: 0 (0x0) Aug 26 18:38:34.684556: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:38:34.684559: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:34.684561: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:34.684564: | ***parse IKEv2 Notify Payload: Aug 26 18:38:34.684567: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.684569: | flags: none (0x0) Aug 26 18:38:34.684572: | length: 28 (0x1c) Aug 26 18:38:34.684574: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.684577: | SPI size: 0 (0x0) Aug 26 18:38:34.684580: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:38:34.684582: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:38:34.684585: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 18:38:34.684592: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:38:34.684595: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:38:34.684598: | Now let's proceed with state specific processing Aug 26 18:38:34.684601: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:38:34.684605: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 18:38:34.684622: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:38:34.684626: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 18:38:34.684630: | local proposal 1 type ENCR has 1 transforms Aug 26 18:38:34.684633: | local proposal 1 type PRF has 2 transforms Aug 26 18:38:34.684636: | local proposal 1 type INTEG has 1 transforms Aug 26 18:38:34.684639: | local proposal 1 type DH has 8 transforms Aug 26 18:38:34.684641: | local proposal 1 type ESN has 0 transforms Aug 26 18:38:34.684646: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:38:34.684649: | local proposal 2 type ENCR has 1 transforms Aug 26 18:38:34.684652: | local proposal 2 type PRF has 2 transforms Aug 26 18:38:34.684654: | local proposal 2 type INTEG has 1 transforms Aug 26 18:38:34.684657: | local proposal 2 type DH has 8 transforms Aug 26 18:38:34.684660: | local proposal 2 type ESN has 0 transforms Aug 26 18:38:34.684663: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:38:34.684665: | local proposal 3 type ENCR has 1 transforms Aug 26 18:38:34.684668: | local proposal 3 type PRF has 2 transforms Aug 26 18:38:34.684671: | local proposal 3 type INTEG has 2 transforms Aug 26 18:38:34.684673: | local proposal 3 type DH has 8 transforms Aug 26 18:38:34.684676: | local proposal 3 type ESN has 0 transforms Aug 26 18:38:34.684679: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:38:34.684682: | local proposal 4 type ENCR has 1 transforms Aug 26 18:38:34.684685: | local proposal 4 type PRF has 2 transforms Aug 26 18:38:34.684687: | local proposal 4 type INTEG has 2 transforms Aug 26 18:38:34.684690: | local proposal 4 type DH has 8 transforms Aug 26 18:38:34.684693: | local proposal 4 type ESN has 0 transforms Aug 26 18:38:34.684696: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:38:34.684699: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.684702: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:34.684704: | length: 36 (0x24) Aug 26 18:38:34.684707: | prop #: 1 (0x1) Aug 26 18:38:34.684709: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:38:34.684712: | spi size: 0 (0x0) Aug 26 18:38:34.684714: | # transforms: 3 (0x3) Aug 26 18:38:34.684718: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:38:34.684721: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.684724: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.684726: | length: 12 (0xc) Aug 26 18:38:34.684729: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.684732: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:38:34.684734: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.684737: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.684740: | length/value: 256 (0x100) Aug 26 18:38:34.684744: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:38:34.684747: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.684750: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.684752: | length: 8 (0x8) Aug 26 18:38:34.684755: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:38:34.684758: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:38:34.684761: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 18:38:34.684764: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.684767: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.684770: | length: 8 (0x8) Aug 26 18:38:34.684772: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:38:34.684775: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:38:34.684779: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:38:34.684783: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 18:38:34.684787: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 18:38:34.684790: | remote proposal 1 matches local proposal 1 Aug 26 18:38:34.684794: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 18:38:34.684796: | converting proposal to internal trans attrs Aug 26 18:38:34.684814: | natd_hash: hasher=0x55d3cd532800(20) Aug 26 18:38:34.684817: | natd_hash: icookie= ec 6c 1e 62 86 78 8d 28 Aug 26 18:38:34.684820: | natd_hash: rcookie= 49 14 94 7c 33 bc ab d4 Aug 26 18:38:34.684822: | natd_hash: ip= c0 01 03 d1 Aug 26 18:38:34.684825: | natd_hash: port=500 Aug 26 18:38:34.684828: | natd_hash: hash= c0 4c db 89 af fb 2a 22 be 0e fc f5 e4 19 eb dc Aug 26 18:38:34.684830: | natd_hash: hash= 17 18 e7 8c Aug 26 18:38:34.684836: | natd_hash: hasher=0x55d3cd532800(20) Aug 26 18:38:34.684839: | natd_hash: icookie= ec 6c 1e 62 86 78 8d 28 Aug 26 18:38:34.684842: | natd_hash: rcookie= 49 14 94 7c 33 bc ab d4 Aug 26 18:38:34.684844: | natd_hash: ip= c0 01 02 17 Aug 26 18:38:34.684847: | natd_hash: port=500 Aug 26 18:38:34.684849: | natd_hash: hash= 5e 86 f9 70 f4 43 fc 90 fe 1e 30 1a 1f aa 64 67 Aug 26 18:38:34.684852: | natd_hash: hash= eb c9 54 c4 Aug 26 18:38:34.684854: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:38:34.684857: | NAT_TRAVERSAL this end is behind NAT Aug 26 18:38:34.684859: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:38:34.684863: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 18:38:34.684869: | NAT: #1 floating local endpoint from 192.1.3.209:500 to 192.1.3.209:4500 using pluto_nat_port (in ikev2_parent_inR1outI2() at ikev2_parent.c:1695) Aug 26 18:38:34.684874: | NAT: #1 floating endpoint ended up on interface eth0 192.1.3.209:4500 Aug 26 18:38:34.684877: | NAT-T: #1 floating remote port from 500 to 4500 using pluto_nat_port (in ikev2_parent_inR1outI2() at ikev2_parent.c:1695) Aug 26 18:38:34.684883: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 18:38:34.684887: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 18:38:34.684890: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:38:34.684893: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 18:38:34.684897: | libevent_free: release ptr-libevent@0x55d3cdfcab88 Aug 26 18:38:34.684900: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55d3ce01eb08 Aug 26 18:38:34.684904: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d3ce01eb08 Aug 26 18:38:34.684907: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:38:34.684911: | libevent_malloc: new ptr-libevent@0x55d3ce01e7f8 size 128 Aug 26 18:38:34.684921: | #1 spent 0.315 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 18:38:34.684927: | crypto helper 6 resuming Aug 26 18:38:34.684942: | crypto helper 6 starting work-order 2 for state #1 Aug 26 18:38:34.684948: | crypto helper 6 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 18:38:34.684928: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:34.685384: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 18:38:34.685389: | suspending state #1 and saving MD Aug 26 18:38:34.685392: | #1 is busy; has a suspended MD Aug 26 18:38:34.685399: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:38:34.685404: | "road-eastnet"[1] 192.1.2.23 #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:38:34.685410: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:34.685417: | #1 spent 0.689 milliseconds in ikev2_process_packet() Aug 26 18:38:34.685422: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:38:34.685425: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:34.685428: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:34.685433: | spent 0.706 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:34.685941: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 18:38:34.686306: | crypto helper 6 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001358 seconds Aug 26 18:38:34.686321: | (#1) spent 1.33 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 18:38:34.686325: | crypto helper 6 sending results from work-order 2 for state #1 to event queue Aug 26 18:38:34.686328: | scheduling resume sending helper answer for #1 Aug 26 18:38:34.686332: | libevent_malloc: new ptr-libevent@0x7fbf48000f48 size 128 Aug 26 18:38:34.686342: | crypto helper 6 waiting (nothing to do) Aug 26 18:38:34.686354: | processing resume sending helper answer for #1 Aug 26 18:38:34.686363: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:38:34.686367: | crypto helper 6 replies to request ID 2 Aug 26 18:38:34.686370: | calling continuation function 0x55d3cd45db50 Aug 26 18:38:34.686373: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 18:38:34.686382: | creating state object #2 at 0x55d3ce0216d8 Aug 26 18:38:34.686386: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 18:38:34.686390: | pstats #2 ikev2.child started Aug 26 18:38:34.686395: | duplicating state object #1 "road-eastnet"[1] 192.1.2.23 as #2 for IPSEC SA Aug 26 18:38:34.686400: | #2 setting local endpoint to 192.1.3.209:4500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:38:34.686407: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:38:34.686412: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 18:38:34.686417: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 18:38:34.686421: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:38:34.686424: | libevent_free: release ptr-libevent@0x55d3ce01e7f8 Aug 26 18:38:34.686426: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d3ce01eb08 Aug 26 18:38:34.686428: | event_schedule: new EVENT_SA_REPLACE-pe@0x55d3ce01eb08 Aug 26 18:38:34.686430: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 18:38:34.686432: | libevent_malloc: new ptr-libevent@0x55d3ce01e7f8 size 128 Aug 26 18:38:34.686435: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 18:38:34.686439: | **emit ISAKMP Message: Aug 26 18:38:34.686441: | initiator cookie: Aug 26 18:38:34.686443: | ec 6c 1e 62 86 78 8d 28 Aug 26 18:38:34.686445: | responder cookie: Aug 26 18:38:34.686446: | 49 14 94 7c 33 bc ab d4 Aug 26 18:38:34.686448: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:38:34.686450: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:34.686452: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:38:34.686454: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:38:34.686456: | Message ID: 1 (0x1) Aug 26 18:38:34.686458: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:38:34.686460: | ***emit IKEv2 Encryption Payload: Aug 26 18:38:34.686462: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.686463: | flags: none (0x0) Aug 26 18:38:34.686465: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:38:34.686468: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.686471: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:38:34.686481: | IKEv2 CERT: send a certificate? Aug 26 18:38:34.686485: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 18:38:34.686488: | IDr payload will NOT be sent Aug 26 18:38:34.686505: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 18:38:34.686509: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.686512: | flags: none (0x0) Aug 26 18:38:34.686515: | ID type: ID_IPV4_ADDR (0x1) Aug 26 18:38:34.686518: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 18:38:34.686521: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.686525: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 18:38:34.686528: | my identity c0 01 03 d1 Aug 26 18:38:34.686531: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 18:38:34.686539: | not sending INITIAL_CONTACT Aug 26 18:38:34.686543: | ****emit IKEv2 Authentication Payload: Aug 26 18:38:34.686546: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.686549: | flags: none (0x0) Aug 26 18:38:34.686552: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:38:34.686555: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 18:38:34.686558: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.686562: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Aug 26 18:38:34.686568: | started looking for secret for 192.1.3.209->192.1.2.23 of kind PKK_PSK Aug 26 18:38:34.686573: | actually looking for secret for 192.1.3.209->192.1.2.23 of kind PKK_PSK Aug 26 18:38:34.686579: | line 1: key type PKK_PSK(192.1.3.209) to type PKK_PSK Aug 26 18:38:34.686584: | 1: compared key (none) to 192.1.3.209 / 192.1.2.23 -> 002 Aug 26 18:38:34.686587: | 2: compared key (none) to 192.1.3.209 / 192.1.2.23 -> 002 Aug 26 18:38:34.686590: | line 1: match=002 Aug 26 18:38:34.686594: | match 002 beats previous best_match 000 match=0x55d3cdf29c48 (line=1) Aug 26 18:38:34.686597: | concluding with best_match=002 best=0x55d3cdf29c48 (lineno=1) Aug 26 18:38:34.686654: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 18:38:34.686659: | PSK auth a4 61 39 23 5b 51 6f 1a df a0 f8 d6 61 80 f5 48 Aug 26 18:38:34.686662: | PSK auth 15 79 28 ae 2a 05 41 db 31 65 63 e4 7d 32 dc 61 Aug 26 18:38:34.686664: | PSK auth 7d 8b 3a f6 87 a3 c8 1a 16 10 2d b4 7e 47 bc 01 Aug 26 18:38:34.686667: | PSK auth 34 1a 6b 29 16 15 8c 28 6c 69 24 8f 2c 9a 2a ac Aug 26 18:38:34.686670: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 18:38:34.686673: | Send Configuration Payload request Aug 26 18:38:34.686675: | ****emit IKEv2 Configuration Payload: Aug 26 18:38:34.686678: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:38:34.686681: | flags: none (0x0) Aug 26 18:38:34.686684: | ikev2_cfg_type: IKEv2_CP_CFG_REQUEST (0x1) Aug 26 18:38:34.686687: | next payload chain: ignoring supplied 'IKEv2 Configuration Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Aug 26 18:38:34.686690: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Configuration Payload (47:ISAKMP_NEXT_v2CP) Aug 26 18:38:34.686692: | next payload chain: saving location 'IKEv2 Configuration Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.686695: | *****emit IKEv2 Configuration Payload Attribute: Aug 26 18:38:34.686698: | Attribute Type: IKEv2_INTERNAL_IP4_ADDRESS (0x1) Aug 26 18:38:34.686700: | emitting length of IKEv2 Configuration Payload Attribute: 0 Aug 26 18:38:34.686703: | *****emit IKEv2 Configuration Payload Attribute: Aug 26 18:38:34.686706: | Attribute Type: IKEv2_INTERNAL_IP4_DNS (0x3) Aug 26 18:38:34.686708: | emitting length of IKEv2 Configuration Payload Attribute: 0 Aug 26 18:38:34.686710: | *****emit IKEv2 Configuration Payload Attribute: Aug 26 18:38:34.686715: | Attribute Type: IKEv2_INTERNAL_IP6_ADDRESS (0x8) Aug 26 18:38:34.686718: | emitting length of IKEv2 Configuration Payload Attribute: 0 Aug 26 18:38:34.686720: | *****emit IKEv2 Configuration Payload Attribute: Aug 26 18:38:34.686722: | Attribute Type: IKEv2_INTERNAL_IP6_DNS (0xa) Aug 26 18:38:34.686723: | emitting length of IKEv2 Configuration Payload Attribute: 0 Aug 26 18:38:34.686725: | *****emit IKEv2 Configuration Payload Attribute: Aug 26 18:38:34.686727: | Attribute Type: IKEv2_INTERNAL_DNS_DOMAIN (0x19) Aug 26 18:38:34.686728: | emitting length of IKEv2 Configuration Payload Attribute: 0 Aug 26 18:38:34.686730: | emitting length of IKEv2 Configuration Payload: 28 Aug 26 18:38:34.686731: | getting first pending from state #1 Aug 26 18:38:34.686752: | netlink_get_spi: allocated 0xf3efc53b for esp.0@192.1.3.209 Aug 26 18:38:34.686755: | constructing ESP/AH proposals with all DH removed for road-eastnet (IKE SA initiator emitting ESP/AH proposals) Aug 26 18:38:34.686759: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:38:34.686763: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:38:34.686767: "road-eastnet"[1] 192.1.2.23: constructed local ESP/AH proposals for road-eastnet (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:38:34.686775: | Emitting ikev2_proposals ... Aug 26 18:38:34.686778: | ****emit IKEv2 Security Association Payload: Aug 26 18:38:34.686781: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.686783: | flags: none (0x0) Aug 26 18:38:34.686786: | next payload chain: setting previous 'IKEv2 Configuration Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:38:34.686789: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.686791: | discarding DH=NONE Aug 26 18:38:34.686794: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.686797: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:34.686799: | prop #: 1 (0x1) Aug 26 18:38:34.686802: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:38:34.686804: | spi size: 4 (0x4) Aug 26 18:38:34.686806: | # transforms: 3 (0x3) Aug 26 18:38:34.686808: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:38:34.686811: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:38:34.686813: | our spi f3 ef c5 3b Aug 26 18:38:34.686816: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.686818: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.686820: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.686822: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:34.686825: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.686828: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.686831: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.686833: | length/value: 256 (0x100) Aug 26 18:38:34.686836: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:38:34.686838: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.686840: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.686843: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:34.686845: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:34.686848: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.686850: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.686853: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.686857: | discarding DH=NONE Aug 26 18:38:34.686860: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:38:34.686862: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.686864: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:38:34.686867: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:38:34.686870: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.686872: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:38:34.686875: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:38:34.686877: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:38:34.686880: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:38:34.686882: | emitting length of IKEv2 Security Association Payload: 44 Aug 26 18:38:34.686885: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:38:34.686888: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:38:34.686890: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.686893: | flags: none (0x0) Aug 26 18:38:34.686895: | number of TS: 1 (0x1) Aug 26 18:38:34.686898: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:38:34.686900: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.686903: | *****emit IKEv2 Traffic Selector: Aug 26 18:38:34.686905: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:38:34.686908: | IP Protocol ID: 0 (0x0) Aug 26 18:38:34.686910: | start port: 0 (0x0) Aug 26 18:38:34.686912: | end port: 65535 (0xffff) Aug 26 18:38:34.686915: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:38:34.686917: | ipv4 start c0 01 03 d1 Aug 26 18:38:34.686920: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:38:34.686922: | ipv4 end c0 01 03 d1 Aug 26 18:38:34.686925: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:38:34.686928: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:38:34.686930: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:38:34.686932: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.686935: | flags: none (0x0) Aug 26 18:38:34.686937: | number of TS: 1 (0x1) Aug 26 18:38:34.686940: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:38:34.686943: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.686945: | *****emit IKEv2 Traffic Selector: Aug 26 18:38:34.686948: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:38:34.686950: | IP Protocol ID: 0 (0x0) Aug 26 18:38:34.686952: | start port: 0 (0x0) Aug 26 18:38:34.686955: | end port: 65535 (0xffff) Aug 26 18:38:34.686958: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:38:34.686960: | ipv4 start 00 00 00 00 Aug 26 18:38:34.686962: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:38:34.686965: | ipv4 end ff ff ff ff Aug 26 18:38:34.686967: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:38:34.686969: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:38:34.686972: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 18:38:34.686974: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:38:34.686979: | Adding a v2N Payload Aug 26 18:38:34.686982: | ****emit IKEv2 Notify Payload: Aug 26 18:38:34.686985: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.686986: | flags: none (0x0) Aug 26 18:38:34.686988: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.686990: | SPI size: 0 (0x0) Aug 26 18:38:34.686992: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 18:38:34.686994: | next payload chain: setting previous 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:38:34.686996: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:38:34.686998: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:38:34.687000: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:38:34.687002: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:38:34.687004: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:38:34.687006: | emitting length of IKEv2 Encryption Payload: 241 Aug 26 18:38:34.687007: | emitting length of ISAKMP Message: 269 Aug 26 18:38:34.687024: | suspend processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:34.687029: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:34.687034: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 18:38:34.687038: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 18:38:34.687041: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 18:38:34.687044: | Message ID: updating counters for #2 to 0 after switching state Aug 26 18:38:34.687050: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 18:38:34.687055: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 18:38:34.687061: "road-eastnet"[1] 192.1.2.23 #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 18:38:34.687073: | sending V2 reply packet to 192.1.2.23:4500 (from 192.1.3.209:4500) Aug 26 18:38:34.687080: | sending 273 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:4500 to 192.1.2.23:4500 (using #1) Aug 26 18:38:34.687083: | 00 00 00 00 ec 6c 1e 62 86 78 8d 28 49 14 94 7c Aug 26 18:38:34.687086: | 33 bc ab d4 2e 20 23 08 00 00 00 01 00 00 01 0d Aug 26 18:38:34.687088: | 23 00 00 f1 9e 17 e1 fe 79 a3 fb f3 a7 b8 c9 d7 Aug 26 18:38:34.687091: | 4f c2 e8 b4 eb 4b f9 68 d4 5b e8 fe 13 14 38 22 Aug 26 18:38:34.687093: | 09 0b dd 2b bb 86 1b f7 d3 19 77 8d aa f6 60 ef Aug 26 18:38:34.687096: | b2 f1 2a 36 91 f5 60 cc 3e 99 46 3d ca f1 23 04 Aug 26 18:38:34.687098: | e1 9c 83 73 1e ab 4d 55 d3 71 85 ca c5 41 09 dd Aug 26 18:38:34.687101: | fa de 20 c7 15 c7 23 ed e1 e1 52 81 6d 98 9d c0 Aug 26 18:38:34.687104: | 9c df 55 72 ec 0c de 9b 6d 02 d5 99 3a 7e 83 34 Aug 26 18:38:34.687106: | f7 dc 7b 0f 53 6d 40 49 51 61 57 5a 40 a0 af 10 Aug 26 18:38:34.687109: | 15 cb 68 76 e1 38 a2 72 c4 dd 78 05 e5 3f 88 7f Aug 26 18:38:34.687111: | 40 a2 10 60 c3 4e 0d 79 b7 c5 04 c7 cd f6 8c 6b Aug 26 18:38:34.687114: | 31 4e 9d f2 78 f6 33 5b 59 26 df ec c0 21 ca ae Aug 26 18:38:34.687116: | 14 3c 91 b1 b3 a2 32 d5 41 d4 91 b6 e2 54 e5 e2 Aug 26 18:38:34.687119: | 80 fd cc 04 2d 53 e4 ca dc 6c 0c 6c c8 92 fa 69 Aug 26 18:38:34.687121: | 19 13 70 4b 2b 9f da 8e 13 95 9f 7c de f2 80 cb Aug 26 18:38:34.687124: | 1b 64 36 b1 a4 5c 8e 7a ec 44 bc d1 fe c7 15 23 Aug 26 18:38:34.687129: | da Aug 26 18:38:34.687190: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:38:34.687195: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fbf50002b78 Aug 26 18:38:34.687199: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Aug 26 18:38:34.687203: | libevent_malloc: new ptr-libevent@0x55d3ce01e9a8 size 128 Aug 26 18:38:34.687208: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 30000.429661 Aug 26 18:38:34.687212: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:38:34.687218: | #1 spent 0.819 milliseconds in resume sending helper answer Aug 26 18:38:34.687224: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:38:34.687228: | libevent_free: release ptr-libevent@0x7fbf48000f48 Aug 26 18:38:34.734457: | spent 0.00276 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:38:34.734482: | *received 257 bytes from 192.1.2.23:4500 on eth0 (192.1.3.209:4500) Aug 26 18:38:34.734486: | ec 6c 1e 62 86 78 8d 28 49 14 94 7c 33 bc ab d4 Aug 26 18:38:34.734489: | 2e 20 23 20 00 00 00 01 00 00 01 01 29 00 00 e5 Aug 26 18:38:34.734491: | dd 46 8c 2b 42 4f ff d3 55 7c b3 29 26 2d 84 66 Aug 26 18:38:34.734494: | 54 63 f6 b3 97 b8 d3 ba 7a be 10 e2 27 2c b7 26 Aug 26 18:38:34.734496: | 1b 27 fa 6e a3 f0 f9 d1 6a 20 18 36 c0 91 05 54 Aug 26 18:38:34.734499: | 14 2d 3a f9 8b e1 65 53 94 1c 71 88 fd 56 01 99 Aug 26 18:38:34.734502: | 71 cc b5 85 a9 68 51 1e f5 f2 0b e2 a4 28 1a c3 Aug 26 18:38:34.734504: | ce 3f ef be 9c 85 d8 c0 fb db 42 14 21 45 b4 d3 Aug 26 18:38:34.734507: | 49 2e 8c 18 67 2f b2 6b 35 99 62 64 37 18 5a d7 Aug 26 18:38:34.734510: | f9 59 96 20 67 5e 3d 3a ee 61 0b 9a 67 14 ea 73 Aug 26 18:38:34.734512: | 17 c4 24 42 77 a6 71 69 83 c9 f2 ea a2 a4 00 f4 Aug 26 18:38:34.734515: | 3f 91 51 a7 73 0b 59 db 44 5c 00 5c e9 1c 40 17 Aug 26 18:38:34.734517: | 09 f8 3e 8e 4c 5a a1 49 66 9f 00 85 1f e1 9c 06 Aug 26 18:38:34.734520: | 17 27 1e 1e 1a 92 94 7c 9a 84 2e d9 74 89 52 d0 Aug 26 18:38:34.734523: | ca 1c 53 28 ff d5 00 cf 78 8b 25 09 57 71 df c5 Aug 26 18:38:34.734525: | 2b e3 59 15 31 cf 05 61 e9 d6 6d f3 0f 41 0e 9c Aug 26 18:38:34.734528: | 55 Aug 26 18:38:34.734533: | start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378) Aug 26 18:38:34.734538: | **parse ISAKMP Message: Aug 26 18:38:34.734541: | initiator cookie: Aug 26 18:38:34.734544: | ec 6c 1e 62 86 78 8d 28 Aug 26 18:38:34.734547: | responder cookie: Aug 26 18:38:34.734550: | 49 14 94 7c 33 bc ab d4 Aug 26 18:38:34.734553: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:38:34.734556: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:38:34.734559: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:38:34.734563: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:38:34.734566: | Message ID: 1 (0x1) Aug 26 18:38:34.734569: | length: 257 (0x101) Aug 26 18:38:34.734572: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:38:34.734576: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:38:34.734581: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:38:34.734589: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:38:34.734593: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:38:34.734599: | suspend processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:38:34.734605: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:38:34.734611: | #2 is idle Aug 26 18:38:34.734614: | #2 idle Aug 26 18:38:34.734617: | unpacking clear payload Aug 26 18:38:34.734620: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:38:34.734623: | ***parse IKEv2 Encryption Payload: Aug 26 18:38:34.734627: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:38:34.734630: | flags: none (0x0) Aug 26 18:38:34.734632: | length: 229 (0xe5) Aug 26 18:38:34.734635: | processing payload: ISAKMP_NEXT_v2SK (len=225) Aug 26 18:38:34.734638: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:38:34.734654: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 18:38:34.734658: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:38:34.734662: | **parse IKEv2 Notify Payload: Aug 26 18:38:34.734665: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:38:34.734668: | flags: none (0x0) Aug 26 18:38:34.734670: | length: 8 (0x8) Aug 26 18:38:34.734673: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:38:34.734676: | SPI size: 0 (0x0) Aug 26 18:38:34.734679: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Aug 26 18:38:34.734682: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:38:34.734684: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 18:38:34.734687: | **parse IKEv2 Identification - Responder - Payload: Aug 26 18:38:34.734690: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:38:34.734693: | flags: none (0x0) Aug 26 18:38:34.734695: | length: 12 (0xc) Aug 26 18:38:34.734698: | ID type: ID_IPV4_ADDR (0x1) Aug 26 18:38:34.734700: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 18:38:34.734703: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 18:38:34.734706: | **parse IKEv2 Authentication Payload: Aug 26 18:38:34.734709: | next payload type: ISAKMP_NEXT_v2CP (0x2f) Aug 26 18:38:34.734711: | flags: none (0x0) Aug 26 18:38:34.734713: | length: 72 (0x48) Aug 26 18:38:34.734715: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 18:38:34.734718: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 18:38:34.734720: | Now let's proceed with payload (ISAKMP_NEXT_v2CP) Aug 26 18:38:34.734723: | **parse IKEv2 Configuration Payload: Aug 26 18:38:34.734725: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:38:34.734728: | flags: none (0x0) Aug 26 18:38:34.734730: | length: 16 (0x10) Aug 26 18:38:34.734733: | ikev2_cfg_type: IKEv2_CP_CFG_REPLY (0x2) Aug 26 18:38:34.734735: | processing payload: ISAKMP_NEXT_v2CP (len=8) Aug 26 18:38:34.734738: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:38:34.734740: | **parse IKEv2 Security Association Payload: Aug 26 18:38:34.734743: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:38:34.734745: | flags: none (0x0) Aug 26 18:38:34.734748: | length: 44 (0x2c) Aug 26 18:38:34.734750: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 18:38:34.734752: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:38:34.734755: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:38:34.734758: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:38:34.734760: | flags: none (0x0) Aug 26 18:38:34.734762: | length: 24 (0x18) Aug 26 18:38:34.734765: | number of TS: 1 (0x1) Aug 26 18:38:34.734767: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:38:34.734770: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:38:34.734772: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:38:34.734775: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:38:34.734777: | flags: none (0x0) Aug 26 18:38:34.734780: | length: 24 (0x18) Aug 26 18:38:34.734782: | number of TS: 1 (0x1) Aug 26 18:38:34.734785: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:38:34.734788: | selected state microcode Initiator: process IKE_AUTH response Aug 26 18:38:34.734790: | Now let's proceed with state specific processing Aug 26 18:38:34.734793: | calling processor Initiator: process IKE_AUTH response Aug 26 18:38:34.734797: | received v2N_MOBIKE_SUPPORTED and sent Aug 26 18:38:34.734804: | parsing 4 raw bytes of IKEv2 Identification - Responder - Payload into peer ID Aug 26 18:38:34.734807: | peer ID c0 01 02 17 Aug 26 18:38:34.734811: | offered CA: '%none' Aug 26 18:38:34.734817: "road-eastnet"[1] 192.1.2.23 #2: IKEv2 mode peer ID is ID_IPV4_ADDR: '192.1.2.23' Aug 26 18:38:34.734857: | verifying AUTH payload Aug 26 18:38:34.734863: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Aug 26 18:38:34.734868: | started looking for secret for 192.1.3.209->192.1.2.23 of kind PKK_PSK Aug 26 18:38:34.734871: | actually looking for secret for 192.1.3.209->192.1.2.23 of kind PKK_PSK Aug 26 18:38:34.734875: | line 1: key type PKK_PSK(192.1.3.209) to type PKK_PSK Aug 26 18:38:34.734878: | 1: compared key (none) to 192.1.3.209 / 192.1.2.23 -> 002 Aug 26 18:38:34.734880: | 2: compared key (none) to 192.1.3.209 / 192.1.2.23 -> 002 Aug 26 18:38:34.734882: | line 1: match=002 Aug 26 18:38:34.734885: | match 002 beats previous best_match 000 match=0x55d3cdf29c48 (line=1) Aug 26 18:38:34.734887: | concluding with best_match=002 best=0x55d3cdf29c48 (lineno=1) Aug 26 18:38:34.734940: "road-eastnet"[1] 192.1.2.23 #2: Authenticated using authby=secret Aug 26 18:38:34.734947: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 18:38:34.734952: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 18:38:34.734955: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:38:34.734958: | libevent_free: release ptr-libevent@0x55d3ce01e7f8 Aug 26 18:38:34.734961: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55d3ce01eb08 Aug 26 18:38:34.734964: | event_schedule: new EVENT_SA_REKEY-pe@0x55d3ce01eb08 Aug 26 18:38:34.734967: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 18:38:34.734970: | libevent_malloc: new ptr-libevent@0x7fbf48000f48 size 128 Aug 26 18:38:34.735198: | pstats #1 ikev2.ike established Aug 26 18:38:34.735209: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Aug 26 18:38:34.735217: | [RE]START processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:38:34.735224: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:38:34.735230: | resume processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:38:34.735236: | suspend processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:38:34.735242: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:38:34.735246: | NAT-T: keepalive packet not required as recent DPD event used the IKE SA on conn road-eastnet Aug 26 18:38:34.735252: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:38:34.735257: | resume processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:38:34.735261: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Aug 26 18:38:34.735266: | #2 road-eastnet[1] parsing ISAKMP_NEXT_v2CP payload Aug 26 18:38:34.735270: | ***parse IKEv2 Configuration Payload Attribute: Aug 26 18:38:34.735274: | Attribute Type: IKEv2_INTERNAL_IP4_ADDRESS (0x1) Aug 26 18:38:34.735277: | length/value: 4 (0x4) Aug 26 18:38:34.735280: | parsing 4 raw bytes of IKEv2 Configuration Payload Attribute into INTERNAL_IP_ADDRESS Aug 26 18:38:34.735283: | INTERNAL_IP_ADDRESS c0 00 03 0a Aug 26 18:38:34.735307: "road-eastnet"[1] 192.1.2.23 #2: received INTERNAL_IP4_ADDRESS 192.0.3.10 Aug 26 18:38:34.735321: | setting host source IP address to 192.0.3.10 Aug 26 18:38:34.735326: | TSi: parsing 1 traffic selectors Aug 26 18:38:34.735329: | ***parse IKEv2 Traffic Selector: Aug 26 18:38:34.735335: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:38:34.735338: | IP Protocol ID: 0 (0x0) Aug 26 18:38:34.735341: | length: 16 (0x10) Aug 26 18:38:34.735343: | start port: 0 (0x0) Aug 26 18:38:34.735346: | end port: 65535 (0xffff) Aug 26 18:38:34.735348: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:38:34.735351: | TS low c0 00 03 0a Aug 26 18:38:34.735354: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:38:34.735356: | TS high c0 00 03 0a Aug 26 18:38:34.735359: | TSi: parsed 1 traffic selectors Aug 26 18:38:34.735361: | TSr: parsing 1 traffic selectors Aug 26 18:38:34.735364: | ***parse IKEv2 Traffic Selector: Aug 26 18:38:34.735367: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:38:34.735369: | IP Protocol ID: 0 (0x0) Aug 26 18:38:34.735372: | length: 16 (0x10) Aug 26 18:38:34.735374: | start port: 0 (0x0) Aug 26 18:38:34.735377: | end port: 65535 (0xffff) Aug 26 18:38:34.735380: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:38:34.735382: | TS low 00 00 00 00 Aug 26 18:38:34.735385: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:38:34.735387: | TS high ff ff ff ff Aug 26 18:38:34.735390: | TSr: parsed 1 traffic selectors Aug 26 18:38:34.735397: | evaluating our conn="road-eastnet"[1] 192.1.2.23 I=192.0.3.10/32:0/0 R=0.0.0.0/0:0/0 to their: Aug 26 18:38:34.735403: | TSi[0] .net=192.0.3.10-192.0.3.10 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:38:34.735411: | match address end->client=192.0.3.10/32 >= TSi[0]net=192.0.3.10-192.0.3.10: YES fitness 32 Aug 26 18:38:34.735415: | narrow port end=0..65535 >= TSi[0]=0..65535: 0 Aug 26 18:38:34.735418: | TSi[0] port match: YES fitness 65536 Aug 26 18:38:34.735422: | narrow protocol end=*0 >= TSi[0]=*0: 0 Aug 26 18:38:34.735425: | match end->protocol=*0 >= TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:38:34.735430: | TSr[0] .net=0.0.0.0-255.255.255.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:38:34.735436: | match address end->client=0.0.0.0/0 >= TSr[0]net=0.0.0.0-255.255.255.255: YES fitness 32 Aug 26 18:38:34.735439: | narrow port end=0..65535 >= TSr[0]=0..65535: 0 Aug 26 18:38:34.735442: | TSr[0] port match: YES fitness 65536 Aug 26 18:38:34.735444: | narrow protocol end=*0 >= TSr[0]=*0: 0 Aug 26 18:38:34.735446: | match end->protocol=*0 >= TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:38:34.735448: | best fit so far: TSi[0] TSr[0] Aug 26 18:38:34.735450: | found an acceptable TSi/TSr Traffic Selector Aug 26 18:38:34.735451: | printing contents struct traffic_selector Aug 26 18:38:34.735453: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:38:34.735454: | ipprotoid: 0 Aug 26 18:38:34.735456: | port range: 0-65535 Aug 26 18:38:34.735458: | ip range: 192.0.3.10-192.0.3.10 Aug 26 18:38:34.735460: | printing contents struct traffic_selector Aug 26 18:38:34.735461: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:38:34.735463: | ipprotoid: 0 Aug 26 18:38:34.735464: | port range: 0-65535 Aug 26 18:38:34.735466: | ip range: 0.0.0.0-255.255.255.255 Aug 26 18:38:34.735473: | using existing local ESP/AH proposals for road-eastnet (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:38:34.735475: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals Aug 26 18:38:34.735478: | local proposal 1 type ENCR has 1 transforms Aug 26 18:38:34.735480: | local proposal 1 type PRF has 0 transforms Aug 26 18:38:34.735482: | local proposal 1 type INTEG has 1 transforms Aug 26 18:38:34.735483: | local proposal 1 type DH has 1 transforms Aug 26 18:38:34.735485: | local proposal 1 type ESN has 1 transforms Aug 26 18:38:34.735487: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:38:34.735489: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:38:34.735491: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:38:34.735495: | length: 40 (0x28) Aug 26 18:38:34.735496: | prop #: 1 (0x1) Aug 26 18:38:34.735498: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:38:34.735500: | spi size: 4 (0x4) Aug 26 18:38:34.735501: | # transforms: 3 (0x3) Aug 26 18:38:34.735503: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:38:34.735505: | remote SPI 71 7c f1 fb Aug 26 18:38:34.735507: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Aug 26 18:38:34.735509: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.735511: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.735512: | length: 12 (0xc) Aug 26 18:38:34.735514: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:38:34.735515: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:38:34.735517: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:38:34.735519: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:38:34.735521: | length/value: 256 (0x100) Aug 26 18:38:34.735523: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:38:34.735525: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.735527: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:38:34.735528: | length: 8 (0x8) Aug 26 18:38:34.735530: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:38:34.735532: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:38:34.735534: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Aug 26 18:38:34.735535: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:38:34.735537: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:38:34.735539: | length: 8 (0x8) Aug 26 18:38:34.735540: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:38:34.735542: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:38:34.735544: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:38:34.735546: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Aug 26 18:38:34.735549: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Aug 26 18:38:34.735551: | remote proposal 1 matches local proposal 1 Aug 26 18:38:34.735553: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] Aug 26 18:38:34.735556: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=717cf1fb;ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 18:38:34.735558: | converting proposal to internal trans attrs Aug 26 18:38:34.735562: | ignored received NOTIFY (16396): v2N_MOBIKE_SUPPORTED Aug 26 18:38:34.735565: | integ=sha2_256: .key_size=32 encrypt=aes: .key_size=32 .salt_size=0 keymat_len=64 Aug 26 18:38:34.735681: | #1 spent 1.06 milliseconds Aug 26 18:38:34.735685: | install_ipsec_sa() for #2: inbound and outbound Aug 26 18:38:34.735687: | could_route called for road-eastnet (kind=CK_INSTANCE) Aug 26 18:38:34.735689: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:38:34.735692: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 18:38:34.735693: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 18:38:34.735695: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 18:38:34.735697: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 18:38:34.735700: | route owner of "road-eastnet"[1] 192.1.2.23 unrouted: NULL; eroute owner: NULL Aug 26 18:38:34.735704: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Aug 26 18:38:34.735707: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Aug 26 18:38:34.735710: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Aug 26 18:38:34.735715: | setting IPsec SA replay-window to 32 Aug 26 18:38:34.735720: | NIC esp-hw-offload not for connection 'road-eastnet' not available on interface eth0 Aug 26 18:38:34.735724: | netlink: enabling tunnel mode Aug 26 18:38:34.735727: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:38:34.735730: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:38:34.735815: | netlink response for Add SA esp.717cf1fb@192.1.2.23 included non-error error Aug 26 18:38:34.735821: | set up outgoing SA, ref=0/0 Aug 26 18:38:34.735825: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Aug 26 18:38:34.735828: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Aug 26 18:38:34.735831: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Aug 26 18:38:34.735833: | setting IPsec SA replay-window to 32 Aug 26 18:38:34.735836: | NIC esp-hw-offload not for connection 'road-eastnet' not available on interface eth0 Aug 26 18:38:34.735837: | netlink: enabling tunnel mode Aug 26 18:38:34.735839: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:38:34.735841: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:38:34.735873: | netlink response for Add SA esp.f3efc53b@192.1.3.209 included non-error error Aug 26 18:38:34.735878: | priority calculation of connection "road-eastnet" is 0xfdfff Aug 26 18:38:34.735884: | add inbound eroute 0.0.0.0/0:0 --0-> 192.0.3.10/32:0 => tun.10000@192.1.3.209 (raw_eroute) Aug 26 18:38:34.735886: | IPsec Sa SPD priority set to 1040383 Aug 26 18:38:34.735906: | raw_eroute result=success Aug 26 18:38:34.735910: | set up incoming SA, ref=0/0 Aug 26 18:38:34.735911: | sr for #2: unrouted Aug 26 18:38:34.735913: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:38:34.735915: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:38:34.735917: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 18:38:34.735919: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 18:38:34.735921: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 18:38:34.735923: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 18:38:34.735926: | route owner of "road-eastnet"[1] 192.1.2.23 unrouted: NULL; eroute owner: NULL Aug 26 18:38:34.735928: | route_and_eroute with c: road-eastnet (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 18:38:34.735930: | priority calculation of connection "road-eastnet" is 0xfdfff Aug 26 18:38:34.735935: | eroute_connection add eroute 192.0.3.10/32:0 --0-> 0.0.0.0/0:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 18:38:34.735937: | IPsec Sa SPD priority set to 1040383 Aug 26 18:38:34.735948: | raw_eroute result=success Aug 26 18:38:34.735951: | running updown command "ipsec _updown" for verb up Aug 26 18:38:34.735953: | command executing up-client Aug 26 18:38:34.735972: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' V Aug 26 18:38:34.735974: | popen cmd is 1096 chars long Aug 26 18:38:34.735978: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO: Aug 26 18:38:34.735981: | cmd( 80):_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_I: Aug 26 18:38:34.735985: | cmd( 160):D='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10': Aug 26 18:38:34.735988: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Aug 26 18:38:34.735991: | cmd( 320):PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Aug 26 18:38:34.735994: | cmd( 400):='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUT: Aug 26 18:38:34.735996: | cmd( 480):O_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_P: Aug 26 18:38:34.735999: | cmd( 560):EER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+: Aug 26 18:38:34.736002: | cmd( 640):TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIK: Aug 26 18:38:34.736004: | cmd( 720):E+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILE: Aug 26 18:38:34.736007: | cmd( 800):D=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO=': Aug 26 18:38:34.736010: | cmd( 880):' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_: Aug 26 18:38:34.736012: | cmd( 960):CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no': Aug 26 18:38:34.736015: | cmd(1040): SPI_IN=0x717cf1fb SPI_OUT=0xf3efc53b ipsec _updown 2>&1: Aug 26 18:38:34.784872: | route_and_eroute: firewall_notified: true Aug 26 18:38:34.784893: | running updown command "ipsec _updown" for verb prepare Aug 26 18:38:34.784897: | command executing prepare-client Aug 26 18:38:34.784933: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIG Aug 26 18:38:34.784937: | popen cmd is 1101 chars long Aug 26 18:38:34.784941: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' : Aug 26 18:38:34.784944: | cmd( 80):PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO: Aug 26 18:38:34.784947: | cmd( 160):_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 18:38:34.784949: | cmd( 240):3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL: Aug 26 18:38:34.784952: | cmd( 320):='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PE: Aug 26 18:38:34.784955: | cmd( 400):ER_ID='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0': Aug 26 18:38:34.784958: | cmd( 480): PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Aug 26 18:38:34.784960: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENC: Aug 26 18:38:34.784963: | cmd( 640):RYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+: Aug 26 18:38:34.784966: | cmd( 720):MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_: Aug 26 18:38:34.784968: | cmd( 800):FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_I: Aug 26 18:38:34.784975: | cmd( 880):NFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO: Aug 26 18:38:34.784978: | cmd( 960):_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED: Aug 26 18:38:34.784980: | cmd(1040):='no' SPI_IN=0x717cf1fb SPI_OUT=0xf3efc53b ipsec _updown 2>&1: Aug 26 18:38:34.795492: | running updown command "ipsec _updown" for verb route Aug 26 18:38:34.795511: | command executing route-client Aug 26 18:38:34.795536: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED Aug 26 18:38:34.795539: | popen cmd is 1099 chars long Aug 26 18:38:34.795542: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PL: Aug 26 18:38:34.795544: | cmd( 80):UTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_M: Aug 26 18:38:34.795545: | cmd( 160):Y_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.: Aug 26 18:38:34.795547: | cmd( 240):10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=': Aug 26 18:38:34.795549: | cmd( 320):0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER: Aug 26 18:38:34.795550: | cmd( 400):_ID='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' P: Aug 26 18:38:34.795552: | cmd( 480):LUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Aug 26 18:38:34.795554: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRY: Aug 26 18:38:34.795555: | cmd( 640):PT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MO: Aug 26 18:38:34.795557: | cmd( 720):BIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FA: Aug 26 18:38:34.795559: | cmd( 800):ILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INF: Aug 26 18:38:34.795560: | cmd( 880):O='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_C: Aug 26 18:38:34.795562: | cmd( 960):FG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=': Aug 26 18:38:34.795564: | cmd(1040):no' SPI_IN=0x717cf1fb SPI_OUT=0xf3efc53b ipsec _updown 2>&1: Aug 26 18:38:34.808884: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Aug 26 18:38:34.817160: | route_and_eroute: instance "road-eastnet"[1] 192.1.2.23, setting eroute_owner {spd=0x55d3ce01bdf8,sr=0x55d3ce01bdf8} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 18:38:34.817749: | #1 spent 2.2 milliseconds in install_ipsec_sa() Aug 26 18:38:34.817761: | inR2: instance road-eastnet[1], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 18:38:34.817765: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:38:34.817771: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 18:38:34.817784: | libevent_free: release ptr-libevent@0x55d3ce01e9a8 Aug 26 18:38:34.817791: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fbf50002b78 Aug 26 18:38:34.817797: | #2 spent 2.98 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 18:38:34.817810: | [RE]START processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:38:34.817815: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 18:38:34.817818: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 18:38:34.817822: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 18:38:34.817825: | Message ID: updating counters for #2 to 1 after switching state Aug 26 18:38:34.817830: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 18:38:34.817835: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:38:34.817838: | pstats #2 ikev2.child established Aug 26 18:38:34.817849: "road-eastnet"[1] 192.1.2.23 #2: negotiated connection [192.0.3.10-192.0.3.10:0-65535 0] -> [0.0.0.0-255.255.255.255:0-65535 0] Aug 26 18:38:34.817863: | NAT-T: NAT Traversal detected - their IKE port is '500' Aug 26 18:38:34.817865: | NAT-T: encaps is 'auto' Aug 26 18:38:34.817871: "road-eastnet"[1] 192.1.2.23 #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP/NAT=>0x717cf1fb <0xf3efc53b xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=none NATD=192.1.2.23:4500 DPD=passive} Aug 26 18:38:34.817880: | releasing whack for #2 (sock=fd@23) Aug 26 18:38:34.817884: | close_any(fd@23) (in release_whack() at state.c:654) Aug 26 18:38:34.817887: | releasing whack and unpending for parent #1 Aug 26 18:38:34.817891: | unpending state #1 connection "road-eastnet"[1] 192.1.2.23 Aug 26 18:38:34.817897: | delete from pending Child SA with 192.1.2.23 "road-eastnet"[1] 192.1.2.23 Aug 26 18:38:34.817901: | removing pending policy for no connection {0x55d3ce00d0b8} Aug 26 18:38:34.817909: | close_any(fd@22) (in release_whack() at state.c:654) Aug 26 18:38:34.817914: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 18:38:34.817919: | event_schedule: new EVENT_SA_REKEY-pe@0x7fbf50002b78 Aug 26 18:38:34.817923: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 18:38:34.817927: | libevent_malloc: new ptr-libevent@0x55d3ce021208 size 128 Aug 26 18:38:34.817936: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:38:34.817943: | #1 spent 3.45 milliseconds in ikev2_process_packet() Aug 26 18:38:34.817947: | stop processing: from 192.1.2.23:4500 (in process_md() at demux.c:380) Aug 26 18:38:34.817952: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:38:34.817955: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:38:34.817960: | spent 3.47 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:38:34.817972: | kernel_process_msg_cb process netlink message Aug 26 18:38:34.817979: | netlink_get: XFRM_MSG_DELPOLICY message Aug 26 18:38:34.817982: | xfrm netlink address change RTM_NEWADDR msg len 76 Aug 26 18:38:34.817986: | XFRM RTM_NEWADDR 192.0.3.10 IFA_LOCAL Aug 26 18:38:34.817988: | FOR_EACH_STATE_... in record_newaddr (for_each_state) Aug 26 18:38:34.817994: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:38:34.817999: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:38:34.818004: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:38:34.818009: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:38:34.818012: | IKEv2 received address RTM_NEWADDR type 3 Aug 26 18:38:34.818017: | IKEv2 received address RTM_NEWADDR type 8 Aug 26 18:38:34.818019: | IKEv2 received address RTM_NEWADDR type 6 Aug 26 18:38:34.818023: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:38:34.818027: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:38:34.818031: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:38:34.818036: | spent 0.0601 milliseconds in kernel message Aug 26 18:38:34.818045: | processing signal PLUTO_SIGCHLD Aug 26 18:38:34.818050: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:34.818054: | spent 0.00491 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:34.818057: | processing signal PLUTO_SIGCHLD Aug 26 18:38:34.818060: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:34.818064: | spent 0.00351 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:34.818066: | processing signal PLUTO_SIGCHLD Aug 26 18:38:34.818070: | waitpid returned ECHILD (no child processes left) Aug 26 18:38:34.818073: | spent 0.00357 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:38:35.972821: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:38:35.972840: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:38:35.972844: | FOR_EACH_STATE_... in sort_states Aug 26 18:38:35.972851: | get_sa_info esp.f3efc53b@192.1.3.209 Aug 26 18:38:35.972866: | get_sa_info esp.717cf1fb@192.1.2.23 Aug 26 18:38:35.972882: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:38:35.972888: | spent 0.0743 milliseconds in whack Aug 26 18:38:41.355852: | kernel_process_msg_cb process netlink message Aug 26 18:38:41.355922: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:38:41.355948: | spent 0.0325 milliseconds in kernel message Aug 26 18:38:54.489406: | processing global timer EVENT_SHUNT_SCAN Aug 26 18:38:54.489478: | expiring aged bare shunts from shunt table Aug 26 18:38:54.489498: | spent 0.0166 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 18:38:54.734771: | processing global timer EVENT_NAT_T_KEEPALIVE Aug 26 18:38:54.734787: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Aug 26 18:38:54.734796: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:38:54.734803: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:38:54.734809: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:38:54.734813: | we are behind NAT: sending of NAT-T KEEP-ALIVE for conn road-eastnet (nat-keepalive=yes) Aug 26 18:38:54.734819: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in nat_traversal_send_ka() at nat_traversal.c:774) Aug 26 18:38:54.734823: | ka_event: send NAT-KA to 192.1.2.23:4500 (state=#1) Aug 26 18:38:54.734825: | sending NAT-T Keep Alive Aug 26 18:38:54.734836: | sending 1 bytes for NAT-T Keep Alive through eth0 from 192.1.3.209:4500 to 192.1.2.23:4500 (using #1) Aug 26 18:38:54.734839: | ff Aug 26 18:38:54.734889: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in nat_traversal_send_ka() at nat_traversal.c:786) Aug 26 18:38:54.734893: | processing: STOP state #0 (in for_each_state() at state.c:1577) Aug 26 18:38:54.734897: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Aug 26 18:38:54.734903: | spent 0.0878 milliseconds in global timer EVENT_NAT_T_KEEPALIVE Aug 26 18:39:03.066225: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:39:03.066327: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:39:03.066348: | FOR_EACH_STATE_... in sort_states Aug 26 18:39:03.066373: | get_sa_info esp.f3efc53b@192.1.3.209 Aug 26 18:39:03.066422: | get_sa_info esp.717cf1fb@192.1.2.23 Aug 26 18:39:03.066495: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:39:03.066531: | spent 0.324 milliseconds in whack Aug 26 18:39:03.208043: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:39:03.208979: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:39:03.209025: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:39:03.209600: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:39:03.209629: | FOR_EACH_STATE_... in sort_states Aug 26 18:39:03.209699: | get_sa_info esp.f3efc53b@192.1.3.209 Aug 26 18:39:03.209767: | get_sa_info esp.717cf1fb@192.1.2.23 Aug 26 18:39:03.209874: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:39:03.209906: | spent 1.85 milliseconds in whack Aug 26 18:39:03.497114: | spent 0.003 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:39:03.497133: | *received 69 bytes from 192.1.2.23:4500 on eth0 (192.1.3.209:4500) Aug 26 18:39:03.497151: | ec 6c 1e 62 86 78 8d 28 49 14 94 7c 33 bc ab d4 Aug 26 18:39:03.497153: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:39:03.497154: | 80 81 60 59 da 74 2a 96 4f 12 11 d7 83 2e 2b 6a Aug 26 18:39:03.497156: | 1b aa 59 8a b4 08 12 fe 96 6f 08 6c bd f0 11 af Aug 26 18:39:03.497157: | ff 07 ec 49 b5 Aug 26 18:39:03.497161: | start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378) Aug 26 18:39:03.497163: | **parse ISAKMP Message: Aug 26 18:39:03.497165: | initiator cookie: Aug 26 18:39:03.497166: | ec 6c 1e 62 86 78 8d 28 Aug 26 18:39:03.497168: | responder cookie: Aug 26 18:39:03.497169: | 49 14 94 7c 33 bc ab d4 Aug 26 18:39:03.497171: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:39:03.497174: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:39:03.497175: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:39:03.497180: | flags: none (0x0) Aug 26 18:39:03.497181: | Message ID: 0 (0x0) Aug 26 18:39:03.497183: | length: 69 (0x45) Aug 26 18:39:03.497185: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:39:03.497188: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:39:03.497191: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:39:03.497196: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:39:03.497199: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:39:03.497202: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:39:03.497204: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 18:39:03.497207: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Aug 26 18:39:03.497209: | unpacking clear payload Aug 26 18:39:03.497211: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:39:03.497213: | ***parse IKEv2 Encryption Payload: Aug 26 18:39:03.497214: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:39:03.497216: | flags: none (0x0) Aug 26 18:39:03.497217: | length: 41 (0x29) Aug 26 18:39:03.497219: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 18:39:03.497222: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 18:39:03.497224: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:39:03.497241: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:39:03.497243: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:39:03.497245: | **parse IKEv2 Delete Payload: Aug 26 18:39:03.497247: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:39:03.497249: | flags: none (0x0) Aug 26 18:39:03.497250: | length: 12 (0xc) Aug 26 18:39:03.497252: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:39:03.497256: | SPI size: 4 (0x4) Aug 26 18:39:03.497258: | number of SPIs: 1 (0x1) Aug 26 18:39:03.497260: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 18:39:03.497262: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:39:03.497263: | Now let's proceed with state specific processing Aug 26 18:39:03.497265: | calling processor I3: INFORMATIONAL Request Aug 26 18:39:03.497267: | an informational request should send a response Aug 26 18:39:03.497287: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:39:03.497295: | **emit ISAKMP Message: Aug 26 18:39:03.497298: | initiator cookie: Aug 26 18:39:03.497301: | ec 6c 1e 62 86 78 8d 28 Aug 26 18:39:03.497303: | responder cookie: Aug 26 18:39:03.497305: | 49 14 94 7c 33 bc ab d4 Aug 26 18:39:03.497306: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:39:03.497308: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:39:03.497310: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:39:03.497312: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:39:03.497326: | Message ID: 0 (0x0) Aug 26 18:39:03.497328: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:39:03.497330: | ***emit IKEv2 Encryption Payload: Aug 26 18:39:03.497332: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:39:03.497333: | flags: none (0x0) Aug 26 18:39:03.497335: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:39:03.497337: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:39:03.497339: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:39:03.497348: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 18:39:03.497350: | SPI 71 7c f1 fb Aug 26 18:39:03.497351: | delete PROTO_v2_ESP SA(0x717cf1fb) Aug 26 18:39:03.497354: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 18:39:03.497356: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 18:39:03.497357: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x717cf1fb) Aug 26 18:39:03.497360: "road-eastnet"[1] 192.1.2.23 #1: received Delete SA payload: replace IPsec State #2 now Aug 26 18:39:03.497362: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 18:39:03.497365: | libevent_free: release ptr-libevent@0x55d3ce021208 Aug 26 18:39:03.497367: | free_event_entry: release EVENT_SA_REKEY-pe@0x7fbf50002b78 Aug 26 18:39:03.497369: | event_schedule: new EVENT_SA_REPLACE-pe@0x7fbf50002b78 Aug 26 18:39:03.497372: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 18:39:03.497374: | libevent_malloc: new ptr-libevent@0x55d3ce01e9a8 size 128 Aug 26 18:39:03.497376: | ****emit IKEv2 Delete Payload: Aug 26 18:39:03.497378: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:39:03.497379: | flags: none (0x0) Aug 26 18:39:03.497381: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:39:03.497382: | SPI size: 4 (0x4) Aug 26 18:39:03.497384: | number of SPIs: 1 (0x1) Aug 26 18:39:03.497386: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:39:03.497388: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:39:03.497390: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 18:39:03.497391: | local SPIs f3 ef c5 3b Aug 26 18:39:03.497393: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:39:03.497395: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:39:03.497397: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:39:03.497399: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:39:03.497404: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:39:03.497406: | emitting length of ISAKMP Message: 69 Aug 26 18:39:03.497419: | sending 73 bytes for reply packet for process_encrypted_informational_ikev2 through eth0 from 192.1.3.209:4500 to 192.1.2.23:4500 (using #1) Aug 26 18:39:03.497421: | 00 00 00 00 ec 6c 1e 62 86 78 8d 28 49 14 94 7c Aug 26 18:39:03.497422: | 33 bc ab d4 2e 20 25 28 00 00 00 00 00 00 00 45 Aug 26 18:39:03.497424: | 2a 00 00 29 63 63 a4 e6 b3 29 c4 71 74 d0 b2 61 Aug 26 18:39:03.497425: | e6 e6 99 8d 12 a6 f5 26 bb 6a 29 eb 29 0e da 3c Aug 26 18:39:03.497427: | 6f e4 d1 9f d4 37 2d d1 60 Aug 26 18:39:03.497457: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:39:03.497461: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:39:03.497465: | #1 spent 0.177 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 18:39:03.497469: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:39:03.497471: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 18:39:03.497473: | Message ID: updating counters for #1 to 0 after switching state Aug 26 18:39:03.497476: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 18:39:03.497479: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 18:39:03.497482: "road-eastnet"[1] 192.1.2.23 #1: STATE_PARENT_I3: PARENT SA established Aug 26 18:39:03.497485: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:39:03.497488: | #1 spent 0.343 milliseconds in ikev2_process_packet() Aug 26 18:39:03.497490: | stop processing: from 192.1.2.23:4500 (in process_md() at demux.c:380) Aug 26 18:39:03.497493: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:39:03.497495: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:39:03.497497: | spent 0.352 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:39:03.497502: | timer_event_cb: processing event@0x7fbf50002b78 Aug 26 18:39:03.497504: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 18:39:03.497508: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:39:03.497510: | picked newest_ipsec_sa #2 for #2 Aug 26 18:39:03.497512: | replacing stale CHILD SA Aug 26 18:39:03.497515: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:39:03.497516: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:39:03.497519: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 18:39:03.497521: | creating state object #3 at 0x55d3ce025e68 Aug 26 18:39:03.497524: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 18:39:03.497530: | pstats #3 ikev2.child started Aug 26 18:39:03.497533: | duplicating state object #1 "road-eastnet"[1] 192.1.2.23 as #3 for IPSEC SA Aug 26 18:39:03.497537: | #3 setting local endpoint to 192.1.3.209:4500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:39:03.497544: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:39:03.497547: | suspend processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:39:03.497552: | start processing: state #3 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:39:03.497554: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 18:39:03.497557: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 18:39:03.497559: | constructing ESP/AH proposals with default DH MODP2048 for road-eastnet (ESP/AH initiator emitting proposals) Aug 26 18:39:03.497563: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:39:03.497567: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:39:03.497570: "road-eastnet"[1] 192.1.2.23: constructed local ESP/AH proposals for road-eastnet (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:39:03.497574: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 18:39:03.497576: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55d3ce01ebc8 Aug 26 18:39:03.497578: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 18:39:03.497580: | libevent_malloc: new ptr-libevent@0x55d3ce021208 size 128 Aug 26 18:39:03.497584: | RESET processing: state #3 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:39:03.497586: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55d3ce020c58 Aug 26 18:39:03.497588: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 18:39:03.497590: | libevent_malloc: new ptr-libevent@0x7fbf50002888 size 128 Aug 26 18:39:03.497592: | libevent_realloc: release ptr-libevent@0x55d3cdfcae88 Aug 26 18:39:03.497594: | libevent_realloc: new ptr-libevent@0x55d3ce01ef68 size 128 Aug 26 18:39:03.497596: | libevent_free: release ptr-libevent@0x55d3ce01e9a8 Aug 26 18:39:03.497597: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7fbf50002b78 Aug 26 18:39:03.497600: | #2 spent 0.0976 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:39:03.497602: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:39:03.497605: | timer_event_cb: processing event@0x55d3ce01ebc8 Aug 26 18:39:03.497607: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 18:39:03.497610: | start processing: state #3 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:39:03.497615: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Aug 26 18:39:03.497617: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fbf50002b78 Aug 26 18:39:03.497619: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:39:03.497621: | libevent_malloc: new ptr-libevent@0x55d3ce01e9a8 size 128 Aug 26 18:39:03.497642: | libevent_free: release ptr-libevent@0x55d3ce021208 Aug 26 18:39:03.497646: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55d3ce01ebc8 Aug 26 18:39:03.497650: | #3 spent 0.0434 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 18:39:03.497650: | crypto helper 5 resuming Aug 26 18:39:03.497656: | stop processing: state #3 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:39:03.497660: | crypto helper 5 starting work-order 3 for state #3 Aug 26 18:39:03.497662: | timer_event_cb: processing event@0x55d3ce020c58 Aug 26 18:39:03.497665: | crypto helper 5 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Aug 26 18:39:03.497665: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 18:39:03.497679: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:39:03.497683: | picked newest_ipsec_sa #2 for #2 Aug 26 18:39:03.497685: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:39:03.497690: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 18:39:03.497692: | pstats #2 ikev2.child deleted completed Aug 26 18:39:03.497696: | #2 spent 3.08 milliseconds in total Aug 26 18:39:03.497701: | [RE]START processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:39:03.497706: "road-eastnet"[1] 192.1.2.23 #2: deleting state (STATE_V2_IPSEC_I) aged 28.811s and NOT sending notification Aug 26 18:39:03.497709: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 18:39:03.497714: | get_sa_info esp.717cf1fb@192.1.2.23 Aug 26 18:39:03.497729: | get_sa_info esp.f3efc53b@192.1.3.209 Aug 26 18:39:03.497739: "road-eastnet"[1] 192.1.2.23 #2: ESP traffic information: in=840B out=840B Aug 26 18:39:03.497743: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:39:03.497789: | running updown command "ipsec _updown" for verb down Aug 26 18:39:03.497794: | command executing down-client Aug 26 18:39:03.497822: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844714' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CON Aug 26 18:39:03.497825: | popen cmd is 1107 chars long Aug 26 18:39:03.497828: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLU: Aug 26 18:39:03.497831: | cmd( 80):TO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY: Aug 26 18:39:03.497834: | cmd( 160):_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.1: Aug 26 18:39:03.497837: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Aug 26 18:39:03.497839: | cmd( 320):' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Aug 26 18:39:03.497842: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PL: Aug 26 18:39:03.497845: | cmd( 480):UTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: Aug 26 18:39:03.497847: | cmd( 560):_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844714' PLUTO_CONN_POLICY='P: Aug 26 18:39:03.497850: | cmd( 640):SK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_: Aug 26 18:39:03.497853: | cmd( 720):ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' : Aug 26 18:39:03.497856: | cmd( 800):XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER: Aug 26 18:39:03.497858: | cmd( 880):_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0': Aug 26 18:39:03.497861: | cmd( 960): PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_: Aug 26 18:39:03.497864: | cmd(1040):SHARED='no' SPI_IN=0x717cf1fb SPI_OUT=0xf3efc53b ipsec _updown 2>&1: Aug 26 18:39:03.498557: | crypto helper 5 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.000892 seconds Aug 26 18:39:03.498571: | (#3) spent 0.794 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 18:39:03.498574: | crypto helper 5 sending results from work-order 3 for state #3 to event queue Aug 26 18:39:03.498580: | scheduling resume sending helper answer for #3 Aug 26 18:39:03.498583: | libevent_malloc: new ptr-libevent@0x7fbf4c002888 size 128 Aug 26 18:39:03.498594: | crypto helper 5 waiting (nothing to do) Aug 26 18:39:03.523762: "road-eastnet"[1] 192.1.2.23 #2: down-client output: restoring resolvconf Aug 26 18:39:03.523783: "road-eastnet"[1] 192.1.2.23 #2: down-client output: Problem in restoring the resolv.conf, as there is no backup file Aug 26 18:39:03.524115: | shunt_eroute() called for connection 'road-eastnet' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:39:03.524121: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:39:03.524124: | priority calculation of connection "road-eastnet" is 0xfdfff Aug 26 18:39:03.524129: | IPsec Sa SPD priority set to 1040383 Aug 26 18:39:03.524180: | delete esp.717cf1fb@192.1.2.23 Aug 26 18:39:03.524196: | netlink response for Del SA esp.717cf1fb@192.1.2.23 included non-error error Aug 26 18:39:03.524202: | priority calculation of connection "road-eastnet" is 0xfdfff Aug 26 18:39:03.524210: | delete inbound eroute 0.0.0.0/0:0 --0-> 192.0.3.10/32:0 => unk255.10000@192.1.3.209 (raw_eroute) Aug 26 18:39:03.524231: | raw_eroute result=success Aug 26 18:39:03.524236: | delete esp.f3efc53b@192.1.3.209 Aug 26 18:39:03.524246: | netlink response for Del SA esp.f3efc53b@192.1.3.209 included non-error error Aug 26 18:39:03.524258: | in connection_discard for connection road-eastnet Aug 26 18:39:03.524262: | connection is instance Aug 26 18:39:03.524264: | not in pending use Aug 26 18:39:03.524268: | State DB: found state #3 in V2_REKEY_CHILD_I0 (connection_discard) Aug 26 18:39:03.524271: | states still using this connection instance, retaining Aug 26 18:39:03.524274: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 18:39:03.524280: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:39:03.524290: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:39:03.524307: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 18:39:03.524311: | can't expire unused IKE SA #1; it has the child #3 Aug 26 18:39:03.524316: | libevent_free: release ptr-libevent@0x7fbf50002888 Aug 26 18:39:03.524320: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55d3ce020c58 Aug 26 18:39:03.524324: | in statetime_stop() and could not find #2 Aug 26 18:39:03.524327: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:39:03.524351: | spent 0.00262 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:39:03.524370: | *received 65 bytes from 192.1.2.23:4500 on eth0 (192.1.3.209:4500) Aug 26 18:39:03.524374: | ec 6c 1e 62 86 78 8d 28 49 14 94 7c 33 bc ab d4 Aug 26 18:39:03.524377: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 18:39:03.524379: | 85 a3 79 ad 43 cb 28 61 f9 fa 01 9e 3f 19 b6 ac Aug 26 18:39:03.524382: | e3 9f ae 34 67 48 93 57 d1 3d e0 19 d7 62 d9 30 Aug 26 18:39:03.524384: | e7 Aug 26 18:39:03.524390: | start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378) Aug 26 18:39:03.524394: | **parse ISAKMP Message: Aug 26 18:39:03.524397: | initiator cookie: Aug 26 18:39:03.524400: | ec 6c 1e 62 86 78 8d 28 Aug 26 18:39:03.524402: | responder cookie: Aug 26 18:39:03.524405: | 49 14 94 7c 33 bc ab d4 Aug 26 18:39:03.524408: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:39:03.524411: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:39:03.524415: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:39:03.524419: | flags: none (0x0) Aug 26 18:39:03.524421: | Message ID: 1 (0x1) Aug 26 18:39:03.524424: | length: 65 (0x41) Aug 26 18:39:03.524427: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:39:03.524431: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:39:03.524437: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:39:03.524445: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:39:03.524448: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:39:03.524453: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:39:03.524457: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:39:03.524461: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Aug 26 18:39:03.524464: | unpacking clear payload Aug 26 18:39:03.524466: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:39:03.524468: | ***parse IKEv2 Encryption Payload: Aug 26 18:39:03.524470: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:39:03.524472: | flags: none (0x0) Aug 26 18:39:03.524475: | length: 37 (0x25) Aug 26 18:39:03.524478: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 18:39:03.524483: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 18:39:03.524486: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:39:03.524508: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:39:03.524511: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:39:03.524514: | **parse IKEv2 Delete Payload: Aug 26 18:39:03.524517: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:39:03.524520: | flags: none (0x0) Aug 26 18:39:03.524522: | length: 8 (0x8) Aug 26 18:39:03.524525: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 18:39:03.524528: | SPI size: 0 (0x0) Aug 26 18:39:03.524531: | number of SPIs: 0 (0x0) Aug 26 18:39:03.524534: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 18:39:03.524537: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:39:03.524540: | Now let's proceed with state specific processing Aug 26 18:39:03.524542: | calling processor I3: INFORMATIONAL Request Aug 26 18:39:03.524546: | an informational request should send a response Aug 26 18:39:03.524568: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:39:03.524572: | **emit ISAKMP Message: Aug 26 18:39:03.524575: | initiator cookie: Aug 26 18:39:03.524578: | ec 6c 1e 62 86 78 8d 28 Aug 26 18:39:03.524580: | responder cookie: Aug 26 18:39:03.524583: | 49 14 94 7c 33 bc ab d4 Aug 26 18:39:03.524586: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:39:03.524589: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:39:03.524592: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:39:03.524595: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:39:03.524598: | Message ID: 1 (0x1) Aug 26 18:39:03.524601: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:39:03.524605: | ***emit IKEv2 Encryption Payload: Aug 26 18:39:03.524607: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:39:03.524610: | flags: none (0x0) Aug 26 18:39:03.524613: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:39:03.524616: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:39:03.524620: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:39:03.524632: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:39:03.524636: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:39:03.524640: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:39:03.524643: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 18:39:03.524647: | emitting length of ISAKMP Message: 57 Aug 26 18:39:03.524663: | sending 61 bytes for reply packet for process_encrypted_informational_ikev2 through eth0 from 192.1.3.209:4500 to 192.1.2.23:4500 (using #1) Aug 26 18:39:03.524666: | 00 00 00 00 ec 6c 1e 62 86 78 8d 28 49 14 94 7c Aug 26 18:39:03.524669: | 33 bc ab d4 2e 20 25 28 00 00 00 01 00 00 00 39 Aug 26 18:39:03.524672: | 00 00 00 1d c8 6e 2b 15 56 ec 6e 4f a4 04 c7 22 Aug 26 18:39:03.524674: | 30 7a 4a f9 8a 7f 21 7c 5c fb 1e d4 e5 Aug 26 18:39:03.524741: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:39:03.524750: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:39:03.524754: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 18:39:03.524757: | pstats #3 ikev2.child deleted other Aug 26 18:39:03.524761: | #3 spent 0.0434 milliseconds in total Aug 26 18:39:03.524767: | suspend processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:39:03.524773: | start processing: state #3 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:39:03.524778: "road-eastnet"[1] 192.1.2.23 #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.027s and NOT sending notification Aug 26 18:39:03.524781: | child state #3: CHILDSA_DEL(informational) => delete Aug 26 18:39:03.524785: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:39:03.524788: | libevent_free: release ptr-libevent@0x55d3ce01e9a8 Aug 26 18:39:03.524791: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fbf50002b78 Aug 26 18:39:03.524796: | priority calculation of connection "road-eastnet" is 0xfdfff Aug 26 18:39:03.524802: | delete inbound eroute 0.0.0.0/0:0 --0-> 192.0.3.10/32:0 => unk255.10000@192.1.3.209 (raw_eroute) Aug 26 18:39:03.524817: | raw_eroute result=success Aug 26 18:39:03.524822: | in connection_discard for connection road-eastnet Aug 26 18:39:03.524825: | connection is instance Aug 26 18:39:03.524828: | not in pending use Aug 26 18:39:03.524831: | State DB: found state #1 in PARENT_I3 (connection_discard) Aug 26 18:39:03.524834: | states still using this connection instance, retaining Aug 26 18:39:03.524837: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 18:39:03.524844: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:39:03.524849: | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:39:03.524855: | resume processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:39:03.524859: | State DB: IKEv2 state not found (delete_my_family) Aug 26 18:39:03.524862: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 18:39:03.524865: | pstats #1 ikev2.ike deleted completed Aug 26 18:39:03.524869: | #1 spent 9.21 milliseconds in total Aug 26 18:39:03.524875: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:39:03.524880: "road-eastnet"[1] 192.1.2.23 #1: deleting state (STATE_IKESA_DEL) aged 28.846s and NOT sending notification Aug 26 18:39:03.524883: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 18:39:03.524929: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 18:39:03.524934: | libevent_free: release ptr-libevent@0x7fbf48000f48 Aug 26 18:39:03.524939: | free_event_entry: release EVENT_SA_REKEY-pe@0x55d3ce01eb08 Aug 26 18:39:03.524943: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:39:03.524946: | picked newest_isakmp_sa #0 for #1 Aug 26 18:39:03.524963: "road-eastnet"[1] 192.1.2.23 #1: deleting IKE SA for connection 'road-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:39:03.524969: | add revival: connection 'road-eastnet' added to the list and scheduled for 0 seconds Aug 26 18:39:03.524972: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 18:39:03.524977: | in connection_discard for connection road-eastnet Aug 26 18:39:03.524979: | connection is instance Aug 26 18:39:03.524981: | not in pending use Aug 26 18:39:03.524984: | State DB: state not found (connection_discard) Aug 26 18:39:03.524987: | no states use this connection instance, deleting Aug 26 18:39:03.524991: | start processing: connection "road-eastnet"[1] 192.1.2.23 (BACKGROUND) (in delete_connection() at connections.c:189) Aug 26 18:39:03.524997: packet from 192.1.2.23:4500: deleting connection "road-eastnet"[1] 192.1.2.23 instance with peer 192.1.2.23 {isakmp=#0/ipsec=#0} Aug 26 18:39:03.525000: | Deleting states for connection - not including other IPsec SA's Aug 26 18:39:03.525003: | pass 0 Aug 26 18:39:03.525005: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:39:03.525008: | state #1 Aug 26 18:39:03.525011: | pass 1 Aug 26 18:39:03.525013: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:39:03.525016: | state #1 Aug 26 18:39:03.525019: | shunt_eroute() called for connection 'road-eastnet' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:39:03.525022: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:39:03.525026: | priority calculation of connection "road-eastnet" is 0xfdfff Aug 26 18:39:03.525053: | priority calculation of connection "road-eastnet" is 0xfdfff Aug 26 18:39:03.525062: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:39:03.525066: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 18:39:03.525069: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 18:39:03.525072: | conn road-eastnet mark 0/00000000, 0/00000000 vs Aug 26 18:39:03.525075: | conn road-eastnet mark 0/00000000, 0/00000000 Aug 26 18:39:03.525092: | route owner of "road-eastnet" unrouted: NULL Aug 26 18:39:03.525095: | running updown command "ipsec _updown" for verb unroute Aug 26 18:39:03.525098: | command executing unroute-client Aug 26 18:39:03.525126: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CON Aug 26 18:39:03.525129: | popen cmd is 1090 chars long Aug 26 18:39:03.525133: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' : Aug 26 18:39:03.525136: | cmd( 80):PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO: Aug 26 18:39:03.525139: | cmd( 160):_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.: Aug 26 18:39:03.525142: | cmd( 240):3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL: Aug 26 18:39:03.525145: | cmd( 320):='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_P: Aug 26 18:39:03.525148: | cmd( 400):EER_ID='192.1.2.23' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0: Aug 26 18:39:03.525152: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Aug 26 18:39:03.525155: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+EN: Aug 26 18:39:03.525158: | cmd( 640):CRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW: Aug 26 18:39:03.525160: | cmd( 720):+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAU: Aug 26 18:39:03.525163: | cmd( 800):TH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DN: Aug 26 18:39:03.525166: | cmd( 880):S_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PL: Aug 26 18:39:03.525168: | cmd( 960):UTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA: Aug 26 18:39:03.525171: | cmd(1040):RED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 18:39:03.542580: | flush revival: connection 'road-eastnet' revival flushed Aug 26 18:39:03.542602: | stop processing: connection "road-eastnet"[1] 192.1.2.23 (BACKGROUND) (in discard_connection() at connections.c:249) Aug 26 18:39:03.542613: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 18:39:03.542620: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 18:39:03.542661: | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:39:03.542690: | in statetime_stop() and could not find #1 Aug 26 18:39:03.542693: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:39:03.542697: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 18:39:03.542699: | STF_OK but no state object remains Aug 26 18:39:03.542702: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:39:03.542703: | in statetime_stop() and could not find #1 Aug 26 18:39:03.542707: | stop processing: from 192.1.2.23:4500 (in process_md() at demux.c:380) Aug 26 18:39:03.542711: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:39:03.542713: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:39:03.542718: | spent 1.36 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:39:03.542731: | processing resume sending helper answer for #3 Aug 26 18:39:03.542734: | crypto helper 5 replies to request ID 3 Aug 26 18:39:03.542735: | calling continuation function 0x55d3cd45db50 Aug 26 18:39:03.542737: | work-order 3 state #3 crypto result suppressed Aug 26 18:39:03.542752: | (#3) spent 0.0174 milliseconds in resume sending helper answer Aug 26 18:39:03.542755: | libevent_free: release ptr-libevent@0x7fbf4c002888 Aug 26 18:39:03.542757: | processing signal PLUTO_SIGCHLD Aug 26 18:39:03.542760: | waitpid returned ECHILD (no child processes left) Aug 26 18:39:03.542763: | spent 0.00361 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:39:03.542765: | processing signal PLUTO_SIGCHLD Aug 26 18:39:03.542767: | waitpid returned ECHILD (no child processes left) Aug 26 18:39:03.542769: | spent 0.00231 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:39:03.542782: recvmsg: received truncated IKE packet (MSG_TRUNC) Aug 26 18:39:03.542786: | **parse ISAKMP Message (raw): Aug 26 18:39:03.542788: | initiator cookie: Aug 26 18:39:03.542789: | 00 00 00 00 ec 6c 1e 62 Aug 26 18:39:03.542791: | responder cookie: Aug 26 18:39:03.542792: | 86 78 8d 28 49 14 94 7c Aug 26 18:39:03.542794: | next payload type: 51 (0x33) Aug 26 18:39:03.542795: | ISAKMP version: 188 (0xbc) Aug 26 18:39:03.542797: | exchange type: 171 (0xab) Aug 26 18:39:03.542798: | flags: 212 (0xd4) Aug 26 18:39:03.542800: | Message ID: 773858600 (0x2e202528) Aug 26 18:39:03.542802: | length: 1 (0x1) Aug 26 18:39:03.542803: | MSG_ERRQUEUE packet IKE header version unknown Aug 26 18:39:03.542805: | rejected packet: Aug 26 18:39:03.542807: | 00 00 00 00 ec 6c 1e 62 86 78 8d 28 49 14 94 7c Aug 26 18:39:03.542811: | 33 bc ab d4 2e 20 25 28 00 00 00 01 00 00 00 39 Aug 26 18:39:03.542813: | 00 00 00 1d c8 6e 2b 15 56 ec 6e 4f a4 04 c7 22 Aug 26 18:39:03.542814: | 30 7a 4a f9 8a 7f 21 7c Aug 26 18:39:03.542815: | control: Aug 26 18:39:03.542817: | 1c 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 Aug 26 18:39:03.542818: | 38 72 00 00 00 00 00 00 c0 01 03 d1 d3 55 00 00 Aug 26 18:39:03.542820: | 30 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 Aug 26 18:39:03.542821: | 6f 00 00 00 02 03 03 00 00 00 00 00 00 00 00 00 Aug 26 18:39:03.542823: | 02 00 00 00 c0 01 02 17 00 00 00 00 00 00 00 00 Aug 26 18:39:03.542824: | name: Aug 26 18:39:03.542826: | 02 00 11 94 c0 01 02 17 00 00 00 00 00 00 00 00 Aug 26 18:39:03.542831: | ERROR: asynchronous network error report on eth0 (192.1.3.209:4500) for message to 192.1.2.23 port 4500, complainant 192.1.2.23: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Aug 26 18:39:03.542836: | spent 0.0575 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:39:03.542838: | kernel_process_msg_cb process netlink message Aug 26 18:39:03.543082: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:39:03.543086: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:39:03.543088: | netlink_get: XFRM_MSG_GETPOLICY message Aug 26 18:39:03.543090: | xfrm netlink address change RTM_DELADDR msg len 76 Aug 26 18:39:03.543093: | XFRM RTM_DELADDR 192.0.3.10 IFA_LOCAL Aug 26 18:39:03.543095: | FOR_EACH_STATE_... in record_deladdr (for_each_state) Aug 26 18:39:03.543097: | IKEv2 received address RTM_DELADDR type 3 Aug 26 18:39:03.543099: | IKEv2 received address RTM_DELADDR type 8 Aug 26 18:39:03.543100: | IKEv2 received address RTM_DELADDR type 6 Aug 26 18:39:03.543102: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:39:03.543106: | spent 0.265 milliseconds in kernel message Aug 26 18:39:03.543108: | processing global timer EVENT_REVIVE_CONNS Aug 26 18:39:03.543111: | spent 0.000553 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 18:39:04.156037: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:39:04.156056: shutting down Aug 26 18:39:04.156063: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 18:39:04.156068: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:39:04.156070: forgetting secrets Aug 26 18:39:04.156075: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:39:04.156078: | start processing: connection "road-eastnet" (in delete_connection() at connections.c:189) Aug 26 18:39:04.156080: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:39:04.156082: | pass 0 Aug 26 18:39:04.156084: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:39:04.156085: | pass 1 Aug 26 18:39:04.156087: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:39:04.156090: | free hp@0x55d3ce01bbc8 Aug 26 18:39:04.156093: | flush revival: connection 'road-eastnet' wasn't on the list Aug 26 18:39:04.156095: | stop processing: connection "road-eastnet" (in discard_connection() at connections.c:249) Aug 26 18:39:04.156102: | crl fetch request list locked by 'free_crl_fetch' Aug 26 18:39:04.156104: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 18:39:04.156111: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 18:39:04.156113: shutting down interface lo/lo 127.0.0.1:500 Aug 26 18:39:04.156115: shutting down interface eth0/eth0 192.1.3.209:4500 Aug 26 18:39:04.156117: shutting down interface eth0/eth0 192.1.3.209:500 Aug 26 18:39:04.156120: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 18:39:04.156126: | libevent_free: release ptr-libevent@0x55d3ce00dd38 Aug 26 18:39:04.156128: | free_event_entry: release EVENT_NULL-pe@0x55d3ce019a68 Aug 26 18:39:04.156136: | libevent_free: release ptr-libevent@0x55d3cdfcfe58 Aug 26 18:39:04.156138: | free_event_entry: release EVENT_NULL-pe@0x55d3ce019b18 Aug 26 18:39:04.156146: | libevent_free: release ptr-libevent@0x55d3cdfd1088 Aug 26 18:39:04.156148: | free_event_entry: release EVENT_NULL-pe@0x55d3ce019bc8 Aug 26 18:39:04.156153: | libevent_free: release ptr-libevent@0x55d3cdfcaa88 Aug 26 18:39:04.156154: | free_event_entry: release EVENT_NULL-pe@0x55d3ce019c78 Aug 26 18:39:04.156158: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:39:04.156516: | libevent_free: release ptr-libevent@0x55d3ce00dde8 Aug 26 18:39:04.156522: | free_event_entry: release EVENT_NULL-pe@0x55d3ce001e88 Aug 26 18:39:04.156526: | libevent_free: release ptr-libevent@0x55d3cdfcfda8 Aug 26 18:39:04.156528: | free_event_entry: release EVENT_NULL-pe@0x55d3ce0019e8 Aug 26 18:39:04.156531: | libevent_free: release ptr-libevent@0x55d3cdffa488 Aug 26 18:39:04.156532: | free_event_entry: release EVENT_NULL-pe@0x55d3cdffbc78 Aug 26 18:39:04.156535: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 18:39:04.156536: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 18:39:04.156538: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 18:39:04.156540: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 18:39:04.156541: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 18:39:04.156543: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 18:39:04.156544: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 18:39:04.156546: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 18:39:04.156547: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 18:39:04.156551: | libevent_free: release ptr-libevent@0x55d3cdf5d598 Aug 26 18:39:04.156553: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 18:39:04.156554: | libevent_free: release ptr-libevent@0x55d3ce0193a8 Aug 26 18:39:04.156556: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 18:39:04.156558: | libevent_free: release ptr-libevent@0x55d3ce0194b8 Aug 26 18:39:04.156560: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 18:39:04.156562: | libevent_free: release ptr-libevent@0x55d3ce0196f8 Aug 26 18:39:04.156563: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 18:39:04.156564: | releasing event base Aug 26 18:39:04.156574: | libevent_free: release ptr-libevent@0x55d3ce0195c8 Aug 26 18:39:04.156576: | libevent_free: release ptr-libevent@0x55d3cdffc2a8 Aug 26 18:39:04.156579: | libevent_free: release ptr-libevent@0x55d3cdffc258 Aug 26 18:39:04.156580: | libevent_free: release ptr-libevent@0x55d3ce01ef68 Aug 26 18:39:04.156582: | libevent_free: release ptr-libevent@0x55d3cdffc218 Aug 26 18:39:04.156584: | libevent_free: release ptr-libevent@0x55d3ce0190b8 Aug 26 18:39:04.156585: | libevent_free: release ptr-libevent@0x55d3ce019328 Aug 26 18:39:04.156587: | libevent_free: release ptr-libevent@0x55d3cdffc458 Aug 26 18:39:04.156588: | libevent_free: release ptr-libevent@0x55d3ce001678 Aug 26 18:39:04.156590: | libevent_free: release ptr-libevent@0x55d3ce001f98 Aug 26 18:39:04.156591: | libevent_free: release ptr-libevent@0x55d3ce019ce8 Aug 26 18:39:04.156593: | libevent_free: release ptr-libevent@0x55d3ce019c38 Aug 26 18:39:04.156594: | libevent_free: release ptr-libevent@0x55d3ce019b88 Aug 26 18:39:04.156596: | libevent_free: release ptr-libevent@0x55d3ce019ad8 Aug 26 18:39:04.156597: | libevent_free: release ptr-libevent@0x55d3cdf5cb68 Aug 26 18:39:04.156599: | libevent_free: release ptr-libevent@0x55d3ce019478 Aug 26 18:39:04.156601: | libevent_free: release ptr-libevent@0x55d3ce019368 Aug 26 18:39:04.156602: | libevent_free: release ptr-libevent@0x55d3ce019228 Aug 26 18:39:04.156604: | libevent_free: release ptr-libevent@0x55d3ce019588 Aug 26 18:39:04.156605: | libevent_free: release ptr-libevent@0x55d3ce0190f8 Aug 26 18:39:04.156607: | libevent_free: release ptr-libevent@0x55d3cdfcc008 Aug 26 18:39:04.156609: | libevent_free: release ptr-libevent@0x55d3cdfcbf88 Aug 26 18:39:04.156610: | libevent_free: release ptr-libevent@0x55d3cdf5ced8 Aug 26 18:39:04.156612: | releasing global libevent data Aug 26 18:39:04.156614: | libevent_free: release ptr-libevent@0x55d3cdfca6b8 Aug 26 18:39:04.156617: | libevent_free: release ptr-libevent@0x55d3cdfcc108 Aug 26 18:39:04.156619: | libevent_free: release ptr-libevent@0x55d3cdfcc088 Aug 26 18:39:04.156651: leak detective found no leaks