FIPS Product: YES
FIPS Kernel: NO
FIPS Mode: NO
NSS DB directory: sql:/etc/ipsec.d
Initializing NSS
Opening NSS database "sql:/etc/ipsec.d" read-only
NSS initialized
NSS crypto library initialized
FIPS HMAC integrity support [enabled]
FIPS mode disabled for pluto daemon
FIPS HMAC integrity verification self-test FAILED
libcap-ng support [enabled]
Linux audit support [enabled]
Linux audit activated
Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:13798
core dump dir: /var/tmp
secrets file: /etc/ipsec.secrets
leak-detective enabled
NSS crypto [enabled]
XAUTH PAM support [enabled]
| libevent is using pluto's memory allocator
Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
| libevent_malloc: new ptr-libevent@0x563aeeac6758 size 40
| libevent_malloc: new ptr-libevent@0x563aeeac66d8 size 40
| libevent_malloc: new ptr-libevent@0x563aeeac6658 size 40
| creating event base
| libevent_malloc: new ptr-libevent@0x563aeeab8288 size 56
| libevent_malloc: new ptr-libevent@0x563aeea41e18 size 664
| libevent_malloc: new ptr-libevent@0x563aeeb00d78 size 24
| libevent_malloc: new ptr-libevent@0x563aeeb00dc8 size 384
| libevent_malloc: new ptr-libevent@0x563aeeb00d38 size 16
| libevent_malloc: new ptr-libevent@0x563aeeac65d8 size 40
| libevent_malloc: new ptr-libevent@0x563aeeac6558 size 48
| libevent_realloc: new ptr-libevent@0x563aeea41aa8 size 256
| libevent_malloc: new ptr-libevent@0x563aeeb00f78 size 16
| libevent_free: release ptr-libevent@0x563aeeab8288
| libevent initialized
| libevent_realloc: new ptr-libevent@0x563aeeab8288 size 64
| global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds
| init_nat_traversal() initialized with keep_alive=0s
NAT-Traversal support  [enabled]
| global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
| global one-shot timer EVENT_FREE_ROOT_CERTS initialized
| global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
| global one-shot timer EVENT_REVIVE_CONNS initialized
| global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
| global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds
Encryption algorithms:
  AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
  AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
  AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
  3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
  CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
  CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
  AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
  AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
  AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
  AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
  AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
  SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
  TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
  TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
  NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_gmac
  NULL                    IKEv1:     ESP     IKEv2:     ESP           []
  CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
Hash algorithms:
  MD5                     IKEv1: IKE         IKEv2:                 
  SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
  SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
  SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
  SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
PRF algorithms:
  HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
  HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
  HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
  HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
  HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
  AES_XCBC                IKEv1:             IKEv2: IKE               aes128_xcbc
Integrity algorithms:
  HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
  HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
  HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, sha2_512_256, hmac_sha2_512
  HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, sha2_384_192, hmac_sha2_384
  HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
  HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH      
  AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH        aes_xcbc, aes128_xcbc, aes128_xcbc_96
  AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
  NONE                    IKEv1:     ESP     IKEv2: IKE ESP     FIPS  null
DH algorithms:
  NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
  MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
  MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
  MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
  MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
  MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
  MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
  DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256, ecp256
  DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384, ecp384
  DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521, ecp521
  DH31                    IKEv1: IKE         IKEv2: IKE ESP AH        curve25519
testing CAMELLIA_CBC:
  Camellia: 16 bytes with 128-bit key
  Camellia: 16 bytes with 128-bit key
  Camellia: 16 bytes with 256-bit key
  Camellia: 16 bytes with 256-bit key
testing AES_GCM_16:
  empty string
  one block
  two blocks
  two blocks with associated data
testing AES_CTR:
  Encrypting 16 octets using AES-CTR with 128-bit key
  Encrypting 32 octets using AES-CTR with 128-bit key
  Encrypting 36 octets using AES-CTR with 128-bit key
  Encrypting 16 octets using AES-CTR with 192-bit key
  Encrypting 32 octets using AES-CTR with 192-bit key
  Encrypting 36 octets using AES-CTR with 192-bit key
  Encrypting 16 octets using AES-CTR with 256-bit key
  Encrypting 32 octets using AES-CTR with 256-bit key
  Encrypting 36 octets using AES-CTR with 256-bit key
testing AES_CBC:
  Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
  Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
  Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
  Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
testing AES_XCBC:
  RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input
  RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input
  RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input
  RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input
  RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input
  RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input
  RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input
  RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
  RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
  RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
testing HMAC_MD5:
  RFC 2104: MD5_HMAC test 1
  RFC 2104: MD5_HMAC test 2
  RFC 2104: MD5_HMAC test 3
8 CPU cores online
starting up 7 crypto helpers
started thread for crypto helper 0
| starting up helper thread 0
| status value returned by setting the priority of this thread (crypto helper 0) 22
| crypto helper 0 waiting (nothing to do)
started thread for crypto helper 1
started thread for crypto helper 2
started thread for crypto helper 3
| starting up helper thread 3
| status value returned by setting the priority of this thread (crypto helper 3) 22
| crypto helper 3 waiting (nothing to do)
started thread for crypto helper 4
| starting up helper thread 4
| status value returned by setting the priority of this thread (crypto helper 4) 22
| crypto helper 4 waiting (nothing to do)
started thread for crypto helper 5
| starting up helper thread 5
| status value returned by setting the priority of this thread (crypto helper 5) 22
| crypto helper 5 waiting (nothing to do)
started thread for crypto helper 6
| starting up helper thread 6
| status value returned by setting the priority of this thread (crypto helper 6) 22
| crypto helper 6 waiting (nothing to do)
| checking IKEv1 state table
| starting up helper thread 1
| status value returned by setting the priority of this thread (crypto helper 1) 22
| crypto helper 1 waiting (nothing to do)
|   MAIN_R0: category: half-open IKE SA flags: 0:
| starting up helper thread 2
|     -> MAIN_R1 EVENT_SO_DISCARD
| status value returned by setting the priority of this thread (crypto helper 2) 22
| crypto helper 2 waiting (nothing to do)
|   MAIN_I1: category: half-open IKE SA flags: 0:
|     -> MAIN_I2 EVENT_RETRANSMIT
|   MAIN_R1: category: open IKE SA flags: 200:
|     -> MAIN_R2 EVENT_RETRANSMIT
|     -> UNDEFINED EVENT_RETRANSMIT
|     -> UNDEFINED EVENT_RETRANSMIT
|   MAIN_I2: category: open IKE SA flags: 0:
|     -> MAIN_I3 EVENT_RETRANSMIT
|     -> UNDEFINED EVENT_RETRANSMIT
|     -> UNDEFINED EVENT_RETRANSMIT
|   MAIN_R2: category: open IKE SA flags: 0:
|     -> MAIN_R3 EVENT_SA_REPLACE
|     -> MAIN_R3 EVENT_SA_REPLACE
|     -> UNDEFINED EVENT_SA_REPLACE
|   MAIN_I3: category: open IKE SA flags: 0:
|     -> MAIN_I4 EVENT_SA_REPLACE
|     -> MAIN_I4 EVENT_SA_REPLACE
|     -> UNDEFINED EVENT_SA_REPLACE
|   MAIN_R3: category: established IKE SA flags: 200:
|     -> UNDEFINED EVENT_NULL
|   MAIN_I4: category: established IKE SA flags: 0:
|     -> UNDEFINED EVENT_NULL
|   AGGR_R0: category: half-open IKE SA flags: 0:
|     -> AGGR_R1 EVENT_SO_DISCARD
|   AGGR_I1: category: half-open IKE SA flags: 0:
|     -> AGGR_I2 EVENT_SA_REPLACE
|     -> AGGR_I2 EVENT_SA_REPLACE
|   AGGR_R1: category: open IKE SA flags: 200:
|     -> AGGR_R2 EVENT_SA_REPLACE
|     -> AGGR_R2 EVENT_SA_REPLACE
|   AGGR_I2: category: established IKE SA flags: 200:
|     -> UNDEFINED EVENT_NULL
|   AGGR_R2: category: established IKE SA flags: 0:
|     -> UNDEFINED EVENT_NULL
|   QUICK_R0: category: established CHILD SA flags: 0:
|     -> QUICK_R1 EVENT_RETRANSMIT
|   QUICK_I1: category: established CHILD SA flags: 0:
|     -> QUICK_I2 EVENT_SA_REPLACE
|   QUICK_R1: category: established CHILD SA flags: 0:
|     -> QUICK_R2 EVENT_SA_REPLACE
|   QUICK_I2: category: established CHILD SA flags: 200:
|     -> UNDEFINED EVENT_NULL
|   QUICK_R2: category: established CHILD SA flags: 0:
|     -> UNDEFINED EVENT_NULL
|   INFO: category: informational flags: 0:
|     -> UNDEFINED EVENT_NULL
|   INFO_PROTECTED: category: informational flags: 0:
|     -> UNDEFINED EVENT_NULL
|   XAUTH_R0: category: established IKE SA flags: 0:
|     -> XAUTH_R1 EVENT_NULL
|   XAUTH_R1: category: established IKE SA flags: 0:
|     -> MAIN_R3 EVENT_SA_REPLACE
|   MODE_CFG_R0: category: informational flags: 0:
|     -> MODE_CFG_R1 EVENT_SA_REPLACE
|   MODE_CFG_R1: category: established IKE SA flags: 0:
|     -> MODE_CFG_R2 EVENT_SA_REPLACE
|   MODE_CFG_R2: category: established IKE SA flags: 0:
|     -> UNDEFINED EVENT_NULL
|   MODE_CFG_I1: category: established IKE SA flags: 0:
|     -> MAIN_I4 EVENT_SA_REPLACE
|   XAUTH_I0: category: established IKE SA flags: 0:
|     -> XAUTH_I1 EVENT_RETRANSMIT
|   XAUTH_I1: category: established IKE SA flags: 0:
|     -> MAIN_I4 EVENT_RETRANSMIT
| checking IKEv2 state table
|   PARENT_I0: category: ignore flags: 0:
|     -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT)
|   PARENT_I1: category: half-open IKE SA flags: 0:
|     -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification)
|     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH)
|   PARENT_I2: category: open IKE SA flags: 0:
|     -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification)
|     -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification)
|     -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification)
|     -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response)
|     -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification)
|   PARENT_I3: category: established IKE SA flags: 0:
|     -> PARENT_I3 EVENT_RETAIN (I3: Informational Request)
|     -> PARENT_I3 EVENT_RETAIN (I3: Informational Response)
|     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request)
|     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response)
|   PARENT_R0: category: half-open IKE SA flags: 0:
|     -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT)
|   PARENT_R1: category: half-open IKE SA flags: 0:
|     -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED))
|     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request)
|   PARENT_R2: category: established IKE SA flags: 0:
|     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request)
|     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response)
|     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request)
|     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response)
|   V2_CREATE_I0: category: established IKE SA flags: 0:
|     -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA)
|   V2_CREATE_I: category: established IKE SA flags: 0:
|     -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response)
|   V2_REKEY_IKE_I0: category: established IKE SA flags: 0:
|     -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey)
|   V2_REKEY_IKE_I: category: established IKE SA flags: 0:
|     -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response)
|   V2_REKEY_CHILD_I0: category: established IKE SA flags: 0:
|     -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA)
|   V2_REKEY_CHILD_I: category: established IKE SA flags: 0: <none>
|   V2_CREATE_R: category: established IKE SA flags: 0:
|     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request)
|   V2_REKEY_IKE_R: category: established IKE SA flags: 0:
|     -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey)
|   V2_REKEY_CHILD_R: category: established IKE SA flags: 0: <none>
|   V2_IPSEC_I: category: established CHILD SA flags: 0: <none>
|   V2_IPSEC_R: category: established CHILD SA flags: 0: <none>
|   IKESA_DEL: category: established IKE SA flags: 0:
|     -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
|   CHILDSA_DEL: category: informational flags: 0: <none>
Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64
| Hard-wiring algorithms
| adding AES_CCM_16 to kernel algorithm db
| adding AES_CCM_12 to kernel algorithm db
| adding AES_CCM_8 to kernel algorithm db
| adding 3DES_CBC to kernel algorithm db
| adding CAMELLIA_CBC to kernel algorithm db
| adding AES_GCM_16 to kernel algorithm db
| adding AES_GCM_12 to kernel algorithm db
| adding AES_GCM_8 to kernel algorithm db
| adding AES_CTR to kernel algorithm db
| adding AES_CBC to kernel algorithm db
| adding SERPENT_CBC to kernel algorithm db
| adding TWOFISH_CBC to kernel algorithm db
| adding NULL_AUTH_AES_GMAC to kernel algorithm db
| adding NULL to kernel algorithm db
| adding CHACHA20_POLY1305 to kernel algorithm db
| adding HMAC_MD5_96 to kernel algorithm db
| adding HMAC_SHA1_96 to kernel algorithm db
| adding HMAC_SHA2_512_256 to kernel algorithm db
| adding HMAC_SHA2_384_192 to kernel algorithm db
| adding HMAC_SHA2_256_128 to kernel algorithm db
| adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
| adding AES_XCBC_96 to kernel algorithm db
| adding AES_CMAC_96 to kernel algorithm db
| adding NONE to kernel algorithm db
| net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes
| global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
| setup kernel fd callback
| add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x563aeeac0478
| libevent_malloc: new ptr-libevent@0x563aeeaff4e8 size 128
| libevent_malloc: new ptr-libevent@0x563aeeb06578 size 16
| add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x563aeeb06508
| libevent_malloc: new ptr-libevent@0x563aeeab8f38 size 128
| libevent_malloc: new ptr-libevent@0x563aeeb061d8 size 16
| global one-shot timer EVENT_CHECK_CRLS initialized
selinux support is enabled.
| unbound context created - setting debug level to 5
| /etc/hosts lookups activated
| /etc/resolv.conf usage activated
| outgoing-port-avoid set 0-65535
| outgoing-port-permit set 32768-60999
| Loading dnssec root key from:/var/lib/unbound/root.key
| No additional dnssec trust anchors defined via dnssec-trusted= option
| Setting up events, loop start
| add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x563aeeb069a8
| libevent_malloc: new ptr-libevent@0x563aeeb12888 size 128
| libevent_malloc: new ptr-libevent@0x563aeeb1db78 size 16
| libevent_realloc: new ptr-libevent@0x563aeeb1dbb8 size 256
| libevent_malloc: new ptr-libevent@0x563aeeb1dce8 size 8
| libevent_realloc: new ptr-libevent@0x563aeeb1dd28 size 144
| libevent_malloc: new ptr-libevent@0x563aeeac4a48 size 152
| libevent_malloc: new ptr-libevent@0x563aeeb1dde8 size 16
| signal event handler PLUTO_SIGCHLD installed
| libevent_malloc: new ptr-libevent@0x563aeeb1de28 size 8
| libevent_malloc: new ptr-libevent@0x563aeea42788 size 152
| signal event handler PLUTO_SIGTERM installed
| libevent_malloc: new ptr-libevent@0x563aeeb1de68 size 8
| libevent_malloc: new ptr-libevent@0x563aeeb1dea8 size 152
| signal event handler PLUTO_SIGHUP installed
| libevent_malloc: new ptr-libevent@0x563aeeb1df78 size 8
| libevent_realloc: release ptr-libevent@0x563aeeb1dd28
| libevent_realloc: new ptr-libevent@0x563aeeb1dfb8 size 256
| libevent_malloc: new ptr-libevent@0x563aeeb1e0e8 size 152
| signal event handler PLUTO_SIGSYS installed
| created addconn helper (pid:13858) using fork+execve
| forked child 13858
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
listening for IKE messages
| Inspecting interface lo 
| found lo with address 127.0.0.1
| Inspecting interface eth0 
| found eth0 with address 192.0.2.254
| Inspecting interface eth1 
| found eth1 with address 192.1.2.23
Kernel supports NIC esp-hw-offload
adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500
| NAT-Traversal: Trying sockopt style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
adding interface eth1/eth1 192.1.2.23:4500
adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500
| NAT-Traversal: Trying sockopt style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
adding interface eth0/eth0 192.0.2.254:4500
adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
| NAT-Traversal: Trying sockopt style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
adding interface lo/lo 127.0.0.1:4500
| no interfaces to sort
| FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
| add_fd_read_event_handler: new ethX-pe@0x563aeeb1e6c8
| libevent_malloc: new ptr-libevent@0x563aeeb127d8 size 128
| libevent_malloc: new ptr-libevent@0x563aeeb1e738 size 16
| setup callback for interface lo 127.0.0.1:4500 fd 22
| add_fd_read_event_handler: new ethX-pe@0x563aeeb1e778
| libevent_malloc: new ptr-libevent@0x563aeeab8fe8 size 128
| libevent_malloc: new ptr-libevent@0x563aeeb1e7e8 size 16
| setup callback for interface lo 127.0.0.1:500 fd 21
| add_fd_read_event_handler: new ethX-pe@0x563aeeb1e828
| libevent_malloc: new ptr-libevent@0x563aeeab8908 size 128
| libevent_malloc: new ptr-libevent@0x563aeeb1e898 size 16
| setup callback for interface eth0 192.0.2.254:4500 fd 20
| add_fd_read_event_handler: new ethX-pe@0x563aeeb1e8d8
| libevent_malloc: new ptr-libevent@0x563aeeac01c8 size 128
| libevent_malloc: new ptr-libevent@0x563aeeb1e948 size 16
| setup callback for interface eth0 192.0.2.254:500 fd 19
| add_fd_read_event_handler: new ethX-pe@0x563aeeb1e988
| libevent_malloc: new ptr-libevent@0x563aeeac02c8 size 128
| libevent_malloc: new ptr-libevent@0x563aeeb1e9f8 size 16
| setup callback for interface eth1 192.1.2.23:4500 fd 18
| add_fd_read_event_handler: new ethX-pe@0x563aeeb1ea38
| libevent_malloc: new ptr-libevent@0x563aeeac03c8 size 128
| libevent_malloc: new ptr-libevent@0x563aeeb1eaa8 size 16
| setup callback for interface eth1 192.1.2.23:500 fd 17
| certs and keys locked by 'free_preshared_secrets'
| certs and keys unlocked by 'free_preshared_secrets'
loading secrets from "/etc/ipsec.secrets"
| saving Modulus
| saving PublicExponent
| ignoring PrivateExponent
| ignoring Prime1
| ignoring Prime2
| ignoring Exponent1
| ignoring Exponent2
| ignoring Coefficient
| ignoring CKAIDNSS
| computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
| computed rsa CKAID  8a 82 25 f1
loaded private key for keyid: PKK_RSA:AQO9bJbr3
| certs and keys locked by 'process_secret'
| certs and keys unlocked by 'process_secret'
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 0.766 milliseconds in whack
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
listening for IKE messages
| Inspecting interface lo 
| found lo with address 127.0.0.1
| Inspecting interface eth0 
| found eth0 with address 192.0.2.254
| Inspecting interface eth1 
| found eth1 with address 192.1.2.23
| no interfaces to sort
| libevent_free: release ptr-libevent@0x563aeeb127d8
| free_event_entry: release EVENT_NULL-pe@0x563aeeb1e6c8
| add_fd_read_event_handler: new ethX-pe@0x563aeeb1e6c8
| libevent_malloc: new ptr-libevent@0x563aeeb127d8 size 128
| setup callback for interface lo 127.0.0.1:4500 fd 22
| libevent_free: release ptr-libevent@0x563aeeab8fe8
| free_event_entry: release EVENT_NULL-pe@0x563aeeb1e778
| add_fd_read_event_handler: new ethX-pe@0x563aeeb1e778
| libevent_malloc: new ptr-libevent@0x563aeeab8fe8 size 128
| setup callback for interface lo 127.0.0.1:500 fd 21
| libevent_free: release ptr-libevent@0x563aeeab8908
| free_event_entry: release EVENT_NULL-pe@0x563aeeb1e828
| add_fd_read_event_handler: new ethX-pe@0x563aeeb1e828
| libevent_malloc: new ptr-libevent@0x563aeeab8908 size 128
| setup callback for interface eth0 192.0.2.254:4500 fd 20
| libevent_free: release ptr-libevent@0x563aeeac01c8
| free_event_entry: release EVENT_NULL-pe@0x563aeeb1e8d8
| add_fd_read_event_handler: new ethX-pe@0x563aeeb1e8d8
| libevent_malloc: new ptr-libevent@0x563aeeac01c8 size 128
| setup callback for interface eth0 192.0.2.254:500 fd 19
| libevent_free: release ptr-libevent@0x563aeeac02c8
| free_event_entry: release EVENT_NULL-pe@0x563aeeb1e988
| add_fd_read_event_handler: new ethX-pe@0x563aeeb1e988
| libevent_malloc: new ptr-libevent@0x563aeeac02c8 size 128
| setup callback for interface eth1 192.1.2.23:4500 fd 18
| libevent_free: release ptr-libevent@0x563aeeac03c8
| free_event_entry: release EVENT_NULL-pe@0x563aeeb1ea38
| add_fd_read_event_handler: new ethX-pe@0x563aeeb1ea38
| libevent_malloc: new ptr-libevent@0x563aeeac03c8 size 128
| setup callback for interface eth1 192.1.2.23:500 fd 17
| certs and keys locked by 'free_preshared_secrets'
forgetting secrets
| certs and keys unlocked by 'free_preshared_secrets'
loading secrets from "/etc/ipsec.secrets"
| saving Modulus
| saving PublicExponent
| ignoring PrivateExponent
| ignoring Prime1
| ignoring Prime2
| ignoring Exponent1
| ignoring Exponent2
| ignoring Coefficient
| ignoring CKAIDNSS
| computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
| computed rsa CKAID  8a 82 25 f1
loaded private key for keyid: PKK_RSA:AQO9bJbr3
| certs and keys locked by 'process_secret'
| certs and keys unlocked by 'process_secret'
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 0.364 milliseconds in whack
| processing signal PLUTO_SIGCHLD
| waitpid returned pid 13858 (exited with status 0)
| reaped addconn helper child (status 0)
| waitpid returned ECHILD (no child processes left)
| spent 0.0169 milliseconds in signal handler PLUTO_SIGCHLD
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
| FOR_EACH_CONNECTION_... in conn_by_name
| FOR_EACH_CONNECTION_... in foreach_connection_by_alias
| FOR_EACH_CONNECTION_... in conn_by_name
| FOR_EACH_CONNECTION_... in foreach_connection_by_alias
| FOR_EACH_CONNECTION_... in conn_by_name
| Added new connection main-east with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
| ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
| from whack: got --esp=
| ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
| counting wild cards for %fromcert is 0
| ASCII to DN <= "C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org"
| ASCII to DN =>  30 81 b4 31  0b 30 09 06  03 55 04 06  13 02 43 41
| ASCII to DN =>  31 10 30 0e  06 03 55 04  08 13 07 4f  6e 74 61 72
| ASCII to DN =>  69 6f 31 10  30 0e 06 03  55 04 07 13  07 54 6f 72
| ASCII to DN =>  6f 6e 74 6f  31 12 30 10  06 03 55 04  0a 13 09 4c
| ASCII to DN =>  69 62 72 65  73 77 61 6e  31 18 30 16  06 03 55 04
| ASCII to DN =>  0b 13 0f 54  65 73 74 20  44 65 70 61  72 74 6d 65
| ASCII to DN =>  6e 74 31 23  30 21 06 03  55 04 03 13  1a 65 61 73
| ASCII to DN =>  74 2e 74 65  73 74 69 6e  67 2e 6c 69  62 72 65 73
| ASCII to DN =>  77 61 6e 2e  6f 72 67 31  2e 30 2c 06  09 2a 86 48
| ASCII to DN =>  86 f7 0d 01  09 01 16 1f  75 73 65 72  2d 65 61 73
| ASCII to DN =>  74 40 74 65  73 74 69 6e  67 2e 6c 69  62 72 65 73
| ASCII to DN =>  77 61 6e 2e  6f 72 67
| loading right certificate 'east' pubkey
| get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563aeeb22198
| get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563aeeb22148
| get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563aeeb220f8
| get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563aeeb21e48
| get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563aeeb21df8
| unreference key: 0x563aeeb221e8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1--
| certs and keys locked by 'lsw_add_rsa_secret'
| certs and keys unlocked by 'lsw_add_rsa_secret'
| counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0
| based upon policy, the connection is a template.
| connect_to_host_pair: 192.1.2.23:500 0.0.0.0:500 -> hp@(nil): none
| new hp@0x563aeeb220f8
added connection description "main-east"
| ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
| 192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]...%any[%fromcert]
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 1.08 milliseconds in whack
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
| FOR_EACH_CONNECTION_... in conn_by_name
| FOR_EACH_CONNECTION_... in foreach_connection_by_alias
| FOR_EACH_CONNECTION_... in conn_by_name
| FOR_EACH_CONNECTION_... in foreach_connection_by_alias
| FOR_EACH_CONNECTION_... in conn_by_name
| Added new connection main-north with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
| ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
| from whack: got --esp=
| ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
| counting wild cards for %fromcert is 0
| ASCII to DN <= "C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org"
| ASCII to DN =>  30 81 b6 31  0b 30 09 06  03 55 04 06  13 02 43 41
| ASCII to DN =>  31 10 30 0e  06 03 55 04  08 13 07 4f  6e 74 61 72
| ASCII to DN =>  69 6f 31 10  30 0e 06 03  55 04 07 13  07 54 6f 72
| ASCII to DN =>  6f 6e 74 6f  31 12 30 10  06 03 55 04  0a 13 09 4c
| ASCII to DN =>  69 62 72 65  73 77 61 6e  31 18 30 16  06 03 55 04
| ASCII to DN =>  0b 13 0f 54  65 73 74 20  44 65 70 61  72 74 6d 65
| ASCII to DN =>  6e 74 31 24  30 22 06 03  55 04 03 13  1b 6e 6f 72
| ASCII to DN =>  74 68 2e 74  65 73 74 69  6e 67 2e 6c  69 62 72 65
| ASCII to DN =>  73 77 61 6e  2e 6f 72 67  31 2f 30 2d  06 09 2a 86
| ASCII to DN =>  48 86 f7 0d  01 09 01 16  20 75 73 65  72 2d 6e 6f
| ASCII to DN =>  72 74 68 40  74 65 73 74  69 6e 67 2e  6c 69 62 72
| ASCII to DN =>  65 73 77 61  6e 2e 6f 72  67
| loading right certificate 'north' pubkey
| get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563aeeb29638
| get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563aeeb29738
| get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563aeeb29888
| unreference key: 0x563aeeb29548 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1--
| certs and keys locked by 'lsw_add_rsa_secret'
| certs and keys unlocked by 'lsw_add_rsa_secret'
| counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0
| based upon policy, the connection is a template.
| find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports
| connect_to_host_pair: 192.1.2.23:500 0.0.0.0:500 -> hp@0x563aeeb220f8: main-east
added connection description "main-north"
| ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
| 192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]...%any[%fromcert]
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 1.47 milliseconds in whack
| spent 0.0031 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 828 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
|   30 b8 78 88  f4 d6 0c 9b  00 00 00 00  00 00 00 00
|   21 20 22 08  00 00 00 00  00 00 03 3c  22 00 01 b4
|   02 00 00 64  01 01 00 0b  03 00 00 0c  01 00 00 14
|   80 0e 01 00  03 00 00 08  02 00 00 07  03 00 00 08
|   02 00 00 05  03 00 00 08  04 00 00 0e  03 00 00 08
|   04 00 00 0f  03 00 00 08  04 00 00 10  03 00 00 08
|   04 00 00 12  03 00 00 08  04 00 00 13  03 00 00 08
|   04 00 00 14  03 00 00 08  04 00 00 15  00 00 00 08
|   04 00 00 1f  02 00 00 64  02 01 00 0b  03 00 00 0c
|   01 00 00 14  80 0e 00 80  03 00 00 08  02 00 00 07
|   03 00 00 08  02 00 00 05  03 00 00 08  04 00 00 0e
|   03 00 00 08  04 00 00 0f  03 00 00 08  04 00 00 10
|   03 00 00 08  04 00 00 12  03 00 00 08  04 00 00 13
|   03 00 00 08  04 00 00 14  03 00 00 08  04 00 00 15
|   00 00 00 08  04 00 00 1f  02 00 00 74  03 01 00 0d
|   03 00 00 0c  01 00 00 0c  80 0e 01 00  03 00 00 08
|   02 00 00 07  03 00 00 08  02 00 00 05  03 00 00 08
|   03 00 00 0e  03 00 00 08  03 00 00 0c  03 00 00 08
|   04 00 00 0e  03 00 00 08  04 00 00 0f  03 00 00 08
|   04 00 00 10  03 00 00 08  04 00 00 12  03 00 00 08
|   04 00 00 13  03 00 00 08  04 00 00 14  03 00 00 08
|   04 00 00 15  00 00 00 08  04 00 00 1f  00 00 00 74
|   04 01 00 0d  03 00 00 0c  01 00 00 0c  80 0e 00 80
|   03 00 00 08  02 00 00 07  03 00 00 08  02 00 00 05
|   03 00 00 08  03 00 00 0e  03 00 00 08  03 00 00 0c
|   03 00 00 08  04 00 00 0e  03 00 00 08  04 00 00 0f
|   03 00 00 08  04 00 00 10  03 00 00 08  04 00 00 12
|   03 00 00 08  04 00 00 13  03 00 00 08  04 00 00 14
|   03 00 00 08  04 00 00 15  00 00 00 08  04 00 00 1f
|   28 00 01 08  00 0e 00 00  81 c5 7b ba  b4 c0 dd 22
|   47 f6 f5 78  f8 05 0d 36  75 34 4e f4  c4 48 f1 c0
|   bb 3b 4a 61  3b 95 31 78  6a fe a8 d7  dd 97 29 36
|   a1 7f 1e e6  c5 13 90 f9  3d 8c 97 58  6d fb 28 ff
|   0a 03 f3 b7  33 d0 f0 93  be 3c 91 fa  3a b1 e0 e6
|   8f a6 32 86  b2 0c a5 7f  6b b9 58 1e  30 c1 41 71
|   ed 99 0d 49  f9 e7 d7 02  9e b0 74 8c  b8 d2 c5 3e
|   5b 60 dc 47  3a d0 13 fa  c8 df 78 0d  2c 57 10 d0
|   29 77 1b 94  07 d5 99 a2  6b ba 84 93  36 34 04 65
|   59 46 9f 3b  da 44 bf 22  02 b5 d7 ab  fe 48 7e 2a
|   c9 57 26 87  e5 ba 15 79  05 28 9e 56  f6 24 83 92
|   c1 d4 61 ef  57 46 ac 27  da aa 52 8b  8a a9 6e 81
|   3f 8e a6 df  39 23 fa 53  11 58 c1 07  38 74 f1 32
|   7d f8 69 bf  ce e1 69 7e  3b f8 7f 63  fc 79 ed 3f
|   d4 9c 10 72  01 ab 1c 37  e9 9d 47 60  75 8e 41 8d
|   14 63 0e 7f  c3 81 14 46  95 e3 c5 6b  30 60 86 b1
|   8f 54 ed 81  7e d4 d6 22  29 00 00 24  7d bb ea 66
|   8c 12 e4 ab  78 2e bb 1d  5c 64 b8 43  91 51 47 fe
|   15 83 da f1  6d d4 4d d3  84 5a d9 42  29 00 00 08
|   00 00 40 2e  29 00 00 1c  00 00 40 04  1b 29 96 cb
|   ce 6f 66 ff  a7 39 96 a6  75 00 80 0b  28 08 03 06
|   00 00 00 1c  00 00 40 05  b1 28 92 f7  0c 3d 82 86
|   e9 2c 55 fa  bb 61 7b dc  be e4 d0 3b
| start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
|    initiator cookie:
|   30 b8 78 88  f4 d6 0c 9b
|    responder cookie:
|   00 00 00 00  00 00 00 00
|    next payload type: ISAKMP_NEXT_v2SA (0x21)
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
|    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
|    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
|    Message ID: 0 (0x0)
|    length: 828 (0x33c)
|  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34)
| I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request 
| State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi)
| Now let's proceed with payload (ISAKMP_NEXT_v2SA)
| ***parse IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2KE (0x22)
|    flags: none (0x0)
|    length: 436 (0x1b4)
| processing payload: ISAKMP_NEXT_v2SA (len=432)
| Now let's proceed with payload (ISAKMP_NEXT_v2KE)
| ***parse IKEv2 Key Exchange Payload:
|    next payload type: ISAKMP_NEXT_v2Ni (0x28)
|    flags: none (0x0)
|    length: 264 (0x108)
|    DH group: OAKLEY_GROUP_MODP2048 (0xe)
| processing payload: ISAKMP_NEXT_v2KE (len=256)
| Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
| ***parse IKEv2 Nonce Payload:
|    next payload type: ISAKMP_NEXT_v2N (0x29)
|    flags: none (0x0)
|    length: 36 (0x24)
| processing payload: ISAKMP_NEXT_v2Ni (len=32)
| Now let's proceed with payload (ISAKMP_NEXT_v2N)
| ***parse IKEv2 Notify Payload:
|    next payload type: ISAKMP_NEXT_v2N (0x29)
|    flags: none (0x0)
|    length: 8 (0x8)
|    Protocol ID: PROTO_v2_RESERVED (0x0)
|    SPI size: 0 (0x0)
|    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
| processing payload: ISAKMP_NEXT_v2N (len=0)
| Now let's proceed with payload (ISAKMP_NEXT_v2N)
| ***parse IKEv2 Notify Payload:
|    next payload type: ISAKMP_NEXT_v2N (0x29)
|    flags: none (0x0)
|    length: 28 (0x1c)
|    Protocol ID: PROTO_v2_RESERVED (0x0)
|    SPI size: 0 (0x0)
|    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
| processing payload: ISAKMP_NEXT_v2N (len=20)
| Now let's proceed with payload (ISAKMP_NEXT_v2N)
| ***parse IKEv2 Notify Payload:
|    next payload type: ISAKMP_NEXT_v2NONE (0x0)
|    flags: none (0x0)
|    length: 28 (0x1c)
|    Protocol ID: PROTO_v2_RESERVED (0x0)
|    SPI size: 0 (0x0)
|    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
| processing payload: ISAKMP_NEXT_v2N (len=20)
| DDOS disabled and no cookie sent, continuing
| find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports
| find_next_host_connection policy=ECDSA+IKEV2_ALLOW
| find_next_host_connection returns empty
| find_host_connection local=192.1.2.23:500 remote=<none:> policy=ECDSA+IKEV2_ALLOW but ignoring ports
| find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports
| find_next_host_connection policy=ECDSA+IKEV2_ALLOW
| found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (main-north)
| found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (main-east)
| find_next_host_connection returns empty
| initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW
| find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports
| find_next_host_connection policy=RSASIG+IKEV2_ALLOW
| find_next_host_connection returns empty
| find_host_connection local=192.1.2.23:500 remote=<none:> policy=RSASIG+IKEV2_ALLOW but ignoring ports
| find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports
| find_next_host_connection policy=RSASIG+IKEV2_ALLOW
| found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (main-north)
| find_next_host_connection returns main-north
| find_next_host_connection policy=RSASIG+IKEV2_ALLOW
| found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (main-east)
| find_next_host_connection returns main-east
| find_next_host_connection policy=RSASIG+IKEV2_ALLOW
| find_next_host_connection returns empty
| rw_instantiate
| connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none
| new hp@0x563aeeb2dfb8
| rw_instantiate() instantiated "main-north"[1] 192.1.2.45 for 192.1.2.45
| found connection: main-north[1] 192.1.2.45 with policy RSASIG+IKEV2_ALLOW
| find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports
| creating state object #1 at 0x563aeeb2fcc8
| State DB: adding IKEv2 state #1 in UNDEFINED
| pstats #1 ikev2.ike started
| Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0
| parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA)
| Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1
| start processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016)
| State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
| [RE]START processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064)
| #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000
| Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1
| Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0
| #1 in state PARENT_R0: processing SA_INIT request
| selected state microcode Respond to IKE_SA_INIT
| Now let's proceed with state specific processing
| calling processor Respond to IKE_SA_INIT
| #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669)
| constructing local IKE proposals for main-north (IKE SA responder matching remote proposals)
| converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
| ...  ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
| converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
| ...  ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
| converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
| ...  ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
| converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
| ...  ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
"main-north"[1] 192.1.2.45: constructed local IKE proposals for main-north (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
| Comparing remote proposals against IKE responder 4 local proposals
| local proposal 1 type ENCR has 1 transforms
| local proposal 1 type PRF has 2 transforms
| local proposal 1 type INTEG has 1 transforms
| local proposal 1 type DH has 8 transforms
| local proposal 1 type ESN has 0 transforms
| local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
| local proposal 2 type ENCR has 1 transforms
| local proposal 2 type PRF has 2 transforms
| local proposal 2 type INTEG has 1 transforms
| local proposal 2 type DH has 8 transforms
| local proposal 2 type ESN has 0 transforms
| local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
| local proposal 3 type ENCR has 1 transforms
| local proposal 3 type PRF has 2 transforms
| local proposal 3 type INTEG has 2 transforms
| local proposal 3 type DH has 8 transforms
| local proposal 3 type ESN has 0 transforms
| local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none
| local proposal 4 type ENCR has 1 transforms
| local proposal 4 type PRF has 2 transforms
| local proposal 4 type INTEG has 2 transforms
| local proposal 4 type DH has 8 transforms
| local proposal 4 type ESN has 0 transforms
| local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
| ****parse IKEv2 Proposal Substructure Payload:
|    last proposal: v2_PROPOSAL_NON_LAST (0x2)
|    length: 100 (0x64)
|    prop #: 1 (0x1)
|    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
|    spi size: 0 (0x0)
|    # transforms: 11 (0xb)
| Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 12 (0xc)
|    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
|    IKEv2 transform ID: AES_GCM_C (0x14)
| ******parse IKEv2 Attribute Substructure Payload:
|    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
|    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
| remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
| remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
| remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
| remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
|    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
| remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
| remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0
| remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0
| remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_LAST (0x0)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
| remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
| comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
| remote proposal 1 matches local proposal 1
| ****parse IKEv2 Proposal Substructure Payload:
|    last proposal: v2_PROPOSAL_NON_LAST (0x2)
|    length: 100 (0x64)
|    prop #: 2 (0x2)
|    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
|    spi size: 0 (0x0)
|    # transforms: 11 (0xb)
| Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 12 (0xc)
|    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
|    IKEv2 transform ID: AES_GCM_C (0x14)
| ******parse IKEv2 Attribute Substructure Payload:
|    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
|    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
|    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_LAST (0x0)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
| remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH
| remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH
| ****parse IKEv2 Proposal Substructure Payload:
|    last proposal: v2_PROPOSAL_NON_LAST (0x2)
|    length: 116 (0x74)
|    prop #: 3 (0x3)
|    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
|    spi size: 0 (0x0)
|    # transforms: 13 (0xd)
| Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 12 (0xc)
|    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
|    IKEv2 transform ID: AES_CBC (0xc)
| ******parse IKEv2 Attribute Substructure Payload:
|    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
|    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
|    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
|    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
|    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_LAST (0x0)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
| remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
| remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
| ****parse IKEv2 Proposal Substructure Payload:
|    last proposal: v2_PROPOSAL_LAST (0x0)
|    length: 116 (0x74)
|    prop #: 4 (0x4)
|    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
|    spi size: 0 (0x0)
|    # transforms: 13 (0xd)
| Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 12 (0xc)
|    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
|    IKEv2 transform ID: AES_CBC (0xc)
| ******parse IKEv2 Attribute Substructure Payload:
|    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
|    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
|    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
|    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
|    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_LAST (0x0)
|    length: 8 (0x8)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
| remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
| remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
"main-north"[1] 192.1.2.45 #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519
| accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048
| converting proposal to internal trans attrs
| natd_hash: rcookie is zero
| natd_hash: hasher=0x563aecdfd800(20)
| natd_hash: icookie=  30 b8 78 88  f4 d6 0c 9b
| natd_hash: rcookie=  00 00 00 00  00 00 00 00
| natd_hash: ip=  c0 01 02 17
| natd_hash: port=500
| natd_hash: hash=  b1 28 92 f7  0c 3d 82 86  e9 2c 55 fa  bb 61 7b dc
| natd_hash: hash=  be e4 d0 3b
| natd_hash: rcookie is zero
| natd_hash: hasher=0x563aecdfd800(20)
| natd_hash: icookie=  30 b8 78 88  f4 d6 0c 9b
| natd_hash: rcookie=  00 00 00 00  00 00 00 00
| natd_hash: ip=  c0 01 02 2d
| natd_hash: port=500
| natd_hash: hash=  1b 29 96 cb  ce 6f 66 ff  a7 39 96 a6  75 00 80 0b
| natd_hash: hash=  28 08 03 06
| NAT_TRAVERSAL encaps using auto-detect
| NAT_TRAVERSAL this end is NOT behind NAT
| NAT_TRAVERSAL that end is NOT behind NAT
| NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45
| adding ikev2_inI1outR1 KE work-order 1 for state #1
| event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563aeeb21d48
| inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
| libevent_malloc: new ptr-libevent@0x563aeeb2d608 size 128
|   #1 spent 0.623 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet()
| [RE]START processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
| crypto helper 0 resuming
| #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND
| crypto helper 0 starting work-order 1 for state #1
| suspending state #1 and saving MD
| #1 is busy; has a suspended MD
| crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1
| [RE]START processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269)
| "main-north"[1] 192.1.2.45 #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451
| stop processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
| #1 spent 1.04 milliseconds in ikev2_process_packet()
| stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
| processing: STOP state #0 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 1.05 milliseconds in comm_handle_cb() reading and processing packet
| crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000992 seconds
| (#1) spent 0.967 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr)
| crypto helper 0 sending results from work-order 1 for state #1 to event queue
| scheduling resume sending helper answer for #1
| libevent_malloc: new ptr-libevent@0x7f2940002888 size 128
| crypto helper 0 waiting (nothing to do)
| processing resume sending helper answer for #1
| start processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in resume_handler() at server.c:797)
| crypto helper 0 replies to request ID 1
| calling continuation function 0x563aecd28b50
| ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1
| **emit ISAKMP Message:
|    initiator cookie:
|   30 b8 78 88  f4 d6 0c 9b
|    responder cookie:
|   4a 17 81 4f  d6 9f 44 e7
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
|    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
|    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
|    Message ID: 0 (0x0)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| Emitting ikev2_proposal ...
| ***emit IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2NONE (0x0)
|    flags: none (0x0)
| next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
| next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
| ****emit IKEv2 Proposal Substructure Payload:
|    last proposal: v2_PROPOSAL_LAST (0x0)
|    prop #: 1 (0x1)
|    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
|    spi size: 0 (0x0)
|    # transforms: 3 (0x3)
| last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
| *****emit IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
|    IKEv2 transform ID: AES_GCM_C (0x14)
| last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
| ******emit IKEv2 Attribute Substructure Payload:
|    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| emitting length of IKEv2 Transform Substructure Payload: 12
| *****emit IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST (0x3)
|    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
|    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
| last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
| last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
| emitting length of IKEv2 Transform Substructure Payload: 8
| *****emit IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_LAST (0x0)
|    IKEv2 transform type: TRANS_TYPE_DH (0x4)
|    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
| last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
| last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 36
| last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
| emitting length of IKEv2 Security Association Payload: 40
| last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
| ***emit IKEv2 Key Exchange Payload:
|    next payload type: ISAKMP_NEXT_v2NONE (0x0)
|    flags: none (0x0)
|    DH group: OAKLEY_GROUP_MODP2048 (0xe)
| next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
| next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
| emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
| ikev2 g^x  09 42 36 9f  cc e5 2d b3  22 aa f3 0b  7b 65 69 c9
| ikev2 g^x  1c 51 f2 3a  9c 30 b3 5e  33 d3 a2 fe  46 2a 3f 54
| ikev2 g^x  8f 92 c5 22  51 c5 a2 33  a0 c3 50 77  76 b5 ff 33
| ikev2 g^x  d2 60 2a 9f  7e e7 c0 d8  b7 ac 02 16  c1 8b c8 a3
| ikev2 g^x  e3 66 9c 12  83 8f 24 09  a3 6b 5a 98  0b 6d b1 f2
| ikev2 g^x  24 1d 91 a8  7a f0 26 22  e6 cb 51 19  8f 3a 31 4e
| ikev2 g^x  29 e9 c7 4f  23 5f ec 0f  db 36 61 e8  ea cb b7 80
| ikev2 g^x  b6 3a 1c 15  9c da 3e bf  cb 6c 57 4b  5e 34 0d 75
| ikev2 g^x  e1 42 63 0c  1e c0 35 0a  d5 db f6 ed  df f9 4b 86
| ikev2 g^x  2d e4 c9 39  80 9e 0e 7a  15 48 9f 4e  6d 23 a6 1e
| ikev2 g^x  0f 3f ad 6b  3e a5 42 98  fc d5 3b 65  0e 90 8a bc
| ikev2 g^x  66 04 21 7d  f5 51 55 ff  1b e2 01 64  b6 91 a6 14
| ikev2 g^x  3d 85 9d ec  7f 99 a4 bc  d7 70 8f 1a  03 44 27 90
| ikev2 g^x  56 97 00 ed  58 e9 81 59  db 2c 84 4d  18 b3 95 48
| ikev2 g^x  ac 50 fb cb  9b c6 d9 90  5d fa d4 5f  67 fc 83 27
| ikev2 g^x  0d d8 87 cc  d0 51 80 e5  3d 9c 26 a1  50 cf 81 be
| emitting length of IKEv2 Key Exchange Payload: 264
| ***emit IKEv2 Nonce Payload:
|    next payload type: ISAKMP_NEXT_v2N (0x29)
|    flags: none (0x0)
| next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N
| next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
| next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
| emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
| IKEv2 nonce  53 e3 cc c8  87 ed ba 62  17 68 6b c4  8e 50 2f 0a
| IKEv2 nonce  5c 09 58 5c  07 d7 c6 f7  c7 b4 ec 39  73 eb 17 ea
| emitting length of IKEv2 Nonce Payload: 36
| Adding a v2N Payload
| ***emit IKEv2 Notify Payload:
|    next payload type: ISAKMP_NEXT_v2NONE (0x0)
|    flags: none (0x0)
|    Protocol ID: PROTO_v2_RESERVED (0x0)
|    SPI size: 0 (0x0)
|    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
| next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
| next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
| emitting length of IKEv2 Notify Payload: 8
|  NAT-Traversal support  [enabled] add v2N payloads.
| natd_hash: hasher=0x563aecdfd800(20)
| natd_hash: icookie=  30 b8 78 88  f4 d6 0c 9b
| natd_hash: rcookie=  4a 17 81 4f  d6 9f 44 e7
| natd_hash: ip=  c0 01 02 17
| natd_hash: port=500
| natd_hash: hash=  6a bb 96 df  5d a6 17 42  d5 13 a3 f4  63 3f 27 83
| natd_hash: hash=  1d 15 74 66
| Adding a v2N Payload
| ***emit IKEv2 Notify Payload:
|    next payload type: ISAKMP_NEXT_v2NONE (0x0)
|    flags: none (0x0)
|    Protocol ID: PROTO_v2_RESERVED (0x0)
|    SPI size: 0 (0x0)
|    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
| next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
| next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
| emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
| Notify data  6a bb 96 df  5d a6 17 42  d5 13 a3 f4  63 3f 27 83
| Notify data  1d 15 74 66
| emitting length of IKEv2 Notify Payload: 28
| natd_hash: hasher=0x563aecdfd800(20)
| natd_hash: icookie=  30 b8 78 88  f4 d6 0c 9b
| natd_hash: rcookie=  4a 17 81 4f  d6 9f 44 e7
| natd_hash: ip=  c0 01 02 2d
| natd_hash: port=500
| natd_hash: hash=  27 b9 db a8  ed c0 ac 26  1c 81 7f 6b  94 d7 b7 69
| natd_hash: hash=  8f 67 11 56
| Adding a v2N Payload
| ***emit IKEv2 Notify Payload:
|    next payload type: ISAKMP_NEXT_v2NONE (0x0)
|    flags: none (0x0)
|    Protocol ID: PROTO_v2_RESERVED (0x0)
|    SPI size: 0 (0x0)
|    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
| next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
| next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
| emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
| Notify data  27 b9 db a8  ed c0 ac 26  1c 81 7f 6b  94 d7 b7 69
| Notify data  8f 67 11 56
| emitting length of IKEv2 Notify Payload: 28
| going to send a certreq
| connection->kind is not CK_PERMANENT (instance), so collect CAs
| find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports
| Not a roadwarrior instance, sending empty CA in CERTREQ
| ***emit IKEv2 Certificate Request Payload:
|    next payload type: ISAKMP_NEXT_v2NONE (0x0)
|    flags: none (0x0)
|    ikev2 cert encoding: CERT_X509_SIGNATURE (0x4)
| next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ)
| next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet'
| emitting length of IKEv2 Certificate Request Payload: 5
| emitting length of ISAKMP Message: 437
| [RE]START processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
| #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK
| IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1
| parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA)
| Message ID: updating counters for #1 to 0 after switching state
| Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1
| Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1
"main-north"[1] 192.1.2.45 #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
| sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
| sending 437 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
|   30 b8 78 88  f4 d6 0c 9b  4a 17 81 4f  d6 9f 44 e7
|   21 20 22 20  00 00 00 00  00 00 01 b5  22 00 00 28
|   00 00 00 24  01 01 00 03  03 00 00 0c  01 00 00 14
|   80 0e 01 00  03 00 00 08  02 00 00 07  00 00 00 08
|   04 00 00 0e  28 00 01 08  00 0e 00 00  09 42 36 9f
|   cc e5 2d b3  22 aa f3 0b  7b 65 69 c9  1c 51 f2 3a
|   9c 30 b3 5e  33 d3 a2 fe  46 2a 3f 54  8f 92 c5 22
|   51 c5 a2 33  a0 c3 50 77  76 b5 ff 33  d2 60 2a 9f
|   7e e7 c0 d8  b7 ac 02 16  c1 8b c8 a3  e3 66 9c 12
|   83 8f 24 09  a3 6b 5a 98  0b 6d b1 f2  24 1d 91 a8
|   7a f0 26 22  e6 cb 51 19  8f 3a 31 4e  29 e9 c7 4f
|   23 5f ec 0f  db 36 61 e8  ea cb b7 80  b6 3a 1c 15
|   9c da 3e bf  cb 6c 57 4b  5e 34 0d 75  e1 42 63 0c
|   1e c0 35 0a  d5 db f6 ed  df f9 4b 86  2d e4 c9 39
|   80 9e 0e 7a  15 48 9f 4e  6d 23 a6 1e  0f 3f ad 6b
|   3e a5 42 98  fc d5 3b 65  0e 90 8a bc  66 04 21 7d
|   f5 51 55 ff  1b e2 01 64  b6 91 a6 14  3d 85 9d ec
|   7f 99 a4 bc  d7 70 8f 1a  03 44 27 90  56 97 00 ed
|   58 e9 81 59  db 2c 84 4d  18 b3 95 48  ac 50 fb cb
|   9b c6 d9 90  5d fa d4 5f  67 fc 83 27  0d d8 87 cc
|   d0 51 80 e5  3d 9c 26 a1  50 cf 81 be  29 00 00 24
|   53 e3 cc c8  87 ed ba 62  17 68 6b c4  8e 50 2f 0a
|   5c 09 58 5c  07 d7 c6 f7  c7 b4 ec 39  73 eb 17 ea
|   29 00 00 08  00 00 40 2e  29 00 00 1c  00 00 40 04
|   6a bb 96 df  5d a6 17 42  d5 13 a3 f4  63 3f 27 83
|   1d 15 74 66  26 00 00 1c  00 00 40 05  27 b9 db a8
|   ed c0 ac 26  1c 81 7f 6b  94 d7 b7 69  8f 67 11 56
|   00 00 00 05  04
| state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
| libevent_free: release ptr-libevent@0x563aeeb2d608
| free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563aeeb21d48
| event_schedule: new EVENT_SO_DISCARD-pe@0x563aeeb21d48
| inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1
| libevent_malloc: new ptr-libevent@0x563aeeb2ccb8 size 128
| resume sending helper answer for #1 suppresed complete_v2_state_transition()
| #1 spent 0.36 milliseconds in resume sending helper answer
| stop processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in resume_handler() at server.c:833)
| libevent_free: release ptr-libevent@0x7f2940002888
| spent 0.00261 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 539 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
|   30 b8 78 88  f4 d6 0c 9b  4a 17 81 4f  d6 9f 44 e7
|   35 20 23 08  00 00 00 01  00 00 02 1b  23 00 01 ff
|   00 01 00 05  2b 66 66 d8  3b 0e 92 4f  d6 c3 b5 f2
|   cd fc 45 a6  d5 5e bf 1b  23 d2 45 1c  5f c2 65 36
|   12 e9 14 6b  fe af 03 e7  f4 55 a0 bd  ad f5 2a 65
|   48 c8 0b b4  41 2f 20 9c  b7 a5 1c 5f  44 d9 8d bd
|   d2 e9 cd 3a  d7 66 91 6a  70 6c 94 29  68 61 21 3f
|   89 d6 3d 45  3a ed d4 ec  66 54 82 6c  d5 5b 8d 36
|   6b 85 ea 00  ac 09 b9 13  88 17 f7 ff  4a 3e 69 4a
|   ef aa a8 13  a1 ce 91 4a  85 25 15 89  38 c8 1b 74
|   5d 97 88 e5  cd be 0c 1e  39 f6 12 51  44 0b d5 9c
|   49 fc 62 50  ff bf 38 14  2a ef de 89  26 89 9f c0
|   a1 75 42 7e  9a 98 61 08  a6 f3 70 c8  7d fe 63 c3
|   d0 97 0f 4c  73 ab 6f 27  63 44 ce 89  a3 08 90 b1
|   29 94 42 16  67 f8 07 63  30 67 b4 21  93 fb 22 13
|   a8 21 20 5f  f2 28 f3 4d  f8 a8 01 ba  d6 69 9e 86
|   7d 6f 22 ec  9d af 10 10  17 37 ee 60  b6 79 1e fc
|   6e 6b 43 1b  63 bc 36 23  cd c2 5a 42  02 d2 23 1c
|   91 72 05 9b  ab 35 15 ab  46 e1 bb f9  47 36 62 93
|   3c c1 26 24  b8 fd 0e 1b  67 91 68 6a  2e 7d 15 e6
|   e4 18 be 2e  40 a8 e4 43  51 d6 2d 87  a6 08 48 49
|   58 df f8 6b  db 4c ed d9  83 34 21 f6  ec 59 79 60
|   24 57 0c 97  d0 86 64 31  01 7a 16 20  b5 a4 c7 fb
|   ec be 06 3c  51 8f 4e 7d  78 0b 20 25  17 69 97 63
|   8f 7b 24 e3  7a c8 f0 cb  ee d7 92 6b  92 bc 12 d2
|   ca 83 56 71  38 b3 fb a9  6f 2d 64 a1  c6 73 43 aa
|   3b d4 19 20  1e 0b 96 cd  f1 05 c9 17  43 74 40 b3
|   eb 8d 31 2d  0a bc 07 2b  02 c2 e6 11  ed 77 07 09
|   76 b2 ff 28  9e 71 7d 7c  04 a1 20 0d  19 ab b0 b0
|   5a e0 dd 00  2e f0 f2 3c  26 8d 87 cb  9d 99 d6 7d
|   36 21 f2 db  6f 70 36 a2  74 63 f9 84  d5 e8 43 7a
|   59 4b 0b 04  38 d5 f8 92  93 08 71 bd  c9 e6 70 06
|   22 4f ee 9f  c0 c4 da e0  e4 24 84 89  b0 0d a7 fd
|   b0 22 3b 25  0c f2 82 6e  04 13 3b
| start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
|    initiator cookie:
|   30 b8 78 88  f4 d6 0c 9b
|    responder cookie:
|   4a 17 81 4f  d6 9f 44 e7
|    next payload type: ISAKMP_NEXT_v2SKF (0x35)
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
|    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
|    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
|    Message ID: 1 (0x1)
|    length: 539 (0x21b)
|  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
| I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request 
| State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa)
| start processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
| State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
| [RE]START processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
| #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
| Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0
| unpacking clear payload
| Now let's proceed with payload (ISAKMP_NEXT_v2SKF)
| ***parse IKEv2 Encrypted Fragment:
|    next payload type: ISAKMP_NEXT_v2IDi (0x23)
|    flags: none (0x0)
|    length: 511 (0x1ff)
|    fragment number: 1 (0x1)
|    total fragments: 5 (0x5)
| processing payload: ISAKMP_NEXT_v2SKF (len=503)
| Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1
| #1 in state PARENT_R1: received v2I1, sent v2R1
| received IKE encrypted fragment number '1', total number '5', next payload '35'
|  updated IKE fragment state to respond using fragments without waiting for re-transmits
| stop processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
| #1 spent 0.117 milliseconds in ikev2_process_packet()
| stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
| processing: STOP state #0 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.125 milliseconds in comm_handle_cb() reading and processing packet
| spent 0.00116 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 539 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
|   30 b8 78 88  f4 d6 0c 9b  4a 17 81 4f  d6 9f 44 e7
|   35 20 23 08  00 00 00 01  00 00 02 1b  00 00 01 ff
|   00 02 00 05  45 a8 05 17  18 f2 4b 1c  cf e4 62 96
|   3d 50 30 bc  ea 11 00 bc  ba 94 dc 31  9c 9f f8 33
|   91 9f 2c 32  00 f8 bd 8e  5d f1 68 58  f0 7e 68 5e
|   84 bf 27 1a  34 bf a4 f4  50 3b 56 df  ff 27 33 85
|   84 77 52 17  27 d7 ed e4  e0 36 b2 a8  08 38 a4 fd
|   fa 7d 25 d3  c1 b4 0e 3c  d9 74 29 06  dc ee 85 76
|   75 43 e5 c0  3c 28 fa e4  26 35 01 fa  a2 4d bb 2c
|   c9 dd 9f 5e  3c 79 58 dc  87 98 1c 66  bf ef 2f b5
|   4e 7c f5 b8  34 a3 be 52  6f ad 20 4e  a1 e8 25 f3
|   f8 6a 01 fb  74 9d f0 a4  6d 93 c1 ac  fa 4a 59 d0
|   63 e0 0c b3  62 59 2a 8d  95 c6 65 8e  c2 d8 e6 24
|   d3 f8 5d 9c  8c b2 a1 76  2b d8 ac 6c  9e 24 20 73
|   ad 22 ed de  77 52 9e 9f  74 30 ac 48  2e ff d6 02
|   40 2f 55 7e  8c 5d bd cb  c4 24 1a 33  98 73 06 0b
|   83 9d 2a 93  76 16 46 9e  43 83 9d b2  de 03 2a c8
|   b0 24 05 41  11 3b ca 57  5d 7f 6f 92  43 d5 41 fe
|   23 81 93 ed  32 5c fa 4d  5c 2d 2a 16  e4 66 12 30
|   9f 1e 27 80  c5 04 c8 42  2d 8c 32 ab  32 bc 63 d4
|   d8 b9 58 4c  5f 03 ce 9b  27 e9 37 3f  4f 12 0b a0
|   97 ce 27 d8  c0 10 a7 2a  b2 7a 61 84  eb d4 81 8b
|   8e 3b 30 2f  b0 0d 52 0a  95 75 b3 6e  88 e4 a2 82
|   5f ea 74 39  d2 fa db 58  39 0b 33 1e  e6 fd 56 98
|   6a fd 6f ef  e1 d8 3e 4a  95 cd 7b a9  3e 46 98 c5
|   e8 c4 96 38  d9 bf a7 47  bb 66 4a 82  8d 0c d6 97
|   9a 63 60 27  15 c0 9e 61  32 0a 78 e3  e9 4b 96 73
|   2d f5 0e 83  60 c9 0c 7b  3b 20 09 61  e2 4d f2 79
|   c5 99 0c f4  b8 23 be ae  98 08 5a d2  d9 37 75 42
|   ba cc f4 c6  2d 6e df f2  48 a2 21 59  b4 eb 74 04
|   d9 3f 5e bc  fc e8 cc b2  1d 34 c1 ac  cf d7 49 c2
|   99 f8 be 40  c1 cb 25 7b  14 fe f0 3b  5a a3 05 7d
|   39 92 0d 02  07 60 92 03  34 e7 d6 5b  8b 2a 14 82
|   9e 29 81 14  80 80 fe 70  98 3b fb
| start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
|    initiator cookie:
|   30 b8 78 88  f4 d6 0c 9b
|    responder cookie:
|   4a 17 81 4f  d6 9f 44 e7
|    next payload type: ISAKMP_NEXT_v2SKF (0x35)
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
|    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
|    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
|    Message ID: 1 (0x1)
|    length: 539 (0x21b)
|  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
| I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request 
| State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa)
| start processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
| [RE]START processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2062)
| #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
| #1 is idle
| #1 idle
| Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1
| unpacking clear payload
| Now let's proceed with payload (ISAKMP_NEXT_v2SKF)
| ***parse IKEv2 Encrypted Fragment:
|    next payload type: ISAKMP_NEXT_v2NONE (0x0)
|    flags: none (0x0)
|    length: 511 (0x1ff)
|    fragment number: 2 (0x2)
|    total fragments: 5 (0x5)
| processing payload: ISAKMP_NEXT_v2SKF (len=503)
| #1 in state PARENT_R1: received v2I1, sent v2R1
| received IKE encrypted fragment number '2', total number '5', next payload '0'
| stop processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
| #1 spent 0.102 milliseconds in ikev2_process_packet()
| stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
| processing: STOP state #0 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.11 milliseconds in comm_handle_cb() reading and processing packet
| spent 0.00112 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 539 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
|   30 b8 78 88  f4 d6 0c 9b  4a 17 81 4f  d6 9f 44 e7
|   35 20 23 08  00 00 00 01  00 00 02 1b  00 00 01 ff
|   00 03 00 05  0a 28 5a 8e  fc c5 a6 59  32 c0 66 b6
|   66 8c 50 fc  20 43 63 3c  69 6e 09 92  5f 29 4b a4
|   7a 30 da 08  e7 3f b8 8b  04 9c 32 e1  41 72 17 58
|   ca 35 52 cc  54 08 e2 5b  8f b3 e4 59  65 b7 6d 2b
|   94 f3 64 15  bf 31 f5 c6  26 dc 55 c6  d8 8f 4f eb
|   39 c4 93 da  e4 bb 48 02  ea 07 91 22  3b 8f 85 6d
|   4c 50 15 cb  02 af da 0a  ba 97 ae 39  fc b6 9e cf
|   78 92 46 fc  7d 5b 10 2a  6d b9 80 e8  00 81 29 44
|   da c0 89 8a  98 84 4d 7e  d4 fd 3c af  cd fd 82 37
|   c2 69 8e 9b  33 5c 7a a9  7e ca 80 29  4a c2 eb 10
|   62 a1 9f 7d  28 39 9a 22  a3 10 73 f1  b3 e5 51 64
|   79 14 00 a1  99 e9 34 3d  d9 5f fc f7  a9 b8 e2 bf
|   68 11 14 47  63 65 75 a7  62 01 f9 79  50 62 9c a7
|   6f d4 50 58  eb a9 cb 6c  01 c9 da 1b  f5 d4 da 3e
|   bf d1 86 e9  fd 01 4a e1  12 73 78 b5  78 46 54 31
|   70 0c af b7  8c 95 d5 d6  4d 23 6d 09  be 76 5f 67
|   10 6e 7a 65  42 3b 65 40  06 b8 79 2b  44 b0 9f f3
|   5d fd 0c 8b  70 ad 8b 47  12 80 7a 36  2f 89 9c 00
|   3f db 07 3d  4e 13 18 05  e5 68 36 6a  b5 f0 2a 65
|   d8 b0 a5 dd  26 fe 47 04  3c 5e e4 02  a1 2a 0e b8
|   b8 e8 53 ff  d9 67 b8 6c  21 fb 2f d8  98 04 81 cf
|   01 bd 07 9e  75 0b 8a 4d  6f bf 1d bc  aa 95 c4 f3
|   a7 b0 00 91  c6 be e4 d6  87 7f 4e 12  6d a4 d8 d9
|   00 d3 33 c9  70 a4 fd dd  6b 73 1c b0  f3 8f 40 2c
|   66 a7 13 b3  55 c1 d4 86  b9 fc 0d 50  b9 cc 9d a5
|   26 a7 c0 e7  18 b9 26 22  88 f9 0b 42  7d cf b8 a3
|   df 38 f2 5d  50 ca 18 84  ef ae e7 98  a9 4d 3c 47
|   f8 fb 73 6a  ce 88 2e a7  e8 8c e3 43  7a ea 08 59
|   52 c7 07 f0  16 e6 d7 26  b3 dd a3 79  51 e4 47 3f
|   09 84 7d cf  bf 0e ee eb  d9 f2 05 fe  fa 81 11 e7
|   e2 26 d0 bc  f9 d3 14 cc  5c 73 41 9e  b1 83 4c 16
|   cf 73 3f 16  3b cf 64 29  24 15 5d
| start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
|    initiator cookie:
|   30 b8 78 88  f4 d6 0c 9b
|    responder cookie:
|   4a 17 81 4f  d6 9f 44 e7
|    next payload type: ISAKMP_NEXT_v2SKF (0x35)
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
|    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
|    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
|    Message ID: 1 (0x1)
|    length: 539 (0x21b)
|  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
| I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request 
| State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa)
| start processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
| [RE]START processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2062)
| #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
| #1 is idle
| #1 idle
| Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1
| unpacking clear payload
| Now let's proceed with payload (ISAKMP_NEXT_v2SKF)
| ***parse IKEv2 Encrypted Fragment:
|    next payload type: ISAKMP_NEXT_v2NONE (0x0)
|    flags: none (0x0)
|    length: 511 (0x1ff)
|    fragment number: 3 (0x3)
|    total fragments: 5 (0x5)
| processing payload: ISAKMP_NEXT_v2SKF (len=503)
| #1 in state PARENT_R1: received v2I1, sent v2R1
| received IKE encrypted fragment number '3', total number '5', next payload '0'
| stop processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
| #1 spent 0.0903 milliseconds in ikev2_process_packet()
| stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
| processing: STOP state #0 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.0971 milliseconds in comm_handle_cb() reading and processing packet
| spent 0.001 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 539 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
|   30 b8 78 88  f4 d6 0c 9b  4a 17 81 4f  d6 9f 44 e7
|   35 20 23 08  00 00 00 01  00 00 02 1b  00 00 01 ff
|   00 04 00 05  07 fb c5 4c  01 02 ad 5e  6f f0 ef 47
|   a4 82 df e3  59 b5 45 9f  12 98 4a b8  bb 72 72 33
|   3b f7 cc ff  17 81 bd 12  60 62 a9 3d  33 56 fa 5b
|   66 40 68 65  cd b9 5e 59  4b a2 b8 68  21 a0 38 0e
|   7a de 67 9a  65 1e 52 21  ea 08 3e 92  4c e9 bf 25
|   77 0e 2b 08  0c 61 90 b1  a2 62 ec 02  3d 05 3e b1
|   4e a0 a6 5e  95 7d dd c1  f9 a8 64 5b  30 42 d6 47
|   7d 35 d9 c7  3f fd c1 ae  99 ad 5b 9e  11 43 48 8f
|   3c 84 a0 bb  a5 08 3a 2c  b1 5c 45 dd  c8 c1 17 89
|   29 f2 0a 66  49 ec cc db  95 b9 e3 3f  32 ac c2 53
|   ac b9 fc a6  41 57 58 25  6c 99 77 9b  21 43 43 eb
|   31 25 6d 8b  cb d1 f7 fc  17 39 f7 db  f9 b5 5e 89
|   ae 4c 62 67  e3 95 8b d9  5e 21 2d 89  de ba 58 67
|   d8 63 3c 03  d0 4e 15 39  8c 45 82 9a  32 65 ed f5
|   c5 0e 7c 80  00 b0 de eb  1c 42 fb 95  4b c7 4b 10
|   2f 31 ee 6e  e9 a0 2a 80  6d 91 29 6d  58 bb d2 1f
|   47 32 41 a8  a6 69 73 22  81 f8 04 f8  2b 77 8c fc
|   6d b9 d3 73  11 c2 a4 dd  3f 2f 40 a7  fa 96 8a c2
|   55 c2 57 8f  61 2e 15 40  4e 5e 06 ea  48 b7 84 69
|   84 af 52 a6  27 18 c6 07  1b ff 3a 8a  f2 8b e8 0a
|   3d eb 88 22  a3 be 2e 94  bb 0a 92 7f  de f7 03 84
|   15 86 f7 d3  89 4d 6c 2a  3d 53 77 91  35 5d fe b8
|   2a ee f5 c8  58 cc bb 78  c5 cb 3a 75  ef 9c 70 76
|   6d 56 65 39  3c 46 f4 c5  d5 70 51 df  1d 64 fa f3
|   a7 f5 61 64  cc 5d 0f d9  79 e7 6c 52  a8 4a 5c 8b
|   35 2f b4 30  f9 56 62 d2  bf 7b ef 55  a9 60 be 5a
|   b8 ba 55 d9  7d b9 9b df  b5 b3 be 1b  92 f6 1f 61
|   e5 be 99 11  4d 59 7d 46  d8 02 fd d9  38 f2 7f 51
|   5e f5 7e 61  4c 0a 6a ef  4a f1 74 23  0c 2e 6c 42
|   07 68 8c c0  c0 54 59 80  66 93 7c dd  57 8f 7a af
|   4a 41 91 78  24 e3 f2 26  14 48 d3 0f  0d 55 30 61
|   9a 75 ae 09  fb 49 8c ff  f6 43 9a
| start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
|    initiator cookie:
|   30 b8 78 88  f4 d6 0c 9b
|    responder cookie:
|   4a 17 81 4f  d6 9f 44 e7
|    next payload type: ISAKMP_NEXT_v2SKF (0x35)
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
|    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
|    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
|    Message ID: 1 (0x1)
|    length: 539 (0x21b)
|  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
| I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request 
| State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa)
| start processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
| [RE]START processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2062)
| #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
| #1 is idle
| #1 idle
| Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1
| unpacking clear payload
| Now let's proceed with payload (ISAKMP_NEXT_v2SKF)
| ***parse IKEv2 Encrypted Fragment:
|    next payload type: ISAKMP_NEXT_v2NONE (0x0)
|    flags: none (0x0)
|    length: 511 (0x1ff)
|    fragment number: 4 (0x4)
|    total fragments: 5 (0x5)
| processing payload: ISAKMP_NEXT_v2SKF (len=503)
| #1 in state PARENT_R1: received v2I1, sent v2R1
| received IKE encrypted fragment number '4', total number '5', next payload '0'
| stop processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
| #1 spent 0.127 milliseconds in ikev2_process_packet()
| stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
| processing: STOP state #0 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.138 milliseconds in comm_handle_cb() reading and processing packet
| spent 0.00149 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 425 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
|   30 b8 78 88  f4 d6 0c 9b  4a 17 81 4f  d6 9f 44 e7
|   35 20 23 08  00 00 00 01  00 00 01 a9  00 00 01 8d
|   00 05 00 05  39 21 df f6  82 92 e2 4a  2c a9 3b 77
|   18 a2 6e fd  8a 90 ab e0  09 e7 7f 2f  d9 35 21 8b
|   8f 80 28 cc  e9 79 78 82  a0 85 7b b4  fc 36 84 7f
|   f0 b5 77 d2  3e a2 38 ff  a5 a7 c0 6c  5a 0a 97 ad
|   64 c0 f4 b9  0f d1 ee 3b  15 82 9c ee  0d 96 da 45
|   cd 93 44 a8  c3 4d 2d dc  6e 17 eb 96  0b 64 21 ae
|   39 c2 06 81  f0 a9 b4 e4  63 56 06 75  b6 37 e7 cb
|   cd 0c 5b 58  3a b4 93 7d  36 f7 63 50  db 7d 66 ab
|   31 af 4b 1e  e7 0c 83 47  dc fa e9 f4  5d 44 d5 f5
|   22 9a a2 7b  e4 86 62 2d  f8 99 ca 8f  eb b5 08 99
|   58 e1 7a a3  9b 4b e9 a5  b1 86 b3 fc  1f 2e 88 f9
|   de 30 a9 10  de d4 04 87  48 33 5f 43  ef 86 9b 0e
|   76 4e 04 0d  2d cc 07 cb  19 1d c1 ba  c7 ea 89 87
|   7b ea 7a 30  60 59 b1 c2  10 74 d9 9d  c3 a7 2f e6
|   f9 39 80 2b  53 11 3f 0f  a9 7f b7 0b  85 a5 38 ed
|   84 a1 82 38  bc 1b 2f 33  aa a5 96 14  3e 96 a6 4f
|   1a f3 ba 5c  a5 43 59 ee  6c 38 d2 c8  6b f2 ac c8
|   e7 03 9c 3e  7a b6 c4 93  f3 c8 d5 c4  f0 ac 92 81
|   46 d6 67 de  57 f2 49 5b  fc 77 ed f3  03 76 62 cf
|   df c2 6c 86  73 0c 86 d2  1c 07 cd 79  33 2f 2e 9c
|   df 37 84 d1  70 ef d3 90  8f 77 24 4a  6f a3 98 f3
|   83 d5 dc d9  37 52 9e 8d  af 2d 97 30  f4 33 d1 35
|   dc f8 21 5e  79 d5 9c 1b  03 9a 08 1f  03 53 cf 82
|   ed 02 49 6c  fa 05 4f e0  7a 98 d0 f8  d2 19 79 70
|   3a 12 cf 00  67 09 52 15  c6
| start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
|    initiator cookie:
|   30 b8 78 88  f4 d6 0c 9b
|    responder cookie:
|   4a 17 81 4f  d6 9f 44 e7
|    next payload type: ISAKMP_NEXT_v2SKF (0x35)
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
|    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
|    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
|    Message ID: 1 (0x1)
|    length: 425 (0x1a9)
|  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
| I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request 
| State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa)
| start processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
| [RE]START processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2062)
| #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
| #1 is idle
| #1 idle
| Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1
| unpacking clear payload
| Now let's proceed with payload (ISAKMP_NEXT_v2SKF)
| ***parse IKEv2 Encrypted Fragment:
|    next payload type: ISAKMP_NEXT_v2NONE (0x0)
|    flags: none (0x0)
|    length: 397 (0x18d)
|    fragment number: 5 (0x5)
|    total fragments: 5 (0x5)
| processing payload: ISAKMP_NEXT_v2SKF (len=389)
| #1 in state PARENT_R1: received v2I1, sent v2R1
| received IKE encrypted fragment number '5', total number '5', next payload '0'
| selected state microcode Responder: process IKE_AUTH request (no SKEYSEED)
| Now let's proceed with state specific processing
| calling processor Responder: process IKE_AUTH request (no SKEYSEED)
| ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2
| offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16
| adding ikev2_inI2outR2 KE work-order 2 for state #1
| state #1 requesting EVENT_SO_DISCARD to be deleted
| libevent_free: release ptr-libevent@0x563aeeb2ccb8
| free_event_entry: release EVENT_SO_DISCARD-pe@0x563aeeb21d48
| event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563aeeb21d48
| inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
| libevent_malloc: new ptr-libevent@0x7f2940002888 size 128
|   #1 spent 0.0302 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet()
| crypto helper 3 resuming
| [RE]START processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
| #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND
| crypto helper 3 starting work-order 2 for state #1
| suspending state #1 and saving MD
| #1 is busy; has a suspended MD
| crypto helper 3 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2
| [RE]START processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269)
| "main-north"[1] 192.1.2.45 #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451
| stop processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
| #1 spent 0.201 milliseconds in ikev2_process_packet()
| stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
| processing: STOP state #0 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.208 milliseconds in comm_handle_cb() reading and processing packet
| calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4
| crypto helper 3 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001223 seconds
| (#1) spent 1.23 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr)
| crypto helper 3 sending results from work-order 2 for state #1 to event queue
| scheduling resume sending helper answer for #1
| libevent_malloc: new ptr-libevent@0x7f2938000f48 size 128
| crypto helper 3 waiting (nothing to do)
| processing resume sending helper answer for #1
| start processing: state #1 connection "main-north"[1] 192.1.2.45 from 192.1.2.45:500 (in resume_handler() at server.c:797)
| crypto helper 3 replies to request ID 2
| calling continuation function 0x563aecd28b50
| ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2
| #1 in state PARENT_R1: received v2I1, sent v2R1
| already have all fragments, skipping fragment collection
| already have all fragments, skipping fragment collection
| #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success
| Now let's proceed with payload (ISAKMP_NEXT_v2IDi)
| **parse IKEv2 Identification - Initiator - Payload:
|    next payload type: ISAKMP_NEXT_v2CERT (0x25)
|    flags: none (0x0)
|    length: 191 (0xbf)
|    ID type: ID_DER_ASN1_DN (0x9)
| processing payload: ISAKMP_NEXT_v2IDi (len=183)
| Now let's proceed with payload (ISAKMP_NEXT_v2CERT)
| **parse IKEv2 Certificate Payload:
|    next payload type: ISAKMP_NEXT_v2CERTREQ (0x26)
|    flags: none (0x0)
|    length: 1265 (0x4f1)
|    ikev2 cert encoding: CERT_X509_SIGNATURE (0x4)
| processing payload: ISAKMP_NEXT_v2CERT (len=1260)
| Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ)
| **parse IKEv2 Certificate Request Payload:
|    next payload type: ISAKMP_NEXT_v2IDr (0x24)
|    flags: none (0x0)
|    length: 25 (0x19)
|    ikev2 cert encoding: CERT_X509_SIGNATURE (0x4)
| processing payload: ISAKMP_NEXT_v2CERTREQ (len=20)
| Now let's proceed with payload (ISAKMP_NEXT_v2IDr)
| **parse IKEv2 Identification - Responder - Payload:
|    next payload type: ISAKMP_NEXT_v2AUTH (0x27)
|    flags: none (0x0)
|    length: 191 (0xbf)
|    ID type: ID_DER_ASN1_DN (0x9)
| processing payload: ISAKMP_NEXT_v2IDr (len=183)
| Now let's proceed with payload (ISAKMP_NEXT_v2AUTH)
| **parse IKEv2 Authentication Payload:
|    next payload type: ISAKMP_NEXT_v2SA (0x21)
|    flags: none (0x0)
|    length: 392 (0x188)
|    auth method: IKEv2_AUTH_RSA (0x1)
| processing payload: ISAKMP_NEXT_v2AUTH (len=384)
| Now let's proceed with payload (ISAKMP_NEXT_v2SA)
| **parse IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2TSi (0x2c)
|    flags: none (0x0)
|    length: 164 (0xa4)
| processing payload: ISAKMP_NEXT_v2SA (len=160)
| Now let's proceed with payload (ISAKMP_NEXT_v2TSi)
| **parse IKEv2 Traffic Selector - Initiator - Payload:
|    next payload type: ISAKMP_NEXT_v2TSr (0x2d)
|    flags: none (0x0)
|    length: 24 (0x18)
|    number of TS: 1 (0x1)
| processing payload: ISAKMP_NEXT_v2TSi (len=16)
| Now let's proceed with payload (ISAKMP_NEXT_v2TSr)
| **parse IKEv2 Traffic Selector - Responder - Payload:
|    next payload type: ISAKMP_NEXT_v2NONE (0x0)
|    flags: none (0x0)
|    length: 24 (0x18)
|    number of TS: 1 (0x1)
| processing payload: ISAKMP_NEXT_v2TSr (len=16)
| selected state microcode Responder: process IKE_AUTH request
| Now let's proceed with state specific processing
| calling processor Responder: process IKE_AUTH request
"main-north"[1] 192.1.2.45 #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,IDr,AUTH,SA,TSi,TSr}
| #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669)
| global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds
loading root certificate cache
| spent 2.76 milliseconds in get_root_certs() calling PK11_ListCertsInSlot()
| spent 0.0241 milliseconds in get_root_certs() filtering CAs
|       #1 spent 2.81 milliseconds in find_and_verify_certs() calling get_root_certs()
| checking for known CERT payloads
| saving certificate of type 'X509_SIGNATURE'
| decoded cert: E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
|       #1 spent 0.232 milliseconds in find_and_verify_certs() calling decode_cert_payloads()
| cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
|       #1 spent 0.0418 milliseconds in find_and_verify_certs() calling crl_update_check()
| missing or expired CRL
| crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0
| verify_end_cert trying profile IPsec
"main-north"[1] 192.1.2.45 #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification
"main-north"[1] 192.1.2.45 #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure.
|       #1 spent 0.457 milliseconds in find_and_verify_certs() calling verify_end_cert()
"main-north"[1] 192.1.2.45 #1: X509: Certificate rejected for this connection
"main-north"[1] 192.1.2.45 #1: X509: CERT payload bogus or revoked
| DER ASN1 DN:  30 81 b4 31  0b 30 09 06  03 55 04 06  13 02 43 41
| DER ASN1 DN:  31 10 30 0e  06 03 55 04  08 0c 07 4f  6e 74 61 72
| DER ASN1 DN:  69 6f 31 10  30 0e 06 03  55 04 07 0c  07 54 6f 72
| DER ASN1 DN:  6f 6e 74 6f  31 12 30 10  06 03 55 04  0a 0c 09 4c
| DER ASN1 DN:  69 62 72 65  73 77 61 6e  31 18 30 16  06 03 55 04
| DER ASN1 DN:  0b 0c 0f 54  65 73 74 20  44 65 70 61  72 74 6d 65
| DER ASN1 DN:  6e 74 31 23  30 21 06 03  55 04 03 0c  1a 77 65 73
| DER ASN1 DN:  74 2e 74 65  73 74 69 6e  67 2e 6c 69  62 72 65 73
| DER ASN1 DN:  77 61 6e 2e  6f 72 67 31  2e 30 2c 06  09 2a 86 48
| DER ASN1 DN:  86 f7 0d 01  09 01 16 1f  75 73 65 72  2d 77 65 73
| DER ASN1 DN:  74 40 74 65  73 74 69 6e  67 2e 6c 69  62 72 65 73
| DER ASN1 DN:  77 61 6e 2e  6f 72 67
| received IDr payload - extracting our alleged ID
| DER ASN1 DN:  30 81 b4 31  0b 30 09 06  03 55 04 06  13 02 43 41
| DER ASN1 DN:  31 10 30 0e  06 03 55 04  08 13 07 4f  6e 74 61 72
| DER ASN1 DN:  69 6f 31 10  30 0e 06 03  55 04 07 13  07 54 6f 72
| DER ASN1 DN:  6f 6e 74 6f  31 12 30 10  06 03 55 04  0a 13 09 4c
| DER ASN1 DN:  69 62 72 65  73 77 61 6e  31 18 30 16  06 03 55 04
| DER ASN1 DN:  0b 13 0f 54  65 73 74 20  44 65 70 61  72 74 6d 65
| DER ASN1 DN:  6e 74 31 23  30 21 06 03  55 04 03 13  1a 65 61 73
| DER ASN1 DN:  74 2e 74 65  73 74 69 6e  67 2e 6c 69  62 72 65 73
| DER ASN1 DN:  77 61 6e 2e  6f 72 67 31  2e 30 2c 06  09 2a 86 48
| DER ASN1 DN:  86 f7 0d 01  09 01 16 1f  75 73 65 72  2d 65 61 73
| DER ASN1 DN:  74 40 74 65  73 74 69 6e  67 2e 6c 69  62 72 65 73
| DER ASN1 DN:  77 61 6e 2e  6f 72 67
| CERT_X509_SIGNATURE CR:
|   58 13 71 57  9d ee 1a 15  74 03 12 80  12 4d c1 85
|   2b 92 25 e9
|   cert blob content is not binary ASN.1
| refine_host_connection for IKEv2: starting with "main-north"[1] 192.1.2.45
|    match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org
|             b=%fromcert
|    results  fail
| refine_host_connection: checking "main-north"[1] 192.1.2.45 against "main-north"[1] 192.1.2.45, best=(none) with match=0(id=0(0)/ca=1(0)/reqca=1(0))
| Warning: not switching back to template of current instance
| Peer expects us to be C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org (ID_DER_ASN1_DN) according to its IDr payload
| This connection's local id is C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org (ID_DER_ASN1_DN)
"main-north"[1] 192.1.2.45 #1: No matching subjectAltName found for '=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org'
| IDr payload 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' is NOT a valid certificate SAN for this connection
| Peer IDr payload does not match our expected ID, this connection will not do
| refine going into 2nd loop allowing instantiated conns as well
| find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports
|    match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org
|             b=%fromcert
|    results  fail
| refine_host_connection: checking "main-north"[1] 192.1.2.45 against "main-north", best=(none) with match=0(id=0(0)/ca=1(0)/reqca=1(0))
| Warning: not switching back to template of current instance
| Peer expects us to be C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org (ID_DER_ASN1_DN) according to its IDr payload
| This connection's local id is C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org (ID_DER_ASN1_DN)
"main-north"[1] 192.1.2.45 #1: No matching subjectAltName found for '=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org'
| IDr payload 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' is NOT a valid certificate SAN for this connection
| Peer IDr payload does not match our expected ID, this connection will not do
|    match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org
|             b=%fromcert
|    results  fail
| refine_host_connection: checking "main-north"[1] 192.1.2.45 against "main-east", best=(none) with match=0(id=0(0)/ca=1(0)/reqca=1(0))
| Warning: not switching back to template of current instance
| Peer expects us to be C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org (ID_DER_ASN1_DN) according to its IDr payload
| This connection's local id is C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org (ID_DER_ASN1_DN)
"main-north"[1] 192.1.2.45 #1: No matching subjectAltName found for '=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org'
| IDr payload 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' is NOT a valid certificate SAN for this connection
| refine_host_connection: checked main-north[1] 192.1.2.45 against main-east, now for see if best
| started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->%fromcert of kind PKK_RSA
| searching for certificate PKK_RSA:AwEAAcBZv vs PKK_RSA:AwEAAbEef
| searching for certificate PKK_RSA:AwEAAbEef vs PKK_RSA:AwEAAbEef
| refine_host_connection: picking new best "main-east" (wild=0, peer_pathlen=0/our=0)
| returning since no better match than original best_found
"main-north"[1] 192.1.2.45 #1: switched from "main-north"[1] 192.1.2.45 to "main-east"
| find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
| connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@0x563aeeb2dfb8: main-north
| rw_instantiate() instantiated "main-east"[1] 192.1.2.45 for 192.1.2.45
| in connection_discard for connection main-north
| connection is instance
| not in pending use
| State DB: state not found (connection_discard)
| no states use this connection instance, deleting
| start processing: connection "main-north"[1] 192.1.2.45 (BACKGROUND) (in delete_connection() at connections.c:189)
"main-east"[1] 192.1.2.45 #1: deleting connection "main-north"[1] 192.1.2.45 instance with peer 192.1.2.45 {isakmp=#0/ipsec=#0}
| Deleting states for connection - not including other IPsec SA's
| pass 0
| FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
| state #1
| pass 1
| FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
| state #1
| flush revival: connection 'main-north' wasn't on the list
| stop processing: connection "main-north"[1] 192.1.2.45 (BACKGROUND) (in discard_connection() at connections.c:249)
| retrying ikev2_decode_peer_id_and_certs() with new conn
| DER ASN1 DN:  30 81 b4 31  0b 30 09 06  03 55 04 06  13 02 43 41
| DER ASN1 DN:  31 10 30 0e  06 03 55 04  08 0c 07 4f  6e 74 61 72
| DER ASN1 DN:  69 6f 31 10  30 0e 06 03  55 04 07 0c  07 54 6f 72
| DER ASN1 DN:  6f 6e 74 6f  31 12 30 10  06 03 55 04  0a 0c 09 4c
| DER ASN1 DN:  69 62 72 65  73 77 61 6e  31 18 30 16  06 03 55 04
| DER ASN1 DN:  0b 0c 0f 54  65 73 74 20  44 65 70 61  72 74 6d 65
| DER ASN1 DN:  6e 74 31 23  30 21 06 03  55 04 03 0c  1a 77 65 73
| DER ASN1 DN:  74 2e 74 65  73 74 69 6e  67 2e 6c 69  62 72 65 73
| DER ASN1 DN:  77 61 6e 2e  6f 72 67 31  2e 30 2c 06  09 2a 86 48
| DER ASN1 DN:  86 f7 0d 01  09 01 16 1f  75 73 65 72  2d 77 65 73
| DER ASN1 DN:  74 40 74 65  73 74 69 6e  67 2e 6c 69  62 72 65 73
| DER ASN1 DN:  77 61 6e 2e  6f 72 67
| received IDr payload - extracting our alleged ID
| DER ASN1 DN:  30 81 b4 31  0b 30 09 06  03 55 04 06  13 02 43 41
| DER ASN1 DN:  31 10 30 0e  06 03 55 04  08 13 07 4f  6e 74 61 72
| DER ASN1 DN:  69 6f 31 10  30 0e 06 03  55 04 07 13  07 54 6f 72
| DER ASN1 DN:  6f 6e 74 6f  31 12 30 10  06 03 55 04  0a 13 09 4c
| DER ASN1 DN:  69 62 72 65  73 77 61 6e  31 18 30 16  06 03 55 04
| DER ASN1 DN:  0b 13 0f 54  65 73 74 20  44 65 70 61  72 74 6d 65
| DER ASN1 DN:  6e 74 31 23  30 21 06 03  55 04 03 13  1a 65 61 73
| DER ASN1 DN:  74 2e 74 65  73 74 69 6e  67 2e 6c 69  62 72 65 73
| DER ASN1 DN:  77 61 6e 2e  6f 72 67 31  2e 30 2c 06  09 2a 86 48
| DER ASN1 DN:  86 f7 0d 01  09 01 16 1f  75 73 65 72  2d 65 61 73
| DER ASN1 DN:  74 40 74 65  73 74 69 6e  67 2e 6c 69  62 72 65 73
| DER ASN1 DN:  77 61 6e 2e  6f 72 67
| CERT_X509_SIGNATURE CR:
|   58 13 71 57  9d ee 1a 15  74 03 12 80  12 4d c1 85
|   2b 92 25 e9
|   cert blob content is not binary ASN.1
| refine_host_connection for IKEv2: starting with "main-east"[1] 192.1.2.45
|    match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org
|             b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org
|    results  matched
| refine_host_connection: checking "main-east"[1] 192.1.2.45 against "main-east"[1] 192.1.2.45, best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0))
| Warning: not switching back to template of current instance
| Peer expects us to be C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org (ID_DER_ASN1_DN) according to its IDr payload
| This connection's local id is C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org (ID_DER_ASN1_DN)
"main-east"[1] 192.1.2.45 #1: No matching subjectAltName found for '=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org'
| IDr payload 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' is NOT a valid certificate SAN for this connection
| refine_host_connection: checked main-east[1] 192.1.2.45 against main-east[1] 192.1.2.45, now for see if best
| started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org of kind PKK_RSA
| searching for certificate PKK_RSA:AwEAAcBZv vs PKK_RSA:AwEAAbEef
| searching for certificate PKK_RSA:AwEAAbEef vs PKK_RSA:AwEAAbEef
| returning because exact peer id match
| offered CA: '%none'
"main-east"[1] 192.1.2.45 #1: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org'
| received CERTREQ payload; going to decode it
| CERT_X509_SIGNATURE CR:
|   58 13 71 57  9d ee 1a 15  74 03 12 80  12 4d c1 85
|   2b 92 25 e9
|   cert blob content is not binary ASN.1
| verifying AUTH payload
| required RSA CA is '%any'
| checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org'
| checking RSA keyid 'user-north@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org'
| checking RSA keyid '@north.testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org'
| checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org'
| checking RSA keyid 'user-east@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org'
| checking RSA keyid '@east.testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org'
| checking RSA keyid 'east@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org'
| checking RSA keyid '192.1.2.23' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org'
"main-east"[1] 192.1.2.45 #1: no RSA public key known for 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org'
|       #1 spent 0.0647 milliseconds in ikev2_verify_rsa_hash()
"main-east"[1] 192.1.2.45 #1: RSA authentication of I2 Auth Payload failed
"main-east"[1] 192.1.2.45 #1: responding to IKE_AUTH message (ID 1) from 192.1.2.45:500 with encrypted notification AUTHENTICATION_FAILED
| Opening output PBS encrypted notification
| **emit ISAKMP Message:
|    initiator cookie:
|   30 b8 78 88  f4 d6 0c 9b
|    responder cookie:
|   4a 17 81 4f  d6 9f 44 e7
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
|    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
|    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
|    Message ID: 1 (0x1)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| ***emit IKEv2 Encryption Payload:
|    next payload type: ISAKMP_NEXT_v2NONE (0x0)
|    flags: none (0x0)
| next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
| next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'encrypted notification'
| emitting 8 zero bytes of IV into IKEv2 Encryption Payload
| Adding a v2N Payload
| ****emit IKEv2 Notify Payload:
|    next payload type: ISAKMP_NEXT_v2NONE (0x0)
|    flags: none (0x0)
|    Protocol ID: PROTO_v2_RESERVED (0x0)
|    SPI size: 0 (0x0)
|    Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18)
| next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
| next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'encrypted notification'
| emitting length of IKEv2 Notify Payload: 8
| adding 1 bytes of padding (including 1 byte padding-length)
| emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
| emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
| emitting length of IKEv2 Encryption Payload: 37
| emitting length of ISAKMP Message: 65
| sending 65 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
|   30 b8 78 88  f4 d6 0c 9b  4a 17 81 4f  d6 9f 44 e7
|   2e 20 23 20  00 00 00 01  00 00 00 41  29 00 00 25
|   f5 1f 54 fa  ee d0 2f 28  ff 38 60 01  74 2e 5b 05
|   e5 18 5f 8a  85 a0 4d 69  db b9 4e 12  c4 72 da c5
|   84
| pstats #1 ikev2.ike failed auth-failed
| ikev2_parent_inI2outR2_continue_tail returned STF_FATAL
|   #1 spent 4.32 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet()
| [RE]START processing: state #1 connection "main-east"[1] 192.1.2.45 from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379)
| #1 complete_v2_state_transition() PARENT_R1->V2_IPSEC_R with status STF_FATAL
| release_pending_whacks: state #1 has no whack fd
| pstats #1 ikev2.ike deleted auth-failed
| #1 spent 4.23 milliseconds in total
| [RE]START processing: state #1 connection "main-east"[1] 192.1.2.45 from 192.1.2.45:500 (in delete_state() at state.c:879)
"main-east"[1] 192.1.2.45 #1: deleting state (STATE_PARENT_R1) aged 0.020s and NOT sending notification
| parent state #1: PARENT_R1(half-open IKE SA) => delete
| state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
| libevent_free: release ptr-libevent@0x7f2940002888
| free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563aeeb21d48
| State DB: IKEv2 state not found (flush_incomplete_children)
| in connection_discard for connection main-east
| connection is instance
| not in pending use
| State DB: state not found (connection_discard)
| no states use this connection instance, deleting
| start processing: connection "main-east"[1] 192.1.2.45 (BACKGROUND) (in delete_connection() at connections.c:189)
deleting connection "main-east"[1] 192.1.2.45 instance with peer 192.1.2.45 {isakmp=#0/ipsec=#0}
| Deleting states for connection - not including other IPsec SA's
| pass 0
| FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
| state #1
| pass 1
| FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
| state #1
| free hp@0x563aeeb2dfb8
| flush revival: connection 'main-east' wasn't on the list
| stop processing: connection "main-east"[1] 192.1.2.45 (BACKGROUND) (in discard_connection() at connections.c:249)
| State DB: deleting IKEv2 state #1 in PARENT_R1
| parent state #1: PARENT_R1(half-open IKE SA) => UNDEFINED(ignore)
| stop processing: state #1 from 192.1.2.45:500 (in delete_state() at state.c:1143)
| resume sending helper answer for #1 suppresed complete_v2_state_transition()
| in statetime_stop() and could not find #1
| processing: STOP state #0 (in resume_handler() at server.c:833)
| libevent_free: release ptr-libevent@0x7f2938000f48
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
| FOR_EACH_STATE_... in show_traffic_status (sort_states)
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 0.0392 milliseconds in whack
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
| FOR_EACH_CONNECTION_... in show_connections_status
| FOR_EACH_CONNECTION_... in show_connections_status
| FOR_EACH_STATE_... in show_states_status (sort_states)
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 0.347 milliseconds in whack
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
shutting down
| processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825)
destroying root certificate cache
| certs and keys locked by 'free_preshared_secrets'
forgetting secrets
| certs and keys unlocked by 'free_preshared_secrets'
| unreference key: 0x563aeeb2dc38 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1--
| unreference key: 0x563aeeb2d428 user-north@testing.libreswan.org cnt 1--
| unreference key: 0x563aeeb2d208 @north.testing.libreswan.org cnt 1--
| unreference key: 0x563aeeb279a8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1--
| unreference key: 0x563aeeb27528 user-east@testing.libreswan.org cnt 1--
| unreference key: 0x563aeeb26fc8 @east.testing.libreswan.org cnt 1--
| unreference key: 0x563aeeb25888 east@testing.libreswan.org cnt 1--
| unreference key: 0x563aeeb25668 192.1.2.23 cnt 1--
| start processing: connection "main-north" (in delete_connection() at connections.c:189)
| Deleting states for connection - including all other IPsec SA's of this IKE SA
| pass 0
| FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
| pass 1
| FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
| flush revival: connection 'main-north' wasn't on the list
| stop processing: connection "main-north" (in discard_connection() at connections.c:249)
| start processing: connection "main-east" (in delete_connection() at connections.c:189)
| Deleting states for connection - including all other IPsec SA's of this IKE SA
| pass 0
| FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
| pass 1
| FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
| free hp@0x563aeeb220f8
| flush revival: connection 'main-east' wasn't on the list
| stop processing: connection "main-east" (in discard_connection() at connections.c:249)
| crl fetch request list locked by 'free_crl_fetch'
| crl fetch request list unlocked by 'free_crl_fetch'
shutting down interface lo/lo 127.0.0.1:4500
shutting down interface lo/lo 127.0.0.1:500
shutting down interface eth0/eth0 192.0.2.254:4500
shutting down interface eth0/eth0 192.0.2.254:500
shutting down interface eth1/eth1 192.1.2.23:4500
shutting down interface eth1/eth1 192.1.2.23:500
| FOR_EACH_STATE_... in delete_states_dead_interfaces
| libevent_free: release ptr-libevent@0x563aeeb127d8
| free_event_entry: release EVENT_NULL-pe@0x563aeeb1e6c8
| libevent_free: release ptr-libevent@0x563aeeab8fe8
| free_event_entry: release EVENT_NULL-pe@0x563aeeb1e778
| libevent_free: release ptr-libevent@0x563aeeab8908
| free_event_entry: release EVENT_NULL-pe@0x563aeeb1e828
| libevent_free: release ptr-libevent@0x563aeeac01c8
| free_event_entry: release EVENT_NULL-pe@0x563aeeb1e8d8
| libevent_free: release ptr-libevent@0x563aeeac02c8
| free_event_entry: release EVENT_NULL-pe@0x563aeeb1e988
| libevent_free: release ptr-libevent@0x563aeeac03c8
| free_event_entry: release EVENT_NULL-pe@0x563aeeb1ea38
| FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
| libevent_free: release ptr-libevent@0x563aeeb12888
| free_event_entry: release EVENT_NULL-pe@0x563aeeb069a8
| libevent_free: release ptr-libevent@0x563aeeab8f38
| free_event_entry: release EVENT_NULL-pe@0x563aeeb06508
| libevent_free: release ptr-libevent@0x563aeeaff4e8
| free_event_entry: release EVENT_NULL-pe@0x563aeeac0478
| global timer EVENT_REINIT_SECRET uninitialized
| global timer EVENT_SHUNT_SCAN uninitialized
| global timer EVENT_PENDING_DDNS uninitialized
| global timer EVENT_PENDING_PHASE2 uninitialized
| global timer EVENT_CHECK_CRLS uninitialized
| global timer EVENT_REVIVE_CONNS uninitialized
| global timer EVENT_FREE_ROOT_CERTS uninitialized
| global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized
| global timer EVENT_NAT_T_KEEPALIVE uninitialized
| libevent_free: release ptr-libevent@0x563aeeac4a48
| signal event handler PLUTO_SIGCHLD uninstalled
| libevent_free: release ptr-libevent@0x563aeea42788
| signal event handler PLUTO_SIGTERM uninstalled
| libevent_free: release ptr-libevent@0x563aeeb1dea8
| signal event handler PLUTO_SIGHUP uninstalled
| libevent_free: release ptr-libevent@0x563aeeb1e0e8
| signal event handler PLUTO_SIGSYS uninstalled
| releasing event base
| libevent_free: release ptr-libevent@0x563aeeb1dfb8
| libevent_free: release ptr-libevent@0x563aeeb00dc8
| libevent_free: release ptr-libevent@0x563aeeb00d78
| libevent_free: release ptr-libevent@0x563aeeab8288
| libevent_free: release ptr-libevent@0x563aeeb00d38
| libevent_free: release ptr-libevent@0x563aeeb1db78
| libevent_free: release ptr-libevent@0x563aeeb1dde8
| libevent_free: release ptr-libevent@0x563aeeb00f78
| libevent_free: release ptr-libevent@0x563aeeb06578
| libevent_free: release ptr-libevent@0x563aeeb061d8
| libevent_free: release ptr-libevent@0x563aeeb1eaa8
| libevent_free: release ptr-libevent@0x563aeeb1e9f8
| libevent_free: release ptr-libevent@0x563aeeb1e948
| libevent_free: release ptr-libevent@0x563aeeb1e898
| libevent_free: release ptr-libevent@0x563aeeb1e7e8
| libevent_free: release ptr-libevent@0x563aeeb1e738
| libevent_free: release ptr-libevent@0x563aeea41aa8
| libevent_free: release ptr-libevent@0x563aeeb1de68
| libevent_free: release ptr-libevent@0x563aeeb1de28
| libevent_free: release ptr-libevent@0x563aeeb1dce8
| libevent_free: release ptr-libevent@0x563aeeb1df78
| libevent_free: release ptr-libevent@0x563aeeb1dbb8
| libevent_free: release ptr-libevent@0x563aeeac65d8
| libevent_free: release ptr-libevent@0x563aeeac6558
| libevent_free: release ptr-libevent@0x563aeea41e18
| releasing global libevent data
| libevent_free: release ptr-libevent@0x563aeeac6758
| libevent_free: release ptr-libevent@0x563aeeac66d8
| libevent_free: release ptr-libevent@0x563aeeac6658
leak: 2 * issuer ca, item size: 175
leak detective found 2 leaks, total size 175