Aug 26 18:28:45.021452: FIPS Product: YES Aug 26 18:28:45.021535: FIPS Kernel: NO Aug 26 18:28:45.021538: FIPS Mode: NO Aug 26 18:28:45.021540: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:28:45.021666: Initializing NSS Aug 26 18:28:45.021672: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:28:45.048270: NSS initialized Aug 26 18:28:45.048293: NSS crypto library initialized Aug 26 18:28:45.048299: FIPS HMAC integrity support [enabled] Aug 26 18:28:45.048302: FIPS mode disabled for pluto daemon Aug 26 18:28:45.083843: FIPS HMAC integrity verification self-test FAILED Aug 26 18:28:45.084218: libcap-ng support [enabled] Aug 26 18:28:45.084231: Linux audit support [enabled] Aug 26 18:28:45.084548: Linux audit activated Aug 26 18:28:45.084559: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:23550 Aug 26 18:28:45.084561: core dump dir: /tmp Aug 26 18:28:45.084563: secrets file: /etc/ipsec.secrets Aug 26 18:28:45.084564: leak-detective enabled Aug 26 18:28:45.084566: NSS crypto [enabled] Aug 26 18:28:45.084567: XAUTH PAM support [enabled] Aug 26 18:28:45.084643: | libevent is using pluto's memory allocator Aug 26 18:28:45.084652: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:28:45.084670: | libevent_malloc: new ptr-libevent@0x564bfd6a77f8 size 40 Aug 26 18:28:45.084678: | libevent_malloc: new ptr-libevent@0x564bfd6a7cd8 size 40 Aug 26 18:28:45.084682: | libevent_malloc: new ptr-libevent@0x564bfd6a7dd8 size 40 Aug 26 18:28:45.084685: | creating event base Aug 26 18:28:45.084689: | libevent_malloc: new ptr-libevent@0x564bfd72c378 size 56 Aug 26 18:28:45.084694: | libevent_malloc: new ptr-libevent@0x564bfd6d0298 size 664 Aug 26 18:28:45.084706: | libevent_malloc: new ptr-libevent@0x564bfd72c3e8 size 24 Aug 26 18:28:45.084710: | libevent_malloc: new ptr-libevent@0x564bfd72c438 size 384 Aug 26 18:28:45.084721: | libevent_malloc: new ptr-libevent@0x564bfd72c338 size 16 Aug 26 18:28:45.084725: | libevent_malloc: new ptr-libevent@0x564bfd6a7908 size 40 Aug 26 18:28:45.084728: | libevent_malloc: new ptr-libevent@0x564bfd6a7d38 size 48 Aug 26 18:28:45.084735: | libevent_realloc: new ptr-libevent@0x564bfd6cff28 size 256 Aug 26 18:28:45.084739: | libevent_malloc: new ptr-libevent@0x564bfd72c5e8 size 16 Aug 26 18:28:45.084746: | libevent_free: release ptr-libevent@0x564bfd72c378 Aug 26 18:28:45.084751: | libevent initialized Aug 26 18:28:45.084756: | libevent_realloc: new ptr-libevent@0x564bfd72c378 size 64 Aug 26 18:28:45.084760: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:28:45.084781: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:28:45.084784: NAT-Traversal support [enabled] Aug 26 18:28:45.084788: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:28:45.084795: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:28:45.084799: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:28:45.084836: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:28:45.084841: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:28:45.084845: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:28:45.084896: Encryption algorithms: Aug 26 18:28:45.084906: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:28:45.084911: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:28:45.084915: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:28:45.084919: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:28:45.084923: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:28:45.084934: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:28:45.084938: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:28:45.084942: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:28:45.084946: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:28:45.084951: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:28:45.084955: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:28:45.084959: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:28:45.084963: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:28:45.084967: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:28:45.084972: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:28:45.084975: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:28:45.084979: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:28:45.084986: Hash algorithms: Aug 26 18:28:45.084990: MD5 IKEv1: IKE IKEv2: Aug 26 18:28:45.084993: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:28:45.084997: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:28:45.084999: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:28:45.085003: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:28:45.085017: PRF algorithms: Aug 26 18:28:45.085021: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:28:45.085024: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:28:45.085028: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:28:45.085032: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:28:45.085035: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:28:45.085038: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:28:45.085067: Integrity algorithms: Aug 26 18:28:45.085071: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:28:45.085075: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:28:45.085080: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:28:45.085084: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:28:45.085089: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:28:45.085092: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:28:45.085096: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:28:45.085099: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:28:45.085103: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:28:45.085116: DH algorithms: Aug 26 18:28:45.085120: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:28:45.085124: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:28:45.085127: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:28:45.085133: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:28:45.085137: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:28:45.085140: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:28:45.085144: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:28:45.085148: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:28:45.085152: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:28:45.085155: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:28:45.085159: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:28:45.085161: testing CAMELLIA_CBC: Aug 26 18:28:45.085165: Camellia: 16 bytes with 128-bit key Aug 26 18:28:45.085305: Camellia: 16 bytes with 128-bit key Aug 26 18:28:45.085344: Camellia: 16 bytes with 256-bit key Aug 26 18:28:45.085376: Camellia: 16 bytes with 256-bit key Aug 26 18:28:45.085407: testing AES_GCM_16: Aug 26 18:28:45.085412: empty string Aug 26 18:28:45.085440: one block Aug 26 18:28:45.085460: two blocks Aug 26 18:28:45.085476: two blocks with associated data Aug 26 18:28:45.085493: testing AES_CTR: Aug 26 18:28:45.085495: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:28:45.085512: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:28:45.085530: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:28:45.085547: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:28:45.085564: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:28:45.085580: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:28:45.085597: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:28:45.085613: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:28:45.085630: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:28:45.085656: testing AES_CBC: Aug 26 18:28:45.085660: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:28:45.085690: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:28:45.085720: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:28:45.085750: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:28:45.085787: testing AES_XCBC: Aug 26 18:28:45.085792: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:28:45.085921: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:28:45.086067: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:28:45.086198: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:28:45.086354: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:28:45.086489: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:28:45.086625: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:28:45.086950: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:28:45.087089: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:28:45.087238: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:28:45.087477: testing HMAC_MD5: Aug 26 18:28:45.087486: RFC 2104: MD5_HMAC test 1 Aug 26 18:28:45.087618: RFC 2104: MD5_HMAC test 2 Aug 26 18:28:45.087743: RFC 2104: MD5_HMAC test 3 Aug 26 18:28:45.087943: 8 CPU cores online Aug 26 18:28:45.087948: starting up 7 crypto helpers Aug 26 18:28:45.087979: started thread for crypto helper 0 Aug 26 18:28:45.087985: | starting up helper thread 0 Aug 26 18:28:45.087999: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:28:45.088001: started thread for crypto helper 1 Aug 26 18:28:45.088005: | starting up helper thread 1 Aug 26 18:28:45.088004: | crypto helper 0 waiting (nothing to do) Aug 26 18:28:45.088021: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:28:45.088028: started thread for crypto helper 2 Aug 26 18:28:45.088038: | crypto helper 1 waiting (nothing to do) Aug 26 18:28:45.088057: started thread for crypto helper 3 Aug 26 18:28:45.088060: | starting up helper thread 3 Aug 26 18:28:45.088070: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:28:45.088073: | crypto helper 3 waiting (nothing to do) Aug 26 18:28:45.088081: started thread for crypto helper 4 Aug 26 18:28:45.088085: | starting up helper thread 4 Aug 26 18:28:45.088094: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:28:45.088097: | crypto helper 4 waiting (nothing to do) Aug 26 18:28:45.088102: started thread for crypto helper 5 Aug 26 18:28:45.088103: | starting up helper thread 5 Aug 26 18:28:45.088109: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:28:45.088112: | crypto helper 5 waiting (nothing to do) Aug 26 18:28:45.088122: started thread for crypto helper 6 Aug 26 18:28:45.088123: | starting up helper thread 6 Aug 26 18:28:45.088126: | checking IKEv1 state table Aug 26 18:28:45.088131: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:28:45.088135: | crypto helper 6 waiting (nothing to do) Aug 26 18:28:45.088139: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:28:45.088141: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:28:45.088143: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:28:45.088145: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:28:45.088148: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:28:45.088151: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:28:45.088153: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:28:45.088155: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:28:45.088157: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:28:45.088158: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:28:45.088160: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:28:45.088162: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:28:45.088163: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:28:45.088165: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:28:45.088167: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:28:45.088168: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:28:45.088170: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:28:45.088172: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:28:45.088173: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:28:45.088175: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:28:45.088176: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:28:45.088178: | -> UNDEFINED EVENT_NULL Aug 26 18:28:45.088180: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:28:45.088182: | -> UNDEFINED EVENT_NULL Aug 26 18:28:45.088183: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:28:45.088185: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:28:45.088187: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:28:45.088188: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:28:45.088190: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:28:45.088192: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:28:45.088193: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:28:45.088195: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:28:45.088197: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:28:45.088198: | -> UNDEFINED EVENT_NULL Aug 26 18:28:45.088200: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:28:45.088202: | -> UNDEFINED EVENT_NULL Aug 26 18:28:45.088204: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:28:45.088206: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:28:45.088209: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:28:45.088211: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:28:45.088213: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:28:45.088217: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:28:45.088219: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:28:45.088221: | -> UNDEFINED EVENT_NULL Aug 26 18:28:45.088223: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:28:45.088224: | -> UNDEFINED EVENT_NULL Aug 26 18:28:45.088226: | INFO: category: informational flags: 0: Aug 26 18:28:45.088228: | -> UNDEFINED EVENT_NULL Aug 26 18:28:45.088229: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:28:45.088231: | -> UNDEFINED EVENT_NULL Aug 26 18:28:45.088233: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:28:45.088235: | -> XAUTH_R1 EVENT_NULL Aug 26 18:28:45.088236: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:28:45.088238: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:28:45.088240: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:28:45.088241: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:28:45.088243: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:28:45.088245: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:28:45.088247: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:28:45.088249: | -> UNDEFINED EVENT_NULL Aug 26 18:28:45.088251: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:28:45.088252: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:28:45.088254: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:28:45.088256: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:28:45.088257: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:28:45.088259: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:28:45.088264: | checking IKEv2 state table Aug 26 18:28:45.088268: | PARENT_I0: category: ignore flags: 0: Aug 26 18:28:45.088270: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:28:45.088272: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:28:45.088274: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:28:45.088276: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:28:45.088278: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:28:45.088280: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:28:45.088282: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:28:45.088284: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:28:45.088286: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:28:45.088302: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:28:45.088309: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:28:45.088311: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:28:45.088312: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:28:45.088314: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:28:45.088316: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:28:45.088318: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:28:45.088320: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:28:45.088321: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:28:45.088323: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:28:45.088325: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:28:45.088327: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:28:45.088329: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:28:45.088336: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:28:45.088340: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:28:45.088345: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:28:45.088349: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:28:45.088353: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:28:45.088356: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:28:45.088360: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:28:45.088364: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:28:45.088368: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:28:45.088371: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:28:45.088374: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:28:45.088377: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:28:45.088381: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:28:45.088385: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:28:45.088388: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:28:45.088391: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:28:45.088395: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:28:45.088399: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:28:45.088402: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:28:45.088406: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:28:45.088410: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:28:45.088413: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:28:45.088416: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:28:45.088420: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:28:45.088462: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:28:45.088481: | starting up helper thread 2 Aug 26 18:28:45.088493: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:28:45.088497: | crypto helper 2 waiting (nothing to do) Aug 26 18:28:45.088829: | Hard-wiring algorithms Aug 26 18:28:45.088835: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:28:45.088839: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:28:45.088841: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:28:45.088843: | adding 3DES_CBC to kernel algorithm db Aug 26 18:28:45.088845: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:28:45.088847: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:28:45.088848: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:28:45.088850: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:28:45.088852: | adding AES_CTR to kernel algorithm db Aug 26 18:28:45.088854: | adding AES_CBC to kernel algorithm db Aug 26 18:28:45.088855: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:28:45.088857: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:28:45.088859: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:28:45.088861: | adding NULL to kernel algorithm db Aug 26 18:28:45.088863: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:28:45.088865: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:28:45.088866: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:28:45.088868: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:28:45.088870: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:28:45.088872: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:28:45.088873: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:28:45.088875: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:28:45.088877: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:28:45.088879: | adding NONE to kernel algorithm db Aug 26 18:28:45.088899: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:28:45.088905: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:28:45.088907: | setup kernel fd callback Aug 26 18:28:45.088909: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x564bfd730fb8 Aug 26 18:28:45.088913: | libevent_malloc: new ptr-libevent@0x564bfd715478 size 128 Aug 26 18:28:45.088916: | libevent_malloc: new ptr-libevent@0x564bfd7310c8 size 16 Aug 26 18:28:45.088921: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x564bfd731af8 Aug 26 18:28:45.088923: | libevent_malloc: new ptr-libevent@0x564bfd6d3488 size 128 Aug 26 18:28:45.088925: | libevent_malloc: new ptr-libevent@0x564bfd731ab8 size 16 Aug 26 18:28:45.089073: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:28:45.089079: selinux support is enabled. Aug 26 18:28:45.089573: | unbound context created - setting debug level to 5 Aug 26 18:28:45.089604: | /etc/hosts lookups activated Aug 26 18:28:45.089621: | /etc/resolv.conf usage activated Aug 26 18:28:45.089683: | outgoing-port-avoid set 0-65535 Aug 26 18:28:45.089712: | outgoing-port-permit set 32768-60999 Aug 26 18:28:45.089716: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:28:45.089719: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:28:45.089723: | Setting up events, loop start Aug 26 18:28:45.089726: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x564bfd731b68 Aug 26 18:28:45.089730: | libevent_malloc: new ptr-libevent@0x564bfd73dd78 size 128 Aug 26 18:28:45.089733: | libevent_malloc: new ptr-libevent@0x564bfd749048 size 16 Aug 26 18:28:45.089740: | libevent_realloc: new ptr-libevent@0x564bfd749088 size 256 Aug 26 18:28:45.089743: | libevent_malloc: new ptr-libevent@0x564bfd7491b8 size 8 Aug 26 18:28:45.089747: | libevent_realloc: new ptr-libevent@0x564bfd6d07d8 size 144 Aug 26 18:28:45.089750: | libevent_malloc: new ptr-libevent@0x564bfd6d9b68 size 152 Aug 26 18:28:45.089754: | libevent_malloc: new ptr-libevent@0x564bfd7491f8 size 16 Aug 26 18:28:45.089758: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:28:45.089761: | libevent_malloc: new ptr-libevent@0x564bfd749238 size 8 Aug 26 18:28:45.089765: | libevent_malloc: new ptr-libevent@0x564bfd749278 size 152 Aug 26 18:28:45.089769: | signal event handler PLUTO_SIGTERM installed Aug 26 18:28:45.089772: | libevent_malloc: new ptr-libevent@0x564bfd749348 size 8 Aug 26 18:28:45.089776: | libevent_malloc: new ptr-libevent@0x564bfd749388 size 152 Aug 26 18:28:45.089780: | signal event handler PLUTO_SIGHUP installed Aug 26 18:28:45.089783: | libevent_malloc: new ptr-libevent@0x564bfd749458 size 8 Aug 26 18:28:45.089787: | libevent_realloc: release ptr-libevent@0x564bfd6d07d8 Aug 26 18:28:45.089790: | libevent_realloc: new ptr-libevent@0x564bfd749498 size 256 Aug 26 18:28:45.089794: | libevent_malloc: new ptr-libevent@0x564bfd7495c8 size 152 Aug 26 18:28:45.089797: | signal event handler PLUTO_SIGSYS installed Aug 26 18:28:45.090329: | created addconn helper (pid:23712) using fork+execve Aug 26 18:28:45.090352: | forked child 23712 Aug 26 18:28:45.090401: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:45.090710: listening for IKE messages Aug 26 18:28:45.091098: | Inspecting interface lo Aug 26 18:28:45.091107: | found lo with address 127.0.0.1 Aug 26 18:28:45.091110: | Inspecting interface eth1 Aug 26 18:28:45.091113: | found eth1 with address 192.1.2.45 Aug 26 18:28:45.091193: Kernel supports NIC esp-hw-offload Aug 26 18:28:45.091204: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Aug 26 18:28:45.091244: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:28:45.091248: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:28:45.091250: adding interface eth1/eth1 192.1.2.45:4500 Aug 26 18:28:45.091270: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:28:45.092161: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:28:45.092180: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:28:45.092188: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:28:45.092304: | no interfaces to sort Aug 26 18:28:45.092313: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:28:45.092319: | add_fd_read_event_handler: new ethX-pe@0x564bfd749938 Aug 26 18:28:45.092322: | libevent_malloc: new ptr-libevent@0x564bfd73dcc8 size 128 Aug 26 18:28:45.092326: | libevent_malloc: new ptr-libevent@0x564bfd7499a8 size 16 Aug 26 18:28:45.092333: | setup callback for interface lo 127.0.0.1:4500 fd 20 Aug 26 18:28:45.092335: | add_fd_read_event_handler: new ethX-pe@0x564bfd7499e8 Aug 26 18:28:45.092338: | libevent_malloc: new ptr-libevent@0x564bfd6d16e8 size 128 Aug 26 18:28:45.092340: | libevent_malloc: new ptr-libevent@0x564bfd749a58 size 16 Aug 26 18:28:45.092343: | setup callback for interface lo 127.0.0.1:500 fd 19 Aug 26 18:28:45.092345: | add_fd_read_event_handler: new ethX-pe@0x564bfd749a98 Aug 26 18:28:45.092347: | libevent_malloc: new ptr-libevent@0x564bfd6d3588 size 128 Aug 26 18:28:45.092349: | libevent_malloc: new ptr-libevent@0x564bfd749b08 size 16 Aug 26 18:28:45.092352: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 18:28:45.092354: | add_fd_read_event_handler: new ethX-pe@0x564bfd749b48 Aug 26 18:28:45.092356: | libevent_malloc: new ptr-libevent@0x564bfd6d06d8 size 128 Aug 26 18:28:45.092358: | libevent_malloc: new ptr-libevent@0x564bfd749bb8 size 16 Aug 26 18:28:45.092361: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 18:28:45.092365: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:28:45.092366: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:28:45.092387: loading secrets from "/etc/ipsec.secrets" Aug 26 18:28:45.092422: | saving Modulus Aug 26 18:28:45.092429: | saving PublicExponent Aug 26 18:28:45.092434: | ignoring PrivateExponent Aug 26 18:28:45.092438: | ignoring Prime1 Aug 26 18:28:45.092443: | ignoring Prime2 Aug 26 18:28:45.092447: | ignoring Exponent1 Aug 26 18:28:45.092449: | ignoring Exponent2 Aug 26 18:28:45.092451: | ignoring Coefficient Aug 26 18:28:45.092454: | ignoring CKAIDNSS Aug 26 18:28:45.092485: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Aug 26 18:28:45.092487: | computed rsa CKAID 7f 0f 03 50 Aug 26 18:28:45.092491: loaded private key for keyid: PKK_RSA:AQOm9dY/4 Aug 26 18:28:45.092507: | certs and keys locked by 'process_secret' Aug 26 18:28:45.092512: | certs and keys unlocked by 'process_secret' Aug 26 18:28:45.092525: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:45.092536: | spent 1.27 milliseconds in whack Aug 26 18:28:45.117039: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:45.117063: listening for IKE messages Aug 26 18:28:45.117119: | Inspecting interface lo Aug 26 18:28:45.117125: | found lo with address 127.0.0.1 Aug 26 18:28:45.117127: | Inspecting interface eth1 Aug 26 18:28:45.117130: | found eth1 with address 192.1.2.45 Aug 26 18:28:45.117182: | no interfaces to sort Aug 26 18:28:45.117190: | libevent_free: release ptr-libevent@0x564bfd73dcc8 Aug 26 18:28:45.117193: | free_event_entry: release EVENT_NULL-pe@0x564bfd749938 Aug 26 18:28:45.117195: | add_fd_read_event_handler: new ethX-pe@0x564bfd749938 Aug 26 18:28:45.117197: | libevent_malloc: new ptr-libevent@0x564bfd73dcc8 size 128 Aug 26 18:28:45.117203: | setup callback for interface lo 127.0.0.1:4500 fd 20 Aug 26 18:28:45.117205: | libevent_free: release ptr-libevent@0x564bfd6d16e8 Aug 26 18:28:45.117207: | free_event_entry: release EVENT_NULL-pe@0x564bfd7499e8 Aug 26 18:28:45.117209: | add_fd_read_event_handler: new ethX-pe@0x564bfd7499e8 Aug 26 18:28:45.117211: | libevent_malloc: new ptr-libevent@0x564bfd6d16e8 size 128 Aug 26 18:28:45.117214: | setup callback for interface lo 127.0.0.1:500 fd 19 Aug 26 18:28:45.117217: | libevent_free: release ptr-libevent@0x564bfd6d3588 Aug 26 18:28:45.117223: | free_event_entry: release EVENT_NULL-pe@0x564bfd749a98 Aug 26 18:28:45.117225: | add_fd_read_event_handler: new ethX-pe@0x564bfd749a98 Aug 26 18:28:45.117227: | libevent_malloc: new ptr-libevent@0x564bfd6d3588 size 128 Aug 26 18:28:45.117230: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 18:28:45.117233: | libevent_free: release ptr-libevent@0x564bfd6d06d8 Aug 26 18:28:45.117235: | free_event_entry: release EVENT_NULL-pe@0x564bfd749b48 Aug 26 18:28:45.117237: | add_fd_read_event_handler: new ethX-pe@0x564bfd749b48 Aug 26 18:28:45.117238: | libevent_malloc: new ptr-libevent@0x564bfd6d06d8 size 128 Aug 26 18:28:45.117241: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 18:28:45.117244: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:28:45.117246: forgetting secrets Aug 26 18:28:45.117254: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:28:45.117268: loading secrets from "/etc/ipsec.secrets" Aug 26 18:28:45.117280: | saving Modulus Aug 26 18:28:45.117283: | saving PublicExponent Aug 26 18:28:45.117285: | ignoring PrivateExponent Aug 26 18:28:45.117310: | ignoring Prime1 Aug 26 18:28:45.117318: | ignoring Prime2 Aug 26 18:28:45.117322: | ignoring Exponent1 Aug 26 18:28:45.117325: | ignoring Exponent2 Aug 26 18:28:45.117328: | ignoring Coefficient Aug 26 18:28:45.117332: | ignoring CKAIDNSS Aug 26 18:28:45.117358: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Aug 26 18:28:45.117361: | computed rsa CKAID 7f 0f 03 50 Aug 26 18:28:45.117365: loaded private key for keyid: PKK_RSA:AQOm9dY/4 Aug 26 18:28:45.117374: | certs and keys locked by 'process_secret' Aug 26 18:28:45.117377: | certs and keys unlocked by 'process_secret' Aug 26 18:28:45.117387: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:45.117395: | spent 0.341 milliseconds in whack Aug 26 18:28:45.118469: | processing signal PLUTO_SIGCHLD Aug 26 18:28:45.118497: | waitpid returned pid 23712 (exited with status 0) Aug 26 18:28:45.118503: | reaped addconn helper child (status 0) Aug 26 18:28:45.118509: | waitpid returned ECHILD (no child processes left) Aug 26 18:28:45.118516: | spent 0.0247 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:28:45.176535: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:45.176560: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:28:45.176564: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:28:45.176567: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:28:45.176570: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:28:45.176575: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:28:45.176582: | Added new connection westnet-eastnet-vti-01 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:28:45.176587: | No AUTH policy was set - defaulting to RSASIG Aug 26 18:28:45.176649: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:28:45.176654: | from whack: got --esp= Aug 26 18:28:45.176689: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 18:28:45.176695: | counting wild cards for @west is 0 Aug 26 18:28:45.176698: | counting wild cards for @east is 0 Aug 26 18:28:45.176705: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Aug 26 18:28:45.176707: | new hp@0x564bfd74c208 Aug 26 18:28:45.176711: added connection description "westnet-eastnet-vti-01" Aug 26 18:28:45.176720: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:28:45.176735: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Aug 26 18:28:45.176745: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:45.176753: | spent 0.227 milliseconds in whack Aug 26 18:28:45.176921: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:45.176931: add keyid @west Aug 26 18:28:45.176935: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Aug 26 18:28:45.176936: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Aug 26 18:28:45.176938: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Aug 26 18:28:45.176940: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Aug 26 18:28:45.176941: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Aug 26 18:28:45.176943: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Aug 26 18:28:45.176944: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Aug 26 18:28:45.176946: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Aug 26 18:28:45.176948: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Aug 26 18:28:45.176949: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Aug 26 18:28:45.176951: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Aug 26 18:28:45.176952: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Aug 26 18:28:45.176954: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Aug 26 18:28:45.176955: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Aug 26 18:28:45.176957: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Aug 26 18:28:45.176959: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Aug 26 18:28:45.176960: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Aug 26 18:28:45.176962: | add pubkey 15 04 37 f9 Aug 26 18:28:45.176980: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Aug 26 18:28:45.176982: | computed rsa CKAID 7f 0f 03 50 Aug 26 18:28:45.176991: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:45.176996: | spent 0.0806 milliseconds in whack Aug 26 18:28:45.177019: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:45.177025: add keyid @east Aug 26 18:28:45.177029: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 18:28:45.177032: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 18:28:45.177034: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 18:28:45.177036: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 18:28:45.177038: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 18:28:45.177040: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 18:28:45.177043: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 18:28:45.177045: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 18:28:45.177047: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 18:28:45.177049: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 18:28:45.177051: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 18:28:45.177053: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 18:28:45.177056: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 18:28:45.177058: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 18:28:45.177060: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 18:28:45.177062: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 18:28:45.177068: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 18:28:45.177071: | add pubkey 51 51 48 ef Aug 26 18:28:45.177082: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 18:28:45.177085: | computed rsa CKAID 8a 82 25 f1 Aug 26 18:28:45.177094: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:45.177099: | spent 0.0822 milliseconds in whack Aug 26 18:28:45.257164: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:45.257192: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:28:45.257197: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:28:45.257200: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:28:45.257203: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:28:45.257207: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:28:45.257215: | Added new connection westnet-eastnet-vti-02 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:28:45.257219: | No AUTH policy was set - defaulting to RSASIG Aug 26 18:28:45.257279: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 18:28:45.257284: | from whack: got --esp= Aug 26 18:28:45.257358: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 18:28:45.257369: | counting wild cards for @west is 0 Aug 26 18:28:45.257373: | counting wild cards for @east is 0 Aug 26 18:28:45.257381: | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports Aug 26 18:28:45.257387: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x564bfd74c208: westnet-eastnet-vti-01 Aug 26 18:28:45.257390: added connection description "westnet-eastnet-vti-02" Aug 26 18:28:45.257401: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:28:45.257427: | 10.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===10.0.2.0/24 Aug 26 18:28:45.257435: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:45.257442: | spent 0.271 milliseconds in whack Aug 26 18:28:45.257471: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:45.257481: add keyid @west Aug 26 18:28:45.257499: | unreference key: 0x564bfd74c2e8 @west cnt 1-- Aug 26 18:28:45.257505: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Aug 26 18:28:45.257523: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Aug 26 18:28:45.257526: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Aug 26 18:28:45.257528: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Aug 26 18:28:45.257531: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Aug 26 18:28:45.257533: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Aug 26 18:28:45.257536: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Aug 26 18:28:45.257538: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Aug 26 18:28:45.257541: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Aug 26 18:28:45.257544: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Aug 26 18:28:45.257546: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Aug 26 18:28:45.257549: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Aug 26 18:28:45.257552: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Aug 26 18:28:45.257560: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Aug 26 18:28:45.257563: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Aug 26 18:28:45.257566: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Aug 26 18:28:45.257568: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Aug 26 18:28:45.257571: | add pubkey 15 04 37 f9 Aug 26 18:28:45.257591: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Aug 26 18:28:45.257594: | computed rsa CKAID 7f 0f 03 50 Aug 26 18:28:45.257605: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:45.257610: | spent 0.144 milliseconds in whack Aug 26 18:28:45.257640: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:45.257651: add keyid @east Aug 26 18:28:45.257656: | unreference key: 0x564bfd74c5b8 @east cnt 1-- Aug 26 18:28:45.257660: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 18:28:45.257663: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 18:28:45.257666: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 18:28:45.257668: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 18:28:45.257671: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 18:28:45.257674: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 18:28:45.257677: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 18:28:45.257679: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 18:28:45.257682: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 18:28:45.257685: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 18:28:45.257687: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 18:28:45.257690: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 18:28:45.257692: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 18:28:45.257695: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 18:28:45.257697: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 18:28:45.257700: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 18:28:45.257703: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 18:28:45.257705: | add pubkey 51 51 48 ef Aug 26 18:28:45.257715: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 18:28:45.257718: | computed rsa CKAID 8a 82 25 f1 Aug 26 18:28:45.257728: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:45.257734: | spent 0.0974 milliseconds in whack Aug 26 18:28:45.363461: | kernel_process_msg_cb process netlink message Aug 26 18:28:45.363485: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:28:45.363495: | spent 0.0101 milliseconds in kernel message Aug 26 18:28:45.479078: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:45.479370: | dup_any(fd@16) -> fd@21 (in whack_process() at rcv_whack.c:590) Aug 26 18:28:45.479380: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:28:45.479389: | start processing: connection "westnet-eastnet-vti-01" (in initiate_a_connection() at initiate.c:186) Aug 26 18:28:45.479394: | connection 'westnet-eastnet-vti-01' +POLICY_UP Aug 26 18:28:45.479398: | dup_any(fd@21) -> fd@22 (in initiate_a_connection() at initiate.c:342) Aug 26 18:28:45.479402: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:28:45.479428: | creating state object #1 at 0x564bfd74e5e8 Aug 26 18:28:45.479433: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 18:28:45.479442: | pstats #1 ikev2.ike started Aug 26 18:28:45.479447: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:28:45.479451: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:28:45.479465: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:28:45.479474: | suspend processing: connection "westnet-eastnet-vti-01" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:28:45.479481: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:28:45.479486: | dup_any(fd@22) -> fd@23 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:28:45.479492: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-vti-01" IKE SA #1 "westnet-eastnet-vti-01" Aug 26 18:28:45.479498: "westnet-eastnet-vti-01" #1: initiating v2 parent SA Aug 26 18:28:45.479512: | constructing local IKE proposals for westnet-eastnet-vti-01 (IKE SA initiator selecting KE) Aug 26 18:28:45.479523: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:28:45.479535: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:45.479541: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:28:45.479549: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:45.479555: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:28:45.479563: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:45.479568: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 18:28:45.479576: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:45.479589: "westnet-eastnet-vti-01": constructed local IKE proposals for westnet-eastnet-vti-01 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:45.479599: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 18:28:45.479604: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564bfd74c3d8 Aug 26 18:28:45.479608: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:28:45.479613: | libevent_malloc: new ptr-libevent@0x564bfd74c448 size 128 Aug 26 18:28:45.479630: | #1 spent 0.24 milliseconds in ikev2_parent_outI1() Aug 26 18:28:45.479634: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:28:45.479636: | crypto helper 0 resuming Aug 26 18:28:45.479654: | crypto helper 0 starting work-order 1 for state #1 Aug 26 18:28:45.479660: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 18:28:45.480375: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000715 seconds Aug 26 18:28:45.480387: | (#1) spent 0.719 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 18:28:45.480394: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 18:28:45.480396: | scheduling resume sending helper answer for #1 Aug 26 18:28:45.480399: | libevent_malloc: new ptr-libevent@0x7f0900002888 size 128 Aug 26 18:28:45.480404: | crypto helper 0 waiting (nothing to do) Aug 26 18:28:45.479640: | RESET processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:28:45.480413: | RESET processing: connection "westnet-eastnet-vti-01" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:28:45.480416: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:28:45.480419: | close_any(fd@21) (in initiate_connection() at initiate.c:372) Aug 26 18:28:45.480422: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:45.480425: | spent 0.591 milliseconds in whack Aug 26 18:28:45.480433: | processing resume sending helper answer for #1 Aug 26 18:28:45.480438: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:28:45.480441: | crypto helper 0 replies to request ID 1 Aug 26 18:28:45.480443: | calling continuation function 0x564bfc7d8b50 Aug 26 18:28:45.480445: | ikev2_parent_outI1_continue for #1 Aug 26 18:28:45.480475: | **emit ISAKMP Message: Aug 26 18:28:45.480478: | initiator cookie: Aug 26 18:28:45.480479: | 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:45.480481: | responder cookie: Aug 26 18:28:45.480483: | 00 00 00 00 00 00 00 00 Aug 26 18:28:45.480485: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:28:45.480487: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:45.480489: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:28:45.480491: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:28:45.480493: | Message ID: 0 (0x0) Aug 26 18:28:45.480495: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:28:45.480506: | using existing local IKE proposals for connection westnet-eastnet-vti-01 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:45.480508: | Emitting ikev2_proposals ... Aug 26 18:28:45.480510: | ***emit IKEv2 Security Association Payload: Aug 26 18:28:45.480512: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.480514: | flags: none (0x0) Aug 26 18:28:45.480516: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:28:45.480518: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:28:45.480520: | discarding INTEG=NONE Aug 26 18:28:45.480522: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:45.480524: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:45.480526: | prop #: 1 (0x1) Aug 26 18:28:45.480527: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:45.480529: | spi size: 0 (0x0) Aug 26 18:28:45.480531: | # transforms: 11 (0xb) Aug 26 18:28:45.480533: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:45.480535: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480536: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480540: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:45.480542: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:45.480544: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480546: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:45.480548: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:45.480550: | length/value: 256 (0x100) Aug 26 18:28:45.480552: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:45.480553: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480555: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480557: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:45.480559: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:45.480561: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480563: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480565: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480566: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480568: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480570: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:45.480571: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:45.480573: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480575: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480577: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480578: | discarding INTEG=NONE Aug 26 18:28:45.480580: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480582: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480583: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480585: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:45.480587: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480589: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480591: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480592: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480594: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480596: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480597: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:45.480599: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480601: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480603: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480604: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480606: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480608: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480609: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:45.480611: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480613: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480616: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480618: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480620: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480621: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480623: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:45.480625: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480627: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480629: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480630: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480632: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480633: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480635: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:45.480637: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480639: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480641: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480642: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480644: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480646: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480647: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:45.480649: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480651: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480653: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480655: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480656: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480658: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480660: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:45.480661: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480663: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480665: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480667: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480668: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:45.480670: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480672: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:45.480674: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480676: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480677: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480679: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:28:45.480681: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:45.480683: | discarding INTEG=NONE Aug 26 18:28:45.480684: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:45.480686: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:45.480691: | prop #: 2 (0x2) Aug 26 18:28:45.480692: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:45.480694: | spi size: 0 (0x0) Aug 26 18:28:45.480696: | # transforms: 11 (0xb) Aug 26 18:28:45.480698: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:45.480700: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:45.480701: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480703: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480705: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:45.480706: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:45.480708: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480710: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:45.480712: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:45.480713: | length/value: 128 (0x80) Aug 26 18:28:45.480715: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:45.480717: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480719: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480720: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:45.480722: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:45.480724: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480726: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480728: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480729: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480731: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480732: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:45.480734: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:45.480736: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480738: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480740: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480741: | discarding INTEG=NONE Aug 26 18:28:45.480743: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480744: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480746: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480748: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:45.480750: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480752: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480753: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480755: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480757: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480758: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480760: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:45.480762: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480764: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480766: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480768: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480770: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480771: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480773: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:45.480775: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480777: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480779: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480780: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480782: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480784: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480785: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:45.480787: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480789: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480791: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480793: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480794: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480796: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480797: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:45.480799: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480801: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480803: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480805: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480806: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480808: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480810: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:45.480812: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480813: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480815: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480817: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480819: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480820: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480822: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:45.480824: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480826: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480828: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480829: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480831: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:45.480832: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480834: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:45.480836: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480839: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480841: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480842: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:28:45.480844: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:45.480846: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:45.480848: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:45.480849: | prop #: 3 (0x3) Aug 26 18:28:45.480851: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:45.480853: | spi size: 0 (0x0) Aug 26 18:28:45.480854: | # transforms: 13 (0xd) Aug 26 18:28:45.480856: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:45.480858: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:45.480860: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480861: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480863: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:45.480865: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:45.480867: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480868: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:45.480870: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:45.480872: | length/value: 256 (0x100) Aug 26 18:28:45.480873: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:45.480875: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480877: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480878: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:45.480880: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:45.480882: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480884: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480886: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480887: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480889: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480890: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:45.480892: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:45.480894: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480896: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480898: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480899: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480901: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480903: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:45.480904: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:45.480906: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480908: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480910: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480912: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480914: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480916: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:45.480917: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:45.480919: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480921: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480923: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480925: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480926: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480928: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480930: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:45.480932: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480934: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480935: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480937: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480939: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480940: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480942: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:45.480944: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480946: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480948: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480950: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480953: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480955: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480957: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:45.480960: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480962: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480965: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480967: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480970: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480972: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480974: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:45.480978: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480981: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.480984: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.480987: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.480989: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.480992: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.480995: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:45.480998: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481002: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.481008: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.481010: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.481013: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481016: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.481019: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:45.481022: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481025: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.481029: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.481031: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.481034: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481037: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.481040: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:45.481043: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481046: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.481049: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.481052: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.481055: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:45.481058: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.481061: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:45.481064: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481067: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.481070: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.481073: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:28:45.481076: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:45.481079: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:45.481082: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:28:45.481084: | prop #: 4 (0x4) Aug 26 18:28:45.481087: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:45.481090: | spi size: 0 (0x0) Aug 26 18:28:45.481093: | # transforms: 13 (0xd) Aug 26 18:28:45.481096: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:45.481099: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:45.481102: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.481105: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481108: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:45.481111: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:45.481114: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.481117: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:45.481119: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:45.481122: | length/value: 128 (0x80) Aug 26 18:28:45.481125: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:45.481128: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.481131: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481133: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:45.481138: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:45.481141: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481144: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.481147: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.481150: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.481153: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481156: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:45.481159: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:45.481162: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481165: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.481168: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.481171: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.481174: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481177: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:45.481179: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:45.481183: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481186: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.481189: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.481192: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.481195: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481198: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:45.481200: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:45.481204: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481207: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.481210: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.481212: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.481216: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481218: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.481221: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:45.481225: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481228: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.481231: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.481234: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.481236: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481239: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.481242: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:45.481245: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481248: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.481251: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.481256: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.481259: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481262: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.481265: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:45.481268: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481271: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.481274: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.481277: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.481280: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481283: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.481285: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:45.481293: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481299: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.481303: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.481305: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.481308: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481311: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.481314: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:45.481317: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481320: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.481336: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.481338: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.481341: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481344: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.481346: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:45.481350: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481353: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.481356: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.481358: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.481361: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481364: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.481367: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:45.481370: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481373: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.481376: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.481379: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.481381: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:45.481384: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.481387: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:45.481390: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.481393: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.481398: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.481401: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:28:45.481418: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:45.481421: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:28:45.481424: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:28:45.481428: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:28:45.481430: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.481433: | flags: none (0x0) Aug 26 18:28:45.481436: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:45.481440: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:28:45.481443: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:28:45.481447: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:28:45.481450: | ikev2 g^x 06 a9 a0 8d ec 74 51 2b ad 79 77 c6 2a cf d7 51 Aug 26 18:28:45.481453: | ikev2 g^x e5 18 25 a4 07 d5 a0 94 cc 41 25 91 01 eb 5b c5 Aug 26 18:28:45.481455: | ikev2 g^x 75 03 35 0b f9 46 9f c1 28 fc ce 26 e0 46 18 ab Aug 26 18:28:45.481458: | ikev2 g^x 59 aa c7 1e ab f8 95 c1 60 5d 89 6f ae dc f8 16 Aug 26 18:28:45.481461: | ikev2 g^x 3a 4f 08 85 f4 b6 5c ba 6b d5 c8 8e e4 e6 84 dd Aug 26 18:28:45.481464: | ikev2 g^x 6c 94 32 0f 50 6d 54 bf 60 06 0d 25 04 ac a0 f4 Aug 26 18:28:45.481466: | ikev2 g^x 1e 4f 6a 38 c7 e1 6f 88 1c 2e c5 07 42 db 71 59 Aug 26 18:28:45.481469: | ikev2 g^x cd 33 af ff da a4 ed f2 4c 0f 3c 88 0c 57 17 a6 Aug 26 18:28:45.481472: | ikev2 g^x 8f a6 b1 ab 0d af ec 7e a0 b3 06 6f 32 9e a8 45 Aug 26 18:28:45.481474: | ikev2 g^x c5 3a 35 b1 45 8c f7 a4 b9 47 c7 d3 42 fe 84 ae Aug 26 18:28:45.481477: | ikev2 g^x dc 66 18 07 33 94 68 f0 34 6c 59 69 b4 36 24 1d Aug 26 18:28:45.481480: | ikev2 g^x 5e 23 2f 42 13 3a 01 c0 2f 6b 49 4a a9 4f ee e5 Aug 26 18:28:45.481483: | ikev2 g^x 16 41 a4 9b 76 c9 87 62 a6 98 23 20 dc 76 de 54 Aug 26 18:28:45.481485: | ikev2 g^x 38 6d 2a fa e7 65 c4 32 59 ff af 9f ad 69 4b 68 Aug 26 18:28:45.481488: | ikev2 g^x 0a 28 64 03 65 e2 17 28 c7 a2 af c8 18 88 ae 29 Aug 26 18:28:45.481491: | ikev2 g^x 4d 63 16 4d 5a b6 5d 12 15 cc 3f 0c ae fd 10 b9 Aug 26 18:28:45.481494: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:28:45.481497: | ***emit IKEv2 Nonce Payload: Aug 26 18:28:45.481500: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:28:45.481503: | flags: none (0x0) Aug 26 18:28:45.481506: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:28:45.481510: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:28:45.481513: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:28:45.481516: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:28:45.481519: | IKEv2 nonce 3f 77 2b d1 af 4b 8f 15 e8 e8 25 81 d7 c0 90 bc Aug 26 18:28:45.481522: | IKEv2 nonce 2d e9 a3 35 aa 40 9a 4d d3 c2 7a 97 7d 36 9b c8 Aug 26 18:28:45.481524: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:28:45.481528: | Adding a v2N Payload Aug 26 18:28:45.481530: | ***emit IKEv2 Notify Payload: Aug 26 18:28:45.481533: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.481536: | flags: none (0x0) Aug 26 18:28:45.481539: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:45.481542: | SPI size: 0 (0x0) Aug 26 18:28:45.481546: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:28:45.481550: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:28:45.481553: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:28:45.481556: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:28:45.481561: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:28:45.481564: | natd_hash: rcookie is zero Aug 26 18:28:45.481578: | natd_hash: hasher=0x564bfc8ad800(20) Aug 26 18:28:45.481582: | natd_hash: icookie= 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:45.481584: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:28:45.481587: | natd_hash: ip= c0 01 02 2d Aug 26 18:28:45.481590: | natd_hash: port=500 Aug 26 18:28:45.481592: | natd_hash: hash= 5a 10 86 94 ab 3f 75 e4 93 24 20 e5 c2 6b 9e 4b Aug 26 18:28:45.481595: | natd_hash: hash= 55 9e d6 63 Aug 26 18:28:45.481598: | Adding a v2N Payload Aug 26 18:28:45.481600: | ***emit IKEv2 Notify Payload: Aug 26 18:28:45.481603: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.481606: | flags: none (0x0) Aug 26 18:28:45.481609: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:45.481611: | SPI size: 0 (0x0) Aug 26 18:28:45.481615: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:28:45.481618: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:28:45.481621: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:28:45.481625: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:28:45.481627: | Notify data 5a 10 86 94 ab 3f 75 e4 93 24 20 e5 c2 6b 9e 4b Aug 26 18:28:45.481630: | Notify data 55 9e d6 63 Aug 26 18:28:45.481633: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:28:45.481635: | natd_hash: rcookie is zero Aug 26 18:28:45.481644: | natd_hash: hasher=0x564bfc8ad800(20) Aug 26 18:28:45.481647: | natd_hash: icookie= 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:45.481650: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:28:45.481653: | natd_hash: ip= c0 01 02 17 Aug 26 18:28:45.481655: | natd_hash: port=500 Aug 26 18:28:45.481658: | natd_hash: hash= 8b 3a 99 92 99 d8 93 e9 7e a9 36 fd da a0 3f 29 Aug 26 18:28:45.481661: | natd_hash: hash= 4c 32 31 63 Aug 26 18:28:45.481663: | Adding a v2N Payload Aug 26 18:28:45.481666: | ***emit IKEv2 Notify Payload: Aug 26 18:28:45.481669: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.481671: | flags: none (0x0) Aug 26 18:28:45.481674: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:45.481677: | SPI size: 0 (0x0) Aug 26 18:28:45.481680: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:28:45.481683: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:28:45.481686: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:28:45.481689: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:28:45.481692: | Notify data 8b 3a 99 92 99 d8 93 e9 7e a9 36 fd da a0 3f 29 Aug 26 18:28:45.481695: | Notify data 4c 32 31 63 Aug 26 18:28:45.481698: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:28:45.481701: | emitting length of ISAKMP Message: 828 Aug 26 18:28:45.481708: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:28:45.481718: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:45.481723: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:28:45.481726: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:28:45.481732: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:28:45.481736: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 18:28:45.481740: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 18:28:45.481746: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:28:45.481750: "westnet-eastnet-vti-01" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:28:45.481765: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 18:28:45.481777: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:28:45.481780: | 48 5d 18 bc c0 82 9f 0b 00 00 00 00 00 00 00 00 Aug 26 18:28:45.481783: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:28:45.481786: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:28:45.481788: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:28:45.481791: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:28:45.481793: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:28:45.481796: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:28:45.481799: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:28:45.481801: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:28:45.481804: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:28:45.481807: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:28:45.481809: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:28:45.481812: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:28:45.481814: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:28:45.481817: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:28:45.481820: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:28:45.481822: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:28:45.481825: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:28:45.481827: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:28:45.481830: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:28:45.481833: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:28:45.481835: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:28:45.481838: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:28:45.481840: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:28:45.481843: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:28:45.481846: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:28:45.481848: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:28:45.481851: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:28:45.481853: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:28:45.481856: | 28 00 01 08 00 0e 00 00 06 a9 a0 8d ec 74 51 2b Aug 26 18:28:45.481859: | ad 79 77 c6 2a cf d7 51 e5 18 25 a4 07 d5 a0 94 Aug 26 18:28:45.481861: | cc 41 25 91 01 eb 5b c5 75 03 35 0b f9 46 9f c1 Aug 26 18:28:45.481864: | 28 fc ce 26 e0 46 18 ab 59 aa c7 1e ab f8 95 c1 Aug 26 18:28:45.481866: | 60 5d 89 6f ae dc f8 16 3a 4f 08 85 f4 b6 5c ba Aug 26 18:28:45.481869: | 6b d5 c8 8e e4 e6 84 dd 6c 94 32 0f 50 6d 54 bf Aug 26 18:28:45.481872: | 60 06 0d 25 04 ac a0 f4 1e 4f 6a 38 c7 e1 6f 88 Aug 26 18:28:45.481874: | 1c 2e c5 07 42 db 71 59 cd 33 af ff da a4 ed f2 Aug 26 18:28:45.481877: | 4c 0f 3c 88 0c 57 17 a6 8f a6 b1 ab 0d af ec 7e Aug 26 18:28:45.481879: | a0 b3 06 6f 32 9e a8 45 c5 3a 35 b1 45 8c f7 a4 Aug 26 18:28:45.481882: | b9 47 c7 d3 42 fe 84 ae dc 66 18 07 33 94 68 f0 Aug 26 18:28:45.481885: | 34 6c 59 69 b4 36 24 1d 5e 23 2f 42 13 3a 01 c0 Aug 26 18:28:45.481887: | 2f 6b 49 4a a9 4f ee e5 16 41 a4 9b 76 c9 87 62 Aug 26 18:28:45.481892: | a6 98 23 20 dc 76 de 54 38 6d 2a fa e7 65 c4 32 Aug 26 18:28:45.481894: | 59 ff af 9f ad 69 4b 68 0a 28 64 03 65 e2 17 28 Aug 26 18:28:45.481897: | c7 a2 af c8 18 88 ae 29 4d 63 16 4d 5a b6 5d 12 Aug 26 18:28:45.481900: | 15 cc 3f 0c ae fd 10 b9 29 00 00 24 3f 77 2b d1 Aug 26 18:28:45.481902: | af 4b 8f 15 e8 e8 25 81 d7 c0 90 bc 2d e9 a3 35 Aug 26 18:28:45.481905: | aa 40 9a 4d d3 c2 7a 97 7d 36 9b c8 29 00 00 08 Aug 26 18:28:45.481907: | 00 00 40 2e 29 00 00 1c 00 00 40 04 5a 10 86 94 Aug 26 18:28:45.481910: | ab 3f 75 e4 93 24 20 e5 c2 6b 9e 4b 55 9e d6 63 Aug 26 18:28:45.481913: | 00 00 00 1c 00 00 40 05 8b 3a 99 92 99 d8 93 e9 Aug 26 18:28:45.481915: | 7e a9 36 fd da a0 3f 29 4c 32 31 63 Aug 26 18:28:45.482353: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:28:45.482365: | libevent_free: release ptr-libevent@0x564bfd74c448 Aug 26 18:28:45.482369: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564bfd74c3d8 Aug 26 18:28:45.482372: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:28:45.482377: | event_schedule: new EVENT_RETRANSMIT-pe@0x564bfd74c3d8 Aug 26 18:28:45.482381: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 18:28:45.482385: | libevent_malloc: new ptr-libevent@0x564bfd750e18 size 128 Aug 26 18:28:45.482392: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29411.224843 Aug 26 18:28:45.482396: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 18:28:45.482402: | #1 spent 1.93 milliseconds in resume sending helper answer Aug 26 18:28:45.482408: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:28:45.482411: | libevent_free: release ptr-libevent@0x7f0900002888 Aug 26 18:28:45.484833: | spent 0.00241 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:28:45.484858: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 18:28:45.484861: | 48 5d 18 bc c0 82 9f 0b 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:45.484863: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 18:28:45.484865: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 18:28:45.484866: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 18:28:45.484868: | 04 00 00 0e 28 00 01 08 00 0e 00 00 a0 b7 35 96 Aug 26 18:28:45.484869: | 5b e6 9c f7 4e cb 6c 46 01 b6 a3 ad 51 41 cb 5a Aug 26 18:28:45.484871: | a2 3c 8e 3e 48 f1 43 65 5e b2 aa 7a ac e3 7e 9a Aug 26 18:28:45.484872: | 10 dd 36 98 74 5a bb 92 88 ff b3 f7 6d 28 31 34 Aug 26 18:28:45.484874: | bc 6b a7 df da 76 ca 8b 0d d2 3c 1c eb 26 d1 87 Aug 26 18:28:45.484876: | f7 5e 5c eb 14 08 78 70 e1 c0 ea cb 6c 83 12 18 Aug 26 18:28:45.484877: | 0c 48 bd a7 4b c3 88 84 0e 9a ac 39 c7 44 29 da Aug 26 18:28:45.484879: | 83 25 bc b0 51 8f 59 47 61 5f f2 57 bc 25 77 be Aug 26 18:28:45.484880: | eb 26 a9 af 2a cc db c0 6c c8 1d a4 27 6e 2c b7 Aug 26 18:28:45.484882: | 1b 24 28 be b0 f6 3e e6 50 ee 62 96 0d 66 b5 be Aug 26 18:28:45.484883: | 92 bf fd f0 87 1c 96 1a 60 a7 0c 81 8e 7b 29 29 Aug 26 18:28:45.484885: | 51 92 34 53 b6 8a 45 a7 51 ed ff 8f bd 5a 25 e9 Aug 26 18:28:45.484887: | ab 90 dd 01 04 62 a1 90 92 38 e5 dc 04 2f 17 14 Aug 26 18:28:45.484888: | c4 19 a7 5b 73 dc 3a 43 19 4e 65 e1 1e 9a 71 b8 Aug 26 18:28:45.484890: | cd 30 30 2f 66 10 ba 11 81 f8 3b 52 c3 30 9f 3d Aug 26 18:28:45.484891: | 41 80 61 09 60 31 74 08 50 3c 09 fc dc 38 8f c9 Aug 26 18:28:45.484893: | f5 71 4f b9 b1 a5 fd 5f 95 e1 46 65 29 00 00 24 Aug 26 18:28:45.484894: | 72 b3 92 ab ea c3 4a 1a 44 55 e4 36 10 6f 04 57 Aug 26 18:28:45.484896: | da f6 09 5b 3d 92 32 ed d1 d5 cd f8 d8 f2 49 a4 Aug 26 18:28:45.484898: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 18:28:45.484899: | c3 19 c3 e7 43 ca e1 ed bb aa 5f 7e f4 3a 67 69 Aug 26 18:28:45.484902: | 95 ef b5 97 00 00 00 1c 00 00 40 05 9d ef 5d af Aug 26 18:28:45.484904: | 9d a5 26 25 16 a1 b7 3b 00 da bd eb 4e a7 e0 1a Aug 26 18:28:45.484908: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:28:45.484911: | **parse ISAKMP Message: Aug 26 18:28:45.484913: | initiator cookie: Aug 26 18:28:45.484914: | 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:45.484916: | responder cookie: Aug 26 18:28:45.484917: | 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:45.484919: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:28:45.484921: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:45.484923: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:28:45.484925: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:28:45.484927: | Message ID: 0 (0x0) Aug 26 18:28:45.484929: | length: 432 (0x1b0) Aug 26 18:28:45.484931: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 18:28:45.484933: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 18:28:45.484937: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 18:28:45.484941: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:28:45.484944: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:28:45.484946: | #1 is idle Aug 26 18:28:45.484948: | #1 idle Aug 26 18:28:45.484949: | unpacking clear payload Aug 26 18:28:45.484951: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:28:45.484954: | ***parse IKEv2 Security Association Payload: Aug 26 18:28:45.484956: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:28:45.484957: | flags: none (0x0) Aug 26 18:28:45.484959: | length: 40 (0x28) Aug 26 18:28:45.484961: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 18:28:45.484962: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:28:45.484965: | ***parse IKEv2 Key Exchange Payload: Aug 26 18:28:45.484966: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:28:45.484968: | flags: none (0x0) Aug 26 18:28:45.484969: | length: 264 (0x108) Aug 26 18:28:45.484971: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:45.484973: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:28:45.484975: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:28:45.484977: | ***parse IKEv2 Nonce Payload: Aug 26 18:28:45.484978: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:28:45.484980: | flags: none (0x0) Aug 26 18:28:45.484982: | length: 36 (0x24) Aug 26 18:28:45.484983: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:28:45.484985: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:28:45.484987: | ***parse IKEv2 Notify Payload: Aug 26 18:28:45.484988: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:28:45.484990: | flags: none (0x0) Aug 26 18:28:45.484992: | length: 8 (0x8) Aug 26 18:28:45.484993: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:45.484995: | SPI size: 0 (0x0) Aug 26 18:28:45.484997: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:28:45.484999: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 18:28:45.485000: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:28:45.485002: | ***parse IKEv2 Notify Payload: Aug 26 18:28:45.485004: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:28:45.485005: | flags: none (0x0) Aug 26 18:28:45.485007: | length: 28 (0x1c) Aug 26 18:28:45.485009: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:45.485010: | SPI size: 0 (0x0) Aug 26 18:28:45.485012: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:28:45.485014: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:28:45.485015: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 18:28:45.485018: | ***parse IKEv2 Notify Payload: Aug 26 18:28:45.485020: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.485022: | flags: none (0x0) Aug 26 18:28:45.485023: | length: 28 (0x1c) Aug 26 18:28:45.485025: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:45.485026: | SPI size: 0 (0x0) Aug 26 18:28:45.485028: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:28:45.485030: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 18:28:45.485032: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 18:28:45.485037: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:28:45.485040: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:28:45.485041: | Now let's proceed with state specific processing Aug 26 18:28:45.485043: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 18:28:45.485046: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 18:28:45.485056: | using existing local IKE proposals for connection westnet-eastnet-vti-01 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:45.485059: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 18:28:45.485061: | local proposal 1 type ENCR has 1 transforms Aug 26 18:28:45.485063: | local proposal 1 type PRF has 2 transforms Aug 26 18:28:45.485065: | local proposal 1 type INTEG has 1 transforms Aug 26 18:28:45.485067: | local proposal 1 type DH has 8 transforms Aug 26 18:28:45.485068: | local proposal 1 type ESN has 0 transforms Aug 26 18:28:45.485071: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:28:45.485073: | local proposal 2 type ENCR has 1 transforms Aug 26 18:28:45.485074: | local proposal 2 type PRF has 2 transforms Aug 26 18:28:45.485076: | local proposal 2 type INTEG has 1 transforms Aug 26 18:28:45.485078: | local proposal 2 type DH has 8 transforms Aug 26 18:28:45.485079: | local proposal 2 type ESN has 0 transforms Aug 26 18:28:45.485081: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 18:28:45.485083: | local proposal 3 type ENCR has 1 transforms Aug 26 18:28:45.485085: | local proposal 3 type PRF has 2 transforms Aug 26 18:28:45.485086: | local proposal 3 type INTEG has 2 transforms Aug 26 18:28:45.485088: | local proposal 3 type DH has 8 transforms Aug 26 18:28:45.485090: | local proposal 3 type ESN has 0 transforms Aug 26 18:28:45.485092: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:28:45.485093: | local proposal 4 type ENCR has 1 transforms Aug 26 18:28:45.485095: | local proposal 4 type PRF has 2 transforms Aug 26 18:28:45.485097: | local proposal 4 type INTEG has 2 transforms Aug 26 18:28:45.485098: | local proposal 4 type DH has 8 transforms Aug 26 18:28:45.485100: | local proposal 4 type ESN has 0 transforms Aug 26 18:28:45.485102: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 18:28:45.485104: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 18:28:45.485106: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:28:45.485108: | length: 36 (0x24) Aug 26 18:28:45.485109: | prop #: 1 (0x1) Aug 26 18:28:45.485111: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:45.485113: | spi size: 0 (0x0) Aug 26 18:28:45.485114: | # transforms: 3 (0x3) Aug 26 18:28:45.485118: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:28:45.485120: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:45.485122: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.485123: | length: 12 (0xc) Aug 26 18:28:45.485125: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:45.485127: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:45.485129: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 18:28:45.485130: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:45.485132: | length/value: 256 (0x100) Aug 26 18:28:45.485135: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:28:45.485137: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:45.485139: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.485140: | length: 8 (0x8) Aug 26 18:28:45.485142: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:45.485144: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:45.485146: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 18:28:45.485148: | *****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:45.485150: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:45.485151: | length: 8 (0x8) Aug 26 18:28:45.485153: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.485155: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:45.485157: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:28:45.485159: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 18:28:45.485162: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 18:28:45.485164: | remote proposal 1 matches local proposal 1 Aug 26 18:28:45.485166: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 18:28:45.485168: | converting proposal to internal trans attrs Aug 26 18:28:45.485181: | natd_hash: hasher=0x564bfc8ad800(20) Aug 26 18:28:45.485183: | natd_hash: icookie= 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:45.485185: | natd_hash: rcookie= 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:45.485186: | natd_hash: ip= c0 01 02 2d Aug 26 18:28:45.485188: | natd_hash: port=500 Aug 26 18:28:45.485190: | natd_hash: hash= 9d ef 5d af 9d a5 26 25 16 a1 b7 3b 00 da bd eb Aug 26 18:28:45.485191: | natd_hash: hash= 4e a7 e0 1a Aug 26 18:28:45.485195: | natd_hash: hasher=0x564bfc8ad800(20) Aug 26 18:28:45.485197: | natd_hash: icookie= 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:45.485198: | natd_hash: rcookie= 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:45.485200: | natd_hash: ip= c0 01 02 17 Aug 26 18:28:45.485201: | natd_hash: port=500 Aug 26 18:28:45.485203: | natd_hash: hash= c3 19 c3 e7 43 ca e1 ed bb aa 5f 7e f4 3a 67 69 Aug 26 18:28:45.485205: | natd_hash: hash= 95 ef b5 97 Aug 26 18:28:45.485206: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:28:45.485208: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 18:28:45.485210: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:28:45.485212: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 18:28:45.485216: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 18:28:45.485219: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 18:28:45.485221: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:28:45.485223: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 18:28:45.485226: | libevent_free: release ptr-libevent@0x564bfd750e18 Aug 26 18:28:45.485228: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564bfd74c3d8 Aug 26 18:28:45.485230: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564bfd74c3d8 Aug 26 18:28:45.485233: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:28:45.485236: | libevent_malloc: new ptr-libevent@0x7f0900002888 size 128 Aug 26 18:28:45.485246: | #1 spent 0.199 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 18:28:45.485250: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:45.485252: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 18:28:45.485253: | crypto helper 1 resuming Aug 26 18:28:45.485254: | suspending state #1 and saving MD Aug 26 18:28:45.485271: | crypto helper 1 starting work-order 2 for state #1 Aug 26 18:28:45.485278: | #1 is busy; has a suspended MD Aug 26 18:28:45.485285: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 18:28:45.485293: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:28:45.485300: | "westnet-eastnet-vti-01" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:28:45.485305: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:28:45.485310: | #1 spent 0.453 milliseconds in ikev2_process_packet() Aug 26 18:28:45.485314: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:28:45.485317: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:28:45.485320: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:28:45.485324: | spent 0.468 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:28:45.486158: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 18:28:45.486680: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001394 seconds Aug 26 18:28:45.486696: | (#1) spent 1.4 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 18:28:45.486700: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 18:28:45.486705: | scheduling resume sending helper answer for #1 Aug 26 18:28:45.486709: | libevent_malloc: new ptr-libevent@0x7f08f8000f48 size 128 Aug 26 18:28:45.486721: | crypto helper 1 waiting (nothing to do) Aug 26 18:28:45.486734: | processing resume sending helper answer for #1 Aug 26 18:28:45.486743: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:28:45.486747: | crypto helper 1 replies to request ID 2 Aug 26 18:28:45.486751: | calling continuation function 0x564bfc7d8b50 Aug 26 18:28:45.486755: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 18:28:45.486765: | creating state object #2 at 0x564bfd753688 Aug 26 18:28:45.486769: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 18:28:45.486773: | pstats #2 ikev2.child started Aug 26 18:28:45.486777: | duplicating state object #1 "westnet-eastnet-vti-01" as #2 for IPSEC SA Aug 26 18:28:45.486784: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:28:45.486792: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:28:45.486798: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 18:28:45.486804: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 18:28:45.486808: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:28:45.486813: | libevent_free: release ptr-libevent@0x7f0900002888 Aug 26 18:28:45.486816: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564bfd74c3d8 Aug 26 18:28:45.486827: | event_schedule: new EVENT_SA_REPLACE-pe@0x564bfd74c3d8 Aug 26 18:28:45.486831: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 18:28:45.486835: | libevent_malloc: new ptr-libevent@0x7f0900002888 size 128 Aug 26 18:28:45.486840: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 18:28:45.486847: | **emit ISAKMP Message: Aug 26 18:28:45.486851: | initiator cookie: Aug 26 18:28:45.486854: | 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:45.486857: | responder cookie: Aug 26 18:28:45.486859: | 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:45.486863: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:28:45.486867: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:45.486870: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:28:45.486874: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:28:45.486877: | Message ID: 1 (0x1) Aug 26 18:28:45.486880: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:28:45.486885: | ***emit IKEv2 Encryption Payload: Aug 26 18:28:45.486888: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.486891: | flags: none (0x0) Aug 26 18:28:45.486895: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:28:45.486899: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:28:45.486904: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:28:45.486914: | IKEv2 CERT: send a certificate? Aug 26 18:28:45.486918: | IKEv2 CERT: no certificate to send Aug 26 18:28:45.486921: | IDr payload will be sent Aug 26 18:28:45.486936: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 18:28:45.486940: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.486944: | flags: none (0x0) Aug 26 18:28:45.486947: | ID type: ID_FQDN (0x2) Aug 26 18:28:45.486951: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 18:28:45.486955: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:28:45.486959: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 18:28:45.486962: | my identity 77 65 73 74 Aug 26 18:28:45.486966: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 18:28:45.486976: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 18:28:45.486979: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:28:45.486982: | flags: none (0x0) Aug 26 18:28:45.486985: | ID type: ID_FQDN (0x2) Aug 26 18:28:45.486989: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 18:28:45.486993: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 18:28:45.486997: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:28:45.487001: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 18:28:45.487004: | IDr 65 61 73 74 Aug 26 18:28:45.487007: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 18:28:45.487010: | not sending INITIAL_CONTACT Aug 26 18:28:45.487014: | ****emit IKEv2 Authentication Payload: Aug 26 18:28:45.487017: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.487021: | flags: none (0x0) Aug 26 18:28:45.487024: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 18:28:45.487028: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 18:28:45.487034: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 18:28:45.487041: | started looking for secret for @west->@east of kind PKK_RSA Aug 26 18:28:45.487044: | actually looking for secret for @west->@east of kind PKK_RSA Aug 26 18:28:45.487048: | line 1: key type PKK_RSA(@west) to type PKK_RSA Aug 26 18:28:45.487053: | 1: compared key (none) to @west / @east -> 002 Aug 26 18:28:45.487057: | 2: compared key (none) to @west / @east -> 002 Aug 26 18:28:45.487060: | line 1: match=002 Aug 26 18:28:45.487064: | match 002 beats previous best_match 000 match=0x564bfd6a3c48 (line=1) Aug 26 18:28:45.487067: | concluding with best_match=002 best=0x564bfd6a3c48 (lineno=1) Aug 26 18:28:45.491785: | #1 spent 4.67 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 18:28:45.491797: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 18:28:45.491799: | rsa signature 71 ac 72 f8 cb d9 a9 b5 c3 12 ad 15 fb 7a d0 29 Aug 26 18:28:45.491801: | rsa signature 74 d3 7e fc 83 94 ab 64 78 70 6c 5e 76 f2 f3 43 Aug 26 18:28:45.491803: | rsa signature f9 cf 8e 07 d8 cd fd ef 60 f2 5c 50 d3 41 01 82 Aug 26 18:28:45.491804: | rsa signature 5e 69 d1 dc af eb 36 9e 6b d4 e7 2d 47 f8 c8 b8 Aug 26 18:28:45.491806: | rsa signature 26 1e 2a b6 77 33 bb 58 a1 8b 67 b8 58 0c f5 8f Aug 26 18:28:45.491808: | rsa signature e3 47 4c 39 32 03 1a 83 0b 42 88 67 8a bc 7c da Aug 26 18:28:45.491809: | rsa signature e4 4b fd e8 4a ad c3 e2 26 49 82 7e 36 23 92 95 Aug 26 18:28:45.491811: | rsa signature 6f 13 20 52 c3 26 d7 48 46 7e bd d5 eb c4 37 8f Aug 26 18:28:45.491813: | rsa signature ed e2 d4 30 f4 82 3c 95 ac a6 47 8f ec 10 8d 99 Aug 26 18:28:45.491814: | rsa signature 47 28 6f fe 2b 80 9c 9c 55 77 17 a3 d7 a1 01 65 Aug 26 18:28:45.491816: | rsa signature 11 4f 7c da b8 cc 47 94 65 fc 37 6c c4 f5 b6 91 Aug 26 18:28:45.491817: | rsa signature 37 1e 36 b7 d3 3e 45 99 97 e5 ee 61 83 a0 de 9d Aug 26 18:28:45.491819: | rsa signature 7e 6d d3 9f d2 b5 7e aa 6a 9f 42 b4 32 da a8 1c Aug 26 18:28:45.491821: | rsa signature d6 62 61 82 61 fd d5 a9 98 1c 04 c9 e6 c0 d5 41 Aug 26 18:28:45.491822: | rsa signature 20 9c 30 da a8 45 e9 b9 54 ce 39 1f c7 e7 9b 28 Aug 26 18:28:45.491824: | rsa signature 76 80 e7 67 70 d7 ff 2d 3a f7 b2 7e e8 5d b9 a8 Aug 26 18:28:45.491825: | rsa signature d9 65 c1 b0 68 97 11 2f d4 2d 47 54 26 f8 f6 fc Aug 26 18:28:45.491827: | rsa signature 20 3d Aug 26 18:28:45.491830: | #1 spent 4.76 milliseconds in ikev2_calculate_rsa_hash() Aug 26 18:28:45.491833: | emitting length of IKEv2 Authentication Payload: 282 Aug 26 18:28:45.491835: | getting first pending from state #1 Aug 26 18:28:45.492207: | netlink_get_spi: allocated 0xb3608dc3 for esp.0@192.1.2.45 Aug 26 18:28:45.492217: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-vti-01 (IKE SA initiator emitting ESP/AH proposals) Aug 26 18:28:45.492224: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:28:45.492232: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:28:45.492235: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:28:45.492239: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 18:28:45.492242: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:28:45.492247: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:28:45.492250: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:28:45.492254: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:28:45.492262: "westnet-eastnet-vti-01": constructed local ESP/AH proposals for westnet-eastnet-vti-01 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:28:45.492278: | Emitting ikev2_proposals ... Aug 26 18:28:45.492283: | ****emit IKEv2 Security Association Payload: Aug 26 18:28:45.492287: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.492300: | flags: none (0x0) Aug 26 18:28:45.492304: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:28:45.492308: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:28:45.492311: | discarding INTEG=NONE Aug 26 18:28:45.492313: | discarding DH=NONE Aug 26 18:28:45.492316: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:45.492319: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:45.492321: | prop #: 1 (0x1) Aug 26 18:28:45.492323: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:45.492325: | spi size: 4 (0x4) Aug 26 18:28:45.492328: | # transforms: 2 (0x2) Aug 26 18:28:45.492331: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:45.492334: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:28:45.492337: | our spi b3 60 8d c3 Aug 26 18:28:45.492339: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.492342: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.492345: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:45.492348: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:45.492351: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.492354: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:45.492357: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:45.492359: | length/value: 256 (0x100) Aug 26 18:28:45.492362: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:45.492365: | discarding INTEG=NONE Aug 26 18:28:45.492367: | discarding DH=NONE Aug 26 18:28:45.492369: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.492371: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:45.492374: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:45.492376: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:45.492380: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.492383: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.492386: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.492389: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:28:45.492392: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:45.492394: | discarding INTEG=NONE Aug 26 18:28:45.492397: | discarding DH=NONE Aug 26 18:28:45.492400: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:45.492402: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:45.492405: | prop #: 2 (0x2) Aug 26 18:28:45.492408: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:45.492411: | spi size: 4 (0x4) Aug 26 18:28:45.492413: | # transforms: 2 (0x2) Aug 26 18:28:45.492417: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:45.492420: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:45.492426: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:28:45.492429: | our spi b3 60 8d c3 Aug 26 18:28:45.492432: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.492435: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.492438: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:45.492440: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:45.492442: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.492444: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:45.492446: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:45.492447: | length/value: 128 (0x80) Aug 26 18:28:45.492449: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:45.492451: | discarding INTEG=NONE Aug 26 18:28:45.492452: | discarding DH=NONE Aug 26 18:28:45.492454: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.492456: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:45.492457: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:45.492459: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:45.492461: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.492463: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.492465: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.492466: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 18:28:45.492468: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:45.492470: | discarding DH=NONE Aug 26 18:28:45.492471: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:45.492473: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:45.492475: | prop #: 3 (0x3) Aug 26 18:28:45.492476: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:45.492478: | spi size: 4 (0x4) Aug 26 18:28:45.492480: | # transforms: 4 (0x4) Aug 26 18:28:45.492482: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:45.492483: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:45.492485: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:28:45.492487: | our spi b3 60 8d c3 Aug 26 18:28:45.492489: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.492490: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.492492: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:45.492494: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:45.492496: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.492497: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:45.492499: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:45.492501: | length/value: 256 (0x100) Aug 26 18:28:45.492502: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:45.492504: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.492506: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.492507: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:45.492509: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:45.492511: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.492513: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.492516: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.492518: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.492519: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.492521: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:45.492523: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:45.492525: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.492527: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.492528: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.492530: | discarding DH=NONE Aug 26 18:28:45.492531: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.492533: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:45.492535: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:45.492536: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:45.492538: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.492540: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.492542: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.492544: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 18:28:45.492545: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:45.492547: | discarding DH=NONE Aug 26 18:28:45.492549: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:45.492550: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:28:45.492552: | prop #: 4 (0x4) Aug 26 18:28:45.492554: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:45.492555: | spi size: 4 (0x4) Aug 26 18:28:45.492557: | # transforms: 4 (0x4) Aug 26 18:28:45.492559: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:45.492561: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:45.492563: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:28:45.492564: | our spi b3 60 8d c3 Aug 26 18:28:45.492566: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.492567: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.492569: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:45.492571: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:45.492573: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.492574: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:45.492576: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:45.492578: | length/value: 128 (0x80) Aug 26 18:28:45.492579: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:45.492581: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.492583: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.492584: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:45.492586: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:45.492588: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.492590: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.492591: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.492596: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.492598: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.492599: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:45.492601: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:45.492603: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.492605: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.492607: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.492608: | discarding DH=NONE Aug 26 18:28:45.492610: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.492611: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:45.492613: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:45.492615: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:45.492617: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.492619: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.492620: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.492622: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 18:28:45.492624: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:45.492626: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 18:28:45.492627: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:28:45.492630: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:28:45.492632: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.492633: | flags: none (0x0) Aug 26 18:28:45.492635: | number of TS: 1 (0x1) Aug 26 18:28:45.492637: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:28:45.492639: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:28:45.492641: | *****emit IKEv2 Traffic Selector: Aug 26 18:28:45.492643: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:28:45.492645: | IP Protocol ID: 0 (0x0) Aug 26 18:28:45.492646: | start port: 0 (0x0) Aug 26 18:28:45.492648: | end port: 65535 (0xffff) Aug 26 18:28:45.492650: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:28:45.492652: | ipv4 start c0 00 01 00 Aug 26 18:28:45.492654: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:28:45.492655: | ipv4 end c0 00 01 ff Aug 26 18:28:45.492657: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:28:45.492659: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:28:45.492661: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:28:45.492662: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.492664: | flags: none (0x0) Aug 26 18:28:45.492666: | number of TS: 1 (0x1) Aug 26 18:28:45.492668: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:28:45.492670: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:28:45.492671: | *****emit IKEv2 Traffic Selector: Aug 26 18:28:45.492673: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:28:45.492675: | IP Protocol ID: 0 (0x0) Aug 26 18:28:45.492677: | start port: 0 (0x0) Aug 26 18:28:45.492679: | end port: 65535 (0xffff) Aug 26 18:28:45.492681: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:28:45.492682: | ipv4 start c0 00 02 00 Aug 26 18:28:45.492684: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:28:45.492686: | ipv4 end c0 00 02 ff Aug 26 18:28:45.492687: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:28:45.492689: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:28:45.492691: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 18:28:45.492693: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 18:28:45.492695: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:28:45.492697: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:28:45.492700: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:28:45.492701: | emitting length of IKEv2 Encryption Payload: 547 Aug 26 18:28:45.492703: | emitting length of ISAKMP Message: 575 Aug 26 18:28:45.492707: | **parse ISAKMP Message: Aug 26 18:28:45.492709: | initiator cookie: Aug 26 18:28:45.492710: | 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:45.492712: | responder cookie: Aug 26 18:28:45.492713: | 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:45.492715: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:28:45.492717: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:45.492719: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:28:45.492721: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:28:45.492722: | Message ID: 1 (0x1) Aug 26 18:28:45.492724: | length: 575 (0x23f) Aug 26 18:28:45.492726: | **parse IKEv2 Encryption Payload: Aug 26 18:28:45.492728: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 18:28:45.492729: | flags: none (0x0) Aug 26 18:28:45.492731: | length: 547 (0x223) Aug 26 18:28:45.492733: | **emit ISAKMP Message: Aug 26 18:28:45.492734: | initiator cookie: Aug 26 18:28:45.492736: | 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:45.492737: | responder cookie: Aug 26 18:28:45.492739: | 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:45.492741: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:28:45.492742: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:45.492744: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:28:45.492746: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:28:45.492747: | Message ID: 1 (0x1) Aug 26 18:28:45.492749: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:28:45.492751: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:28:45.492766: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 18:28:45.492767: | flags: none (0x0) Aug 26 18:28:45.492769: | fragment number: 1 (0x1) Aug 26 18:28:45.492771: | total fragments: 2 (0x2) Aug 26 18:28:45.492773: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Aug 26 18:28:45.492775: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:28:45.492777: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:28:45.492779: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:28:45.492786: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:28:45.492788: | cleartext fragment 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c Aug 26 18:28:45.492790: | cleartext fragment 02 00 00 00 65 61 73 74 21 00 01 1a 01 00 00 00 Aug 26 18:28:45.492792: | cleartext fragment 71 ac 72 f8 cb d9 a9 b5 c3 12 ad 15 fb 7a d0 29 Aug 26 18:28:45.492793: | cleartext fragment 74 d3 7e fc 83 94 ab 64 78 70 6c 5e 76 f2 f3 43 Aug 26 18:28:45.492795: | cleartext fragment f9 cf 8e 07 d8 cd fd ef 60 f2 5c 50 d3 41 01 82 Aug 26 18:28:45.492798: | cleartext fragment 5e 69 d1 dc af eb 36 9e 6b d4 e7 2d 47 f8 c8 b8 Aug 26 18:28:45.492799: | cleartext fragment 26 1e 2a b6 77 33 bb 58 a1 8b 67 b8 58 0c f5 8f Aug 26 18:28:45.492801: | cleartext fragment e3 47 4c 39 32 03 1a 83 0b 42 88 67 8a bc 7c da Aug 26 18:28:45.492802: | cleartext fragment e4 4b fd e8 4a ad c3 e2 26 49 82 7e 36 23 92 95 Aug 26 18:28:45.492804: | cleartext fragment 6f 13 20 52 c3 26 d7 48 46 7e bd d5 eb c4 37 8f Aug 26 18:28:45.492806: | cleartext fragment ed e2 d4 30 f4 82 3c 95 ac a6 47 8f ec 10 8d 99 Aug 26 18:28:45.492807: | cleartext fragment 47 28 6f fe 2b 80 9c 9c 55 77 17 a3 d7 a1 01 65 Aug 26 18:28:45.492809: | cleartext fragment 11 4f 7c da b8 cc 47 94 65 fc 37 6c c4 f5 b6 91 Aug 26 18:28:45.492810: | cleartext fragment 37 1e 36 b7 d3 3e 45 99 97 e5 ee 61 83 a0 de 9d Aug 26 18:28:45.492812: | cleartext fragment 7e 6d d3 9f d2 b5 7e aa 6a 9f 42 b4 32 da a8 1c Aug 26 18:28:45.492813: | cleartext fragment d6 62 61 82 61 fd d5 a9 98 1c 04 c9 e6 c0 d5 41 Aug 26 18:28:45.492815: | cleartext fragment 20 9c 30 da a8 45 e9 b9 54 ce 39 1f c7 e7 9b 28 Aug 26 18:28:45.492817: | cleartext fragment 76 80 e7 67 70 d7 ff 2d 3a f7 b2 7e e8 5d b9 a8 Aug 26 18:28:45.492818: | cleartext fragment d9 65 c1 b0 68 97 11 2f d4 2d 47 54 26 f8 f6 fc Aug 26 18:28:45.492820: | cleartext fragment 20 3d 2c 00 00 a4 02 00 00 20 01 03 04 02 b3 60 Aug 26 18:28:45.492821: | cleartext fragment 8d c3 03 00 00 0c 01 00 00 14 80 0e 01 00 00 00 Aug 26 18:28:45.492823: | cleartext fragment 00 08 05 00 00 00 02 00 00 20 02 03 04 02 b3 60 Aug 26 18:28:45.492824: | cleartext fragment 8d c3 03 00 00 0c 01 00 00 14 80 0e 00 80 00 00 Aug 26 18:28:45.492826: | cleartext fragment 00 08 05 00 00 00 02 00 00 30 03 03 04 04 b3 60 Aug 26 18:28:45.492828: | cleartext fragment 8d c3 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 Aug 26 18:28:45.492829: | cleartext fragment 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 Aug 26 18:28:45.492831: | cleartext fragment 00 08 05 00 00 00 00 00 00 30 04 03 04 04 b3 60 Aug 26 18:28:45.492832: | cleartext fragment 8d c3 03 00 00 0c 01 00 00 0c 80 0e 00 80 03 00 Aug 26 18:28:45.492912: | cleartext fragment 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 Aug 26 18:28:45.492916: | cleartext fragment 00 08 05 00 00 00 2d 00 00 18 01 00 00 00 Aug 26 18:28:45.492918: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:28:45.492921: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:28:45.492924: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:28:45.492927: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 18:28:45.492930: | emitting length of ISAKMP Message: 539 Aug 26 18:28:45.492948: | **emit ISAKMP Message: Aug 26 18:28:45.492952: | initiator cookie: Aug 26 18:28:45.492954: | 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:45.492956: | responder cookie: Aug 26 18:28:45.492958: | 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:45.492961: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:28:45.492963: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:45.492965: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:28:45.492968: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:28:45.492970: | Message ID: 1 (0x1) Aug 26 18:28:45.492973: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:28:45.492975: | ***emit IKEv2 Encrypted Fragment: Aug 26 18:28:45.492978: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.492980: | flags: none (0x0) Aug 26 18:28:45.492983: | fragment number: 2 (0x2) Aug 26 18:28:45.492985: | total fragments: 2 (0x2) Aug 26 18:28:45.492988: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 18:28:45.492992: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 18:28:45.492997: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 18:28:45.493001: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 18:28:45.493010: | emitting 40 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 18:28:45.493013: | cleartext fragment 07 00 00 10 00 00 ff ff c0 00 01 00 c0 00 01 ff Aug 26 18:28:45.493016: | cleartext fragment 00 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff Aug 26 18:28:45.493018: | cleartext fragment c0 00 02 00 c0 00 02 ff Aug 26 18:28:45.493020: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:28:45.493024: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 18:28:45.493026: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 18:28:45.493029: | emitting length of IKEv2 Encrypted Fragment: 73 Aug 26 18:28:45.493032: | emitting length of ISAKMP Message: 101 Aug 26 18:28:45.493045: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:45.493052: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:45.493057: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 18:28:45.493060: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 18:28:45.493077: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 18:28:45.493080: | Message ID: updating counters for #2 to 0 after switching state Aug 26 18:28:45.493099: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 18:28:45.493104: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 18:28:45.493110: "westnet-eastnet-vti-01" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 18:28:45.493122: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 18:28:45.493126: | sending fragments ... Aug 26 18:28:45.493133: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:28:45.493136: | 48 5d 18 bc c0 82 9f 0b 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:45.493139: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Aug 26 18:28:45.493141: | 00 01 00 02 39 6c 38 4b d3 27 c8 35 5e af ef ca Aug 26 18:28:45.493144: | a8 7b ce 7b c2 06 40 6a 42 7d 0f d2 aa 37 41 17 Aug 26 18:28:45.493147: | 87 0c 02 6b 78 46 cf 65 65 9c 0f 29 51 02 24 d4 Aug 26 18:28:45.493150: | d4 5c c3 44 ff 13 b8 55 bc 30 0f a1 d2 34 1e 81 Aug 26 18:28:45.493152: | 18 76 10 0d 2a 52 09 de 18 32 ab 4d fd a5 36 73 Aug 26 18:28:45.493155: | ab 76 0e 7f e0 09 0d da b4 59 56 3b 49 07 1e f8 Aug 26 18:28:45.493157: | de 9d 3d aa 9b 48 df d5 b0 ad d8 a9 3b 44 ee 34 Aug 26 18:28:45.493159: | 35 5a 67 1f 16 c6 7a 98 b4 71 9f 58 a0 c9 28 e9 Aug 26 18:28:45.493162: | 09 7a 68 6a b4 cb b8 51 10 e5 5c 6d 44 8d 1d 6b Aug 26 18:28:45.493165: | a5 ba ce 8c 9c 36 4e ff ec 3c ab 32 67 a9 37 d0 Aug 26 18:28:45.493167: | 30 03 a4 c8 83 97 72 22 c9 05 14 98 d5 cf 59 37 Aug 26 18:28:45.493170: | 91 c4 af 88 6e 87 80 4c 11 7b 2c d7 fa 25 13 30 Aug 26 18:28:45.493172: | b8 7d a4 07 47 90 bb 4b 2e 46 b2 f1 b6 90 d6 ee Aug 26 18:28:45.493175: | ff 37 af 9e 14 13 82 81 83 42 c6 72 b2 e0 55 02 Aug 26 18:28:45.493178: | e9 43 be fa 52 6c 08 7a e8 f8 57 4b 78 7f 25 19 Aug 26 18:28:45.493180: | c9 2a e1 40 82 ee 9b b3 b7 dc 65 b0 cf 69 ac 52 Aug 26 18:28:45.493185: | 2b c7 03 05 fb 54 e5 31 52 ef b7 f1 ec 53 dc f3 Aug 26 18:28:45.493187: | ce ae 57 e9 96 28 67 b7 b8 a0 f4 30 65 8c fd d8 Aug 26 18:28:45.493190: | 3d 2e c2 34 a0 ed 77 d5 c1 db 43 ef fc 36 3f 61 Aug 26 18:28:45.493193: | cb 4c 3e 7e b7 0b 17 e5 94 09 a2 34 0d 4d 7a c2 Aug 26 18:28:45.493195: | 76 65 a9 0e 68 d3 68 15 1d 69 48 35 18 90 6b 6a Aug 26 18:28:45.493198: | d5 5b aa ca 95 75 77 54 db 15 b0 22 9f 47 18 f2 Aug 26 18:28:45.493201: | 5f b8 8c 42 67 26 39 f8 2d 79 1d d4 61 e5 96 44 Aug 26 18:28:45.493203: | 44 ea 03 a2 bd 5d 06 00 cf a2 58 59 e1 cf 55 cd Aug 26 18:28:45.493206: | 84 ce 76 52 e3 b6 67 82 c9 e9 4e 73 0e 4a f6 5f Aug 26 18:28:45.493209: | 03 28 c0 6c 85 31 73 58 e0 7a 24 e4 ff 1d ca 73 Aug 26 18:28:45.493211: | 91 64 c7 65 7d 24 f0 3f 56 40 38 eb 2d 56 78 89 Aug 26 18:28:45.493214: | 55 7a 41 ef f5 e2 ca bc cb 57 54 30 88 57 1e 13 Aug 26 18:28:45.493217: | 29 bd c3 9f 17 2c 9b 20 27 9f ee 50 46 50 4f 7d Aug 26 18:28:45.493219: | c2 80 e7 73 34 eb 36 13 14 7d 84 42 37 c5 cb 29 Aug 26 18:28:45.493222: | 80 d8 c0 4e 55 65 f5 2f c1 d6 c4 fc c9 03 d2 35 Aug 26 18:28:45.493224: | 0f 1b 04 44 5c dc 44 31 89 89 ec Aug 26 18:28:45.493271: | sending 101 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:28:45.493275: | 48 5d 18 bc c0 82 9f 0b 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:45.493278: | 35 20 23 08 00 00 00 01 00 00 00 65 00 00 00 49 Aug 26 18:28:45.493280: | 00 02 00 02 2e 7e 0d 1b d9 71 1c 11 43 6a e1 80 Aug 26 18:28:45.493283: | c8 14 c7 f1 43 e7 33 5c 7d 39 5d e1 e1 46 06 b2 Aug 26 18:28:45.493285: | 0b 0e 0c 4f cb aa cc bb 8d 8a c3 b8 c2 8b 19 ff Aug 26 18:28:45.493293: | b9 35 5f ce 12 77 f1 50 4e b9 e0 c9 e0 62 72 2e Aug 26 18:28:45.493299: | 14 d4 8b 04 5d Aug 26 18:28:45.493314: | sent 2 fragments Aug 26 18:28:45.493318: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:28:45.493323: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f0900002b78 Aug 26 18:28:45.493340: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Aug 26 18:28:45.493345: | libevent_malloc: new ptr-libevent@0x564bfd750e18 size 128 Aug 26 18:28:45.493351: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29411.235788 Aug 26 18:28:45.493357: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 18:28:45.493362: | #1 spent 1.42 milliseconds Aug 26 18:28:45.493366: | #1 spent 6.48 milliseconds in resume sending helper answer Aug 26 18:28:45.493371: | stop processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:28:45.493375: | libevent_free: release ptr-libevent@0x7f08f8000f48 Aug 26 18:28:45.544668: | spent 0.00324 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:28:45.544695: | *received 435 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 18:28:45.544700: | 48 5d 18 bc c0 82 9f 0b 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:45.544703: | 2e 20 23 20 00 00 00 01 00 00 01 b3 24 00 01 97 Aug 26 18:28:45.544706: | 21 9b c6 ff 52 6e 6b 83 ee 9c 66 52 19 9b 61 7c Aug 26 18:28:45.544708: | 51 6c 79 f9 1c e8 25 d7 51 78 5a 9f b9 72 c7 92 Aug 26 18:28:45.544711: | 28 0c 11 8b 49 67 d4 a0 99 9d dd 7a d0 98 6f 3a Aug 26 18:28:45.544714: | e3 49 50 b9 0a 7d 61 17 11 74 ba 7f 75 c6 9f f1 Aug 26 18:28:45.544716: | 0c f8 d3 05 bc 89 25 6b f3 55 83 89 3e 6a ee d6 Aug 26 18:28:45.544719: | ca ef 80 61 c0 e0 63 cc 1b ad 52 45 54 f2 f7 81 Aug 26 18:28:45.544721: | ca e6 43 c2 5a 12 b3 88 60 53 fb 88 ae 9e 64 2b Aug 26 18:28:45.544724: | 9a a3 62 bd 6e 68 bd 4b 57 fa c1 e2 56 94 82 ca Aug 26 18:28:45.544727: | da e1 45 2e 5e ab 29 ac db 76 21 91 aa 71 f3 9b Aug 26 18:28:45.544729: | 2c 21 3c 7e 91 22 d4 49 3c a0 43 95 04 a2 d0 14 Aug 26 18:28:45.544734: | 62 0d 03 a6 5b 84 4b dc 53 01 fe c2 1c 7e bd 39 Aug 26 18:28:45.544737: | 40 05 f9 90 0f cb 6e e0 fa 5f f1 30 fc 1f 34 7b Aug 26 18:28:45.544740: | ed ba f3 5c a1 74 4c 76 36 97 81 a0 0d 0f 0e 75 Aug 26 18:28:45.544742: | bc f6 41 41 7d e8 6c ca f6 8b d6 23 80 65 90 f8 Aug 26 18:28:45.544745: | 30 cc d6 f4 d5 8a 23 f9 3d 6f d7 dd 06 89 13 41 Aug 26 18:28:45.544747: | 3a 05 d2 78 f4 ba 58 2e a4 7a f9 b4 b7 72 34 55 Aug 26 18:28:45.544749: | c2 a0 70 a1 30 e1 42 69 86 e7 bc 6e e1 49 32 41 Aug 26 18:28:45.544752: | 18 82 c0 a5 9f d7 a1 76 a4 2c 79 58 6e 3a 24 b7 Aug 26 18:28:45.544754: | e7 6c d4 56 aa e9 6f 93 ae 85 4c 63 87 de 09 0c Aug 26 18:28:45.544757: | 4a 8e b2 c8 c2 27 f5 55 f7 af dc 6e b5 60 9d 7f Aug 26 18:28:45.544759: | ee 73 96 2c c2 0c 08 5f 47 ec ce a4 8b 25 0c 6c Aug 26 18:28:45.544762: | d8 d9 ef a4 51 11 69 93 cd b1 0e 36 81 48 13 40 Aug 26 18:28:45.544764: | be 5c f4 bc 12 7f 39 55 87 d7 e1 87 f6 88 74 67 Aug 26 18:28:45.544767: | 8a 52 37 19 68 62 69 43 fa 1a ab 1d 7a d6 ca fe Aug 26 18:28:45.544769: | 54 bc 4e fd 97 91 96 68 b7 8b 55 df e7 f5 bb 37 Aug 26 18:28:45.544771: | 5e 41 ab Aug 26 18:28:45.544776: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:28:45.544781: | **parse ISAKMP Message: Aug 26 18:28:45.544784: | initiator cookie: Aug 26 18:28:45.544786: | 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:45.544788: | responder cookie: Aug 26 18:28:45.544791: | 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:45.544794: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:28:45.544797: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:45.544799: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 18:28:45.544802: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:28:45.544805: | Message ID: 1 (0x1) Aug 26 18:28:45.544808: | length: 435 (0x1b3) Aug 26 18:28:45.544811: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 18:28:45.544815: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 18:28:45.544819: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 18:28:45.544840: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:28:45.544844: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 18:28:45.544849: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:28:45.544853: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:28:45.544857: | #2 is idle Aug 26 18:28:45.544859: | #2 idle Aug 26 18:28:45.544862: | unpacking clear payload Aug 26 18:28:45.544865: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:28:45.544868: | ***parse IKEv2 Encryption Payload: Aug 26 18:28:45.544884: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 18:28:45.544888: | flags: none (0x0) Aug 26 18:28:45.544890: | length: 407 (0x197) Aug 26 18:28:45.544893: | processing payload: ISAKMP_NEXT_v2SK (len=403) Aug 26 18:28:45.544896: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 18:28:45.544910: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 18:28:45.544913: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 18:28:45.544917: | **parse IKEv2 Identification - Responder - Payload: Aug 26 18:28:45.544919: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 18:28:45.544922: | flags: none (0x0) Aug 26 18:28:45.544924: | length: 12 (0xc) Aug 26 18:28:45.544927: | ID type: ID_FQDN (0x2) Aug 26 18:28:45.544930: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 18:28:45.544933: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 18:28:45.544936: | **parse IKEv2 Authentication Payload: Aug 26 18:28:45.544938: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:28:45.544944: | flags: none (0x0) Aug 26 18:28:45.544947: | length: 282 (0x11a) Aug 26 18:28:45.544950: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 18:28:45.544952: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Aug 26 18:28:45.544955: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:28:45.544958: | **parse IKEv2 Security Association Payload: Aug 26 18:28:45.544960: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:28:45.544963: | flags: none (0x0) Aug 26 18:28:45.544965: | length: 36 (0x24) Aug 26 18:28:45.544967: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 18:28:45.544970: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:28:45.544973: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:28:45.544975: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:28:45.544978: | flags: none (0x0) Aug 26 18:28:45.544980: | length: 24 (0x18) Aug 26 18:28:45.544982: | number of TS: 1 (0x1) Aug 26 18:28:45.544985: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:28:45.544988: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:28:45.544990: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:28:45.544993: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.544995: | flags: none (0x0) Aug 26 18:28:45.544996: | length: 24 (0x18) Aug 26 18:28:45.544998: | number of TS: 1 (0x1) Aug 26 18:28:45.545012: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:28:45.545014: | selected state microcode Initiator: process IKE_AUTH response Aug 26 18:28:45.545016: | Now let's proceed with state specific processing Aug 26 18:28:45.545018: | calling processor Initiator: process IKE_AUTH response Aug 26 18:28:45.545023: | offered CA: '%none' Aug 26 18:28:45.545026: "westnet-eastnet-vti-01" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Aug 26 18:28:45.545060: | verifying AUTH payload Aug 26 18:28:45.545072: | required RSA CA is '%any' Aug 26 18:28:45.545075: | checking RSA keyid '@east' for match with '@east' Aug 26 18:28:45.545077: | key issuer CA is '%any' Aug 26 18:28:45.545123: | an RSA Sig check passed with *AQO9bJbr3 [preloaded key] Aug 26 18:28:45.545128: | #1 spent 0.0472 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 18:28:45.545130: "westnet-eastnet-vti-01" #2: Authenticated using RSA Aug 26 18:28:45.545137: | #1 spent 0.0727 milliseconds in ikev2_verify_rsa_hash() Aug 26 18:28:45.545140: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 18:28:45.545144: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 18:28:45.545146: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:28:45.545149: | libevent_free: release ptr-libevent@0x7f0900002888 Aug 26 18:28:45.545152: | free_event_entry: release EVENT_SA_REPLACE-pe@0x564bfd74c3d8 Aug 26 18:28:45.545154: | event_schedule: new EVENT_SA_REKEY-pe@0x564bfd74c3d8 Aug 26 18:28:45.545156: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 18:28:45.545158: | libevent_malloc: new ptr-libevent@0x7f08f8000f48 size 128 Aug 26 18:28:45.545225: | pstats #1 ikev2.ike established Aug 26 18:28:45.545233: | TSi: parsing 1 traffic selectors Aug 26 18:28:45.545237: | ***parse IKEv2 Traffic Selector: Aug 26 18:28:45.545241: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:28:45.545244: | IP Protocol ID: 0 (0x0) Aug 26 18:28:45.545247: | length: 16 (0x10) Aug 26 18:28:45.545251: | start port: 0 (0x0) Aug 26 18:28:45.545254: | end port: 65535 (0xffff) Aug 26 18:28:45.545258: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:28:45.545261: | TS low c0 00 01 00 Aug 26 18:28:45.545264: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:28:45.545267: | TS high c0 00 01 ff Aug 26 18:28:45.545271: | TSi: parsed 1 traffic selectors Aug 26 18:28:45.545274: | TSr: parsing 1 traffic selectors Aug 26 18:28:45.545277: | ***parse IKEv2 Traffic Selector: Aug 26 18:28:45.545279: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:28:45.545283: | IP Protocol ID: 0 (0x0) Aug 26 18:28:45.545285: | length: 16 (0x10) Aug 26 18:28:45.545287: | start port: 0 (0x0) Aug 26 18:28:45.545309: | end port: 65535 (0xffff) Aug 26 18:28:45.545314: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:28:45.545315: | TS low c0 00 02 00 Aug 26 18:28:45.545317: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:28:45.545319: | TS high c0 00 02 ff Aug 26 18:28:45.545321: | TSr: parsed 1 traffic selectors Aug 26 18:28:45.545325: | evaluating our conn="westnet-eastnet-vti-01" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 18:28:45.545328: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:28:45.545333: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 18:28:45.545335: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:28:45.545337: | TSi[0] port match: YES fitness 65536 Aug 26 18:28:45.545339: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:28:45.545341: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:28:45.545343: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:28:45.545347: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 18:28:45.545349: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:28:45.545350: | TSr[0] port match: YES fitness 65536 Aug 26 18:28:45.545352: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:28:45.545354: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:28:45.545356: | best fit so far: TSi[0] TSr[0] Aug 26 18:28:45.545358: | found an acceptable TSi/TSr Traffic Selector Aug 26 18:28:45.545359: | printing contents struct traffic_selector Aug 26 18:28:45.545361: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:28:45.545363: | ipprotoid: 0 Aug 26 18:28:45.545364: | port range: 0-65535 Aug 26 18:28:45.545367: | ip range: 192.0.1.0-192.0.1.255 Aug 26 18:28:45.545368: | printing contents struct traffic_selector Aug 26 18:28:45.545370: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:28:45.545371: | ipprotoid: 0 Aug 26 18:28:45.545373: | port range: 0-65535 Aug 26 18:28:45.545375: | ip range: 192.0.2.0-192.0.2.255 Aug 26 18:28:45.545384: | using existing local ESP/AH proposals for westnet-eastnet-vti-01 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 18:28:45.545387: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 18:28:45.545390: | local proposal 1 type ENCR has 1 transforms Aug 26 18:28:45.545392: | local proposal 1 type PRF has 0 transforms Aug 26 18:28:45.545394: | local proposal 1 type INTEG has 1 transforms Aug 26 18:28:45.545395: | local proposal 1 type DH has 1 transforms Aug 26 18:28:45.545397: | local proposal 1 type ESN has 1 transforms Aug 26 18:28:45.545399: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:28:45.545401: | local proposal 2 type ENCR has 1 transforms Aug 26 18:28:45.545403: | local proposal 2 type PRF has 0 transforms Aug 26 18:28:45.545404: | local proposal 2 type INTEG has 1 transforms Aug 26 18:28:45.545406: | local proposal 2 type DH has 1 transforms Aug 26 18:28:45.545408: | local proposal 2 type ESN has 1 transforms Aug 26 18:28:45.545410: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 18:28:45.545411: | local proposal 3 type ENCR has 1 transforms Aug 26 18:28:45.545413: | local proposal 3 type PRF has 0 transforms Aug 26 18:28:45.545415: | local proposal 3 type INTEG has 2 transforms Aug 26 18:28:45.545418: | local proposal 3 type DH has 1 transforms Aug 26 18:28:45.545420: | local proposal 3 type ESN has 1 transforms Aug 26 18:28:45.545422: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:28:45.545423: | local proposal 4 type ENCR has 1 transforms Aug 26 18:28:45.545425: | local proposal 4 type PRF has 0 transforms Aug 26 18:28:45.545427: | local proposal 4 type INTEG has 2 transforms Aug 26 18:28:45.545428: | local proposal 4 type DH has 1 transforms Aug 26 18:28:45.545430: | local proposal 4 type ESN has 1 transforms Aug 26 18:28:45.545432: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 18:28:45.545434: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:28:45.545436: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:28:45.545438: | length: 32 (0x20) Aug 26 18:28:45.545440: | prop #: 1 (0x1) Aug 26 18:28:45.545441: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:45.545443: | spi size: 4 (0x4) Aug 26 18:28:45.545445: | # transforms: 2 (0x2) Aug 26 18:28:45.545447: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:28:45.545448: | remote SPI f5 e8 11 a0 Aug 26 18:28:45.545451: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:28:45.545453: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:45.545454: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.545456: | length: 12 (0xc) Aug 26 18:28:45.545458: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:45.545459: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:45.545461: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:28:45.545463: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:45.545465: | length/value: 256 (0x100) Aug 26 18:28:45.545468: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:28:45.545470: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:45.545471: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:45.545473: | length: 8 (0x8) Aug 26 18:28:45.545475: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:45.545476: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:45.545479: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:28:45.545481: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 18:28:45.545484: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 18:28:45.545485: | remote proposal 1 matches local proposal 1 Aug 26 18:28:45.545488: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Aug 26 18:28:45.545491: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=f5e811a0;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 18:28:45.545493: | converting proposal to internal trans attrs Aug 26 18:28:45.545497: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 18:28:45.545628: | install_ipsec_sa() for #2: inbound and outbound Aug 26 18:28:45.545634: | could_route called for westnet-eastnet-vti-01 (kind=CK_PERMANENT) Aug 26 18:28:45.545638: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:28:45.545641: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 18:28:45.545644: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Aug 26 18:28:45.545647: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 18:28:45.545650: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Aug 26 18:28:45.545655: | route owner of "westnet-eastnet-vti-01" unrouted: NULL; eroute owner: NULL Aug 26 18:28:45.545658: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:28:45.545662: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:28:45.545667: | AES_GCM_16 requires 4 salt bytes Aug 26 18:28:45.545670: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:28:45.545675: | setting IPsec SA replay-window to 32 Aug 26 18:28:45.545678: | NIC esp-hw-offload not for connection 'westnet-eastnet-vti-01' not available on interface eth1 Aug 26 18:28:45.545681: | netlink: enabling tunnel mode Aug 26 18:28:45.545685: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:28:45.545688: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:28:45.545756: | netlink response for Add SA esp.f5e811a0@192.1.2.23 included non-error error Aug 26 18:28:45.545774: | set up outgoing SA, ref=0/0 Aug 26 18:28:45.545778: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:28:45.545782: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:28:45.545784: | AES_GCM_16 requires 4 salt bytes Aug 26 18:28:45.545787: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:28:45.545792: | setting IPsec SA replay-window to 32 Aug 26 18:28:45.545795: | NIC esp-hw-offload not for connection 'westnet-eastnet-vti-01' not available on interface eth1 Aug 26 18:28:45.545798: | netlink: enabling tunnel mode Aug 26 18:28:45.545801: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:28:45.545804: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:28:45.545858: | netlink response for Add SA esp.b3608dc3@192.1.2.45 included non-error error Aug 26 18:28:45.545876: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Aug 26 18:28:45.545883: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Aug 26 18:28:45.545887: | IPsec Sa SPD priority set to 1042407 Aug 26 18:28:45.545912: | raw_eroute result=success Aug 26 18:28:45.545916: | set up incoming SA, ref=0/0 Aug 26 18:28:45.545919: | sr for #2: unrouted Aug 26 18:28:45.545923: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:28:45.545926: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:28:45.545929: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 18:28:45.545932: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Aug 26 18:28:45.545935: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 18:28:45.545939: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Aug 26 18:28:45.545943: | route owner of "westnet-eastnet-vti-01" unrouted: NULL; eroute owner: NULL Aug 26 18:28:45.545947: | route_and_eroute with c: westnet-eastnet-vti-01 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 18:28:45.545951: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Aug 26 18:28:45.545958: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 18:28:45.545961: | IPsec Sa SPD priority set to 1042407 Aug 26 18:28:45.545974: | raw_eroute result=success Aug 26 18:28:45.545978: | running updown command "ipsec _updown" for verb up Aug 26 18:28:45.545982: | command executing up-client Aug 26 18:28:45.546013: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffffff CON Aug 26 18:28:45.546020: | popen cmd is 1129 chars long Aug 26 18:28:45.546024: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti: Aug 26 18:28:45.546027: | cmd( 80):-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PL: Aug 26 18:28:45.546030: | cmd( 160):UTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0': Aug 26 18:28:45.546032: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' : Aug 26 18:28:45.546035: | cmd( 320):PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192: Aug 26 18:28:45.546038: | cmd( 400):.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIEN: Aug 26 18:28:45.546041: | cmd( 480):T_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLU: Aug 26 18:28:45.546044: | cmd( 560):TO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLU: Aug 26 18:28:45.546047: | cmd( 640):TO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_AL: Aug 26 18:28:45.546049: | cmd( 720):LOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FA: Aug 26 18:28:45.546052: | cmd( 800):ILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' : Aug 26 18:28:45.546055: | cmd( 880):PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGUR: Aug 26 18:28:45.546058: | cmd( 960):ED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' V: Aug 26 18:28:45.546061: | cmd(1040):TI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0xf5e811a0 SPI_OUT=0xb3608dc3 ipsec _up: Aug 26 18:28:45.546063: | cmd(1120):down 2>&1: Aug 26 18:28:45.566704: "westnet-eastnet-vti-01" #2: up-client output: net.ipv4.conf.ipsec0.disable_policy = 1 Aug 26 18:28:45.577754: "westnet-eastnet-vti-01" #2: up-client output: net.ipv4.conf.ipsec0.rp_filter = 0 Aug 26 18:28:45.587310: "westnet-eastnet-vti-01" #2: up-client output: net.ipv4.conf.ipsec0.forwarding = 1 Aug 26 18:28:45.592411: "westnet-eastnet-vti-01" #2: up-client output: done ip route Aug 26 18:28:45.592706: | route_and_eroute: firewall_notified: true Aug 26 18:28:45.592714: | running updown command "ipsec _updown" for verb prepare Aug 26 18:28:45.592716: | command executing prepare-client Aug 26 18:28:45.592743: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xff Aug 26 18:28:45.592746: | popen cmd is 1134 chars long Aug 26 18:28:45.592748: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 18:28:45.592750: | cmd( 80):t-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: Aug 26 18:28:45.592751: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0: Aug 26 18:28:45.592753: | cmd( 240):.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT: Aug 26 18:28:45.592757: | cmd( 320):='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER: Aug 26 18:28:45.592759: | cmd( 400):='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_: Aug 26 18:28:45.592761: | cmd( 480):CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0: Aug 26 18:28:45.592763: | cmd( 560):' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0: Aug 26 18:28:45.592764: | cmd( 640):' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FR: Aug 26 18:28:45.592766: | cmd( 720):AG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAU: Aug 26 18:28:45.592768: | cmd( 800):TH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INF: Aug 26 18:28:45.592769: | cmd( 880):O='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CON: Aug 26 18:28:45.592771: | cmd( 960):FIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipse: Aug 26 18:28:45.592773: | cmd(1040):c0' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0xf5e811a0 SPI_OUT=0xb3608dc3 ipse: Aug 26 18:28:45.592774: | cmd(1120):c _updown 2>&1: Aug 26 18:28:45.606934: "westnet-eastnet-vti-01" #2: prepare-client output: vti interface "ipsec0" already exists with conflicting setting Aug 26 18:28:45.606975: "westnet-eastnet-vti-01" #2: prepare-client output: existing: ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit ikey 20 okey 21 Aug 26 18:28:45.606982: "westnet-eastnet-vti-01" #2: prepare-client output: wanted : ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit key 21 Aug 26 18:28:45.607261: | running updown command "ipsec _updown" for verb route Aug 26 18:28:45.607271: | command executing route-client Aug 26 18:28:45.607449: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffff Aug 26 18:28:45.607461: | popen cmd is 1132 chars long Aug 26 18:28:45.607465: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Aug 26 18:28:45.607468: | cmd( 80):vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45': Aug 26 18:28:45.607470: | cmd( 160): PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1: Aug 26 18:28:45.607473: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT=': Aug 26 18:28:45.607475: | cmd( 320):0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER=': Aug 26 18:28:45.607478: | cmd( 400):192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CL: Aug 26 18:28:45.607481: | cmd( 480):IENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' : Aug 26 18:28:45.607484: | cmd( 560):PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' : Aug 26 18:28:45.607487: | cmd( 640):PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG: Aug 26 18:28:45.607489: | cmd( 720):_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH: Aug 26 18:28:45.607498: | cmd( 800):_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=: Aug 26 18:28:45.607501: | cmd( 880):'' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFI: Aug 26 18:28:45.607504: | cmd( 960):GURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0: Aug 26 18:28:45.607507: | cmd(1040):' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0xf5e811a0 SPI_OUT=0xb3608dc3 ipsec : Aug 26 18:28:45.607509: | cmd(1120):_updown 2>&1: Aug 26 18:28:45.627213: "westnet-eastnet-vti-01" #2: route-client output: done ip route Aug 26 18:28:45.631492: | route_and_eroute: instance "westnet-eastnet-vti-01", setting eroute_owner {spd=0x564bfd74a5b8,sr=0x564bfd74a5b8} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 18:28:45.631743: | #1 spent 2.2 milliseconds in install_ipsec_sa() Aug 26 18:28:45.631754: | inR2: instance westnet-eastnet-vti-01[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 18:28:45.631759: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:28:45.631763: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 18:28:45.631776: | libevent_free: release ptr-libevent@0x564bfd750e18 Aug 26 18:28:45.631784: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f0900002b78 Aug 26 18:28:45.631792: | #2 spent 2.84 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 18:28:45.631801: | [RE]START processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:45.631805: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 18:28:45.631809: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 18:28:45.631812: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 18:28:45.631815: | Message ID: updating counters for #2 to 1 after switching state Aug 26 18:28:45.631821: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 18:28:45.631827: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:28:45.631831: | pstats #2 ikev2.child established Aug 26 18:28:45.631842: "westnet-eastnet-vti-01" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 18:28:45.631854: | NAT-T: encaps is 'auto' Aug 26 18:28:45.631860: "westnet-eastnet-vti-01" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xf5e811a0 <0xb3608dc3 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 18:28:45.631865: | releasing whack for #2 (sock=fd@23) Aug 26 18:28:45.631870: | close_any(fd@23) (in release_whack() at state.c:654) Aug 26 18:28:45.631873: | releasing whack and unpending for parent #1 Aug 26 18:28:45.631877: | unpending state #1 connection "westnet-eastnet-vti-01" Aug 26 18:28:45.631882: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-vti-01" Aug 26 18:28:45.631886: | removing pending policy for no connection {0x564bfd73d158} Aug 26 18:28:45.631896: | close_any(fd@22) (in release_whack() at state.c:654) Aug 26 18:28:45.631902: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 18:28:45.631906: | event_schedule: new EVENT_SA_REKEY-pe@0x7f0900002b78 Aug 26 18:28:45.631911: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 18:28:45.631916: | libevent_malloc: new ptr-libevent@0x564bfd759328 size 128 Aug 26 18:28:45.631925: | stop processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:28:45.631932: | #1 spent 3.31 milliseconds in ikev2_process_packet() Aug 26 18:28:45.631937: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:28:45.631948: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:28:45.631951: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:28:45.631956: | spent 3.34 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:28:45.631970: | kernel_process_msg_cb process netlink message Aug 26 18:28:45.632403: | netlink_get: XFRM_MSG_NEWSA message Aug 26 18:28:45.632415: | netlink_get: XFRM_MSG_NEWSA message Aug 26 18:28:45.632420: | netlink_get: XFRM_MSG_DELPOLICY message Aug 26 18:28:45.632424: | xfrm netlink address change RTM_NEWADDR msg len 80 Aug 26 18:28:45.632429: | XFRM RTM_NEWADDR 192.0.1.254 IFA_LOCAL Aug 26 18:28:45.632432: | FOR_EACH_STATE_... in record_newaddr (for_each_state) Aug 26 18:28:45.632438: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:28:45.632444: | stop processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:28:45.632449: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:28:45.632453: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:28:45.632456: | IKEv2 received address RTM_NEWADDR type 3 Aug 26 18:28:45.632459: | IKEv2 received address RTM_NEWADDR type 8 Aug 26 18:28:45.632461: | IKEv2 received address RTM_NEWADDR type 6 Aug 26 18:28:45.632466: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:28:45.632470: | netlink_get: XFRM_MSG_NEWSA message Aug 26 18:28:45.632474: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:28:45.632478: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:28:45.632482: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:28:45.632486: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:28:45.632490: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:28:45.632496: | spent 0.503 milliseconds in kernel message Aug 26 18:28:45.632508: | processing signal PLUTO_SIGCHLD Aug 26 18:28:45.632514: | waitpid returned ECHILD (no child processes left) Aug 26 18:28:45.632519: | spent 0.00539 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:28:45.632522: | processing signal PLUTO_SIGCHLD Aug 26 18:28:45.632526: | waitpid returned ECHILD (no child processes left) Aug 26 18:28:45.632530: | spent 0.0042 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:28:45.632533: | processing signal PLUTO_SIGCHLD Aug 26 18:28:45.632538: | waitpid returned ECHILD (no child processes left) Aug 26 18:28:45.632542: | spent 0.00403 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:28:45.694774: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:45.694797: | dup_any(fd@16) -> fd@21 (in whack_process() at rcv_whack.c:590) Aug 26 18:28:45.694801: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:28:45.694808: | start processing: connection "westnet-eastnet-vti-02" (in initiate_a_connection() at initiate.c:186) Aug 26 18:28:45.694811: | connection 'westnet-eastnet-vti-02' +POLICY_UP Aug 26 18:28:45.694815: | dup_any(fd@21) -> fd@22 (in initiate_a_connection() at initiate.c:342) Aug 26 18:28:45.694818: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:28:45.694822: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 18:28:45.694828: | creating state object #3 at 0x564bfd752ab8 Aug 26 18:28:45.694831: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 18:28:45.694843: | pstats #3 ikev2.child started Aug 26 18:28:45.694847: | duplicating state object #1 "westnet-eastnet-vti-01" as #3 for IPSEC SA Aug 26 18:28:45.694853: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:28:45.694866: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:28:45.694870: | in connection_discard for connection westnet-eastnet-vti-01 Aug 26 18:28:45.694878: | suspend processing: connection "westnet-eastnet-vti-02" (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:28:45.694883: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:28:45.694888: | child state #3: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA) Aug 26 18:28:45.694892: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 18:28:45.694896: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-vti-02 (ESP/AH initiator emitting proposals) Aug 26 18:28:45.694901: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:28:45.694908: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:28:45.694911: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:28:45.694915: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:28:45.694919: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:28:45.694924: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:28:45.694927: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:28:45.694931: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:28:45.694940: "westnet-eastnet-vti-02": constructed local ESP/AH proposals for westnet-eastnet-vti-02 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:28:45.694952: | #3 schedule initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=MODP2048 Aug 26 18:28:45.694956: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x564bfd750da8 Aug 26 18:28:45.694960: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 18:28:45.694965: | libevent_malloc: new ptr-libevent@0x564bfd74b528 size 128 Aug 26 18:28:45.694970: | processing: RESET whack log_fd (was fd@16) (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:28:45.694975: | RESET processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:28:45.694978: | RESET processing: connection "westnet-eastnet-vti-02" (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:28:45.694981: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:28:45.694985: | close_any(fd@21) (in initiate_connection() at initiate.c:372) Aug 26 18:28:45.694989: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:45.694995: | spent 0.232 milliseconds in whack Aug 26 18:28:45.695002: | timer_event_cb: processing event@0x564bfd750da8 Aug 26 18:28:45.695005: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 18:28:45.695010: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:28:45.695018: | adding Child Initiator KE and nonce ni work-order 3 for state #3 Aug 26 18:28:45.695022: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564bfd7571a8 Aug 26 18:28:45.695025: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:28:45.695028: | libevent_malloc: new ptr-libevent@0x564bfd74b478 size 128 Aug 26 18:28:45.695036: | libevent_free: release ptr-libevent@0x564bfd74b528 Aug 26 18:28:45.695040: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x564bfd750da8 Aug 26 18:28:45.695044: | crypto helper 3 resuming Aug 26 18:28:45.695045: | #3 spent 0.041 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 18:28:45.695059: | crypto helper 3 starting work-order 3 for state #3 Aug 26 18:28:45.695073: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:28:45.695075: | crypto helper 3 doing build KE and nonce (Child Initiator KE and nonce ni); request ID 3 Aug 26 18:28:45.696103: | crypto helper 3 finished build KE and nonce (Child Initiator KE and nonce ni); request ID 3 time elapsed 0.001027 seconds Aug 26 18:28:45.696115: | (#3) spent 1.03 milliseconds in crypto helper computing work-order 3: Child Initiator KE and nonce ni (pcr) Aug 26 18:28:45.696118: | crypto helper 3 sending results from work-order 3 for state #3 to event queue Aug 26 18:28:45.696121: | scheduling resume sending helper answer for #3 Aug 26 18:28:45.696125: | libevent_malloc: new ptr-libevent@0x7f08fc002888 size 128 Aug 26 18:28:45.696128: | libevent_realloc: release ptr-libevent@0x564bfd72c378 Aug 26 18:28:45.696131: | libevent_realloc: new ptr-libevent@0x7f08fc0027d8 size 128 Aug 26 18:28:45.696139: | crypto helper 3 waiting (nothing to do) Aug 26 18:28:45.696147: | processing resume sending helper answer for #3 Aug 26 18:28:45.696157: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:28:45.696162: | crypto helper 3 replies to request ID 3 Aug 26 18:28:45.696165: | calling continuation function 0x564bfc7d8b50 Aug 26 18:28:45.696170: | ikev2_child_outI_continue for #3 STATE_V2_CREATE_I0 Aug 26 18:28:45.696173: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:28:45.696177: | libevent_free: release ptr-libevent@0x564bfd74b478 Aug 26 18:28:45.696180: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564bfd7571a8 Aug 26 18:28:45.696184: | event_schedule: new EVENT_SA_REPLACE-pe@0x564bfd7571a8 Aug 26 18:28:45.696188: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Aug 26 18:28:45.696191: | libevent_malloc: new ptr-libevent@0x564bfd74b478 size 128 Aug 26 18:28:45.696197: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:28:45.696200: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 18:28:45.696203: | libevent_malloc: new ptr-libevent@0x564bfd74b528 size 128 Aug 26 18:28:45.696210: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:45.696214: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND Aug 26 18:28:45.696217: | suspending state #3 and saving MD Aug 26 18:28:45.696220: | #3 is busy; has a suspended MD Aug 26 18:28:45.696225: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:28:45.696229: | "westnet-eastnet-vti-02" #3 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:28:45.696232: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Aug 26 18:28:45.696238: | #3 spent 0.0755 milliseconds in resume sending helper answer Aug 26 18:28:45.696243: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:28:45.696246: | libevent_free: release ptr-libevent@0x7f08fc002888 Aug 26 18:28:45.696252: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 18:28:45.696257: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in callback_handler() at server.c:904) Aug 26 18:28:45.696263: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:28:45.696268: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 18:28:45.696275: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 18:28:45.696313: | **emit ISAKMP Message: Aug 26 18:28:45.696321: | initiator cookie: Aug 26 18:28:45.696324: | 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:45.696327: | responder cookie: Aug 26 18:28:45.696329: | 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:45.696333: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:28:45.696336: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:45.696339: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 18:28:45.696343: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:28:45.696346: | Message ID: 2 (0x2) Aug 26 18:28:45.696349: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:28:45.696353: | ***emit IKEv2 Encryption Payload: Aug 26 18:28:45.696356: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.696359: | flags: none (0x0) Aug 26 18:28:45.696362: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:28:45.696365: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:28:45.696369: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:28:45.696395: | netlink_get_spi: allocated 0x8d772b29 for esp.0@192.1.2.45 Aug 26 18:28:45.696399: | Emitting ikev2_proposals ... Aug 26 18:28:45.696402: | ****emit IKEv2 Security Association Payload: Aug 26 18:28:45.696405: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.696407: | flags: none (0x0) Aug 26 18:28:45.696411: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:28:45.696414: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:28:45.696417: | discarding INTEG=NONE Aug 26 18:28:45.696420: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:45.696423: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:45.696426: | prop #: 1 (0x1) Aug 26 18:28:45.696429: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:45.696431: | spi size: 4 (0x4) Aug 26 18:28:45.696434: | # transforms: 3 (0x3) Aug 26 18:28:45.696437: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:45.696441: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:28:45.696444: | our spi 8d 77 2b 29 Aug 26 18:28:45.696446: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.696449: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696452: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:45.696455: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:45.696458: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.696462: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:45.696465: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:45.696468: | length/value: 256 (0x100) Aug 26 18:28:45.696471: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:45.696473: | discarding INTEG=NONE Aug 26 18:28:45.696476: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.696479: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696482: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.696484: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:45.696488: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696491: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.696496: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.696499: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.696502: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:45.696504: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:45.696507: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:45.696510: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696513: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.696517: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.696519: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:28:45.696523: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:45.696525: | discarding INTEG=NONE Aug 26 18:28:45.696528: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:45.696531: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:45.696533: | prop #: 2 (0x2) Aug 26 18:28:45.696536: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:45.696538: | spi size: 4 (0x4) Aug 26 18:28:45.696541: | # transforms: 3 (0x3) Aug 26 18:28:45.696544: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:45.696547: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:45.696551: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:28:45.696554: | our spi 8d 77 2b 29 Aug 26 18:28:45.696557: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.696560: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696562: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:45.696565: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:45.696568: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.696571: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:45.696574: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:45.696577: | length/value: 128 (0x80) Aug 26 18:28:45.696579: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:45.696582: | discarding INTEG=NONE Aug 26 18:28:45.696585: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.696588: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696590: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.696593: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:45.696596: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696599: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.696602: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.696605: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.696608: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:45.696611: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:45.696613: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:45.696617: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696620: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.696623: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.696627: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:28:45.696630: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:45.696633: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:45.696636: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:45.696638: | prop #: 3 (0x3) Aug 26 18:28:45.696641: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:45.696644: | spi size: 4 (0x4) Aug 26 18:28:45.696646: | # transforms: 5 (0x5) Aug 26 18:28:45.696650: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:45.696653: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:45.696656: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:28:45.696659: | our spi 8d 77 2b 29 Aug 26 18:28:45.696661: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.696664: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696667: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:45.696670: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:45.696673: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.696675: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:45.696678: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:45.696681: | length/value: 256 (0x100) Aug 26 18:28:45.696684: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:45.696686: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.696689: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696692: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:45.696695: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:45.696698: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696701: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.696704: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.696706: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.696709: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696712: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:45.696714: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:45.696718: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696721: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.696723: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.696726: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.696729: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696731: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.696734: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:45.696737: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696740: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.696743: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.696746: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.696749: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:45.696753: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:45.696756: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:45.696759: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696762: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.696765: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.696767: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 18:28:45.696770: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:45.696773: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:45.696776: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:28:45.696779: | prop #: 4 (0x4) Aug 26 18:28:45.696781: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:45.696784: | spi size: 4 (0x4) Aug 26 18:28:45.696786: | # transforms: 5 (0x5) Aug 26 18:28:45.696790: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:45.696793: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:45.696796: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:28:45.696799: | our spi 8d 77 2b 29 Aug 26 18:28:45.696801: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.696804: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696807: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:45.696809: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:45.696812: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.696815: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:45.696818: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:45.696821: | length/value: 128 (0x80) Aug 26 18:28:45.696824: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:45.696826: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.696829: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696832: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:45.696834: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:45.696837: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696841: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.696843: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.696846: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.696849: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696852: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:45.696854: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:45.696858: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696861: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.696863: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.696866: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.696869: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696872: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.696874: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:45.696879: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696882: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.696885: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.696887: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:45.696890: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:45.696893: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:45.696896: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:45.696899: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.696902: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:45.696905: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:45.696908: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 18:28:45.696911: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:45.696913: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 18:28:45.696917: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:28:45.696919: | ****emit IKEv2 Nonce Payload: Aug 26 18:28:45.696922: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.696925: | flags: none (0x0) Aug 26 18:28:45.696928: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:28:45.696931: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:28:45.696935: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:28:45.696938: | IKEv2 nonce 47 00 c6 69 a5 5a 4e 62 1a 0f 9b 50 ca 71 3b e0 Aug 26 18:28:45.696941: | IKEv2 nonce 9d 57 7f 41 96 73 ac 97 12 7b 9c 3d 63 96 6e f9 Aug 26 18:28:45.696943: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:28:45.696946: | ****emit IKEv2 Key Exchange Payload: Aug 26 18:28:45.696949: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.696952: | flags: none (0x0) Aug 26 18:28:45.696954: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:45.696958: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:28:45.696961: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:28:45.696964: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:28:45.696967: | ikev2 g^x 76 88 f4 bc 3e 7b 09 6f da 75 62 4f 79 b1 a5 c9 Aug 26 18:28:45.696970: | ikev2 g^x e0 de 00 3e 19 39 2f 89 f7 ab 6b 65 f2 b2 09 e6 Aug 26 18:28:45.696972: | ikev2 g^x 9f 62 dc 4c 4f c7 28 0e 1c 4e a2 6b ff 1d 06 9e Aug 26 18:28:45.696975: | ikev2 g^x 47 8e cb 54 8c d5 55 0e 45 d0 89 eb 37 6e 58 05 Aug 26 18:28:45.696977: | ikev2 g^x 35 f4 df 7a 27 36 8e e8 dc e2 4a ca 59 d4 03 5f Aug 26 18:28:45.696980: | ikev2 g^x cf 5b f0 45 db 46 ee d0 d4 28 8c 37 08 81 1a cd Aug 26 18:28:45.696983: | ikev2 g^x 2a 94 b1 c9 bf 3a 4d 55 92 73 a7 95 fa 47 a8 67 Aug 26 18:28:45.696986: | ikev2 g^x e3 68 a6 45 06 4e d6 ae 08 d9 18 88 46 ac bf 94 Aug 26 18:28:45.696988: | ikev2 g^x 74 14 e4 24 d7 b3 3b 58 2b aa 35 88 ce 28 b9 54 Aug 26 18:28:45.696991: | ikev2 g^x 83 12 03 99 54 42 7f be e1 cb d1 96 5c 27 5a ba Aug 26 18:28:45.696993: | ikev2 g^x dd 93 73 17 f8 e3 16 7d 84 36 c9 dc 98 46 57 8c Aug 26 18:28:45.696996: | ikev2 g^x 16 13 d1 57 1f e2 1d 58 a7 c5 31 b0 f4 74 f2 b3 Aug 26 18:28:45.697000: | ikev2 g^x 2a 61 58 d9 27 58 1a 1c f1 40 84 26 87 34 32 5b Aug 26 18:28:45.697003: | ikev2 g^x 19 74 17 2c 92 78 e4 df 78 16 8e 97 46 6e d2 71 Aug 26 18:28:45.697006: | ikev2 g^x 33 52 5d 6c 0b b3 65 ad e0 83 4f 21 6c 57 79 84 Aug 26 18:28:45.697008: | ikev2 g^x b1 23 f8 05 e3 e4 9c 81 0e 37 52 3b f3 92 ab 6e Aug 26 18:28:45.697011: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:28:45.697014: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:28:45.697017: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.697020: | flags: none (0x0) Aug 26 18:28:45.697023: | number of TS: 1 (0x1) Aug 26 18:28:45.697026: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 18:28:45.697030: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 18:28:45.697032: | *****emit IKEv2 Traffic Selector: Aug 26 18:28:45.697035: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:28:45.697038: | IP Protocol ID: 0 (0x0) Aug 26 18:28:45.697041: | start port: 0 (0x0) Aug 26 18:28:45.697043: | end port: 65535 (0xffff) Aug 26 18:28:45.697047: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:28:45.697049: | ipv4 start 0a 00 01 00 Aug 26 18:28:45.697053: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:28:45.697055: | ipv4 end 0a 00 01 ff Aug 26 18:28:45.697058: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:28:45.697060: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 18:28:45.697063: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:28:45.697066: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.697069: | flags: none (0x0) Aug 26 18:28:45.697071: | number of TS: 1 (0x1) Aug 26 18:28:45.697075: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 18:28:45.697078: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 18:28:45.697081: | *****emit IKEv2 Traffic Selector: Aug 26 18:28:45.697083: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:28:45.697086: | IP Protocol ID: 0 (0x0) Aug 26 18:28:45.697089: | start port: 0 (0x0) Aug 26 18:28:45.697091: | end port: 65535 (0xffff) Aug 26 18:28:45.697094: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 18:28:45.697097: | ipv4 start 0a 00 02 00 Aug 26 18:28:45.697100: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 18:28:45.697102: | ipv4 end 0a 00 02 ff Aug 26 18:28:45.697105: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 18:28:45.697108: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 18:28:45.697111: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 18:28:45.697114: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:28:45.697118: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:28:45.697121: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:28:45.697124: | emitting length of IKEv2 Encryption Payload: 573 Aug 26 18:28:45.697126: | emitting length of ISAKMP Message: 601 Aug 26 18:28:45.697150: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:45.697155: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_OK Aug 26 18:28:45.697158: | IKEv2: transition from state STATE_V2_CREATE_I0 to state STATE_V2_CREATE_I Aug 26 18:28:45.697162: | child state #3: V2_CREATE_I0(established IKE SA) => V2_CREATE_I(established IKE SA) Aug 26 18:28:45.697168: | Message ID: updating counters for #3 to 4294967295 after switching state Aug 26 18:28:45.697171: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 18:28:45.697176: | Message ID: sent #1.#3 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1 Aug 26 18:28:45.697180: "westnet-eastnet-vti-02" #3: STATE_V2_CREATE_I: sent IPsec Child req wait response Aug 26 18:28:45.697194: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 18:28:45.697203: | sending 601 bytes for STATE_V2_CREATE_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:28:45.697207: | 48 5d 18 bc c0 82 9f 0b 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:45.697210: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Aug 26 18:28:45.697212: | 17 e8 30 a1 e2 85 f5 d8 e5 5e c3 e9 27 38 aa a4 Aug 26 18:28:45.697215: | 1f f3 a5 f4 52 c3 6d 6f c0 6c 64 0b 18 5d b9 20 Aug 26 18:28:45.697217: | 76 76 13 14 53 ec 58 2f 1b 52 60 b6 18 4d 98 de Aug 26 18:28:45.697220: | fb 5c 6b 7d 55 8a eb 1c 1b 89 45 22 a2 60 17 44 Aug 26 18:28:45.697222: | 79 f7 ec 74 00 7d 64 ff c6 83 29 fd 7d cf 07 a2 Aug 26 18:28:45.697225: | 73 c6 b0 a7 fa 04 76 1f a2 17 54 66 96 97 91 f9 Aug 26 18:28:45.697227: | 1d 1c 6c c1 14 10 64 58 ce 73 b4 10 65 cc 9b 78 Aug 26 18:28:45.697230: | 25 ed cc 60 30 b5 4d 73 f1 49 e0 11 85 14 63 56 Aug 26 18:28:45.697232: | 26 86 60 22 de 22 7c aa 9f 21 6f 24 04 72 4e 9a Aug 26 18:28:45.697235: | 2f e8 12 1c f8 da 6a 26 45 42 f8 89 9e 1c b9 b7 Aug 26 18:28:45.697237: | 0c 75 34 96 7a 3f 17 26 63 9c 9a c1 64 42 d0 50 Aug 26 18:28:45.697240: | 39 68 a2 5a 3f f0 49 6d 97 a7 3b b7 7f 52 f4 26 Aug 26 18:28:45.697242: | 94 34 b6 3a d8 cc c5 7d 33 82 a6 55 12 f8 00 f4 Aug 26 18:28:45.697245: | 81 0b de a9 bd 90 79 0a 87 aa 8d 59 42 47 b0 ca Aug 26 18:28:45.697247: | 0e e9 6d 49 9c ae 6e 4c 04 30 1b db 49 45 bf 36 Aug 26 18:28:45.697250: | d1 1d 6d e9 88 fd 50 8a 0b 54 d9 07 e5 3c 77 8a Aug 26 18:28:45.697252: | cb 76 03 7d 9e 64 d6 77 9f f9 55 b0 03 0f 75 5e Aug 26 18:28:45.697255: | 0a 72 28 6b 40 d3 2c 52 41 02 69 15 74 9f ce a5 Aug 26 18:28:45.697257: | e5 a1 d5 3a c7 e4 26 e2 ba 69 3e 9b 81 2f 34 cf Aug 26 18:28:45.697260: | f6 19 6d b4 e5 7e 1e 23 f3 0e 45 5b 0e 07 90 59 Aug 26 18:28:45.697262: | fa 23 27 c8 61 ea 6e d6 fb 3b 2f 01 df d9 d1 c2 Aug 26 18:28:45.697265: | 39 35 c3 f2 d9 57 4e 00 c6 5f c6 e1 e2 6f f9 b5 Aug 26 18:28:45.697267: | 69 5d 71 6e 9f ae 7e fa a4 92 c8 56 3f 2f d5 a7 Aug 26 18:28:45.697270: | 16 a9 64 fe 9c 66 67 2f 8a 00 1f a3 fa 54 2b 49 Aug 26 18:28:45.697272: | 28 eb 26 86 32 d7 3a 7a e4 27 bf 13 6c 8e 99 e2 Aug 26 18:28:45.697275: | 1b 4f 6a a3 cc b5 6f 87 ef b4 d2 76 30 e9 31 10 Aug 26 18:28:45.697277: | 75 46 df 36 fb 77 4f 21 80 5b e2 0a 52 35 45 05 Aug 26 18:28:45.697280: | f2 2f 2a 7e c7 ff d6 97 12 4a b2 70 a4 f9 07 3a Aug 26 18:28:45.697282: | 47 d7 73 73 b9 bf 8e 78 ef cf da 07 54 4c 17 70 Aug 26 18:28:45.697285: | f1 c6 c3 d5 d9 68 7a 83 e0 69 0a 37 3b 57 99 c6 Aug 26 18:28:45.697287: | 2a 02 c8 49 79 ba c6 33 45 cf 55 e6 8b 34 4f ba Aug 26 18:28:45.697297: | f4 fe 3b 7a ae 11 a8 21 90 91 2e 36 80 3a 5f c9 Aug 26 18:28:45.697300: | f8 1f 5a eb 21 ad f4 45 a9 e9 e5 ea bc 5a 89 8f Aug 26 18:28:45.697302: | bf c1 2e 3b 30 4f 41 e6 f6 4d 5a f6 5e 95 0a 5d Aug 26 18:28:45.697304: | d5 3d ba b9 5a 1e 35 8a 6d f5 8a 22 2d 0c 45 9e Aug 26 18:28:45.697307: | 92 e4 75 2b 63 82 e8 9e 80 Aug 26 18:28:45.697347: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:28:45.697353: | libevent_free: release ptr-libevent@0x564bfd74b478 Aug 26 18:28:45.697356: | free_event_entry: release EVENT_SA_REPLACE-pe@0x564bfd7571a8 Aug 26 18:28:45.697360: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:28:45.697364: | event_schedule: new EVENT_RETRANSMIT-pe@0x564bfd7571a8 Aug 26 18:28:45.697370: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 Aug 26 18:28:45.697373: | libevent_malloc: new ptr-libevent@0x564bfd757338 size 128 Aug 26 18:28:45.697379: | #3 STATE_V2_CREATE_I: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29411.43983 Aug 26 18:28:45.697385: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 18:28:45.697391: | resume processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 18:28:45.697397: | #1 spent 1.1 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 18:28:45.697402: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in callback_handler() at server.c:908) Aug 26 18:28:45.697406: | libevent_free: release ptr-libevent@0x564bfd74b528 Aug 26 18:28:45.739147: | spent 0.00275 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:28:45.739174: | *received 449 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 18:28:45.739179: | 48 5d 18 bc c0 82 9f 0b 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:45.739181: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Aug 26 18:28:45.739184: | b7 68 db c3 dc ff 58 b1 f4 70 64 c4 96 12 73 bf Aug 26 18:28:45.739186: | 18 c3 8b 70 64 b7 a7 12 bd 51 18 6c ea 2f 8a cd Aug 26 18:28:45.739189: | 21 91 20 c6 ff 64 db fc 13 f4 16 4b 2b 2a d1 a4 Aug 26 18:28:45.739191: | d8 47 5b 69 af 5d 8b 13 97 6b f8 6c ab ea 01 07 Aug 26 18:28:45.739194: | a0 f9 d9 d4 66 2d 49 95 1a 0c 7b 09 10 5a ad 29 Aug 26 18:28:45.739196: | 51 15 de 33 8f 7f 66 35 3e bd bc 43 d4 05 f6 a3 Aug 26 18:28:45.739199: | fa 32 de 15 40 36 c3 d1 ac 7a c6 9f 14 85 35 b9 Aug 26 18:28:45.739202: | f0 e7 5b 18 2d 94 0f 4f 93 03 ea ee 2a 61 bd 7f Aug 26 18:28:45.739204: | 60 79 83 5d ec 35 c8 fd 5b 5c 7b 96 f5 75 21 36 Aug 26 18:28:45.739207: | 87 ec ed 91 3f 52 f5 b4 bf 7e 10 21 01 1d 30 73 Aug 26 18:28:45.739209: | d2 70 aa 50 58 fa a9 2b cc 92 5c d8 63 72 8b 1f Aug 26 18:28:45.739212: | 70 a0 09 d4 29 24 e1 8a 4e 7b 84 8a 3b 9f 1d f2 Aug 26 18:28:45.739214: | 75 d6 09 1a 95 f0 19 72 9d b2 01 e7 f8 49 a0 4b Aug 26 18:28:45.739217: | 66 35 81 70 23 ad cb 69 f7 9d 3e c4 22 e1 03 3d Aug 26 18:28:45.739219: | 4a ca 3d 75 a8 f3 c5 0a e2 77 39 e7 6d 34 2b ad Aug 26 18:28:45.739222: | f7 e1 2e c2 79 d9 67 ee 04 76 8c 88 8d 54 f0 9d Aug 26 18:28:45.739224: | 34 67 a8 02 75 82 42 05 5e 7f 95 5c 9b 2e 07 d3 Aug 26 18:28:45.739227: | a1 a7 b4 69 b4 7b a9 3e 3f 08 0c 13 aa dd d5 ab Aug 26 18:28:45.739229: | 86 80 d3 13 25 c4 36 b4 7a 7c 5a 8c 22 38 10 05 Aug 26 18:28:45.739232: | 5b ab 78 8b 50 b9 90 28 8c ad 43 69 49 4d a9 15 Aug 26 18:28:45.739235: | 8a dc 0f ce df d5 bb 04 5a ae 2f 69 15 45 94 d0 Aug 26 18:28:45.739237: | cd 7e 96 d7 9e 79 aa 93 34 99 67 0c 05 43 4c f2 Aug 26 18:28:45.739240: | e5 13 2a 29 71 b3 41 d7 52 67 60 7f 62 63 4f fe Aug 26 18:28:45.739242: | 7a 44 9f 86 43 17 8a 4e cb 1c 26 7a 4a 83 6c 66 Aug 26 18:28:45.739245: | e8 d6 6b 54 fe 5d 2d 84 c3 fd 36 0f be 77 bb f2 Aug 26 18:28:45.739247: | 17 be d4 15 de 04 e7 ac 20 a8 77 9a f5 f7 69 26 Aug 26 18:28:45.739250: | e0 Aug 26 18:28:45.739255: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:28:45.739259: | **parse ISAKMP Message: Aug 26 18:28:45.739262: | initiator cookie: Aug 26 18:28:45.739265: | 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:45.739267: | responder cookie: Aug 26 18:28:45.739270: | 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:45.739273: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:28:45.739276: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:45.739279: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 18:28:45.739281: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 18:28:45.739284: | Message ID: 2 (0x2) Aug 26 18:28:45.739312: | length: 449 (0x1c1) Aug 26 18:28:45.739318: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 18:28:45.739322: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Aug 26 18:28:45.739326: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:28:45.739333: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:28:45.739337: | State DB: found IKEv2 state #3 in V2_CREATE_I (find_v2_sa_by_initiator_wip) Aug 26 18:28:45.739341: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:28:45.739346: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 18:28:45.739349: | #3 is idle Aug 26 18:28:45.739351: | #3 idle Aug 26 18:28:45.739354: | unpacking clear payload Aug 26 18:28:45.739357: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:28:45.739360: | ***parse IKEv2 Encryption Payload: Aug 26 18:28:45.739363: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 18:28:45.739366: | flags: none (0x0) Aug 26 18:28:45.739369: | length: 421 (0x1a5) Aug 26 18:28:45.739371: | processing payload: ISAKMP_NEXT_v2SK (len=417) Aug 26 18:28:45.739374: | #3 in state V2_CREATE_I: sent IPsec Child req wait response Aug 26 18:28:45.739393: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 18:28:45.739397: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 18:28:45.739400: | **parse IKEv2 Security Association Payload: Aug 26 18:28:45.739402: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 18:28:45.739405: | flags: none (0x0) Aug 26 18:28:45.739408: | length: 44 (0x2c) Aug 26 18:28:45.739410: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 18:28:45.739413: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 18:28:45.739416: | **parse IKEv2 Nonce Payload: Aug 26 18:28:45.739418: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 18:28:45.739421: | flags: none (0x0) Aug 26 18:28:45.739423: | length: 36 (0x24) Aug 26 18:28:45.739426: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 18:28:45.739429: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 18:28:45.739432: | **parse IKEv2 Key Exchange Payload: Aug 26 18:28:45.739434: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 18:28:45.739437: | flags: none (0x0) Aug 26 18:28:45.739439: | length: 264 (0x108) Aug 26 18:28:45.739442: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:45.739445: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 18:28:45.739447: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 18:28:45.739450: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 18:28:45.739453: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 18:28:45.739456: | flags: none (0x0) Aug 26 18:28:45.739458: | length: 24 (0x18) Aug 26 18:28:45.739461: | number of TS: 1 (0x1) Aug 26 18:28:45.739463: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 18:28:45.739466: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 18:28:45.739469: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 18:28:45.739471: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:45.739474: | flags: none (0x0) Aug 26 18:28:45.739476: | length: 24 (0x18) Aug 26 18:28:45.739479: | number of TS: 1 (0x1) Aug 26 18:28:45.739482: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 18:28:45.739485: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Aug 26 18:28:45.739491: | #1 updating local interface from 192.1.2.45:500 to 192.1.2.45:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:28:45.739494: | forcing ST #3 to CHILD #1.#3 in FSM processor Aug 26 18:28:45.739496: | Now let's proceed with state specific processing Aug 26 18:28:45.739499: | calling processor Process CREATE_CHILD_SA IPsec SA Response Aug 26 18:28:45.739515: | using existing local ESP/AH proposals for westnet-eastnet-vti-02 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:28:45.739519: | Comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 18:28:45.739523: | local proposal 1 type ENCR has 1 transforms Aug 26 18:28:45.739526: | local proposal 1 type PRF has 0 transforms Aug 26 18:28:45.739529: | local proposal 1 type INTEG has 1 transforms Aug 26 18:28:45.739531: | local proposal 1 type DH has 1 transforms Aug 26 18:28:45.739534: | local proposal 1 type ESN has 1 transforms Aug 26 18:28:45.739538: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 18:28:45.739541: | local proposal 2 type ENCR has 1 transforms Aug 26 18:28:45.739543: | local proposal 2 type PRF has 0 transforms Aug 26 18:28:45.739546: | local proposal 2 type INTEG has 1 transforms Aug 26 18:28:45.739549: | local proposal 2 type DH has 1 transforms Aug 26 18:28:45.739551: | local proposal 2 type ESN has 1 transforms Aug 26 18:28:45.739555: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 18:28:45.739557: | local proposal 3 type ENCR has 1 transforms Aug 26 18:28:45.739560: | local proposal 3 type PRF has 0 transforms Aug 26 18:28:45.739563: | local proposal 3 type INTEG has 2 transforms Aug 26 18:28:45.739565: | local proposal 3 type DH has 1 transforms Aug 26 18:28:45.739568: | local proposal 3 type ESN has 1 transforms Aug 26 18:28:45.739571: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 18:28:45.739574: | local proposal 4 type ENCR has 1 transforms Aug 26 18:28:45.739577: | local proposal 4 type PRF has 0 transforms Aug 26 18:28:45.739579: | local proposal 4 type INTEG has 2 transforms Aug 26 18:28:45.739582: | local proposal 4 type DH has 1 transforms Aug 26 18:28:45.739585: | local proposal 4 type ESN has 1 transforms Aug 26 18:28:45.739588: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 18:28:45.739591: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 18:28:45.739594: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:28:45.739596: | length: 40 (0x28) Aug 26 18:28:45.739599: | prop #: 1 (0x1) Aug 26 18:28:45.739602: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:45.739604: | spi size: 4 (0x4) Aug 26 18:28:45.739607: | # transforms: 3 (0x3) Aug 26 18:28:45.739610: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 18:28:45.739613: | remote SPI 09 98 91 9b Aug 26 18:28:45.739616: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 18:28:45.739619: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:45.739622: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.739625: | length: 12 (0xc) Aug 26 18:28:45.739627: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:45.739630: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:45.739633: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 18:28:45.739636: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:45.739638: | length/value: 256 (0x100) Aug 26 18:28:45.739643: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 18:28:45.739646: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:45.739648: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:45.739651: | length: 8 (0x8) Aug 26 18:28:45.739653: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:45.739656: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:45.739661: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 18:28:45.739664: | ****parse IKEv2 Transform Substructure Payload: Aug 26 18:28:45.739667: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:45.739669: | length: 8 (0x8) Aug 26 18:28:45.739672: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:45.739675: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:45.739678: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 18:28:45.739682: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Aug 26 18:28:45.739687: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Aug 26 18:28:45.739690: | remote proposal 1 matches local proposal 1 Aug 26 18:28:45.739693: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Aug 26 18:28:45.739699: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=0998919b;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Aug 26 18:28:45.739701: | converting proposal to internal trans attrs Aug 26 18:28:45.739707: | updating #3's .st_oakley with preserved PRF, but why update? Aug 26 18:28:45.739712: | adding ikev2 Child SA initiator pfs=yes work-order 4 for state #3 Aug 26 18:28:45.739715: | state #3 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:28:45.739719: | #3 STATE_V2_CREATE_I: retransmits: cleared Aug 26 18:28:45.739723: | libevent_free: release ptr-libevent@0x564bfd757338 Aug 26 18:28:45.739726: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564bfd7571a8 Aug 26 18:28:45.739729: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564bfd7571a8 Aug 26 18:28:45.739733: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:28:45.739737: | libevent_malloc: new ptr-libevent@0x564bfd74b528 size 128 Aug 26 18:28:45.739747: | #3 spent 0.241 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Aug 26 18:28:45.739753: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:45.739757: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_SUSPEND Aug 26 18:28:45.739760: | suspending state #3 and saving MD Aug 26 18:28:45.739762: | #3 is busy; has a suspended MD Aug 26 18:28:45.739767: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:28:45.739770: | "westnet-eastnet-vti-02" #3 complete v2 state STATE_V2_CREATE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:28:45.739775: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:28:45.739779: | #1 spent 0.594 milliseconds in ikev2_process_packet() Aug 26 18:28:45.739784: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:28:45.739787: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:28:45.739790: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:28:45.739794: | spent 0.609 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:28:45.739808: | crypto helper 4 resuming Aug 26 18:28:45.739813: | crypto helper 4 starting work-order 4 for state #3 Aug 26 18:28:45.739817: | crypto helper 4 doing crypto (ikev2 Child SA initiator pfs=yes); request ID 4 Aug 26 18:28:45.740736: | crypto helper 4 finished crypto (ikev2 Child SA initiator pfs=yes); request ID 4 time elapsed 0.000917 seconds Aug 26 18:28:45.740750: | (#3) spent 0.929 milliseconds in crypto helper computing work-order 4: ikev2 Child SA initiator pfs=yes (dh) Aug 26 18:28:45.740754: | crypto helper 4 sending results from work-order 4 for state #3 to event queue Aug 26 18:28:45.740758: | scheduling resume sending helper answer for #3 Aug 26 18:28:45.740764: | libevent_malloc: new ptr-libevent@0x7f08f0001f78 size 128 Aug 26 18:28:45.740773: | crypto helper 4 waiting (nothing to do) Aug 26 18:28:45.740783: | processing resume sending helper answer for #3 Aug 26 18:28:45.740790: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:28:45.740795: | crypto helper 4 replies to request ID 4 Aug 26 18:28:45.740798: | calling continuation function 0x564bfc7d99d0 Aug 26 18:28:45.740801: | ikev2_child_inR_continue for #3 STATE_V2_CREATE_I Aug 26 18:28:45.740805: | TSi: parsing 1 traffic selectors Aug 26 18:28:45.740808: | ***parse IKEv2 Traffic Selector: Aug 26 18:28:45.740811: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:28:45.740814: | IP Protocol ID: 0 (0x0) Aug 26 18:28:45.740817: | length: 16 (0x10) Aug 26 18:28:45.740819: | start port: 0 (0x0) Aug 26 18:28:45.740822: | end port: 65535 (0xffff) Aug 26 18:28:45.740825: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:28:45.740827: | TS low 0a 00 01 00 Aug 26 18:28:45.740830: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:28:45.740833: | TS high 0a 00 01 ff Aug 26 18:28:45.740835: | TSi: parsed 1 traffic selectors Aug 26 18:28:45.740838: | TSr: parsing 1 traffic selectors Aug 26 18:28:45.740841: | ***parse IKEv2 Traffic Selector: Aug 26 18:28:45.740843: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 18:28:45.740846: | IP Protocol ID: 0 (0x0) Aug 26 18:28:45.740848: | length: 16 (0x10) Aug 26 18:28:45.740851: | start port: 0 (0x0) Aug 26 18:28:45.740853: | end port: 65535 (0xffff) Aug 26 18:28:45.740856: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 18:28:45.740858: | TS low 0a 00 02 00 Aug 26 18:28:45.740861: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 18:28:45.740864: | TS high 0a 00 02 ff Aug 26 18:28:45.740866: | TSr: parsed 1 traffic selectors Aug 26 18:28:45.740872: | evaluating our conn="westnet-eastnet-vti-02" I=10.0.1.0/24:0/0 R=10.0.2.0/24:0/0 to their: Aug 26 18:28:45.740878: | TSi[0] .net=10.0.1.0-10.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:28:45.740885: | match address end->client=10.0.1.0/24 == TSi[0]net=10.0.1.0-10.0.1.255: YES fitness 32 Aug 26 18:28:45.740889: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 18:28:45.740891: | TSi[0] port match: YES fitness 65536 Aug 26 18:28:45.740894: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 18:28:45.740898: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 18:28:45.740902: | TSr[0] .net=10.0.2.0-10.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 18:28:45.740908: | match address end->client=10.0.2.0/24 == TSr[0]net=10.0.2.0-10.0.2.255: YES fitness 32 Aug 26 18:28:45.740911: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 18:28:45.740914: | TSr[0] port match: YES fitness 65536 Aug 26 18:28:45.740917: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 18:28:45.740920: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 18:28:45.740922: | best fit so far: TSi[0] TSr[0] Aug 26 18:28:45.740925: | found an acceptable TSi/TSr Traffic Selector Aug 26 18:28:45.740927: | printing contents struct traffic_selector Aug 26 18:28:45.740930: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:28:45.740932: | ipprotoid: 0 Aug 26 18:28:45.740935: | port range: 0-65535 Aug 26 18:28:45.740939: | ip range: 10.0.1.0-10.0.1.255 Aug 26 18:28:45.740941: | printing contents struct traffic_selector Aug 26 18:28:45.740944: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 18:28:45.740946: | ipprotoid: 0 Aug 26 18:28:45.740948: | port range: 0-65535 Aug 26 18:28:45.740952: | ip range: 10.0.2.0-10.0.2.255 Aug 26 18:28:45.740956: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 18:28:45.741150: | install_ipsec_sa() for #3: inbound and outbound Aug 26 18:28:45.741159: | could_route called for westnet-eastnet-vti-02 (kind=CK_PERMANENT) Aug 26 18:28:45.741162: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:28:45.741166: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 18:28:45.741169: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Aug 26 18:28:45.741171: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 18:28:45.741174: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Aug 26 18:28:45.741178: | route owner of "westnet-eastnet-vti-02" unrouted: NULL; eroute owner: NULL Aug 26 18:28:45.741182: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:28:45.741185: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:28:45.741188: | AES_GCM_16 requires 4 salt bytes Aug 26 18:28:45.741191: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:28:45.741196: | setting IPsec SA replay-window to 32 Aug 26 18:28:45.741199: | NIC esp-hw-offload not for connection 'westnet-eastnet-vti-02' not available on interface eth1 Aug 26 18:28:45.741202: | netlink: enabling tunnel mode Aug 26 18:28:45.741205: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:28:45.741208: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:28:45.741286: | netlink response for Add SA esp.998919b@192.1.2.23 included non-error error Aug 26 18:28:45.741297: | set up outgoing SA, ref=0/0 Aug 26 18:28:45.741301: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 18:28:45.741304: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 18:28:45.741307: | AES_GCM_16 requires 4 salt bytes Aug 26 18:28:45.741309: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 18:28:45.741313: | setting IPsec SA replay-window to 32 Aug 26 18:28:45.741315: | NIC esp-hw-offload not for connection 'westnet-eastnet-vti-02' not available on interface eth1 Aug 26 18:28:45.741318: | netlink: enabling tunnel mode Aug 26 18:28:45.741320: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:28:45.741323: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:28:45.741356: | netlink response for Add SA esp.8d772b29@192.1.2.45 included non-error error Aug 26 18:28:45.741361: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Aug 26 18:28:45.741368: | add inbound eroute 10.0.2.0/24:0 --0-> 10.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Aug 26 18:28:45.741372: | IPsec Sa SPD priority set to 1042407 Aug 26 18:28:45.741396: | raw_eroute result=success Aug 26 18:28:45.741399: | set up incoming SA, ref=0/0 Aug 26 18:28:45.741402: | sr for #3: unrouted Aug 26 18:28:45.741405: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:28:45.741408: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:28:45.741411: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 18:28:45.741414: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Aug 26 18:28:45.741416: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 18:28:45.741419: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Aug 26 18:28:45.741423: | route owner of "westnet-eastnet-vti-02" unrouted: NULL; eroute owner: NULL Aug 26 18:28:45.741427: | route_and_eroute with c: westnet-eastnet-vti-02 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Aug 26 18:28:45.741430: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Aug 26 18:28:45.741437: | eroute_connection add eroute 10.0.1.0/24:0 --0-> 10.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 18:28:45.741441: | IPsec Sa SPD priority set to 1042407 Aug 26 18:28:45.741453: | raw_eroute result=success Aug 26 18:28:45.741456: | running updown command "ipsec _updown" for verb up Aug 26 18:28:45.741459: | command executing up-client Aug 26 18:28:45.741488: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK Aug 26 18:28:45.741497: | popen cmd is 1123 chars long Aug 26 18:28:45.741500: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti: Aug 26 18:28:45.741503: | cmd( 80):-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PL: Aug 26 18:28:45.741506: | cmd( 160):UTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' P: Aug 26 18:28:45.741509: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLU: Aug 26 18:28:45.741511: | cmd( 320):TO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.: Aug 26 18:28:45.741514: | cmd( 400):2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NE: Aug 26 18:28:45.741517: | cmd( 480):T='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PE: Aug 26 18:28:45.741519: | cmd( 560):ER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CO: Aug 26 18:28:45.741522: | cmd( 640):NN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+E: Aug 26 18:28:45.741525: | cmd( 720):SN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=: Aug 26 18:28:45.741527: | cmd( 800):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO: Aug 26 18:28:45.741530: | cmd( 880):_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0: Aug 26 18:28:45.741533: | cmd( 960):' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' VTI_RO: Aug 26 18:28:45.741535: | cmd(1040):UTING='yes' VTI_SHARED='yes' SPI_IN=0x998919b SPI_OUT=0x8d772b29 ipsec _updown 2: Aug 26 18:28:45.741537: | cmd(1120):>&1: Aug 26 18:28:45.758415: "westnet-eastnet-vti-02" #3: up-client output: vti interface "ipsec0" already exists with conflicting setting Aug 26 18:28:45.758820: "westnet-eastnet-vti-02" #3: up-client output: existing: ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit ikey 20 okey 21 Aug 26 18:28:45.758830: "westnet-eastnet-vti-02" #3: up-client output: wanted : ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit key 21 Aug 26 18:28:45.761575: "westnet-eastnet-vti-02" #3: up-client output: done ip route Aug 26 18:28:45.761953: | route_and_eroute: firewall_notified: true Aug 26 18:28:45.761961: | running updown command "ipsec _updown" for verb prepare Aug 26 18:28:45.761965: | command executing prepare-client Aug 26 18:28:45.762000: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xfffffff Aug 26 18:28:45.762007: | popen cmd is 1128 chars long Aug 26 18:28:45.762010: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 18:28:45.762013: | cmd( 80):t-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: Aug 26 18:28:45.762016: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1: Aug 26 18:28:45.762019: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0: Aug 26 18:28:45.762021: | cmd( 320):' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='1: Aug 26 18:28:45.762024: | cmd( 400):92.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIE: Aug 26 18:28:45.762027: | cmd( 480):NT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLU: Aug 26 18:28:45.762029: | cmd( 560):TO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLU: Aug 26 18:28:45.762032: | cmd( 640):TO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_AL: Aug 26 18:28:45.762035: | cmd( 720):LOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FA: Aug 26 18:28:45.762037: | cmd( 800):ILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' : Aug 26 18:28:45.762040: | cmd( 880):PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGUR: Aug 26 18:28:45.762043: | cmd( 960):ED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' V: Aug 26 18:28:45.762045: | cmd(1040):TI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x998919b SPI_OUT=0x8d772b29 ipsec _upd: Aug 26 18:28:45.762048: | cmd(1120):own 2>&1: Aug 26 18:28:45.777064: "westnet-eastnet-vti-02" #3: prepare-client output: vti interface "ipsec0" already exists with conflicting setting Aug 26 18:28:45.777100: "westnet-eastnet-vti-02" #3: prepare-client output: existing: ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit ikey 20 okey 21 Aug 26 18:28:45.777107: "westnet-eastnet-vti-02" #3: prepare-client output: wanted : ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit key 21 Aug 26 18:28:45.777285: | running updown command "ipsec _updown" for verb route Aug 26 18:28:45.777308: | command executing route-client Aug 26 18:28:45.777346: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffffff CO Aug 26 18:28:45.777352: | popen cmd is 1126 chars long Aug 26 18:28:45.777355: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Aug 26 18:28:45.777358: | cmd( 80):vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45': Aug 26 18:28:45.777364: | cmd( 160): PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0: Aug 26 18:28:45.777368: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' : Aug 26 18:28:45.777372: | cmd( 320):PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192: Aug 26 18:28:45.777375: | cmd( 400):.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT: Aug 26 18:28:45.777378: | cmd( 480):_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO: Aug 26 18:28:45.777381: | cmd( 560):_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO: Aug 26 18:28:45.777383: | cmd( 640):_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLO: Aug 26 18:28:45.777386: | cmd( 720):W+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAIL: Aug 26 18:28:45.777389: | cmd( 800):ED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PL: Aug 26 18:28:45.777392: | cmd( 880):UTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED: Aug 26 18:28:45.777395: | cmd( 960):='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' VTI: Aug 26 18:28:45.777398: | cmd(1040):_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x998919b SPI_OUT=0x8d772b29 ipsec _updow: Aug 26 18:28:45.777400: | cmd(1120):n 2>&1: Aug 26 18:28:45.800322: "westnet-eastnet-vti-02" #3: route-client output: RTNETLINK answers: File exists Aug 26 18:28:45.805687: "westnet-eastnet-vti-02" #3: route-client output: done ip route Aug 26 18:28:45.814474: | route_and_eroute: instance "westnet-eastnet-vti-02", setting eroute_owner {spd=0x564bfd74c8d8,sr=0x564bfd74c8d8} to #3 (was #0) (newest_ipsec_sa=#0) Aug 26 18:28:45.814572: | #1 spent 2.55 milliseconds in install_ipsec_sa() Aug 26 18:28:45.814582: | inR2: instance westnet-eastnet-vti-02[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Aug 26 18:28:45.814586: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:28:45.814600: | libevent_free: release ptr-libevent@0x564bfd74b528 Aug 26 18:28:45.814608: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564bfd7571a8 Aug 26 18:28:45.814623: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:45.814628: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_OK Aug 26 18:28:45.814632: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Aug 26 18:28:45.814636: | child state #3: V2_CREATE_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 18:28:45.814640: | Message ID: updating counters for #3 to 2 after switching state Aug 26 18:28:45.814648: | Message ID: recv #1.#3 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1; child: wip.initiator=2->-1 wip.responder=-1 Aug 26 18:28:45.814654: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 18:28:45.814657: | pstats #3 ikev2.child established Aug 26 18:28:45.814669: "westnet-eastnet-vti-02" #3: negotiated connection [10.0.1.0-10.0.1.255:0-65535 0] -> [10.0.2.0-10.0.2.255:0-65535 0] Aug 26 18:28:45.814684: | NAT-T: encaps is 'auto' Aug 26 18:28:45.814691: "westnet-eastnet-vti-02" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x0998919b <0x8d772b29 xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Aug 26 18:28:45.814696: | releasing whack for #3 (sock=fd@22) Aug 26 18:28:45.814703: | close_any(fd@22) (in release_whack() at state.c:654) Aug 26 18:28:45.814707: | releasing whack and unpending for parent #1 Aug 26 18:28:45.814710: | unpending state #1 connection "westnet-eastnet-vti-02" Aug 26 18:28:45.814715: | #3 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Aug 26 18:28:45.814724: | event_schedule: new EVENT_SA_REKEY-pe@0x564bfd7571a8 Aug 26 18:28:45.814729: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #3 Aug 26 18:28:45.814733: | libevent_malloc: new ptr-libevent@0x564bfd757338 size 128 Aug 26 18:28:45.814744: | #3 spent 3.08 milliseconds in resume sending helper answer Aug 26 18:28:45.814750: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:28:45.814755: | libevent_free: release ptr-libevent@0x7f08f0001f78 Aug 26 18:28:45.814769: | kernel_process_msg_cb process netlink message Aug 26 18:28:45.814777: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:28:45.814783: | spent 0.00815 milliseconds in kernel message Aug 26 18:28:45.814792: | processing signal PLUTO_SIGCHLD Aug 26 18:28:45.814799: | waitpid returned ECHILD (no child processes left) Aug 26 18:28:45.814803: | spent 0.00556 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:28:45.814806: | processing signal PLUTO_SIGCHLD Aug 26 18:28:45.814810: | waitpid returned ECHILD (no child processes left) Aug 26 18:28:45.814814: | spent 0.00416 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:28:45.814817: | processing signal PLUTO_SIGCHLD Aug 26 18:28:45.814821: | waitpid returned ECHILD (no child processes left) Aug 26 18:28:45.814825: | spent 0.00393 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:28:49.116591: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:49.117006: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:28:49.117015: | FOR_EACH_STATE_... in sort_states Aug 26 18:28:49.117024: | get_sa_info esp.b3608dc3@192.1.2.45 Aug 26 18:28:49.117379: | get_sa_info esp.f5e811a0@192.1.2.23 Aug 26 18:28:49.117404: | get_sa_info esp.8d772b29@192.1.2.45 Aug 26 18:28:49.117412: | get_sa_info esp.998919b@192.1.2.23 Aug 26 18:28:49.117429: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:49.117437: | spent 0.851 milliseconds in whack Aug 26 18:28:50.333120: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:50.333354: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:28:50.333365: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:28:50.333471: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:28:50.333476: | FOR_EACH_STATE_... in sort_states Aug 26 18:28:50.333489: | get_sa_info esp.b3608dc3@192.1.2.45 Aug 26 18:28:50.333505: | get_sa_info esp.f5e811a0@192.1.2.23 Aug 26 18:28:50.333520: | get_sa_info esp.8d772b29@192.1.2.45 Aug 26 18:28:50.333529: | get_sa_info esp.998919b@192.1.2.23 Aug 26 18:28:50.333548: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:28:50.333555: | spent 0.422 milliseconds in whack Aug 26 18:28:50.708777: | spent 0.00299 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:28:50.708806: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 18:28:50.708810: | 48 5d 18 bc c0 82 9f 0b 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:50.708812: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:28:50.708815: | db 6c fa b4 d6 e9 dd 47 15 33 bb 6c 0f 17 1e 1a Aug 26 18:28:50.708817: | a5 73 95 48 c1 c5 b5 1d 5e 05 7a 25 3f c0 ee 3f Aug 26 18:28:50.708820: | a6 66 69 af fb Aug 26 18:28:50.708825: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:28:50.708828: | **parse ISAKMP Message: Aug 26 18:28:50.708831: | initiator cookie: Aug 26 18:28:50.708834: | 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:50.708836: | responder cookie: Aug 26 18:28:50.708839: | 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:50.708842: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:28:50.708844: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:50.708847: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:28:50.708852: | flags: none (0x0) Aug 26 18:28:50.708858: | Message ID: 0 (0x0) Aug 26 18:28:50.708860: | length: 69 (0x45) Aug 26 18:28:50.708864: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:28:50.708867: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:28:50.708872: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:28:50.708878: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:28:50.708881: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:28:50.708886: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:28:50.708889: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 18:28:50.708894: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Aug 26 18:28:50.708896: | unpacking clear payload Aug 26 18:28:50.708899: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:28:50.708902: | ***parse IKEv2 Encryption Payload: Aug 26 18:28:50.708905: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:28:50.708908: | flags: none (0x0) Aug 26 18:28:50.708910: | length: 41 (0x29) Aug 26 18:28:50.708913: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 18:28:50.708918: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 18:28:50.708921: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:28:50.708947: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:28:50.708950: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:28:50.708953: | **parse IKEv2 Delete Payload: Aug 26 18:28:50.708956: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:50.708959: | flags: none (0x0) Aug 26 18:28:50.708961: | length: 12 (0xc) Aug 26 18:28:50.708964: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:28:50.708967: | SPI size: 4 (0x4) Aug 26 18:28:50.708969: | number of SPIs: 1 (0x1) Aug 26 18:28:50.708972: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 18:28:50.708974: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:28:50.708977: | Now let's proceed with state specific processing Aug 26 18:28:50.708980: | calling processor I3: INFORMATIONAL Request Aug 26 18:28:50.708983: | an informational request should send a response Aug 26 18:28:50.709006: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:28:50.709011: | **emit ISAKMP Message: Aug 26 18:28:50.709014: | initiator cookie: Aug 26 18:28:50.709016: | 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:50.709019: | responder cookie: Aug 26 18:28:50.709021: | 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:50.709024: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:28:50.709026: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:50.709029: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:28:50.709032: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:28:50.709035: | Message ID: 0 (0x0) Aug 26 18:28:50.709038: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:28:50.709041: | ***emit IKEv2 Encryption Payload: Aug 26 18:28:50.709044: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:50.709046: | flags: none (0x0) Aug 26 18:28:50.709050: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:28:50.709053: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:28:50.709056: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:28:50.709068: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 18:28:50.709072: | SPI 09 98 91 9b Aug 26 18:28:50.709075: | delete PROTO_v2_ESP SA(0x0998919b) Aug 26 18:28:50.709079: | v2 CHILD SA #3 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 18:28:50.709082: | State DB: found IKEv2 state #3 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 18:28:50.709085: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x0998919b) Aug 26 18:28:50.709088: "westnet-eastnet-vti-01" #1: received Delete SA payload: replace IPsec State #3 now Aug 26 18:28:50.709091: | state #3 requesting EVENT_SA_REKEY to be deleted Aug 26 18:28:50.709095: | libevent_free: release ptr-libevent@0x564bfd757338 Aug 26 18:28:50.709099: | free_event_entry: release EVENT_SA_REKEY-pe@0x564bfd7571a8 Aug 26 18:28:50.709102: | event_schedule: new EVENT_SA_REPLACE-pe@0x564bfd7571a8 Aug 26 18:28:50.709106: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3 Aug 26 18:28:50.709109: | libevent_malloc: new ptr-libevent@0x7f08f0001f78 size 128 Aug 26 18:28:50.709113: | ****emit IKEv2 Delete Payload: Aug 26 18:28:50.709116: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:50.709118: | flags: none (0x0) Aug 26 18:28:50.709121: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:28:50.709124: | SPI size: 4 (0x4) Aug 26 18:28:50.709126: | number of SPIs: 1 (0x1) Aug 26 18:28:50.709129: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:28:50.709133: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:28:50.709136: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 18:28:50.709138: | local SPIs 8d 77 2b 29 Aug 26 18:28:50.709141: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:28:50.709144: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:28:50.709147: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:28:50.709150: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:28:50.709153: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:28:50.709156: | emitting length of ISAKMP Message: 69 Aug 26 18:28:50.709174: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:28:50.709177: | 48 5d 18 bc c0 82 9f 0b 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:50.709180: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 18:28:50.709182: | 07 a8 8b 9e 71 fe 14 72 48 22 f5 c8 09 1f fc 64 Aug 26 18:28:50.709185: | 6a 9e 87 b2 34 f5 b0 97 d0 fb 9b 1b c4 de 34 0b Aug 26 18:28:50.709187: | 11 57 09 8f 94 Aug 26 18:28:50.709212: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:28:50.709218: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 18:28:50.709224: | #1 spent 0.229 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 18:28:50.709229: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:50.709233: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 18:28:50.709236: | Message ID: updating counters for #1 to 0 after switching state Aug 26 18:28:50.709241: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 18:28:50.709245: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 18:28:50.709250: "westnet-eastnet-vti-01" #1: STATE_PARENT_I3: PARENT SA established Aug 26 18:28:50.709255: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:28:50.709260: | #1 spent 0.457 milliseconds in ikev2_process_packet() Aug 26 18:28:50.709264: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:28:50.709267: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:28:50.709271: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:28:50.709274: | spent 0.472 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:28:50.709281: | timer_event_cb: processing event@0x564bfd7571a8 Aug 26 18:28:50.709285: | handling event EVENT_SA_REPLACE for child state #3 Aug 26 18:28:50.709294: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:28:50.709300: | picked newest_ipsec_sa #3 for #3 Aug 26 18:28:50.709303: | replacing stale CHILD SA Aug 26 18:28:50.709307: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:28:50.709310: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:28:50.709314: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 18:28:50.709318: | creating state object #4 at 0x564bfd75fa28 Aug 26 18:28:50.709321: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 18:28:50.709331: | pstats #4 ikev2.child started Aug 26 18:28:50.709334: | duplicating state object #1 "westnet-eastnet-vti-01" as #4 for IPSEC SA Aug 26 18:28:50.709339: | #4 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:28:50.709348: | Message ID: init_child #1.#4; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:28:50.709351: | in connection_discard for connection westnet-eastnet-vti-01 Aug 26 18:28:50.709356: | suspend processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:28:50.709361: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:28:50.709365: | child state #4: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 18:28:50.709378: | using existing local ESP/AH proposals for westnet-eastnet-vti-02 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:28:50.709383: | #4 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #3 using IKE# 1 pfs=MODP2048 Aug 26 18:28:50.709387: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x564bfd758b98 Aug 26 18:28:50.709390: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Aug 26 18:28:50.709393: | libevent_malloc: new ptr-libevent@0x564bfd74b528 size 128 Aug 26 18:28:50.709399: | RESET processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:28:50.709402: | event_schedule: new EVENT_SA_EXPIRE-pe@0x564bfd750da8 Aug 26 18:28:50.709405: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3 Aug 26 18:28:50.709408: | libevent_malloc: new ptr-libevent@0x564bfd750e18 size 128 Aug 26 18:28:50.709411: | libevent_free: release ptr-libevent@0x7f08f0001f78 Aug 26 18:28:50.709414: | free_event_entry: release EVENT_SA_REPLACE-pe@0x564bfd7571a8 Aug 26 18:28:50.709419: | #3 spent 0.134 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:28:50.709422: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:28:50.709426: | timer_event_cb: processing event@0x564bfd758b98 Aug 26 18:28:50.709431: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Aug 26 18:28:50.709436: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 18:28:50.709441: | adding Child Rekey Initiator KE and nonce ni work-order 5 for state #4 Aug 26 18:28:50.709444: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564bfd7571a8 Aug 26 18:28:50.709448: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 18:28:50.709450: | libevent_malloc: new ptr-libevent@0x7f08f0001f78 size 128 Aug 26 18:28:50.709459: | libevent_free: release ptr-libevent@0x564bfd74b528 Aug 26 18:28:50.709462: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x564bfd758b98 Aug 26 18:28:50.709466: | #4 spent 0.0388 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 18:28:50.709471: | stop processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 18:28:50.709474: | timer_event_cb: processing event@0x564bfd750da8 Aug 26 18:28:50.709477: | handling event EVENT_SA_EXPIRE for child state #3 Aug 26 18:28:50.709481: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:28:50.709485: | picked newest_ipsec_sa #3 for #3 Aug 26 18:28:50.709488: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:28:50.709490: | pstats #3 ikev2.child re-failed exchange-timeout Aug 26 18:28:50.709493: | pstats #3 ikev2.child deleted completed Aug 26 18:28:50.709496: | #3 spent 5.53 milliseconds in total Aug 26 18:28:50.709501: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:28:50.709504: "westnet-eastnet-vti-02" #3: deleting state (STATE_V2_IPSEC_I) aged 5.014s and NOT sending notification Aug 26 18:28:50.709507: | child state #3: V2_IPSEC_I(established CHILD SA) => delete Aug 26 18:28:50.709512: | get_sa_info esp.998919b@192.1.2.23 Aug 26 18:28:50.709525: | get_sa_info esp.8d772b29@192.1.2.45 Aug 26 18:28:50.709532: "westnet-eastnet-vti-02" #3: ESP traffic information: in=0B out=0B Aug 26 18:28:50.709536: | child state #3: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:28:50.709579: | crypto helper 5 resuming Aug 26 18:28:50.709586: | crypto helper 5 starting work-order 5 for state #4 Aug 26 18:28:50.709590: | crypto helper 5 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 Aug 26 18:28:50.710584: | crypto helper 5 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 time elapsed 0.000994 seconds Aug 26 18:28:50.710594: | (#4) spent 1 milliseconds in crypto helper computing work-order 5: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 18:28:50.710598: | crypto helper 5 sending results from work-order 5 for state #4 to event queue Aug 26 18:28:50.710601: | scheduling resume sending helper answer for #4 Aug 26 18:28:50.710604: | libevent_malloc: new ptr-libevent@0x7f08f4002888 size 128 Aug 26 18:28:50.710609: | crypto helper 5 waiting (nothing to do) Aug 26 18:28:50.710620: | running updown command "ipsec _updown" for verb down Aug 26 18:28:50.710623: | command executing down-client Aug 26 18:28:50.710652: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844125' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffff Aug 26 18:28:50.710658: | popen cmd is 1134 chars long Aug 26 18:28:50.710661: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-v: Aug 26 18:28:50.710664: | cmd( 80):ti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' : Aug 26 18:28:50.710667: | cmd( 160):PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0': Aug 26 18:28:50.710670: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' P: Aug 26 18:28:50.710673: | cmd( 320):LUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.: Aug 26 18:28:50.710675: | cmd( 400):1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_: Aug 26 18:28:50.710678: | cmd( 480):NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_: Aug 26 18:28:50.710681: | cmd( 560):PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='156684412: Aug 26 18:28:50.710684: | cmd( 640):5' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_F: Aug 26 18:28:50.710686: | cmd( 720):RAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XA: Aug 26 18:28:50.710689: | cmd( 800):UTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_IN: Aug 26 18:28:50.710692: | cmd( 880):FO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CO: Aug 26 18:28:50.710695: | cmd( 960):NFIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ips: Aug 26 18:28:50.710697: | cmd(1040):ec0' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x998919b SPI_OUT=0x8d772b29 ipse: Aug 26 18:28:50.710700: | cmd(1120):c _updown 2>&1: Aug 26 18:28:50.722083: "westnet-eastnet-vti-02" #3: down-client output: Command line is not complete. Try option "help" Aug 26 18:28:50.722673: | shunt_eroute() called for connection 'westnet-eastnet-vti-02' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:28:50.722687: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:28:50.722691: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Aug 26 18:28:50.722696: | IPsec Sa SPD priority set to 1042407 Aug 26 18:28:50.722733: | delete esp.998919b@192.1.2.23 Aug 26 18:28:50.723813: | netlink response for Del SA esp.998919b@192.1.2.23 included non-error error Aug 26 18:28:50.723830: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Aug 26 18:28:50.723839: | delete inbound eroute 10.0.2.0/24:0 --0-> 10.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 18:28:50.723870: | raw_eroute result=success Aug 26 18:28:50.723875: | delete esp.8d772b29@192.1.2.45 Aug 26 18:28:50.723886: | netlink response for Del SA esp.8d772b29@192.1.2.45 included non-error error Aug 26 18:28:50.723899: | in connection_discard for connection westnet-eastnet-vti-02 Aug 26 18:28:50.723903: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 18:28:50.723908: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:28:50.723953: | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:28:50.723978: | State DB: found IKEv2 state #4 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 18:28:50.723981: | can't expire unused IKE SA #1; it has the child #4 Aug 26 18:28:50.723990: | libevent_free: release ptr-libevent@0x564bfd750e18 Aug 26 18:28:50.723994: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x564bfd750da8 Aug 26 18:28:50.723998: | in statetime_stop() and could not find #3 Aug 26 18:28:50.724001: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:28:50.724028: | spent 0.00283 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:28:50.724050: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 18:28:50.724054: | 48 5d 18 bc c0 82 9f 0b 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:50.724057: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 18:28:50.724059: | c5 ec e3 6c 5d 2a 28 2d e6 0d 4f d6 19 c5 d0 c3 Aug 26 18:28:50.724061: | da a9 75 dc f2 52 ae 54 c2 b7 5e bc 72 48 a0 0b Aug 26 18:28:50.724064: | b1 42 3a 14 27 Aug 26 18:28:50.724070: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:28:50.724074: | **parse ISAKMP Message: Aug 26 18:28:50.724077: | initiator cookie: Aug 26 18:28:50.724079: | 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:50.724082: | responder cookie: Aug 26 18:28:50.724084: | 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:50.724088: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:28:50.724091: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:50.724094: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:28:50.724097: | flags: none (0x0) Aug 26 18:28:50.724100: | Message ID: 1 (0x1) Aug 26 18:28:50.724103: | length: 69 (0x45) Aug 26 18:28:50.724106: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:28:50.724109: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:28:50.724113: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:28:50.724120: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:28:50.724124: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:28:50.724129: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:28:50.724132: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 18:28:50.724136: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Aug 26 18:28:50.724139: | unpacking clear payload Aug 26 18:28:50.724142: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:28:50.724145: | ***parse IKEv2 Encryption Payload: Aug 26 18:28:50.724148: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:28:50.724150: | flags: none (0x0) Aug 26 18:28:50.724153: | length: 41 (0x29) Aug 26 18:28:50.724156: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 18:28:50.724161: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 18:28:50.724164: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:28:50.724185: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:28:50.724189: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:28:50.724192: | **parse IKEv2 Delete Payload: Aug 26 18:28:50.724194: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:50.724197: | flags: none (0x0) Aug 26 18:28:50.724200: | length: 12 (0xc) Aug 26 18:28:50.724202: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:28:50.724205: | SPI size: 4 (0x4) Aug 26 18:28:50.724208: | number of SPIs: 1 (0x1) Aug 26 18:28:50.724210: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 18:28:50.724213: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:28:50.724216: | Now let's proceed with state specific processing Aug 26 18:28:50.724218: | calling processor I3: INFORMATIONAL Request Aug 26 18:28:50.724222: | an informational request should send a response Aug 26 18:28:50.724245: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:28:50.724250: | **emit ISAKMP Message: Aug 26 18:28:50.724252: | initiator cookie: Aug 26 18:28:50.724255: | 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:50.724257: | responder cookie: Aug 26 18:28:50.724259: | 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:50.724264: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:28:50.724267: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:50.724269: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:28:50.724273: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:28:50.724275: | Message ID: 1 (0x1) Aug 26 18:28:50.724278: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:28:50.724282: | ***emit IKEv2 Encryption Payload: Aug 26 18:28:50.724284: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:50.724287: | flags: none (0x0) Aug 26 18:28:50.724305: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:28:50.724309: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:28:50.724312: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:28:50.724329: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 18:28:50.724332: | SPI f5 e8 11 a0 Aug 26 18:28:50.724335: | delete PROTO_v2_ESP SA(0xf5e811a0) Aug 26 18:28:50.724338: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 18:28:50.724341: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 18:28:50.724344: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xf5e811a0) Aug 26 18:28:50.724348: "westnet-eastnet-vti-01" #1: received Delete SA payload: replace IPsec State #2 now Aug 26 18:28:50.724351: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 18:28:50.724354: | libevent_free: release ptr-libevent@0x564bfd759328 Aug 26 18:28:50.724359: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f0900002b78 Aug 26 18:28:50.724362: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f0900002b78 Aug 26 18:28:50.724366: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 18:28:50.724369: | libevent_malloc: new ptr-libevent@0x7f08fc003878 size 128 Aug 26 18:28:50.724374: | ****emit IKEv2 Delete Payload: Aug 26 18:28:50.724376: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:50.724379: | flags: none (0x0) Aug 26 18:28:50.724382: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 18:28:50.724384: | SPI size: 4 (0x4) Aug 26 18:28:50.724387: | number of SPIs: 1 (0x1) Aug 26 18:28:50.724390: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 18:28:50.724393: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:28:50.724396: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 18:28:50.724399: | local SPIs b3 60 8d c3 Aug 26 18:28:50.724402: | emitting length of IKEv2 Delete Payload: 12 Aug 26 18:28:50.724404: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:28:50.724408: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:28:50.724411: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:28:50.724414: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 18:28:50.724416: | emitting length of ISAKMP Message: 69 Aug 26 18:28:50.724435: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:28:50.724438: | 48 5d 18 bc c0 82 9f 0b 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:50.724441: | 2e 20 25 28 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 18:28:50.724444: | ac 35 f2 d2 d0 5c c4 cc a6 63 b1 22 eb b8 88 9c Aug 26 18:28:50.724446: | 77 3c 41 70 cd e5 ea 16 98 65 f3 2b f6 27 7d 79 Aug 26 18:28:50.724448: | 67 33 bf c5 29 Aug 26 18:28:50.724489: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:28:50.724497: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 18:28:50.724503: | #1 spent 0.251 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 18:28:50.724509: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:50.724513: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 18:28:50.724516: | Message ID: updating counters for #1 to 1 after switching state Aug 26 18:28:50.724521: | Message ID: recv #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=0->1 wip.initiator=-1 wip.responder=1->-1 Aug 26 18:28:50.724526: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 18:28:50.724529: "westnet-eastnet-vti-01" #1: STATE_PARENT_I3: PARENT SA established Aug 26 18:28:50.724534: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:28:50.724538: | #1 spent 0.474 milliseconds in ikev2_process_packet() Aug 26 18:28:50.724543: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:28:50.724546: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:28:50.724549: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:28:50.724553: | spent 0.489 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:28:50.724560: | processing resume sending helper answer for #4 Aug 26 18:28:50.724566: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in resume_handler() at server.c:797) Aug 26 18:28:50.724570: | crypto helper 5 replies to request ID 5 Aug 26 18:28:50.724572: | calling continuation function 0x564bfc7d8b50 Aug 26 18:28:50.724576: | ikev2_child_outI_continue for #4 STATE_V2_REKEY_CHILD_I0 Aug 26 18:28:50.724579: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:28:50.724583: | libevent_free: release ptr-libevent@0x7f08f0001f78 Aug 26 18:28:50.724587: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564bfd7571a8 Aug 26 18:28:50.724590: | event_schedule: new EVENT_SA_REPLACE-pe@0x564bfd7571a8 Aug 26 18:28:50.724594: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #4 Aug 26 18:28:50.724597: | libevent_malloc: new ptr-libevent@0x564bfd750e18 size 128 Aug 26 18:28:50.724602: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 18:28:50.724605: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 18:28:50.724609: | libevent_malloc: new ptr-libevent@0x564bfd74b528 size 128 Aug 26 18:28:50.724614: | [RE]START processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:50.724617: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Aug 26 18:28:50.724620: | suspending state #4 and saving MD Aug 26 18:28:50.724623: | #4 is busy; has a suspended MD Aug 26 18:28:50.724627: | [RE]START processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 18:28:50.724631: | "westnet-eastnet-vti-02" #4 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 18:28:50.724635: | resume sending helper answer for #4 suppresed complete_v2_state_transition() Aug 26 18:28:50.724639: | #4 spent 0.0691 milliseconds in resume sending helper answer Aug 26 18:28:50.724644: | stop processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in resume_handler() at server.c:833) Aug 26 18:28:50.724649: | libevent_free: release ptr-libevent@0x7f08f4002888 Aug 26 18:28:50.724653: | processing signal PLUTO_SIGCHLD Aug 26 18:28:50.724658: | waitpid returned ECHILD (no child processes left) Aug 26 18:28:50.724662: | spent 0.00505 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:28:50.724668: | timer_event_cb: processing event@0x7f0900002b78 Aug 26 18:28:50.724671: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 18:28:50.724676: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:28:50.724680: | picked newest_ipsec_sa #2 for #2 Aug 26 18:28:50.724682: | replacing stale CHILD SA Aug 26 18:28:50.724687: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:28:50.724690: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:28:50.724693: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 18:28:50.724698: | creating state object #5 at 0x564bfd752ab8 Aug 26 18:28:50.724700: | State DB: adding IKEv2 state #5 in UNDEFINED Aug 26 18:28:50.724707: | pstats #5 ikev2.child started Aug 26 18:28:50.724711: | duplicating state object #1 "westnet-eastnet-vti-01" as #5 for IPSEC SA Aug 26 18:28:50.724715: | #5 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:28:50.724721: | Message ID: init_child #1.#5; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:28:50.724727: | suspend processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:28:50.724732: | start processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 18:28:50.724735: | child state #5: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 18:28:50.724739: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 18:28:50.724744: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-vti-01 (ESP/AH initiator emitting proposals) Aug 26 18:28:50.724749: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 18:28:50.724756: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:28:50.724760: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 18:28:50.724764: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 18:28:50.724767: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:28:50.724771: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:28:50.724775: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 18:28:50.724779: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:28:50.724787: "westnet-eastnet-vti-01": constructed local ESP/AH proposals for westnet-eastnet-vti-01 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 18:28:50.724794: | #5 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 18:28:50.724797: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7f08f4002b78 Aug 26 18:28:50.724801: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #5 Aug 26 18:28:50.724804: | libevent_malloc: new ptr-libevent@0x7f08f4002888 size 128 Aug 26 18:28:50.724809: | RESET processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 18:28:50.724814: | event_schedule: new EVENT_SA_EXPIRE-pe@0x564bfd750da8 Aug 26 18:28:50.724817: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 18:28:50.724820: | libevent_malloc: new ptr-libevent@0x7f08fc002888 size 128 Aug 26 18:28:50.724823: | libevent_free: release ptr-libevent@0x7f08fc003878 Aug 26 18:28:50.724827: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f0900002b78 Aug 26 18:28:50.724831: | #2 spent 0.162 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:28:50.724834: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:28:50.724837: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 18:28:50.724842: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in callback_handler() at server.c:904) Aug 26 18:28:50.724848: | Message ID: #1.#4 resuming SA using IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 18:28:50.724853: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 18:28:50.724857: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 18:28:50.724862: | **emit ISAKMP Message: Aug 26 18:28:50.724865: | initiator cookie: Aug 26 18:28:50.724868: | 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:50.724870: | responder cookie: Aug 26 18:28:50.724873: | 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:50.724875: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:28:50.724878: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:50.724881: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 18:28:50.724884: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:28:50.724886: | Message ID: 3 (0x3) Aug 26 18:28:50.724889: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:28:50.724892: | ***emit IKEv2 Encryption Payload: Aug 26 18:28:50.724895: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:50.724898: | flags: none (0x0) Aug 26 18:28:50.724901: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:28:50.724904: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 18:28:50.724907: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:28:50.724923: | netlink_get_spi: allocated 0x2e28e5b5 for esp.0@192.1.2.45 Aug 26 18:28:50.724926: | Emitting ikev2_proposals ... Aug 26 18:28:50.724929: | ****emit IKEv2 Security Association Payload: Aug 26 18:28:50.724931: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:50.724934: | flags: none (0x0) Aug 26 18:28:50.724937: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:28:50.724940: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:28:50.724943: | discarding INTEG=NONE Aug 26 18:28:50.724946: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:50.724949: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:50.724951: | prop #: 1 (0x1) Aug 26 18:28:50.724954: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:50.724956: | spi size: 4 (0x4) Aug 26 18:28:50.724959: | # transforms: 3 (0x3) Aug 26 18:28:50.724962: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:50.724965: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:28:50.724968: | our spi 2e 28 e5 b5 Aug 26 18:28:50.724971: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.724975: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.724978: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:50.724981: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:50.724984: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.724987: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:50.724990: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:50.724992: | length/value: 256 (0x100) Aug 26 18:28:50.724995: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:50.724998: | discarding INTEG=NONE Aug 26 18:28:50.725000: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.725003: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725006: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.725008: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:50.725011: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725015: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.725017: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.725020: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.725023: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:50.725026: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:50.725028: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:50.725031: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725034: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.725037: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.725040: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:28:50.725043: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:50.725045: | discarding INTEG=NONE Aug 26 18:28:50.725048: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:50.725050: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:50.725053: | prop #: 2 (0x2) Aug 26 18:28:50.725056: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:50.725058: | spi size: 4 (0x4) Aug 26 18:28:50.725061: | # transforms: 3 (0x3) Aug 26 18:28:50.725064: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:50.725067: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:50.725070: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:28:50.725073: | our spi 2e 28 e5 b5 Aug 26 18:28:50.725075: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.725078: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725080: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:50.725083: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:50.725086: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.725089: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:50.725092: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:50.725094: | length/value: 128 (0x80) Aug 26 18:28:50.725097: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:50.725099: | discarding INTEG=NONE Aug 26 18:28:50.725102: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.725106: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725109: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.725111: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:50.725115: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725118: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.725120: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.725123: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.725125: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:50.725128: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:50.725131: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:50.725134: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725137: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.725139: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.725142: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 18:28:50.725145: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:50.725148: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:50.725151: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:50.725153: | prop #: 3 (0x3) Aug 26 18:28:50.725156: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:50.725158: | spi size: 4 (0x4) Aug 26 18:28:50.725161: | # transforms: 5 (0x5) Aug 26 18:28:50.725164: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:50.725167: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:50.725170: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:28:50.725173: | our spi 2e 28 e5 b5 Aug 26 18:28:50.725175: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.725178: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725180: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:50.725183: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:50.725186: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.725189: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:50.725191: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:50.725194: | length/value: 256 (0x100) Aug 26 18:28:50.725197: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:50.725199: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.725202: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725205: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:50.725207: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:50.725210: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725213: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.725216: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.725219: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.725221: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725224: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:50.725227: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:50.725231: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725234: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.725237: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.725239: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.725242: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725245: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.725247: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:50.725250: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725253: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.725256: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.725259: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.725261: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:50.725264: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:50.725267: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:50.725270: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725273: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.725276: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.725278: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 18:28:50.725281: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:50.725284: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:50.725286: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:28:50.725321: | prop #: 4 (0x4) Aug 26 18:28:50.725327: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 18:28:50.725330: | spi size: 4 (0x4) Aug 26 18:28:50.725332: | # transforms: 5 (0x5) Aug 26 18:28:50.725335: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:50.725338: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:50.725341: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 18:28:50.725344: | our spi 2e 28 e5 b5 Aug 26 18:28:50.725346: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.725348: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725350: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:50.725353: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:50.725356: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.725358: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:50.725361: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:50.725363: | length/value: 128 (0x80) Aug 26 18:28:50.725366: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:50.725368: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.725371: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725373: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:50.725376: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:50.725379: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725384: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.725386: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.725389: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.725392: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725395: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:50.725397: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:50.725400: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725403: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.725406: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.725408: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.725410: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725413: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.725415: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:50.725418: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725421: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.725424: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.725426: | ******emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.725429: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:50.725432: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 18:28:50.725434: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 18:28:50.725437: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.725440: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.725443: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.725445: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 18:28:50.725448: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:50.725451: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 18:28:50.725454: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:28:50.725458: "westnet-eastnet-vti-02" #4: CHILD SA to rekey #3 vanished abort this exchange Aug 26 18:28:50.725461: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Aug 26 18:28:50.725466: | [RE]START processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:50.725470: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Aug 26 18:28:50.725520: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Aug 26 18:28:50.725529: | stop processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 18:28:50.725534: | resume processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 18:28:50.725539: | #1 spent 0.66 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 18:28:50.725544: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in callback_handler() at server.c:908) Aug 26 18:28:50.725548: | libevent_free: release ptr-libevent@0x564bfd74b528 Aug 26 18:28:50.725557: | timer_event_cb: processing event@0x7f08f4002b78 Aug 26 18:28:50.725561: | handling event EVENT_v2_INITIATE_CHILD for child state #5 Aug 26 18:28:50.725565: | start processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 18:28:50.725571: | adding Child Rekey Initiator KE and nonce ni work-order 6 for state #5 Aug 26 18:28:50.725575: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f0900002b78 Aug 26 18:28:50.725579: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Aug 26 18:28:50.725583: | libevent_malloc: new ptr-libevent@0x564bfd74b528 size 128 Aug 26 18:28:50.725591: | libevent_free: release ptr-libevent@0x7f08f4002888 Aug 26 18:28:50.725595: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7f08f4002b78 Aug 26 18:28:50.725600: | #5 spent 0.0423 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 18:28:50.725605: | stop processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 18:28:50.725610: | timer_event_cb: processing event@0x564bfd750da8 Aug 26 18:28:50.725613: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 18:28:50.725617: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:28:50.725621: | picked newest_ipsec_sa #2 for #2 Aug 26 18:28:50.725623: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:28:50.725626: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 18:28:50.725629: | pstats #2 ikev2.child deleted completed Aug 26 18:28:50.725632: | #2 spent 3 milliseconds in total Aug 26 18:28:50.725637: | [RE]START processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:28:50.725641: "westnet-eastnet-vti-01" #2: deleting state (STATE_V2_IPSEC_I) aged 5.238s and NOT sending notification Aug 26 18:28:50.725644: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 18:28:50.725649: | get_sa_info esp.f5e811a0@192.1.2.23 Aug 26 18:28:50.725660: | get_sa_info esp.b3608dc3@192.1.2.45 Aug 26 18:28:50.725668: "westnet-eastnet-vti-01" #2: ESP traffic information: in=336B out=336B Aug 26 18:28:50.725672: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:28:50.725708: | running updown command "ipsec _updown" for verb down Aug 26 18:28:50.725713: | command executing down-client Aug 26 18:28:50.725744: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844125' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0 Aug 26 18:28:50.725748: | popen cmd is 1140 chars long Aug 26 18:28:50.725752: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-v: Aug 26 18:28:50.725755: | cmd( 80):ti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' : Aug 26 18:28:50.725758: | cmd( 160):PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.: Aug 26 18:28:50.725761: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0: Aug 26 18:28:50.725766: | cmd( 320):' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='1: Aug 26 18:28:50.725769: | cmd( 400):92.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLI: Aug 26 18:28:50.725773: | cmd( 480):ENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' P: Aug 26 18:28:50.725776: | cmd( 560):LUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566: Aug 26 18:28:50.725778: | cmd( 640):844125' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+: Aug 26 18:28:50.725781: | cmd( 720):IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv: Aug 26 18:28:50.725784: | cmd( 800):4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMA: Aug 26 18:28:50.725787: | cmd( 880):IN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_: Aug 26 18:28:50.725789: | cmd( 960):NM_CONFIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE: Aug 26 18:28:50.725792: | cmd(1040):='ipsec0' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0xf5e811a0 SPI_OUT=0xb3608dc: Aug 26 18:28:50.725794: | cmd(1120):3 ipsec _updown 2>&1: Aug 26 18:28:50.726210: | crypto helper 6 resuming Aug 26 18:28:50.726234: | crypto helper 6 starting work-order 6 for state #5 Aug 26 18:28:50.726240: | crypto helper 6 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 Aug 26 18:28:50.727229: | crypto helper 6 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 time elapsed 0.000987 seconds Aug 26 18:28:50.727247: | (#5) spent 1 milliseconds in crypto helper computing work-order 6: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 18:28:50.727252: | crypto helper 6 sending results from work-order 6 for state #5 to event queue Aug 26 18:28:50.727256: | scheduling resume sending helper answer for #5 Aug 26 18:28:50.727260: | libevent_malloc: new ptr-libevent@0x7f08e8002888 size 128 Aug 26 18:28:50.727279: | crypto helper 6 waiting (nothing to do) Aug 26 18:28:50.740666: "westnet-eastnet-vti-01" #2: down-client output: Command line is not complete. Try option "help" Aug 26 18:28:50.740961: | shunt_eroute() called for connection 'westnet-eastnet-vti-01' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:28:50.740968: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:28:50.740972: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Aug 26 18:28:50.740977: | IPsec Sa SPD priority set to 1042407 Aug 26 18:28:50.741018: | delete esp.f5e811a0@192.1.2.23 Aug 26 18:28:50.741035: | netlink response for Del SA esp.f5e811a0@192.1.2.23 included non-error error Aug 26 18:28:50.741040: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Aug 26 18:28:50.741047: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 18:28:50.741066: | raw_eroute result=success Aug 26 18:28:50.741070: | delete esp.b3608dc3@192.1.2.45 Aug 26 18:28:50.741080: | netlink response for Del SA esp.b3608dc3@192.1.2.45 included non-error error Aug 26 18:28:50.741091: | in connection_discard for connection westnet-eastnet-vti-01 Aug 26 18:28:50.741094: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 18:28:50.741100: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:28:50.741108: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:28:50.741127: | State DB: found IKEv2 state #5 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 18:28:50.741130: | can't expire unused IKE SA #1; it has the child #5 Aug 26 18:28:50.741136: | libevent_free: release ptr-libevent@0x7f08fc002888 Aug 26 18:28:50.741140: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x564bfd750da8 Aug 26 18:28:50.741144: | in statetime_stop() and could not find #2 Aug 26 18:28:50.741148: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:28:50.741174: | spent 0.00291 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:28:50.741194: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 18:28:50.741197: | 48 5d 18 bc c0 82 9f 0b 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:50.741200: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Aug 26 18:28:50.741203: | 91 b3 d7 a7 d7 7b 1c 1f 0c 57 a5 1e aa 54 e7 bd Aug 26 18:28:50.741205: | 1a 82 71 bf 5b 45 55 47 06 0d 0f 97 cd 92 3e fd Aug 26 18:28:50.741208: | c1 Aug 26 18:28:50.741213: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:28:50.741217: | **parse ISAKMP Message: Aug 26 18:28:50.741220: | initiator cookie: Aug 26 18:28:50.741222: | 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:50.741225: | responder cookie: Aug 26 18:28:50.741227: | 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:50.741230: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 18:28:50.741233: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:50.741236: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:28:50.741240: | flags: none (0x0) Aug 26 18:28:50.741243: | Message ID: 2 (0x2) Aug 26 18:28:50.741246: | length: 65 (0x41) Aug 26 18:28:50.741249: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 18:28:50.741253: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 18:28:50.741256: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 18:28:50.741263: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 18:28:50.741266: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 18:28:50.741271: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 18:28:50.741274: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Aug 26 18:28:50.741279: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 Aug 26 18:28:50.741281: | unpacking clear payload Aug 26 18:28:50.741284: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 18:28:50.741292: | ***parse IKEv2 Encryption Payload: Aug 26 18:28:50.741299: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 18:28:50.741301: | flags: none (0x0) Aug 26 18:28:50.741304: | length: 37 (0x25) Aug 26 18:28:50.741307: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 18:28:50.741312: | Message ID: start-responder #1 request 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Aug 26 18:28:50.741315: | #1 in state PARENT_I3: PARENT SA established Aug 26 18:28:50.741342: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 18:28:50.741345: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 18:28:50.741349: | **parse IKEv2 Delete Payload: Aug 26 18:28:50.741352: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:50.741354: | flags: none (0x0) Aug 26 18:28:50.741357: | length: 8 (0x8) Aug 26 18:28:50.741360: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 18:28:50.741362: | SPI size: 0 (0x0) Aug 26 18:28:50.741365: | number of SPIs: 0 (0x0) Aug 26 18:28:50.741368: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 18:28:50.741371: | selected state microcode I3: INFORMATIONAL Request Aug 26 18:28:50.741373: | Now let's proceed with state specific processing Aug 26 18:28:50.741376: | calling processor I3: INFORMATIONAL Request Aug 26 18:28:50.741380: | an informational request should send a response Aug 26 18:28:50.741403: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 18:28:50.741408: | **emit ISAKMP Message: Aug 26 18:28:50.741410: | initiator cookie: Aug 26 18:28:50.741413: | 48 5d 18 bc c0 82 9f 0b Aug 26 18:28:50.741415: | responder cookie: Aug 26 18:28:50.741418: | 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:50.741423: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:28:50.741426: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:50.741428: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 18:28:50.741432: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 18:28:50.741434: | Message ID: 2 (0x2) Aug 26 18:28:50.741437: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:28:50.741441: | ***emit IKEv2 Encryption Payload: Aug 26 18:28:50.741443: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:50.741446: | flags: none (0x0) Aug 26 18:28:50.741450: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 18:28:50.741453: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 18:28:50.741456: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 18:28:50.741469: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 18:28:50.741473: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 18:28:50.741476: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 18:28:50.741479: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 18:28:50.741481: | emitting length of ISAKMP Message: 57 Aug 26 18:28:50.741501: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 18:28:50.741505: | 48 5d 18 bc c0 82 9f 0b 46 c6 cb 25 04 15 b7 32 Aug 26 18:28:50.741507: | 2e 20 25 28 00 00 00 02 00 00 00 39 00 00 00 1d Aug 26 18:28:50.741510: | a9 56 8d 64 d8 98 ca c1 7a 20 73 ea 7e f8 ed 57 Aug 26 18:28:50.741512: | 5f 59 dc 82 32 90 96 6f 04 Aug 26 18:28:50.741552: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 Aug 26 18:28:50.741558: | Message ID: sent #1 response 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 Aug 26 18:28:50.741562: | child state #5: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 18:28:50.741565: | pstats #5 ikev2.child deleted other Aug 26 18:28:50.741569: | #5 spent 0.0423 milliseconds in total Aug 26 18:28:50.741574: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:28:50.741578: | start processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:28:50.741583: "westnet-eastnet-vti-01" #5: deleting other state #5 (STATE_CHILDSA_DEL) aged 0.016s and NOT sending notification Aug 26 18:28:50.741586: | child state #5: CHILDSA_DEL(informational) => delete Aug 26 18:28:50.741590: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:28:50.741594: | libevent_free: release ptr-libevent@0x564bfd74b528 Aug 26 18:28:50.741598: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f0900002b78 Aug 26 18:28:50.741603: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Aug 26 18:28:50.741610: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 18:28:50.741622: | raw_eroute result=success Aug 26 18:28:50.741626: | in connection_discard for connection westnet-eastnet-vti-01 Aug 26 18:28:50.741629: | State DB: deleting IKEv2 state #5 in CHILDSA_DEL Aug 26 18:28:50.741637: | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:28:50.741641: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:28:50.741646: | resume processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:28:50.741655: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 18:28:50.741658: | pstats #4 ikev2.child deleted other Aug 26 18:28:50.741661: | #4 spent 1.11 milliseconds in total Aug 26 18:28:50.741666: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:28:50.741670: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:28:50.741674: "westnet-eastnet-vti-02" #4: deleting other state #4 connection (STATE_CHILDSA_DEL) "westnet-eastnet-vti-02" aged 0.032s and NOT sending notification Aug 26 18:28:50.741677: | child state #4: CHILDSA_DEL(informational) => delete Aug 26 18:28:50.741680: | state #4 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:28:50.741683: | libevent_free: release ptr-libevent@0x564bfd750e18 Aug 26 18:28:50.741686: | free_event_entry: release EVENT_SA_REPLACE-pe@0x564bfd7571a8 Aug 26 18:28:50.741690: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Aug 26 18:28:50.741696: | delete inbound eroute 10.0.2.0/24:0 --0-> 10.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 18:28:50.741705: | raw_eroute result=success Aug 26 18:28:50.741709: | in connection_discard for connection westnet-eastnet-vti-02 Aug 26 18:28:50.741712: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL Aug 26 18:28:50.741716: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:28:50.741738: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:28:50.741743: | resume processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:28:50.741747: | State DB: IKEv2 state not found (delete_my_family) Aug 26 18:28:50.741750: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 18:28:50.741753: | pstats #1 ikev2.ike deleted completed Aug 26 18:28:50.741758: | #1 spent 20.4 milliseconds in total Aug 26 18:28:50.741763: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 18:28:50.741767: "westnet-eastnet-vti-01" #1: deleting state (STATE_IKESA_DEL) aged 5.262s and NOT sending notification Aug 26 18:28:50.741770: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 18:28:50.741857: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 18:28:50.741864: | libevent_free: release ptr-libevent@0x7f08f8000f48 Aug 26 18:28:50.741869: | free_event_entry: release EVENT_SA_REKEY-pe@0x564bfd74c3d8 Aug 26 18:28:50.741872: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:28:50.741875: | picked newest_isakmp_sa #0 for #1 Aug 26 18:28:50.741879: "westnet-eastnet-vti-01" #1: deleting IKE SA for connection 'westnet-eastnet-vti-01' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:28:50.741882: | add revival: connection 'westnet-eastnet-vti-01' added to the list and scheduled for 0 seconds Aug 26 18:28:50.741886: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 18:28:50.741890: | in connection_discard for connection westnet-eastnet-vti-01 Aug 26 18:28:50.741893: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 18:28:50.741896: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 18:28:50.741900: | unreference key: 0x564bfd74c5b8 @east cnt 2-- Aug 26 18:28:50.741918: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 18:28:50.741943: | in statetime_stop() and could not find #1 Aug 26 18:28:50.741947: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:50.741952: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 18:28:50.741957: | STF_OK but no state object remains Aug 26 18:28:50.741960: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 18:28:50.741963: | in statetime_stop() and could not find #1 Aug 26 18:28:50.741967: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:28:50.741970: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:28:50.741974: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:28:50.741979: | spent 0.755 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:28:50.741986: | processing resume sending helper answer for #5 Aug 26 18:28:50.741990: | crypto helper 6 replies to request ID 6 Aug 26 18:28:50.741993: | calling continuation function 0x564bfc7d8b50 Aug 26 18:28:50.741996: | work-order 6 state #5 crypto result suppressed Aug 26 18:28:50.742008: | (#5) spent 0.0164 milliseconds in resume sending helper answer Aug 26 18:28:50.742011: | libevent_free: release ptr-libevent@0x7f08e8002888 Aug 26 18:28:50.742014: | processing signal PLUTO_SIGCHLD Aug 26 18:28:50.742019: | waitpid returned ECHILD (no child processes left) Aug 26 18:28:50.742023: | spent 0.00519 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:28:50.742029: | processing global timer EVENT_REVIVE_CONNS Aug 26 18:28:50.742032: Initiating connection westnet-eastnet-vti-01 which received a Delete/Notify but must remain up per local policy Aug 26 18:28:50.742035: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:28:50.742040: | start processing: connection "westnet-eastnet-vti-01" (in initiate_a_connection() at initiate.c:186) Aug 26 18:28:50.742043: | connection 'westnet-eastnet-vti-01' +POLICY_UP Aug 26 18:28:50.742046: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 18:28:50.742049: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:28:50.742055: | creating state object #6 at 0x564bfd752ab8 Aug 26 18:28:50.742058: | State DB: adding IKEv2 state #6 in UNDEFINED Aug 26 18:28:50.742064: | pstats #6 ikev2.ike started Aug 26 18:28:50.742068: | Message ID: init #6: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 18:28:50.742071: | parent state #6: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 18:28:50.742076: | Message ID: init_ike #6; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 18:28:50.742082: | suspend processing: connection "westnet-eastnet-vti-01" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:28:50.742087: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 18:28:50.742090: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 18:28:50.742094: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-vti-01" IKE SA #6 "westnet-eastnet-vti-01" Aug 26 18:28:50.742098: "westnet-eastnet-vti-01" #6: initiating v2 parent SA Aug 26 18:28:50.742115: | using existing local IKE proposals for connection westnet-eastnet-vti-01 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:50.742119: | adding ikev2_outI1 KE work-order 7 for state #6 Aug 26 18:28:50.742123: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564bfd750da8 Aug 26 18:28:50.742126: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Aug 26 18:28:50.742130: | libevent_malloc: new ptr-libevent@0x7f08fc002888 size 128 Aug 26 18:28:50.742142: | #6 spent 0.102 milliseconds in ikev2_parent_outI1() Aug 26 18:28:50.742147: | RESET processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:28:50.742150: | RESET processing: connection "westnet-eastnet-vti-01" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 18:28:50.742153: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 18:28:50.742158: | spent 0.125 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 18:28:50.742168: | crypto helper 2 resuming Aug 26 18:28:50.742173: | crypto helper 2 starting work-order 7 for state #6 Aug 26 18:28:50.742177: | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 7 Aug 26 18:28:50.743170: | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 7 time elapsed 0.000992 seconds Aug 26 18:28:50.743181: | (#6) spent 0.991 milliseconds in crypto helper computing work-order 7: ikev2_outI1 KE (pcr) Aug 26 18:28:50.743185: | crypto helper 2 sending results from work-order 7 for state #6 to event queue Aug 26 18:28:50.743188: | scheduling resume sending helper answer for #6 Aug 26 18:28:50.743192: | libevent_malloc: new ptr-libevent@0x7f08ec002888 size 128 Aug 26 18:28:50.743200: | crypto helper 2 waiting (nothing to do) Aug 26 18:28:50.743211: | processing resume sending helper answer for #6 Aug 26 18:28:50.743224: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:28:50.743230: | crypto helper 2 replies to request ID 7 Aug 26 18:28:50.743233: | calling continuation function 0x564bfc7d8b50 Aug 26 18:28:50.743236: | ikev2_parent_outI1_continue for #6 Aug 26 18:28:50.743243: | **emit ISAKMP Message: Aug 26 18:28:50.743246: | initiator cookie: Aug 26 18:28:50.743249: | 03 6d 9d ea 17 10 8a c1 Aug 26 18:28:50.743252: | responder cookie: Aug 26 18:28:50.743254: | 00 00 00 00 00 00 00 00 Aug 26 18:28:50.743257: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:28:50.743260: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 18:28:50.743263: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 18:28:50.743267: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 18:28:50.743269: | Message ID: 0 (0x0) Aug 26 18:28:50.743273: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:28:50.743307: | using existing local IKE proposals for connection westnet-eastnet-vti-01 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 18:28:50.743315: | Emitting ikev2_proposals ... Aug 26 18:28:50.743319: | ***emit IKEv2 Security Association Payload: Aug 26 18:28:50.743322: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:50.743325: | flags: none (0x0) Aug 26 18:28:50.743329: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 18:28:50.743332: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:28:50.743336: | discarding INTEG=NONE Aug 26 18:28:50.743338: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:50.743341: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:50.743344: | prop #: 1 (0x1) Aug 26 18:28:50.743350: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:50.743353: | spi size: 0 (0x0) Aug 26 18:28:50.743355: | # transforms: 11 (0xb) Aug 26 18:28:50.743358: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:50.743361: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743364: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743367: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:50.743370: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:50.743373: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743376: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:50.743379: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:50.743382: | length/value: 256 (0x100) Aug 26 18:28:50.743385: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:50.743387: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743390: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743393: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:50.743396: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:50.743399: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743402: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743405: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743407: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743410: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743413: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:50.743415: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:50.743419: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743422: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743424: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743427: | discarding INTEG=NONE Aug 26 18:28:50.743430: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743432: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743435: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.743438: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:50.743441: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743444: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743447: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743449: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743452: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743455: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.743457: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:50.743460: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743463: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743466: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743469: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743471: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743474: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.743478: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:50.743481: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743484: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743487: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743490: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743492: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743495: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.743498: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:50.743501: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743504: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743507: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743509: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743512: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743515: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.743517: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:50.743521: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743524: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743526: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743529: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743531: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743534: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.743537: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:50.743540: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743543: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743546: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743548: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743551: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743553: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.743556: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:50.743559: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743562: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743565: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743568: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743571: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:50.743573: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.743576: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:50.743579: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743582: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743585: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743589: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:28:50.743592: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:50.743595: | discarding INTEG=NONE Aug 26 18:28:50.743598: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:50.743600: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:50.743603: | prop #: 2 (0x2) Aug 26 18:28:50.743605: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:50.743608: | spi size: 0 (0x0) Aug 26 18:28:50.743611: | # transforms: 11 (0xb) Aug 26 18:28:50.743614: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:50.743617: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:50.743619: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743622: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743625: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:50.743627: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 18:28:50.743630: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743633: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:50.743636: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:50.743639: | length/value: 128 (0x80) Aug 26 18:28:50.743641: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:50.743644: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743647: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743649: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:50.743652: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:50.743655: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743658: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743661: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743664: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743666: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743669: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:50.743672: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:50.743675: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743678: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743680: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743683: | discarding INTEG=NONE Aug 26 18:28:50.743685: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743688: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743691: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.743694: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:50.743697: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743700: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743703: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743705: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743708: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743711: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.743714: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:50.743718: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743721: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743723: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743726: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743729: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743731: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.743734: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:50.743737: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743740: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743743: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743745: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743748: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743751: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.743753: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:50.743756: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743759: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743762: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743765: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743767: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743770: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.743773: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:50.743776: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743779: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743782: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743784: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743787: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743789: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.743792: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:50.743795: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743798: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743801: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743804: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743806: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743809: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.743811: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:50.743815: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743818: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743820: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743825: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743828: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:50.743830: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.743833: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:50.743836: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743839: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743842: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743844: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 18:28:50.743847: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:50.743850: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:50.743853: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:50.743855: | prop #: 3 (0x3) Aug 26 18:28:50.743858: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:50.743861: | spi size: 0 (0x0) Aug 26 18:28:50.743863: | # transforms: 13 (0xd) Aug 26 18:28:50.743866: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:50.743869: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:50.743872: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743875: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743878: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:50.743880: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:50.743883: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743886: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:50.743889: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:50.743891: | length/value: 256 (0x100) Aug 26 18:28:50.743894: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:50.743897: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743900: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743902: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:50.743905: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:50.743908: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743911: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743914: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743916: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743919: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743922: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:50.743924: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:50.743927: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743930: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743933: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743936: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743938: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743941: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:50.743944: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:50.743947: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743951: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743954: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743957: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743959: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743962: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:50.743965: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:50.743968: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743971: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743973: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743976: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743979: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743981: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.743984: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:50.743987: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.743990: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.743993: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.743996: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.743998: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744001: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.744004: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:50.744007: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744010: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744012: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.744015: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.744018: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744020: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.744023: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:50.744026: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744029: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744032: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.744035: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.744037: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744040: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.744043: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:50.744046: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744049: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744051: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.744054: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.744057: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744061: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.744063: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:50.744066: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744069: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744072: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.744075: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.744078: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744080: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.744083: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:50.744086: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744089: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744092: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.744094: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.744097: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744100: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.744102: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:50.744105: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744108: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744111: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.744114: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.744116: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:50.744119: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.744122: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:50.744125: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744128: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744131: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.744133: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:28:50.744136: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:50.744139: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 18:28:50.744142: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 18:28:50.744144: | prop #: 4 (0x4) Aug 26 18:28:50.744147: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 18:28:50.744150: | spi size: 0 (0x0) Aug 26 18:28:50.744152: | # transforms: 13 (0xd) Aug 26 18:28:50.744156: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 18:28:50.744158: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 18:28:50.744161: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.744164: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744167: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 18:28:50.744169: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 18:28:50.744172: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744175: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 18:28:50.744179: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 18:28:50.744182: | length/value: 128 (0x80) Aug 26 18:28:50.744184: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 18:28:50.744187: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.744190: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744192: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:50.744195: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 18:28:50.744198: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744201: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744204: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.744206: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.744209: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744212: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 18:28:50.744214: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 18:28:50.744218: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744221: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744223: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.744226: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.744229: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744231: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:50.744234: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 18:28:50.744237: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744240: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744243: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.744245: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.744248: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744251: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 18:28:50.744253: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 18:28:50.744256: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744259: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744262: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.744265: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.744267: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744270: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.744273: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:50.744276: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744279: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744282: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.744284: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.744287: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744295: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.744298: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 18:28:50.744302: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744305: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744308: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.744311: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.744314: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744316: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.744319: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 18:28:50.744322: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744325: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744328: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.744330: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.744333: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744336: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.744339: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 18:28:50.744342: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744345: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744347: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.744363: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.744366: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744368: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.744371: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 18:28:50.744374: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744377: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744379: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.744382: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.744384: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744387: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.744390: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 18:28:50.744393: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744395: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744398: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.744401: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.744403: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744406: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.744408: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 18:28:50.744411: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744414: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744417: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.744434: | *****emit IKEv2 Transform Substructure Payload: Aug 26 18:28:50.744438: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 18:28:50.744441: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 18:28:50.744444: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 18:28:50.744447: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 18:28:50.744450: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 18:28:50.744453: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 18:28:50.744456: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 18:28:50.744459: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 18:28:50.744462: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 18:28:50.744464: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 18:28:50.744467: | ***emit IKEv2 Key Exchange Payload: Aug 26 18:28:50.744470: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:50.744473: | flags: none (0x0) Aug 26 18:28:50.744475: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 18:28:50.744479: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 18:28:50.744482: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:28:50.744486: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 18:28:50.744489: | ikev2 g^x bc 41 48 84 2e 08 e0 3f c8 5a fc d8 fb f1 25 f2 Aug 26 18:28:50.744491: | ikev2 g^x c1 68 44 14 9d 18 56 73 ab 24 33 1e 11 3e a3 96 Aug 26 18:28:50.744494: | ikev2 g^x f1 b6 c2 f9 ff 1a 17 28 8f ee 4a c0 65 3c 53 e0 Aug 26 18:28:50.744496: | ikev2 g^x fa bb 12 dd 0b b9 49 11 07 02 ca 43 5b d4 bd 54 Aug 26 18:28:50.744499: | ikev2 g^x 1e 34 c5 61 f0 d0 53 43 1d f2 8e c6 c9 a8 c9 6f Aug 26 18:28:50.744502: | ikev2 g^x d3 63 3e aa c0 49 ca fc eb 8d 92 e1 47 ee 53 fd Aug 26 18:28:50.744504: | ikev2 g^x 6a 61 43 94 62 a3 0c c5 9b 35 1f 2a dc 81 cc 1a Aug 26 18:28:50.744507: | ikev2 g^x f9 32 1c 61 40 c8 35 fa e0 e7 98 96 33 2f a2 e8 Aug 26 18:28:50.744510: | ikev2 g^x 84 29 c5 28 81 7d bb e0 24 bf a4 87 78 c6 47 c3 Aug 26 18:28:50.744512: | ikev2 g^x de 61 40 04 fa 3d 4e a2 cb 8a ca 9a 74 94 23 55 Aug 26 18:28:50.744515: | ikev2 g^x 95 8c fc 9a 26 58 a1 95 0d ee a2 2a a3 56 0b 2d Aug 26 18:28:50.744517: | ikev2 g^x 33 fb c8 fe 7d 97 6b fe 7a 19 21 08 75 67 67 7b Aug 26 18:28:50.744520: | ikev2 g^x 3b 8b ea 5f 6b 76 33 8e 71 33 6c 8a f6 22 60 34 Aug 26 18:28:50.744522: | ikev2 g^x 39 0f c9 49 7b e7 6a 81 94 41 91 00 7e b3 dc db Aug 26 18:28:50.744525: | ikev2 g^x 37 c6 cb 60 ea b0 3d 61 ef 34 79 26 31 4f c4 71 Aug 26 18:28:50.744528: | ikev2 g^x 2d e6 6d 9f be fc 00 ae 9f 49 47 93 58 8c 40 38 Aug 26 18:28:50.744530: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 18:28:50.744533: | ***emit IKEv2 Nonce Payload: Aug 26 18:28:50.744536: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 18:28:50.744538: | flags: none (0x0) Aug 26 18:28:50.744541: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 18:28:50.744545: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 18:28:50.744548: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:28:50.744551: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 18:28:50.744553: | IKEv2 nonce f8 c9 44 cc a6 68 fa eb 26 0b d7 b2 12 53 da 63 Aug 26 18:28:50.744556: | IKEv2 nonce 0f 61 5c 89 0d 4a 5b f7 bd 01 86 d3 20 c9 62 db Aug 26 18:28:50.744560: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 18:28:50.744563: | Adding a v2N Payload Aug 26 18:28:50.744565: | ***emit IKEv2 Notify Payload: Aug 26 18:28:50.744568: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:50.744571: | flags: none (0x0) Aug 26 18:28:50.744574: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:50.744576: | SPI size: 0 (0x0) Aug 26 18:28:50.744579: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 18:28:50.744583: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:28:50.744586: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:28:50.744589: | emitting length of IKEv2 Notify Payload: 8 Aug 26 18:28:50.744592: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 18:28:50.744595: | natd_hash: rcookie is zero Aug 26 18:28:50.744610: | natd_hash: hasher=0x564bfc8ad800(20) Aug 26 18:28:50.744614: | natd_hash: icookie= 03 6d 9d ea 17 10 8a c1 Aug 26 18:28:50.744616: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:28:50.744619: | natd_hash: ip= c0 01 02 2d Aug 26 18:28:50.744621: | natd_hash: port=500 Aug 26 18:28:50.744624: | natd_hash: hash= 15 9f 51 a0 ab 97 4e b4 0a 1e 4a b0 17 6f c5 47 Aug 26 18:28:50.744627: | natd_hash: hash= ab 50 f9 e8 Aug 26 18:28:50.744629: | Adding a v2N Payload Aug 26 18:28:50.744632: | ***emit IKEv2 Notify Payload: Aug 26 18:28:50.744634: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:50.744637: | flags: none (0x0) Aug 26 18:28:50.744640: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:50.744642: | SPI size: 0 (0x0) Aug 26 18:28:50.744645: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 18:28:50.744648: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:28:50.744651: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:28:50.744654: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:28:50.744657: | Notify data 15 9f 51 a0 ab 97 4e b4 0a 1e 4a b0 17 6f c5 47 Aug 26 18:28:50.744659: | Notify data ab 50 f9 e8 Aug 26 18:28:50.744662: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:28:50.744665: | natd_hash: rcookie is zero Aug 26 18:28:50.744671: | natd_hash: hasher=0x564bfc8ad800(20) Aug 26 18:28:50.744674: | natd_hash: icookie= 03 6d 9d ea 17 10 8a c1 Aug 26 18:28:50.744676: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 18:28:50.744679: | natd_hash: ip= c0 01 02 17 Aug 26 18:28:50.744681: | natd_hash: port=500 Aug 26 18:28:50.744684: | natd_hash: hash= df c2 70 71 3d 80 e7 10 6b 68 16 bb ee df 7e 61 Aug 26 18:28:50.744686: | natd_hash: hash= 26 75 5b 50 Aug 26 18:28:50.744689: | Adding a v2N Payload Aug 26 18:28:50.744691: | ***emit IKEv2 Notify Payload: Aug 26 18:28:50.744694: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 18:28:50.744697: | flags: none (0x0) Aug 26 18:28:50.744699: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 18:28:50.744702: | SPI size: 0 (0x0) Aug 26 18:28:50.744705: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 18:28:50.744708: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 18:28:50.744711: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 18:28:50.744714: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 18:28:50.744717: | Notify data df c2 70 71 3d 80 e7 10 6b 68 16 bb ee df 7e 61 Aug 26 18:28:50.744719: | Notify data 26 75 5b 50 Aug 26 18:28:50.744722: | emitting length of IKEv2 Notify Payload: 28 Aug 26 18:28:50.744724: | emitting length of ISAKMP Message: 828 Aug 26 18:28:50.744732: | stop processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 18:28:50.744740: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 18:28:50.744744: | #6 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 18:28:50.744748: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 18:28:50.744752: | parent state #6: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 18:28:50.744755: | Message ID: updating counters for #6 to 4294967295 after switching state Aug 26 18:28:50.744758: | Message ID: IKE #6 skipping update_recv as MD is fake Aug 26 18:28:50.744763: | Message ID: sent #6 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 18:28:50.744767: "westnet-eastnet-vti-01" #6: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 18:28:50.744772: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 18:28:50.744779: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #6) Aug 26 18:28:50.744782: | 03 6d 9d ea 17 10 8a c1 00 00 00 00 00 00 00 00 Aug 26 18:28:50.744784: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:28:50.744787: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:28:50.744789: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:28:50.744792: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:28:50.744794: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:28:50.744797: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:28:50.744799: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:28:50.744802: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:28:50.744804: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:28:50.744807: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:28:50.744809: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:28:50.744812: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:28:50.744814: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:28:50.744817: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:28:50.744819: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:28:50.744822: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:28:50.744824: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:28:50.744827: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:28:50.744829: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:28:50.744832: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:28:50.744834: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:28:50.744837: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:28:50.744839: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:28:50.744842: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:28:50.744845: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:28:50.744847: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:28:50.744850: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:28:50.744852: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:28:50.744855: | 28 00 01 08 00 0e 00 00 bc 41 48 84 2e 08 e0 3f Aug 26 18:28:50.744857: | c8 5a fc d8 fb f1 25 f2 c1 68 44 14 9d 18 56 73 Aug 26 18:28:50.744860: | ab 24 33 1e 11 3e a3 96 f1 b6 c2 f9 ff 1a 17 28 Aug 26 18:28:50.744862: | 8f ee 4a c0 65 3c 53 e0 fa bb 12 dd 0b b9 49 11 Aug 26 18:28:50.744865: | 07 02 ca 43 5b d4 bd 54 1e 34 c5 61 f0 d0 53 43 Aug 26 18:28:50.744867: | 1d f2 8e c6 c9 a8 c9 6f d3 63 3e aa c0 49 ca fc Aug 26 18:28:50.744870: | eb 8d 92 e1 47 ee 53 fd 6a 61 43 94 62 a3 0c c5 Aug 26 18:28:50.744872: | 9b 35 1f 2a dc 81 cc 1a f9 32 1c 61 40 c8 35 fa Aug 26 18:28:50.744879: | e0 e7 98 96 33 2f a2 e8 84 29 c5 28 81 7d bb e0 Aug 26 18:28:50.744882: | 24 bf a4 87 78 c6 47 c3 de 61 40 04 fa 3d 4e a2 Aug 26 18:28:50.744884: | cb 8a ca 9a 74 94 23 55 95 8c fc 9a 26 58 a1 95 Aug 26 18:28:50.744887: | 0d ee a2 2a a3 56 0b 2d 33 fb c8 fe 7d 97 6b fe Aug 26 18:28:50.744889: | 7a 19 21 08 75 67 67 7b 3b 8b ea 5f 6b 76 33 8e Aug 26 18:28:50.744892: | 71 33 6c 8a f6 22 60 34 39 0f c9 49 7b e7 6a 81 Aug 26 18:28:50.744894: | 94 41 91 00 7e b3 dc db 37 c6 cb 60 ea b0 3d 61 Aug 26 18:28:50.744897: | ef 34 79 26 31 4f c4 71 2d e6 6d 9f be fc 00 ae Aug 26 18:28:50.744899: | 9f 49 47 93 58 8c 40 38 29 00 00 24 f8 c9 44 cc Aug 26 18:28:50.744902: | a6 68 fa eb 26 0b d7 b2 12 53 da 63 0f 61 5c 89 Aug 26 18:28:50.744904: | 0d 4a 5b f7 bd 01 86 d3 20 c9 62 db 29 00 00 08 Aug 26 18:28:50.744907: | 00 00 40 2e 29 00 00 1c 00 00 40 04 15 9f 51 a0 Aug 26 18:28:50.744909: | ab 97 4e b4 0a 1e 4a b0 17 6f c5 47 ab 50 f9 e8 Aug 26 18:28:50.744912: | 00 00 00 1c 00 00 40 05 df c2 70 71 3d 80 e7 10 Aug 26 18:28:50.744914: | 6b 68 16 bb ee df 7e 61 26 75 5b 50 Aug 26 18:28:50.744957: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:28:50.744963: | libevent_free: release ptr-libevent@0x7f08fc002888 Aug 26 18:28:50.744967: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564bfd750da8 Aug 26 18:28:50.744970: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 18:28:50.744974: | event_schedule: new EVENT_RETRANSMIT-pe@0x564bfd750da8 Aug 26 18:28:50.744978: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Aug 26 18:28:50.744981: | libevent_malloc: new ptr-libevent@0x564bfd7651a8 size 128 Aug 26 18:28:50.744987: | #6 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29416.48744 Aug 26 18:28:50.744992: | resume sending helper answer for #6 suppresed complete_v2_state_transition() and stole MD Aug 26 18:28:50.744999: | #6 spent 1.73 milliseconds in resume sending helper answer Aug 26 18:28:50.745004: | stop processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:28:50.745007: | libevent_free: release ptr-libevent@0x7f08ec002888 Aug 26 18:28:51.245321: | timer_event_cb: processing event@0x564bfd750da8 Aug 26 18:28:51.245337: | handling event EVENT_RETRANSMIT for parent state #6 Aug 26 18:28:51.245345: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:28:51.245349: | IKEv2 retransmit event Aug 26 18:28:51.245354: | [RE]START processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:144) Aug 26 18:28:51.245359: | handling event EVENT_RETRANSMIT for 192.1.2.23 "westnet-eastnet-vti-01" #6 attempt 2 of 0 Aug 26 18:28:51.245363: | and parent for 192.1.2.23 "westnet-eastnet-vti-01" #6 keying attempt 1 of 0; retransmit 1 Aug 26 18:28:51.245370: | retransmits: current time 29416.987834; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.500394 exceeds limit? NO Aug 26 18:28:51.245374: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f08ec002b78 Aug 26 18:28:51.245378: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Aug 26 18:28:51.245382: | libevent_malloc: new ptr-libevent@0x7f08ec002888 size 128 Aug 26 18:28:51.245387: "westnet-eastnet-vti-01" #6: STATE_PARENT_I1: retransmission; will wait 0.5 seconds for response Aug 26 18:28:51.245395: | sending 828 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #6) Aug 26 18:28:51.245398: | 03 6d 9d ea 17 10 8a c1 00 00 00 00 00 00 00 00 Aug 26 18:28:51.245400: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 18:28:51.245403: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 18:28:51.245405: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 18:28:51.245411: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 18:28:51.245414: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 18:28:51.245416: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 18:28:51.245419: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 18:28:51.245421: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 18:28:51.245424: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 18:28:51.245426: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 18:28:51.245429: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 18:28:51.245431: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 18:28:51.245433: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 18:28:51.245436: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 18:28:51.245438: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 18:28:51.245441: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 18:28:51.245443: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 18:28:51.245446: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 18:28:51.245448: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 18:28:51.245451: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 18:28:51.245453: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 18:28:51.245456: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 18:28:51.245458: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 18:28:51.245461: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 18:28:51.245463: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 18:28:51.245465: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 18:28:51.245468: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 18:28:51.245470: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 18:28:51.245473: | 28 00 01 08 00 0e 00 00 bc 41 48 84 2e 08 e0 3f Aug 26 18:28:51.245475: | c8 5a fc d8 fb f1 25 f2 c1 68 44 14 9d 18 56 73 Aug 26 18:28:51.245478: | ab 24 33 1e 11 3e a3 96 f1 b6 c2 f9 ff 1a 17 28 Aug 26 18:28:51.245480: | 8f ee 4a c0 65 3c 53 e0 fa bb 12 dd 0b b9 49 11 Aug 26 18:28:51.245483: | 07 02 ca 43 5b d4 bd 54 1e 34 c5 61 f0 d0 53 43 Aug 26 18:28:51.245485: | 1d f2 8e c6 c9 a8 c9 6f d3 63 3e aa c0 49 ca fc Aug 26 18:28:51.245488: | eb 8d 92 e1 47 ee 53 fd 6a 61 43 94 62 a3 0c c5 Aug 26 18:28:51.245490: | 9b 35 1f 2a dc 81 cc 1a f9 32 1c 61 40 c8 35 fa Aug 26 18:28:51.245492: | e0 e7 98 96 33 2f a2 e8 84 29 c5 28 81 7d bb e0 Aug 26 18:28:51.245495: | 24 bf a4 87 78 c6 47 c3 de 61 40 04 fa 3d 4e a2 Aug 26 18:28:51.245497: | cb 8a ca 9a 74 94 23 55 95 8c fc 9a 26 58 a1 95 Aug 26 18:28:51.245500: | 0d ee a2 2a a3 56 0b 2d 33 fb c8 fe 7d 97 6b fe Aug 26 18:28:51.245502: | 7a 19 21 08 75 67 67 7b 3b 8b ea 5f 6b 76 33 8e Aug 26 18:28:51.245505: | 71 33 6c 8a f6 22 60 34 39 0f c9 49 7b e7 6a 81 Aug 26 18:28:51.245507: | 94 41 91 00 7e b3 dc db 37 c6 cb 60 ea b0 3d 61 Aug 26 18:28:51.245510: | ef 34 79 26 31 4f c4 71 2d e6 6d 9f be fc 00 ae Aug 26 18:28:51.245512: | 9f 49 47 93 58 8c 40 38 29 00 00 24 f8 c9 44 cc Aug 26 18:28:51.245514: | a6 68 fa eb 26 0b d7 b2 12 53 da 63 0f 61 5c 89 Aug 26 18:28:51.245517: | 0d 4a 5b f7 bd 01 86 d3 20 c9 62 db 29 00 00 08 Aug 26 18:28:51.245519: | 00 00 40 2e 29 00 00 1c 00 00 40 04 15 9f 51 a0 Aug 26 18:28:51.245522: | ab 97 4e b4 0a 1e 4a b0 17 6f c5 47 ab 50 f9 e8 Aug 26 18:28:51.245524: | 00 00 00 1c 00 00 40 05 df c2 70 71 3d 80 e7 10 Aug 26 18:28:51.245527: | 6b 68 16 bb ee df 7e 61 26 75 5b 50 Aug 26 18:28:51.245935: | libevent_free: release ptr-libevent@0x564bfd7651a8 Aug 26 18:28:51.245943: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564bfd750da8 Aug 26 18:28:51.245952: | #6 spent 0.626 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:28:51.245958: | stop processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:28:51.605317: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:28:51.605346: shutting down Aug 26 18:28:51.605357: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 18:28:51.605361: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:28:51.605364: forgetting secrets Aug 26 18:28:51.605371: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:28:51.605376: | unreference key: 0x564bfd74c5b8 @east cnt 1-- Aug 26 18:28:51.605381: | unreference key: 0x564bfd74c2e8 @west cnt 1-- Aug 26 18:28:51.605387: | start processing: connection "westnet-eastnet-vti-01" (in delete_connection() at connections.c:189) Aug 26 18:28:51.605391: | removing pending policy for no connection {0x564bfd73d158} Aug 26 18:28:51.605395: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:28:51.605397: | pass 0 Aug 26 18:28:51.605400: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:28:51.605403: | state #6 Aug 26 18:28:51.605408: | suspend processing: connection "westnet-eastnet-vti-01" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:28:51.605414: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:28:51.605418: | pstats #6 ikev2.ike deleted other Aug 26 18:28:51.605425: | #6 spent 3.45 milliseconds in total Aug 26 18:28:51.605430: | [RE]START processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:28:51.605435: "westnet-eastnet-vti-01" #6: deleting state (STATE_PARENT_I1) aged 0.863s and NOT sending notification Aug 26 18:28:51.605439: | parent state #6: PARENT_I1(half-open IKE SA) => delete Aug 26 18:28:51.605443: | state #6 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:28:51.605447: | #6 STATE_PARENT_I1: retransmits: cleared Aug 26 18:28:51.605452: | libevent_free: release ptr-libevent@0x7f08ec002888 Aug 26 18:28:51.605455: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f08ec002b78 Aug 26 18:28:51.605460: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 18:28:51.605464: | picked newest_isakmp_sa #0 for #6 Aug 26 18:28:51.605467: "westnet-eastnet-vti-01" #6: deleting IKE SA for connection 'westnet-eastnet-vti-01' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:28:51.605471: | add revival: connection 'westnet-eastnet-vti-01' added to the list and scheduled for 5 seconds Aug 26 18:28:51.605475: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 18:28:51.605483: | stop processing: connection "westnet-eastnet-vti-01" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 18:28:51.605487: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 18:28:51.605489: | in connection_discard for connection westnet-eastnet-vti-01 Aug 26 18:28:51.605492: | State DB: deleting IKEv2 state #6 in PARENT_I1 Aug 26 18:28:51.605496: | parent state #6: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 18:28:51.605529: | stop processing: state #6 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:28:51.605536: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:28:51.605539: | pass 1 Aug 26 18:28:51.605542: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:28:51.605547: | shunt_eroute() called for connection 'westnet-eastnet-vti-01' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:28:51.605551: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:28:51.605555: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Aug 26 18:28:51.605603: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Aug 26 18:28:51.605619: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:28:51.605622: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 18:28:51.605625: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Aug 26 18:28:51.605628: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 18:28:51.605630: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Aug 26 18:28:51.605633: | route owner of "westnet-eastnet-vti-01" unrouted: NULL Aug 26 18:28:51.605636: | running updown command "ipsec _updown" for verb unroute Aug 26 18:28:51.605639: | command executing unroute-client Aug 26 18:28:51.605664: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xf Aug 26 18:28:51.605668: | popen cmd is 1121 chars long Aug 26 18:28:51.605671: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 18:28:51.605673: | cmd( 80):t-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: Aug 26 18:28:51.605676: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0: Aug 26 18:28:51.605678: | cmd( 240):.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT: Aug 26 18:28:51.605680: | cmd( 320):='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEE: Aug 26 18:28:51.605683: | cmd( 400):R='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER: Aug 26 18:28:51.605685: | cmd( 480):_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT=': Aug 26 18:28:51.605687: | cmd( 560):0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME=': Aug 26 18:28:51.605690: | cmd( 640):0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_F: Aug 26 18:28:51.605692: | cmd( 720):RAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XA: Aug 26 18:28:51.605694: | cmd( 800):UTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_IN: Aug 26 18:28:51.605696: | cmd( 880):FO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CO: Aug 26 18:28:51.605699: | cmd( 960):NFIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ips: Aug 26 18:28:51.605701: | cmd(1040):ec0' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&: Aug 26 18:28:51.605703: | cmd(1120):1: Aug 26 18:28:51.617592: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.617616: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.617619: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.617623: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.617637: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618429: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618441: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618444: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618450: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618452: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618455: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618458: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618460: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618463: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618465: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618468: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618470: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618472: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618475: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618477: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618480: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618482: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618485: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618487: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618489: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618492: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618495: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618497: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618500: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.618502: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.625175: | flush revival: connection 'westnet-eastnet-vti-01' revival flushed Aug 26 18:28:51.625200: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 18:28:51.625228: | start processing: connection "westnet-eastnet-vti-02" (in delete_connection() at connections.c:189) Aug 26 18:28:51.625234: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:28:51.625237: | pass 0 Aug 26 18:28:51.625240: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:28:51.625243: | pass 1 Aug 26 18:28:51.625247: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:28:51.625255: | shunt_eroute() called for connection 'westnet-eastnet-vti-02' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:28:51.625259: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:28:51.625263: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Aug 26 18:28:51.625312: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Aug 26 18:28:51.625327: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:28:51.625331: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Aug 26 18:28:51.625334: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Aug 26 18:28:51.625338: | route owner of "westnet-eastnet-vti-02" unrouted: NULL Aug 26 18:28:51.625341: | running updown command "ipsec _updown" for verb unroute Aug 26 18:28:51.625344: | command executing unroute-client Aug 26 18:28:51.625377: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffff Aug 26 18:28:51.625384: | popen cmd is 1116 chars long Aug 26 18:28:51.625387: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 18:28:51.625390: | cmd( 80):t-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: Aug 26 18:28:51.625393: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1: Aug 26 18:28:51.625395: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0: Aug 26 18:28:51.625398: | cmd( 320):' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER=': Aug 26 18:28:51.625401: | cmd( 400):192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLI: Aug 26 18:28:51.625403: | cmd( 480):ENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PL: Aug 26 18:28:51.625406: | cmd( 560):UTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PL: Aug 26 18:28:51.625408: | cmd( 640):UTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_A: Aug 26 18:28:51.625410: | cmd( 720):LLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_F: Aug 26 18:28:51.625413: | cmd( 800):AILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='': Aug 26 18:28:51.625415: | cmd( 880): PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGU: Aug 26 18:28:51.625417: | cmd( 960):RED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' : Aug 26 18:28:51.625420: | cmd(1040):VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 18:28:51.639287: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639323: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639326: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639328: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639338: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639351: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639366: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639379: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639393: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639407: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639421: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639437: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639453: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639467: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639480: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639493: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639508: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639522: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639535: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639548: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639560: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639574: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639588: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639601: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639614: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639627: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639643: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639658: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639926: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.639934: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:28:51.645201: | free hp@0x564bfd74c208 Aug 26 18:28:51.645216: | flush revival: connection 'westnet-eastnet-vti-02' wasn't on the list Aug 26 18:28:51.645221: | stop processing: connection "westnet-eastnet-vti-02" (in discard_connection() at connections.c:249) Aug 26 18:28:51.645234: | crl fetch request list locked by 'free_crl_fetch' Aug 26 18:28:51.645236: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 18:28:51.645246: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 18:28:51.645248: shutting down interface lo/lo 127.0.0.1:500 Aug 26 18:28:51.645251: shutting down interface eth1/eth1 192.1.2.45:4500 Aug 26 18:28:51.645253: shutting down interface eth1/eth1 192.1.2.45:500 Aug 26 18:28:51.645256: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 18:28:51.645265: | libevent_free: release ptr-libevent@0x564bfd73dcc8 Aug 26 18:28:51.645268: | free_event_entry: release EVENT_NULL-pe@0x564bfd749938 Aug 26 18:28:51.645277: | libevent_free: release ptr-libevent@0x564bfd6d16e8 Aug 26 18:28:51.645279: | free_event_entry: release EVENT_NULL-pe@0x564bfd7499e8 Aug 26 18:28:51.645285: | libevent_free: release ptr-libevent@0x564bfd6d3588 Aug 26 18:28:51.645287: | free_event_entry: release EVENT_NULL-pe@0x564bfd749a98 Aug 26 18:28:51.645342: | libevent_free: release ptr-libevent@0x564bfd6d06d8 Aug 26 18:28:51.645344: | free_event_entry: release EVENT_NULL-pe@0x564bfd749b48 Aug 26 18:28:51.645349: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:28:51.645850: | libevent_free: release ptr-libevent@0x564bfd73dd78 Aug 26 18:28:51.645859: | free_event_entry: release EVENT_NULL-pe@0x564bfd731b68 Aug 26 18:28:51.645865: | libevent_free: release ptr-libevent@0x564bfd6d3488 Aug 26 18:28:51.645869: | free_event_entry: release EVENT_NULL-pe@0x564bfd731af8 Aug 26 18:28:51.645874: | libevent_free: release ptr-libevent@0x564bfd715478 Aug 26 18:28:51.645878: | free_event_entry: release EVENT_NULL-pe@0x564bfd730fb8 Aug 26 18:28:51.645883: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 18:28:51.645886: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 18:28:51.645889: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 18:28:51.645891: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 18:28:51.645894: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 18:28:51.645896: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 18:28:51.645899: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 18:28:51.645902: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 18:28:51.645905: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 18:28:51.645914: | libevent_free: release ptr-libevent@0x564bfd6d9b68 Aug 26 18:28:51.645918: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 18:28:51.645921: | libevent_free: release ptr-libevent@0x564bfd749278 Aug 26 18:28:51.645924: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 18:28:51.645927: | libevent_free: release ptr-libevent@0x564bfd749388 Aug 26 18:28:51.645930: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 18:28:51.645933: | libevent_free: release ptr-libevent@0x564bfd7495c8 Aug 26 18:28:51.645936: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 18:28:51.645938: | releasing event base Aug 26 18:28:51.645951: | libevent_free: release ptr-libevent@0x564bfd749498 Aug 26 18:28:51.645954: | libevent_free: release ptr-libevent@0x564bfd72c438 Aug 26 18:28:51.645958: | libevent_free: release ptr-libevent@0x564bfd72c3e8 Aug 26 18:28:51.645961: | libevent_free: release ptr-libevent@0x7f08fc0027d8 Aug 26 18:28:51.645964: | libevent_free: release ptr-libevent@0x564bfd72c338 Aug 26 18:28:51.645967: | libevent_free: release ptr-libevent@0x564bfd749048 Aug 26 18:28:51.645970: | libevent_free: release ptr-libevent@0x564bfd7491f8 Aug 26 18:28:51.645973: | libevent_free: release ptr-libevent@0x564bfd72c5e8 Aug 26 18:28:51.645977: | libevent_free: release ptr-libevent@0x564bfd7310c8 Aug 26 18:28:51.645980: | libevent_free: release ptr-libevent@0x564bfd731ab8 Aug 26 18:28:51.645982: | libevent_free: release ptr-libevent@0x564bfd749bb8 Aug 26 18:28:51.645985: | libevent_free: release ptr-libevent@0x564bfd749b08 Aug 26 18:28:51.645988: | libevent_free: release ptr-libevent@0x564bfd749a58 Aug 26 18:28:51.645991: | libevent_free: release ptr-libevent@0x564bfd7499a8 Aug 26 18:28:51.645994: | libevent_free: release ptr-libevent@0x564bfd6cff28 Aug 26 18:28:51.645997: | libevent_free: release ptr-libevent@0x564bfd749348 Aug 26 18:28:51.645999: | libevent_free: release ptr-libevent@0x564bfd749238 Aug 26 18:28:51.646002: | libevent_free: release ptr-libevent@0x564bfd7491b8 Aug 26 18:28:51.646005: | libevent_free: release ptr-libevent@0x564bfd749458 Aug 26 18:28:51.646007: | libevent_free: release ptr-libevent@0x564bfd749088 Aug 26 18:28:51.646010: | libevent_free: release ptr-libevent@0x564bfd6a7908 Aug 26 18:28:51.646013: | libevent_free: release ptr-libevent@0x564bfd6a7d38 Aug 26 18:28:51.646016: | libevent_free: release ptr-libevent@0x564bfd6d0298 Aug 26 18:28:51.646018: | releasing global libevent data Aug 26 18:28:51.646022: | libevent_free: release ptr-libevent@0x564bfd6a77f8 Aug 26 18:28:51.646025: | libevent_free: release ptr-libevent@0x564bfd6a7cd8 Aug 26 18:28:51.646028: | libevent_free: release ptr-libevent@0x564bfd6a7dd8 Aug 26 18:28:51.646078: leak detective found no leaks