Sep 21 07:15:27.344508: FIPS Product: YES Sep 21 07:15:27.344552: FIPS Kernel: NO Sep 21 07:15:27.344556: FIPS Mode: NO Sep 21 07:15:27.344558: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:15:27.344739: Initializing NSS Sep 21 07:15:27.344744: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:15:27.443460: NSS initialized Sep 21 07:15:27.443479: NSS crypto library initialized Sep 21 07:15:27.443481: FIPS HMAC integrity support [enabled] Sep 21 07:15:27.443483: FIPS mode disabled for pluto daemon Sep 21 07:15:27.615583: FIPS HMAC integrity verification self-test FAILED Sep 21 07:15:27.615687: libcap-ng support [enabled] Sep 21 07:15:27.615695: Linux audit support [enabled] Sep 21 07:15:27.615723: Linux audit activated Sep 21 07:15:27.615730: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:19827 Sep 21 07:15:27.615733: core dump dir: /tmp Sep 21 07:15:27.615735: secrets file: /etc/ipsec.secrets Sep 21 07:15:27.615737: leak-detective disabled Sep 21 07:15:27.615739: NSS crypto [enabled] Sep 21 07:15:27.615740: XAUTH PAM support [enabled] Sep 21 07:15:27.615821: | libevent is using pluto's memory allocator Sep 21 07:15:27.615830: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:15:27.615843: | libevent_malloc: new ptr-libevent@0x56195db6bf10 size 40 Sep 21 07:15:27.615849: | libevent_malloc: new ptr-libevent@0x56195db6d1c0 size 40 Sep 21 07:15:27.615852: | libevent_malloc: new ptr-libevent@0x56195db6d1f0 size 40 Sep 21 07:15:27.615854: | creating event base Sep 21 07:15:27.615857: | libevent_malloc: new ptr-libevent@0x56195db6d180 size 56 Sep 21 07:15:27.615860: | libevent_malloc: new ptr-libevent@0x56195db6d220 size 664 Sep 21 07:15:27.615870: | libevent_malloc: new ptr-libevent@0x56195db6d4c0 size 24 Sep 21 07:15:27.615874: | libevent_malloc: new ptr-libevent@0x56195db5ebf0 size 384 Sep 21 07:15:27.615884: | libevent_malloc: new ptr-libevent@0x56195db6d4e0 size 16 Sep 21 07:15:27.615886: | libevent_malloc: new ptr-libevent@0x56195db6d500 size 40 Sep 21 07:15:27.615889: | libevent_malloc: new ptr-libevent@0x56195db6d530 size 48 Sep 21 07:15:27.615896: | libevent_realloc: new ptr-libevent@0x56195daef370 size 256 Sep 21 07:15:27.615898: | libevent_malloc: new ptr-libevent@0x56195db6d570 size 16 Sep 21 07:15:27.615904: | libevent_free: release ptr-libevent@0x56195db6d180 Sep 21 07:15:27.615908: | libevent initialized Sep 21 07:15:27.615912: | libevent_realloc: new ptr-libevent@0x56195db6d590 size 64 Sep 21 07:15:27.615918: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:15:27.615932: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:15:27.615935: NAT-Traversal support [enabled] Sep 21 07:15:27.615937: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:15:27.615943: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:15:27.615947: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:15:27.615982: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:15:27.615986: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:15:27.615988: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:15:27.616040: Encryption algorithms: Sep 21 07:15:27.616047: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:15:27.616051: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:15:27.616054: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:15:27.616058: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:15:27.616061: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:15:27.616070: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:15:27.616074: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:15:27.616078: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:15:27.616081: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:15:27.616085: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:15:27.616089: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:15:27.616092: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:15:27.616095: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:15:27.616098: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:15:27.616101: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:15:27.616104: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:15:27.616107: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:15:27.616114: Hash algorithms: Sep 21 07:15:27.616117: MD5 IKEv1: IKE IKEv2: Sep 21 07:15:27.616120: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:15:27.616123: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:15:27.616126: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:15:27.616128: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:15:27.616141: PRF algorithms: Sep 21 07:15:27.616144: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:15:27.616147: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:15:27.616150: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:15:27.616153: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:15:27.616156: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:15:27.616159: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:15:27.616184: Integrity algorithms: Sep 21 07:15:27.616187: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:15:27.616191: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:15:27.616195: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:15:27.616199: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:15:27.616203: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:15:27.616206: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:15:27.616209: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:15:27.616212: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:15:27.616215: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:15:27.616228: DH algorithms: Sep 21 07:15:27.616231: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:15:27.616234: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:15:27.616236: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:15:27.616241: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:15:27.616244: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:15:27.616246: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:15:27.616249: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:15:27.616252: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:15:27.616255: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:15:27.616258: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:15:27.616261: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:15:27.616263: testing CAMELLIA_CBC: Sep 21 07:15:27.616266: Camellia: 16 bytes with 128-bit key Sep 21 07:15:27.616388: Camellia: 16 bytes with 128-bit key Sep 21 07:15:27.616418: Camellia: 16 bytes with 256-bit key Sep 21 07:15:27.616447: Camellia: 16 bytes with 256-bit key Sep 21 07:15:27.616473: testing AES_GCM_16: Sep 21 07:15:27.616476: empty string Sep 21 07:15:27.616503: one block Sep 21 07:15:27.616529: two blocks Sep 21 07:15:27.616554: two blocks with associated data Sep 21 07:15:27.616579: testing AES_CTR: Sep 21 07:15:27.616582: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:15:27.616608: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:15:27.616634: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:15:27.616661: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:15:27.616687: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:15:27.616713: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:15:27.616740: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:15:27.616765: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:15:27.616797: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:15:27.616829: testing AES_CBC: Sep 21 07:15:27.616832: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:15:27.616857: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:15:27.616886: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:15:27.616915: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:15:27.616949: testing AES_XCBC: Sep 21 07:15:27.616952: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:15:27.617073: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:15:27.617205: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:15:27.617328: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:15:27.617452: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:15:27.617579: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:15:27.617710: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:15:27.618015: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:15:27.618152: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:15:27.618292: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:15:27.618534: testing HMAC_MD5: Sep 21 07:15:27.618538: RFC 2104: MD5_HMAC test 1 Sep 21 07:15:27.618714: RFC 2104: MD5_HMAC test 2 Sep 21 07:15:27.618871: RFC 2104: MD5_HMAC test 3 Sep 21 07:15:27.619057: 8 CPU cores online Sep 21 07:15:27.619061: starting up 7 crypto helpers Sep 21 07:15:27.619091: started thread for crypto helper 0 Sep 21 07:15:27.619117: started thread for crypto helper 1 Sep 21 07:15:27.619134: started thread for crypto helper 2 Sep 21 07:15:27.619152: started thread for crypto helper 3 Sep 21 07:15:27.619169: started thread for crypto helper 4 Sep 21 07:15:27.619186: started thread for crypto helper 5 Sep 21 07:15:27.619210: started thread for crypto helper 6 Sep 21 07:15:27.619214: | checking IKEv1 state table Sep 21 07:15:27.619221: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:15:27.619224: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:15:27.619227: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:15:27.619229: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:15:27.619231: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:15:27.619234: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:15:27.619236: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:15:27.619238: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:15:27.619241: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:15:27.619243: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:15:27.619245: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:15:27.619247: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:15:27.619250: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:15:27.619252: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:15:27.619254: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:15:27.619256: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:15:27.619259: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:15:27.619261: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:15:27.619263: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:15:27.619265: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:15:27.619268: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:15:27.619270: | -> UNDEFINED EVENT_NULL Sep 21 07:15:27.619273: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:15:27.619275: | -> UNDEFINED EVENT_NULL Sep 21 07:15:27.619277: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:15:27.619280: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:15:27.619282: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:15:27.619284: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:15:27.619287: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:15:27.619289: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:15:27.619291: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:15:27.619294: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:15:27.619296: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:15:27.619298: | -> UNDEFINED EVENT_NULL Sep 21 07:15:27.619301: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:15:27.619303: | -> UNDEFINED EVENT_NULL Sep 21 07:15:27.619306: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:15:27.619308: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:15:27.619310: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:15:27.619313: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:15:27.619315: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:15:27.619317: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:15:27.619320: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:15:27.619322: | -> UNDEFINED EVENT_NULL Sep 21 07:15:27.619325: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:15:27.619327: | -> UNDEFINED EVENT_NULL Sep 21 07:15:27.619330: | INFO: category: informational flags: 0: Sep 21 07:15:27.619332: | -> UNDEFINED EVENT_NULL Sep 21 07:15:27.619334: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:15:27.619336: | -> UNDEFINED EVENT_NULL Sep 21 07:15:27.619339: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:15:27.619341: | -> XAUTH_R1 EVENT_NULL Sep 21 07:15:27.619344: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:15:27.619346: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:15:27.619348: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:15:27.619351: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:15:27.619353: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:15:27.619356: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:15:27.619358: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:15:27.619360: | -> UNDEFINED EVENT_NULL Sep 21 07:15:27.619363: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:15:27.619367: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:15:27.619370: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:15:27.619372: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:15:27.619375: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:15:27.619377: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:15:27.619383: | checking IKEv2 state table Sep 21 07:15:27.619389: | PARENT_I0: category: ignore flags: 0: Sep 21 07:15:27.619391: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:15:27.619394: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:15:27.619397: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:15:27.619399: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:15:27.619402: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:15:27.619405: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:15:27.619408: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:15:27.619410: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:15:27.619413: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:15:27.619415: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:15:27.619418: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:15:27.619420: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:15:27.619423: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:15:27.619425: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:15:27.619427: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:15:27.619430: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:15:27.619433: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:15:27.619435: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:15:27.619438: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:15:27.619440: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:15:27.619443: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:15:27.619446: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:15:27.619448: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:15:27.619450: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:15:27.619453: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:15:27.619455: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:15:27.619458: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:15:27.619461: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:15:27.619463: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:15:27.619466: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:15:27.619469: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:15:27.619471: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:15:27.619474: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:15:27.619477: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:15:27.619479: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:15:27.619482: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:15:27.619485: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:15:27.619487: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:15:27.619491: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:15:27.619494: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:15:27.619497: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:15:27.619500: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:15:27.619502: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:15:27.619505: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:15:27.619507: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:15:27.619510: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:15:27.619542: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:15:27.619599: | Hard-wiring algorithms Sep 21 07:15:27.619603: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:15:27.619607: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:15:27.619609: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:15:27.619612: | adding 3DES_CBC to kernel algorithm db Sep 21 07:15:27.619614: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:15:27.619616: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:15:27.619618: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:15:27.619620: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:15:27.619622: | adding AES_CTR to kernel algorithm db Sep 21 07:15:27.619624: | adding AES_CBC to kernel algorithm db Sep 21 07:15:27.619626: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:15:27.619628: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:15:27.619630: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:15:27.619632: | adding NULL to kernel algorithm db Sep 21 07:15:27.619634: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:15:27.619637: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:15:27.619639: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:15:27.619641: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:15:27.619644: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:15:27.619646: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:15:27.619648: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:15:27.619651: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:15:27.619653: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:15:27.619655: | adding NONE to kernel algorithm db Sep 21 07:15:27.619677: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:15:27.619683: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:15:27.619686: | setup kernel fd callback Sep 21 07:15:27.619689: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x56195db72c30 Sep 21 07:15:27.619692: | libevent_malloc: new ptr-libevent@0x56195db7ed50 size 128 Sep 21 07:15:27.619695: | libevent_malloc: new ptr-libevent@0x56195db71f10 size 16 Sep 21 07:15:27.619701: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x56195db72bf0 Sep 21 07:15:27.619704: | libevent_malloc: new ptr-libevent@0x56195db7ede0 size 128 Sep 21 07:15:27.619706: | libevent_malloc: new ptr-libevent@0x56195db71f30 size 16 Sep 21 07:15:27.619951: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:15:27.619961: selinux support is enabled. Sep 21 07:15:27.620035: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:15:27.620206: | unbound context created - setting debug level to 5 Sep 21 07:15:27.620234: | /etc/hosts lookups activated Sep 21 07:15:27.620246: | /etc/resolv.conf usage activated Sep 21 07:15:27.620309: | outgoing-port-avoid set 0-65535 Sep 21 07:15:27.620337: | outgoing-port-permit set 32768-60999 Sep 21 07:15:27.620340: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:15:27.620343: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:15:27.620346: | Setting up events, loop start Sep 21 07:15:27.620349: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x56195db6d180 Sep 21 07:15:27.620355: | libevent_malloc: new ptr-libevent@0x56195db89350 size 128 Sep 21 07:15:27.620358: | libevent_malloc: new ptr-libevent@0x56195db893e0 size 16 Sep 21 07:15:27.620365: | libevent_realloc: new ptr-libevent@0x56195daed5b0 size 256 Sep 21 07:15:27.620368: | libevent_malloc: new ptr-libevent@0x56195db89400 size 8 Sep 21 07:15:27.620371: | libevent_realloc: new ptr-libevent@0x56195db7e150 size 144 Sep 21 07:15:27.620374: | libevent_malloc: new ptr-libevent@0x56195db89420 size 152 Sep 21 07:15:27.620377: | libevent_malloc: new ptr-libevent@0x56195db894c0 size 16 Sep 21 07:15:27.620381: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:15:27.620384: | libevent_malloc: new ptr-libevent@0x56195db894e0 size 8 Sep 21 07:15:27.620386: | libevent_malloc: new ptr-libevent@0x56195db89500 size 152 Sep 21 07:15:27.620389: | signal event handler PLUTO_SIGTERM installed Sep 21 07:15:27.620392: | libevent_malloc: new ptr-libevent@0x56195db895a0 size 8 Sep 21 07:15:27.620394: | libevent_malloc: new ptr-libevent@0x56195db895c0 size 152 Sep 21 07:15:27.620397: | signal event handler PLUTO_SIGHUP installed Sep 21 07:15:27.620400: | libevent_malloc: new ptr-libevent@0x56195db89660 size 8 Sep 21 07:15:27.620402: | libevent_realloc: release ptr-libevent@0x56195db7e150 Sep 21 07:15:27.620405: | libevent_realloc: new ptr-libevent@0x56195db89680 size 256 Sep 21 07:15:27.620407: | libevent_malloc: new ptr-libevent@0x56195db7e150 size 152 Sep 21 07:15:27.620410: | signal event handler PLUTO_SIGSYS installed Sep 21 07:15:27.620754: | created addconn helper (pid:20113) using fork+execve Sep 21 07:15:27.620766: | forked child 20113 Sep 21 07:15:27.620813: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:15:27.620840: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:15:27.620848: listening for IKE messages Sep 21 07:15:27.621484: | starting up helper thread 1 Sep 21 07:15:27.621498: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:15:27.621506: | crypto helper 1 waiting (nothing to do) Sep 21 07:15:27.621517: | starting up helper thread 2 Sep 21 07:15:27.621523: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:15:27.621526: | crypto helper 2 waiting (nothing to do) Sep 21 07:15:27.628356: | Inspecting interface lo Sep 21 07:15:27.628370: | found lo with address 127.0.0.1 Sep 21 07:15:27.628374: | Inspecting interface eth0 Sep 21 07:15:27.628378: | found eth0 with address 192.0.2.254 Sep 21 07:15:27.628380: | Inspecting interface eth1 Sep 21 07:15:27.628384: | found eth1 with address 192.1.2.23 Sep 21 07:15:27.628444: Kernel supports NIC esp-hw-offload Sep 21 07:15:27.628457: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Sep 21 07:15:27.628479: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:15:27.628484: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:15:27.628487: adding interface eth1/eth1 192.1.2.23:4500 Sep 21 07:15:27.628509: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Sep 21 07:15:27.628527: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:15:27.628531: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:15:27.628534: adding interface eth0/eth0 192.0.2.254:4500 Sep 21 07:15:27.628557: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:15:27.628576: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:15:27.628580: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:15:27.628583: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:15:27.628634: | no interfaces to sort Sep 21 07:15:27.628638: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:15:27.628647: | add_fd_read_event_handler: new ethX-pe@0x56195db899f0 Sep 21 07:15:27.628651: | libevent_malloc: new ptr-libevent@0x56195db89a30 size 128 Sep 21 07:15:27.628660: | libevent_malloc: new ptr-libevent@0x56195db89ac0 size 16 Sep 21 07:15:27.628669: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:15:27.628672: | add_fd_read_event_handler: new ethX-pe@0x56195db89ae0 Sep 21 07:15:27.628675: | libevent_malloc: new ptr-libevent@0x56195db89b20 size 128 Sep 21 07:15:27.628677: | libevent_malloc: new ptr-libevent@0x56195db89bb0 size 16 Sep 21 07:15:27.628682: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:15:27.628684: | add_fd_read_event_handler: new ethX-pe@0x56195db89bd0 Sep 21 07:15:27.628687: | libevent_malloc: new ptr-libevent@0x56195db89c10 size 128 Sep 21 07:15:27.628689: | libevent_malloc: new ptr-libevent@0x56195db89ca0 size 16 Sep 21 07:15:27.628694: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:15:27.628696: | add_fd_read_event_handler: new ethX-pe@0x56195db89cc0 Sep 21 07:15:27.628699: | libevent_malloc: new ptr-libevent@0x56195db89d00 size 128 Sep 21 07:15:27.628701: | libevent_malloc: new ptr-libevent@0x56195db89d90 size 16 Sep 21 07:15:27.628705: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:15:27.628708: | add_fd_read_event_handler: new ethX-pe@0x56195db89db0 Sep 21 07:15:27.628710: | libevent_malloc: new ptr-libevent@0x56195db89df0 size 128 Sep 21 07:15:27.628713: | libevent_malloc: new ptr-libevent@0x56195db89e80 size 16 Sep 21 07:15:27.628717: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:15:27.628720: | add_fd_read_event_handler: new ethX-pe@0x56195db89ea0 Sep 21 07:15:27.628722: | libevent_malloc: new ptr-libevent@0x56195db89ee0 size 128 Sep 21 07:15:27.628725: | libevent_malloc: new ptr-libevent@0x56195db89f70 size 16 Sep 21 07:15:27.628729: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:15:27.628734: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:15:27.628737: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:15:27.628758: loading secrets from "/etc/ipsec.secrets" Sep 21 07:15:27.628768: | id type added to secret(0x56195db7ef30) PKK_PSK: @east Sep 21 07:15:27.628771: | id type added to secret(0x56195db7ef30) PKK_PSK: @west Sep 21 07:15:27.628775: | Processing PSK at line 1: passed Sep 21 07:15:27.628778: | certs and keys locked by 'process_secret' Sep 21 07:15:27.628780: | certs and keys unlocked by 'process_secret' Sep 21 07:15:27.628789: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:15:27.628798: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:15:27.628803: | spent 0.534 milliseconds in whack Sep 21 07:15:27.629678: | starting up helper thread 4 Sep 21 07:15:27.629689: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:15:27.629693: | crypto helper 4 waiting (nothing to do) Sep 21 07:15:27.633801: | starting up helper thread 5 Sep 21 07:15:27.633821: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:15:27.633824: | crypto helper 5 waiting (nothing to do) Sep 21 07:15:27.633836: | starting up helper thread 6 Sep 21 07:15:27.633841: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:15:27.633843: | crypto helper 6 waiting (nothing to do) Sep 21 07:15:27.634724: | starting up helper thread 3 Sep 21 07:15:27.634735: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:15:27.634738: | crypto helper 3 waiting (nothing to do) Sep 21 07:15:27.638161: | starting up helper thread 0 Sep 21 07:15:27.638186: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:15:27.638189: | crypto helper 0 waiting (nothing to do) Sep 21 07:15:27.754771: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:15:27.756569: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:15:27.756584: listening for IKE messages Sep 21 07:15:27.770658: | Inspecting interface lo Sep 21 07:15:27.770687: | found lo with address 127.0.0.1 Sep 21 07:15:27.770691: | Inspecting interface eth0 Sep 21 07:15:27.770696: | found eth0 with address 192.0.2.254 Sep 21 07:15:27.770698: | Inspecting interface eth1 Sep 21 07:15:27.770702: | found eth1 with address 192.1.2.23 Sep 21 07:15:27.770762: | no interfaces to sort Sep 21 07:15:27.770774: | libevent_free: release ptr-libevent@0x56195db89a30 Sep 21 07:15:27.770777: | free_event_entry: release EVENT_NULL-pe@0x56195db899f0 Sep 21 07:15:27.770780: | add_fd_read_event_handler: new ethX-pe@0x56195db899f0 Sep 21 07:15:27.770787: | libevent_malloc: new ptr-libevent@0x56195db89a30 size 128 Sep 21 07:15:27.770798: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:15:27.770801: | libevent_free: release ptr-libevent@0x56195db89b20 Sep 21 07:15:27.770803: | free_event_entry: release EVENT_NULL-pe@0x56195db89ae0 Sep 21 07:15:27.770805: | add_fd_read_event_handler: new ethX-pe@0x56195db89ae0 Sep 21 07:15:27.770807: | libevent_malloc: new ptr-libevent@0x56195db89b20 size 128 Sep 21 07:15:27.770811: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:15:27.770814: | libevent_free: release ptr-libevent@0x56195db89c10 Sep 21 07:15:27.770815: | free_event_entry: release EVENT_NULL-pe@0x56195db89bd0 Sep 21 07:15:27.770817: | add_fd_read_event_handler: new ethX-pe@0x56195db89bd0 Sep 21 07:15:27.770819: | libevent_malloc: new ptr-libevent@0x56195db89c10 size 128 Sep 21 07:15:27.770823: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:15:27.770826: | libevent_free: release ptr-libevent@0x56195db89d00 Sep 21 07:15:27.770828: | free_event_entry: release EVENT_NULL-pe@0x56195db89cc0 Sep 21 07:15:27.770830: | add_fd_read_event_handler: new ethX-pe@0x56195db89cc0 Sep 21 07:15:27.770832: | libevent_malloc: new ptr-libevent@0x56195db89d00 size 128 Sep 21 07:15:27.770836: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:15:27.770839: | libevent_free: release ptr-libevent@0x56195db89df0 Sep 21 07:15:27.770841: | free_event_entry: release EVENT_NULL-pe@0x56195db89db0 Sep 21 07:15:27.770843: | add_fd_read_event_handler: new ethX-pe@0x56195db89db0 Sep 21 07:15:27.770846: | libevent_malloc: new ptr-libevent@0x56195db89df0 size 128 Sep 21 07:15:27.770850: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:15:27.770853: | libevent_free: release ptr-libevent@0x56195db89ee0 Sep 21 07:15:27.770855: | free_event_entry: release EVENT_NULL-pe@0x56195db89ea0 Sep 21 07:15:27.770857: | add_fd_read_event_handler: new ethX-pe@0x56195db89ea0 Sep 21 07:15:27.770859: | libevent_malloc: new ptr-libevent@0x56195db89ee0 size 128 Sep 21 07:15:27.770863: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:15:27.770867: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:15:27.770870: forgetting secrets Sep 21 07:15:27.770880: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:15:27.770894: loading secrets from "/etc/ipsec.secrets" Sep 21 07:15:27.770900: | id type added to secret(0x56195db7ef30) PKK_PSK: @east Sep 21 07:15:27.770903: | id type added to secret(0x56195db7ef30) PKK_PSK: @west Sep 21 07:15:27.770907: | Processing PSK at line 1: passed Sep 21 07:15:27.770909: | certs and keys locked by 'process_secret' Sep 21 07:15:27.770911: | certs and keys unlocked by 'process_secret' Sep 21 07:15:27.770916: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:15:27.770924: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:15:27.770932: | spent 0.395 milliseconds in whack Sep 21 07:15:27.773025: | processing signal PLUTO_SIGCHLD Sep 21 07:15:27.773055: | waitpid returned pid 20113 (exited with status 0) Sep 21 07:15:27.773059: | reaped addconn helper child (status 0) Sep 21 07:15:27.773064: | waitpid returned ECHILD (no child processes left) Sep 21 07:15:27.773070: | spent 0.0242 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:15:27.877964: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:15:27.877989: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:15:27.877993: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:15:27.877995: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:15:27.877998: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:15:27.878002: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:15:27.878010: | Added new connection westnet-eastnet with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:15:27.878013: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:15:27.878017: | counting wild cards for @west is 0 Sep 21 07:15:27.878021: | counting wild cards for @east is 0 Sep 21 07:15:27.878032: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none Sep 21 07:15:27.878036: | new hp@0x56195db56390 Sep 21 07:15:27.878039: added connection description "westnet-eastnet" Sep 21 07:15:27.878047: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:15:27.878059: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24 Sep 21 07:15:27.878065: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:15:27.878072: | spent 0.115 milliseconds in whack Sep 21 07:15:27.879144: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:15:27.879162: add keyid @west Sep 21 07:15:27.879167: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Sep 21 07:15:27.879169: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Sep 21 07:15:27.879172: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Sep 21 07:15:27.879174: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Sep 21 07:15:27.879176: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Sep 21 07:15:27.879179: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Sep 21 07:15:27.879181: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Sep 21 07:15:27.879183: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Sep 21 07:15:27.879186: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Sep 21 07:15:27.879188: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Sep 21 07:15:27.879190: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Sep 21 07:15:27.879192: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Sep 21 07:15:27.879195: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Sep 21 07:15:27.879197: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Sep 21 07:15:27.879199: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Sep 21 07:15:27.879201: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Sep 21 07:15:27.879204: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Sep 21 07:15:27.879206: | add pubkey 15 04 37 f9 Sep 21 07:15:27.879251: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:15:27.879254: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:15:27.879260: | keyid: *AQOm9dY/4 Sep 21 07:15:27.879263: | n a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 8b 49 Sep 21 07:15:27.879265: | n 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e b3 96 Sep 21 07:15:27.879267: | n 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 09 f0 Sep 21 07:15:27.879270: | n c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 8f 95 Sep 21 07:15:27.879272: | n 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 f5 99 Sep 21 07:15:27.879277: | n f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c ac 34 Sep 21 07:15:27.879279: | n ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a 94 d3 Sep 21 07:15:27.879282: | n d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 b2 2b Sep 21 07:15:27.879284: | n 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 7d 7a Sep 21 07:15:27.879286: | n 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a 8f 52 Sep 21 07:15:27.879293: | n a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 ca 80 Sep 21 07:15:27.879295: | n db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc 2a b3 Sep 21 07:15:27.879297: | n 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e d3 3a Sep 21 07:15:27.879299: | n 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 87 33 Sep 21 07:15:27.879302: | n 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d 6e e8 Sep 21 07:15:27.879304: | n 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f c9 20 Sep 21 07:15:27.879306: | n 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 15 04 Sep 21 07:15:27.879308: | n 37 f9 Sep 21 07:15:27.879310: | e 03 Sep 21 07:15:27.879313: | CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:15:27.879315: | CKAID 7f 0f 03 50 Sep 21 07:15:27.879322: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:15:27.879329: | spent 0.189 milliseconds in whack Sep 21 07:15:27.879432: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:15:27.879447: add keyid @east Sep 21 07:15:27.879451: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:15:27.879453: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:15:27.879456: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:15:27.879458: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:15:27.879460: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:15:27.879462: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:15:27.879465: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:15:27.879467: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:15:27.879469: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:15:27.879471: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:15:27.879473: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:15:27.879476: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:15:27.879478: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:15:27.879480: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:15:27.879483: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:15:27.879485: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:15:27.879487: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:15:27.879489: | add pubkey 51 51 48 ef Sep 21 07:15:27.879501: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:15:27.879504: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:15:27.879509: | keyid: *AQO9bJbr3 Sep 21 07:15:27.879512: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:15:27.879514: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:15:27.879516: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:15:27.879519: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:15:27.879521: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:15:27.879523: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:15:27.879526: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:15:27.879528: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:15:27.879530: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:15:27.879532: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:15:27.879534: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:15:27.879537: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:15:27.879539: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:15:27.879541: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:15:27.879543: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:15:27.879549: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:15:27.879552: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:15:27.879554: | n 48 ef Sep 21 07:15:27.879556: | e 03 Sep 21 07:15:27.879558: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:15:27.879560: | CKAID 8a 82 25 f1 Sep 21 07:15:27.879566: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:15:27.879570: | spent 0.138 milliseconds in whack Sep 21 07:15:29.307415: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:15:29.307448: | *received 88 bytes from 192.1.2.45:39749 on eth1 (192.1.2.23:500) Sep 21 07:15:29.307452: | b9 ce 3e ef c8 b6 61 dd 00 00 00 00 00 00 00 00 Sep 21 07:15:29.307454: | 01 10 02 00 00 00 00 00 00 00 00 58 00 00 00 3c Sep 21 07:15:29.307457: | 00 00 00 01 ff ff ff ff 00 00 00 00 01 01 00 01 Sep 21 07:15:29.307459: | 00 00 00 28 01 01 00 00 80 0b 00 01 00 0c 00 04 Sep 21 07:15:29.307461: | 00 01 51 80 80 01 00 07 80 0e 01 00 80 03 00 03 Sep 21 07:15:29.307463: | 80 02 00 02 80 04 00 05 Sep 21 07:15:29.307469: | start processing: from 192.1.2.45:39749 (in process_md() at demux.c:378) Sep 21 07:15:29.307472: | **parse ISAKMP Message: Sep 21 07:15:29.307475: | initiator cookie: Sep 21 07:15:29.307477: | b9 ce 3e ef c8 b6 61 dd Sep 21 07:15:29.307479: | responder cookie: Sep 21 07:15:29.307481: | 00 00 00 00 00 00 00 00 Sep 21 07:15:29.307484: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:15:29.307487: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:15:29.307489: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:15:29.307492: | flags: none (0x0) Sep 21 07:15:29.307494: | Message ID: 0 (0x0) Sep 21 07:15:29.307496: | length: 88 (0x58) Sep 21 07:15:29.307499: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:15:29.307507: | State DB: IKEv1 state not found (find_state_ikev1_init) Sep 21 07:15:29.307509: | #null state always idle Sep 21 07:15:29.307513: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 Sep 21 07:15:29.307516: | ***parse ISAKMP Security Association Payload: Sep 21 07:15:29.307518: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:15:29.307521: | length: 60 (0x3c) Sep 21 07:15:29.307523: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:15:29.307525: | message 'main_inI1_outR1' HASH payload not checked early Sep 21 07:15:29.307528: | in statetime_start() with no state Sep 21 07:15:29.307533: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:39749 policy=IKEV1_ALLOW but ignoring ports Sep 21 07:15:29.307538: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Sep 21 07:15:29.307541: | find_next_host_connection policy=IKEV1_ALLOW Sep 21 07:15:29.307545: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet) Sep 21 07:15:29.307548: | find_next_host_connection returns westnet-eastnet Sep 21 07:15:29.307550: | find_next_host_connection policy=IKEV1_ALLOW Sep 21 07:15:29.307552: | find_next_host_connection returns empty Sep 21 07:15:29.307572: | creating state object #1 at 0x56195db8c4f0 Sep 21 07:15:29.307575: | State DB: adding IKEv1 state #1 in UNDEFINED Sep 21 07:15:29.307583: | pstats #1 ikev1.isakmp started Sep 21 07:15:29.307588: | #1 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:15:29.307594: | start processing: state #1 connection "westnet-eastnet" from 192.1.2.45:39749 (in main_inI1_outR1() at ikev1_main.c:667) Sep 21 07:15:29.307598: | parent state #1: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) Sep 21 07:15:29.307601: | sender checking NAT-T: enabled; VID 0 Sep 21 07:15:29.307604: | ICOOKIE-DUMP: b9 ce 3e ef c8 b6 61 dd Sep 21 07:15:29.307606: "westnet-eastnet" #1: responding to Main Mode Sep 21 07:15:29.307635: | **emit ISAKMP Message: Sep 21 07:15:29.307641: | initiator cookie: Sep 21 07:15:29.307644: | b9 ce 3e ef c8 b6 61 dd Sep 21 07:15:29.307646: | responder cookie: Sep 21 07:15:29.307648: | 5a 12 ee 90 d9 3c d8 33 Sep 21 07:15:29.307650: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:15:29.307653: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:15:29.307655: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:15:29.307657: | flags: none (0x0) Sep 21 07:15:29.307659: | Message ID: 0 (0x0) Sep 21 07:15:29.307662: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:15:29.307665: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA Sep 21 07:15:29.307668: | ***emit ISAKMP Security Association Payload: Sep 21 07:15:29.307670: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:15:29.307672: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:15:29.307675: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:15:29.307678: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:15:29.307681: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:15:29.307691: "westnet-eastnet" #1: bitset IPsec DOI SIT of IPsec DOI SIT has unknown member(s): SIT_IDENTITY_ONLY+SIT_SECRECY+SIT_INTEGRITY+0x8+0x10+0x20+0x40+0x80+0x100+0x200+0x400+0x800+0x1000+0x2000+0x4000+0x8000+0x10000+0x20000+0x40000+0x80000+0x100000+0x200000+0x400000+0x800000+0x1000000+0x2000000+0x4000000+0x8000000+0x10000000+0x20000000+0x40000000+0x80000000 (0xffffffff) Sep 21 07:15:29.307695: | complete v1 state transition with SITUATION_NOT_SUPPORTED Sep 21 07:15:29.307700: | [RE]START processing: state #1 connection "westnet-eastnet" from 192.1.2.45:39749 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:15:29.307702: | #1 is idle Sep 21 07:15:29.307799: "westnet-eastnet" #1: sending notification SITUATION_NOT_SUPPORTED to 192.1.2.45:39749 Sep 21 07:15:29.307808: | **emit ISAKMP Message: Sep 21 07:15:29.307810: | initiator cookie: Sep 21 07:15:29.307813: | b9 ce 3e ef c8 b6 61 dd Sep 21 07:15:29.307815: | responder cookie: Sep 21 07:15:29.307817: | 5a 12 ee 90 d9 3c d8 33 Sep 21 07:15:29.307820: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:15:29.307823: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:15:29.307826: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:15:29.307828: | flags: none (0x0) Sep 21 07:15:29.307831: | Message ID: 0 (0x0) Sep 21 07:15:29.307834: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:15:29.307837: | ***emit ISAKMP Notification Payload: Sep 21 07:15:29.307840: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:15:29.307843: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:15:29.307846: | protocol ID: 1 (0x1) Sep 21 07:15:29.307848: | SPI size: 0 (0x0) Sep 21 07:15:29.307851: | Notify Message Type: SITUATION_NOT_SUPPORTED (0x3) Sep 21 07:15:29.307854: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Sep 21 07:15:29.307858: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' Sep 21 07:15:29.307861: | emitting length of ISAKMP Notification Payload: 12 Sep 21 07:15:29.307870: | emitting length of ISAKMP Message: 40 Sep 21 07:15:29.307880: | sending 40 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.2.45:39749 (using #1) Sep 21 07:15:29.307883: | b9 ce 3e ef c8 b6 61 dd 5a 12 ee 90 d9 3c d8 33 Sep 21 07:15:29.307886: | 0b 10 05 00 00 00 00 00 00 00 00 28 00 00 00 0c Sep 21 07:15:29.307888: | 00 00 00 01 01 00 00 03 Sep 21 07:15:29.307909: | state transition function for STATE_MAIN_R0 failed: SITUATION_NOT_SUPPORTED Sep 21 07:15:29.307958: | stop processing: from 192.1.2.45:39749 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:15:29.307967: | stop processing: state #1 connection "westnet-eastnet" from 192.1.2.45:39749 (in process_md() at demux.c:382) Sep 21 07:15:29.307972: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:15:29.307979: | spent 0.491 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:15:29.308048: | spent 0.00044 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:15:29.308061: | *received 88 bytes from 192.1.2.45:57341 on eth1 (192.1.2.23:500) Sep 21 07:15:29.308064: | b9 ce 3e ef c8 b6 61 dd 00 00 00 00 00 00 00 00 Sep 21 07:15:29.308066: | 0f 10 02 00 00 00 00 00 00 00 00 58 00 00 00 3c Sep 21 07:15:29.308068: | 00 00 00 01 00 00 00 01 00 00 00 30 01 01 00 01 Sep 21 07:15:29.308071: | 00 00 00 28 01 01 00 00 80 0b 00 01 00 0c 00 04 Sep 21 07:15:29.308073: | 00 01 51 80 80 01 00 07 80 0e 01 00 80 03 00 03 Sep 21 07:15:29.308075: | 80 02 00 02 80 04 00 05 Sep 21 07:15:29.308079: | start processing: from 192.1.2.45:57341 (in process_md() at demux.c:378) Sep 21 07:15:29.308082: | **parse ISAKMP Message: Sep 21 07:15:29.308085: | initiator cookie: Sep 21 07:15:29.308087: | b9 ce 3e ef c8 b6 61 dd Sep 21 07:15:29.308089: | responder cookie: Sep 21 07:15:29.308091: | 00 00 00 00 00 00 00 00 Sep 21 07:15:29.308093: | next payload type: ISAKMP_NEXT_SAK (0xf) Sep 21 07:15:29.308096: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:15:29.308098: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:15:29.308100: | flags: none (0x0) Sep 21 07:15:29.308103: | Message ID: 0 (0x0) Sep 21 07:15:29.308105: | length: 88 (0x58) Sep 21 07:15:29.308108: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:15:29.308111: | State DB: found IKEv1 state #1 in MAIN_R0 (find_state_ikev1_init) Sep 21 07:15:29.308116: | start processing: state #1 connection "westnet-eastnet" from 192.1.2.45:39749 (in process_v1_packet() at ikev1.c:1392) Sep 21 07:15:29.308119: "westnet-eastnet" #1: discarding initial packet; already STATE_MAIN_R0 Sep 21 07:15:29.308124: | stop processing: state #1 connection "westnet-eastnet" from 192.1.2.45:39749 (in process_v1_packet() at ikev1.c:1405) Sep 21 07:15:29.308128: | stop processing: from 192.1.2.45:57341 (in process_md() at demux.c:380) Sep 21 07:15:29.308132: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:15:29.308134: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:15:29.308139: | spent 0.0838 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:15:30.530276: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:15:30.535900: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:15:30.535912: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:15:30.535975: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:15:30.535978: | FOR_EACH_STATE_... in sort_states Sep 21 07:15:30.535996: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:15:30.536003: | spent 0.333 milliseconds in whack Sep 21 07:15:35.205193: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:15:35.205215: shutting down Sep 21 07:15:35.205223: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:15:35.205226: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:15:35.205233: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:15:35.205235: forgetting secrets Sep 21 07:15:35.205239: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:15:35.205243: | unreference key: 0x56195db8aeb0 @east cnt 1-- Sep 21 07:15:35.205247: | unreference key: 0x56195daed6c0 @west cnt 1-- Sep 21 07:15:35.205252: | start processing: connection "westnet-eastnet" (in delete_connection() at connections.c:189) Sep 21 07:15:35.205259: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:15:35.205261: | pass 0 Sep 21 07:15:35.205264: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:15:35.205266: | state #1 Sep 21 07:15:35.205269: | suspend processing: connection "westnet-eastnet" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:15:35.205276: | start processing: state #1 connection "westnet-eastnet" from 192.1.2.45:39749 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:15:35.205279: | pstats #1 ikev1.isakmp deleted other Sep 21 07:15:35.205283: | [RE]START processing: state #1 connection "westnet-eastnet" from 192.1.2.45:39749 (in delete_state() at state.c:879) Sep 21 07:15:35.205287: "westnet-eastnet" #1: deleting state (STATE_MAIN_R0) aged 5.897s and NOT sending notification Sep 21 07:15:35.205290: | parent state #1: MAIN_R0(half-open IKE SA) => delete Sep 21 07:15:35.205431: | State DB: IKEv1 state not found (flush_incomplete_children) Sep 21 07:15:35.205442: | stop processing: connection "westnet-eastnet" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:15:35.205446: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:15:35.205449: | in connection_discard for connection westnet-eastnet Sep 21 07:15:35.205452: | State DB: deleting IKEv1 state #1 in MAIN_R0 Sep 21 07:15:35.205456: | parent state #1: MAIN_R0(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:15:35.205462: | stop processing: state #1 from 192.1.2.45:39749 (in delete_state() at state.c:1143) Sep 21 07:15:35.205467: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:15:35.205470: | pass 1 Sep 21 07:15:35.205473: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:15:35.205477: | free hp@0x56195db56390 Sep 21 07:15:35.205480: | flush revival: connection 'westnet-eastnet' wasn't on the list Sep 21 07:15:35.205483: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:15:35.205487: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:15:35.205490: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:15:35.205501: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:15:35.205504: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:15:35.205507: shutting down interface eth0/eth0 192.0.2.254:4500 Sep 21 07:15:35.205510: shutting down interface eth0/eth0 192.0.2.254:500 Sep 21 07:15:35.205513: shutting down interface eth1/eth1 192.1.2.23:4500 Sep 21 07:15:35.205516: shutting down interface eth1/eth1 192.1.2.23:500 Sep 21 07:15:35.205520: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:15:35.205529: | libevent_free: release ptr-libevent@0x56195db89a30 Sep 21 07:15:35.205532: | free_event_entry: release EVENT_NULL-pe@0x56195db899f0 Sep 21 07:15:35.205544: | libevent_free: release ptr-libevent@0x56195db89b20 Sep 21 07:15:35.205546: | free_event_entry: release EVENT_NULL-pe@0x56195db89ae0 Sep 21 07:15:35.205553: | libevent_free: release ptr-libevent@0x56195db89c10 Sep 21 07:15:35.205556: | free_event_entry: release EVENT_NULL-pe@0x56195db89bd0 Sep 21 07:15:35.205562: | libevent_free: release ptr-libevent@0x56195db89d00 Sep 21 07:15:35.205564: | free_event_entry: release EVENT_NULL-pe@0x56195db89cc0 Sep 21 07:15:35.205570: | libevent_free: release ptr-libevent@0x56195db89df0 Sep 21 07:15:35.205573: | free_event_entry: release EVENT_NULL-pe@0x56195db89db0 Sep 21 07:15:35.205579: | libevent_free: release ptr-libevent@0x56195db89ee0 Sep 21 07:15:35.205581: | free_event_entry: release EVENT_NULL-pe@0x56195db89ea0 Sep 21 07:15:35.205586: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:15:35.206023: | libevent_free: release ptr-libevent@0x56195db89350 Sep 21 07:15:35.206032: | free_event_entry: release EVENT_NULL-pe@0x56195db6d180 Sep 21 07:15:35.206038: | libevent_free: release ptr-libevent@0x56195db7ede0 Sep 21 07:15:35.206045: | free_event_entry: release EVENT_NULL-pe@0x56195db72bf0 Sep 21 07:15:35.206049: | libevent_free: release ptr-libevent@0x56195db7ed50 Sep 21 07:15:35.206051: | free_event_entry: release EVENT_NULL-pe@0x56195db72c30 Sep 21 07:15:35.206055: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:15:35.206057: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:15:35.206060: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:15:35.206062: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:15:35.206064: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:15:35.206067: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:15:35.206069: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:15:35.206071: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:15:35.206074: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:15:35.206078: | libevent_free: release ptr-libevent@0x56195db89420 Sep 21 07:15:35.206081: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:15:35.206084: | libevent_free: release ptr-libevent@0x56195db89500 Sep 21 07:15:35.206087: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:15:35.206090: | libevent_free: release ptr-libevent@0x56195db895c0 Sep 21 07:15:35.206092: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:15:35.206095: | libevent_free: release ptr-libevent@0x56195db7e150 Sep 21 07:15:35.206098: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:15:35.206100: | releasing event base Sep 21 07:15:35.206113: | libevent_free: release ptr-libevent@0x56195db89680 Sep 21 07:15:35.206116: | libevent_free: release ptr-libevent@0x56195db5ebf0 Sep 21 07:15:35.206120: | libevent_free: release ptr-libevent@0x56195db6d4c0 Sep 21 07:15:35.206122: | libevent_free: release ptr-libevent@0x56195db6d590 Sep 21 07:15:35.206124: | libevent_free: release ptr-libevent@0x56195db6d4e0 Sep 21 07:15:35.206127: | libevent_free: release ptr-libevent@0x56195db893e0 Sep 21 07:15:35.206129: | libevent_free: release ptr-libevent@0x56195db894c0 Sep 21 07:15:35.206132: | libevent_free: release ptr-libevent@0x56195db6d570 Sep 21 07:15:35.206134: | libevent_free: release ptr-libevent@0x56195db71f10 Sep 21 07:15:35.206136: | libevent_free: release ptr-libevent@0x56195db71f30 Sep 21 07:15:35.206138: | libevent_free: release ptr-libevent@0x56195db89f70 Sep 21 07:15:35.206140: | libevent_free: release ptr-libevent@0x56195db89e80 Sep 21 07:15:35.206142: | libevent_free: release ptr-libevent@0x56195db89d90 Sep 21 07:15:35.206144: | libevent_free: release ptr-libevent@0x56195db89ca0 Sep 21 07:15:35.206147: | libevent_free: release ptr-libevent@0x56195db89bb0 Sep 21 07:15:35.206149: | libevent_free: release ptr-libevent@0x56195db89ac0 Sep 21 07:15:35.206151: | libevent_free: release ptr-libevent@0x56195daef370 Sep 21 07:15:35.206153: | libevent_free: release ptr-libevent@0x56195db895a0 Sep 21 07:15:35.206156: | libevent_free: release ptr-libevent@0x56195db894e0 Sep 21 07:15:35.206158: | libevent_free: release ptr-libevent@0x56195db89400 Sep 21 07:15:35.206160: | libevent_free: release ptr-libevent@0x56195db89660 Sep 21 07:15:35.206162: | libevent_free: release ptr-libevent@0x56195daed5b0 Sep 21 07:15:35.206165: | libevent_free: release ptr-libevent@0x56195db6d500 Sep 21 07:15:35.206167: | libevent_free: release ptr-libevent@0x56195db6d530 Sep 21 07:15:35.206170: | libevent_free: release ptr-libevent@0x56195db6d220 Sep 21 07:15:35.206172: | releasing global libevent data Sep 21 07:15:35.206176: | libevent_free: release ptr-libevent@0x56195db6bf10 Sep 21 07:15:35.206178: | libevent_free: release ptr-libevent@0x56195db6d1c0 Sep 21 07:15:35.206181: | libevent_free: release ptr-libevent@0x56195db6d1f0