Sep 21 07:15:54.680797: FIPS Product: YES Sep 21 07:15:54.680848: FIPS Kernel: NO Sep 21 07:15:54.680851: FIPS Mode: NO Sep 21 07:15:54.680854: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:15:54.681027: Initializing NSS Sep 21 07:15:54.681031: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:15:54.722492: NSS initialized Sep 21 07:15:54.722505: NSS crypto library initialized Sep 21 07:15:54.722508: FIPS HMAC integrity support [enabled] Sep 21 07:15:54.722511: FIPS mode disabled for pluto daemon Sep 21 07:15:54.816038: FIPS HMAC integrity verification self-test FAILED Sep 21 07:15:54.816177: libcap-ng support [enabled] Sep 21 07:15:54.816189: Linux audit support [enabled] Sep 21 07:15:54.816228: Linux audit activated Sep 21 07:15:54.816238: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:13295 Sep 21 07:15:54.816243: core dump dir: /tmp Sep 21 07:15:54.816246: secrets file: /etc/ipsec.secrets Sep 21 07:15:54.816249: leak-detective disabled Sep 21 07:15:54.816252: NSS crypto [enabled] Sep 21 07:15:54.816255: XAUTH PAM support [enabled] Sep 21 07:15:54.816360: | libevent is using pluto's memory allocator Sep 21 07:15:54.816368: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:15:54.816386: | libevent_malloc: new ptr-libevent@0x562996514490 size 40 Sep 21 07:15:54.816394: | libevent_malloc: new ptr-libevent@0x562996515740 size 40 Sep 21 07:15:54.816399: | libevent_malloc: new ptr-libevent@0x562996515770 size 40 Sep 21 07:15:54.816402: | creating event base Sep 21 07:15:54.816406: | libevent_malloc: new ptr-libevent@0x562996515700 size 56 Sep 21 07:15:54.816410: | libevent_malloc: new ptr-libevent@0x5629965157a0 size 664 Sep 21 07:15:54.816428: | libevent_malloc: new ptr-libevent@0x562996515a40 size 24 Sep 21 07:15:54.816434: | libevent_malloc: new ptr-libevent@0x562996507200 size 384 Sep 21 07:15:54.816447: | libevent_malloc: new ptr-libevent@0x562996515a60 size 16 Sep 21 07:15:54.816465: | libevent_malloc: new ptr-libevent@0x562996515a80 size 40 Sep 21 07:15:54.816469: | libevent_malloc: new ptr-libevent@0x562996515ab0 size 48 Sep 21 07:15:54.816479: | libevent_realloc: new ptr-libevent@0x562996499370 size 256 Sep 21 07:15:54.816482: | libevent_malloc: new ptr-libevent@0x562996515af0 size 16 Sep 21 07:15:54.816502: | libevent_free: release ptr-libevent@0x562996515700 Sep 21 07:15:54.816507: | libevent initialized Sep 21 07:15:54.816512: | libevent_realloc: new ptr-libevent@0x562996515b10 size 64 Sep 21 07:15:54.816517: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:15:54.816538: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:15:54.816541: NAT-Traversal support [enabled] Sep 21 07:15:54.816545: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:15:54.816554: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:15:54.816558: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:15:54.816601: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:15:54.816606: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:15:54.816610: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:15:54.816685: Encryption algorithms: Sep 21 07:15:54.816698: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:15:54.816704: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:15:54.816709: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:15:54.816713: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:15:54.816718: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:15:54.816729: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:15:54.816734: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:15:54.816739: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:15:54.816744: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:15:54.816749: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:15:54.816754: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:15:54.816759: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:15:54.816764: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:15:54.816769: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:15:54.816774: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:15:54.816778: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:15:54.816802: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:15:54.816817: Hash algorithms: Sep 21 07:15:54.816821: MD5 IKEv1: IKE IKEv2: Sep 21 07:15:54.816838: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:15:54.816842: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:15:54.816846: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:15:54.816850: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:15:54.816868: PRF algorithms: Sep 21 07:15:54.816872: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:15:54.816876: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:15:54.816881: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:15:54.816886: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:15:54.816890: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:15:54.816894: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:15:54.816929: Integrity algorithms: Sep 21 07:15:54.816934: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:15:54.816939: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:15:54.816944: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:15:54.816950: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:15:54.816956: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:15:54.816960: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:15:54.816965: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:15:54.816969: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:15:54.816988: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:15:54.817006: DH algorithms: Sep 21 07:15:54.817010: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:15:54.817014: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:15:54.817018: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:15:54.817029: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:15:54.817033: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:15:54.817037: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:15:54.817041: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:15:54.817045: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:15:54.817050: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:15:54.817054: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:15:54.817058: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:15:54.817062: testing CAMELLIA_CBC: Sep 21 07:15:54.817066: Camellia: 16 bytes with 128-bit key Sep 21 07:15:54.817245: Camellia: 16 bytes with 128-bit key Sep 21 07:15:54.817289: Camellia: 16 bytes with 256-bit key Sep 21 07:15:54.817345: Camellia: 16 bytes with 256-bit key Sep 21 07:15:54.817387: testing AES_GCM_16: Sep 21 07:15:54.817391: empty string Sep 21 07:15:54.817431: one block Sep 21 07:15:54.817468: two blocks Sep 21 07:15:54.817505: two blocks with associated data Sep 21 07:15:54.817543: testing AES_CTR: Sep 21 07:15:54.817546: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:15:54.817585: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:15:54.817625: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:15:54.817665: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:15:54.817702: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:15:54.817741: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:15:54.817782: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:15:54.817827: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:15:54.817867: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:15:54.817907: testing AES_CBC: Sep 21 07:15:54.817910: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:15:54.817949: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:15:54.817990: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:15:54.818032: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:15:54.818081: testing AES_XCBC: Sep 21 07:15:54.818085: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:15:54.818351: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:15:54.818547: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:15:54.818729: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:15:54.818922: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:15:54.819114: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:15:54.819305: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:15:54.819736: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:15:54.819928: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:15:54.820132: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:15:54.820490: testing HMAC_MD5: Sep 21 07:15:54.820495: RFC 2104: MD5_HMAC test 1 Sep 21 07:15:54.820682: RFC 2104: MD5_HMAC test 2 Sep 21 07:15:54.820816: RFC 2104: MD5_HMAC test 3 Sep 21 07:15:54.820954: 8 CPU cores online Sep 21 07:15:54.820957: starting up 7 crypto helpers Sep 21 07:15:54.820990: started thread for crypto helper 0 Sep 21 07:15:54.820994: | starting up helper thread 0 Sep 21 07:15:54.821011: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:15:54.821014: | crypto helper 0 waiting (nothing to do) Sep 21 07:15:54.821015: started thread for crypto helper 1 Sep 21 07:15:54.821046: started thread for crypto helper 2 Sep 21 07:15:54.821050: | starting up helper thread 2 Sep 21 07:15:54.821059: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:15:54.821062: | crypto helper 2 waiting (nothing to do) Sep 21 07:15:54.821070: started thread for crypto helper 3 Sep 21 07:15:54.821087: started thread for crypto helper 4 Sep 21 07:15:54.821090: | starting up helper thread 4 Sep 21 07:15:54.821097: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:15:54.821099: | crypto helper 4 waiting (nothing to do) Sep 21 07:15:54.821105: started thread for crypto helper 5 Sep 21 07:15:54.821107: | starting up helper thread 5 Sep 21 07:15:54.821112: | starting up helper thread 1 Sep 21 07:15:54.821120: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:15:54.821131: | crypto helper 5 waiting (nothing to do) Sep 21 07:15:54.821126: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:15:54.821139: | crypto helper 1 waiting (nothing to do) Sep 21 07:15:54.821143: | starting up helper thread 6 Sep 21 07:15:54.821143: started thread for crypto helper 6 Sep 21 07:15:54.821149: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:15:54.821158: | checking IKEv1 state table Sep 21 07:15:54.821162: | crypto helper 6 waiting (nothing to do) Sep 21 07:15:54.821173: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:15:54.821176: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:15:54.821179: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:15:54.821182: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:15:54.821184: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:15:54.821187: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:15:54.821189: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:15:54.821191: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:15:54.821194: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:15:54.821196: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:15:54.821198: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:15:54.821200: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:15:54.821202: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:15:54.821204: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:15:54.821206: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:15:54.821208: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:15:54.821211: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:15:54.821213: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:15:54.821215: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:15:54.821217: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:15:54.821219: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:15:54.821221: | -> UNDEFINED EVENT_NULL Sep 21 07:15:54.821224: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:15:54.821226: | -> UNDEFINED EVENT_NULL Sep 21 07:15:54.821229: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:15:54.821231: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:15:54.821233: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:15:54.821236: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:15:54.821238: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:15:54.821240: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:15:54.821242: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:15:54.821244: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:15:54.821247: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:15:54.821249: | -> UNDEFINED EVENT_NULL Sep 21 07:15:54.821252: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:15:54.821254: | -> UNDEFINED EVENT_NULL Sep 21 07:15:54.821256: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:15:54.821259: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:15:54.821261: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:15:54.821264: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:15:54.821266: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:15:54.821272: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:15:54.821275: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:15:54.821278: | -> UNDEFINED EVENT_NULL Sep 21 07:15:54.821280: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:15:54.821283: | -> UNDEFINED EVENT_NULL Sep 21 07:15:54.821285: | INFO: category: informational flags: 0: Sep 21 07:15:54.821288: | -> UNDEFINED EVENT_NULL Sep 21 07:15:54.821290: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:15:54.821292: | -> UNDEFINED EVENT_NULL Sep 21 07:15:54.821295: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:15:54.821297: | -> XAUTH_R1 EVENT_NULL Sep 21 07:15:54.821299: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:15:54.821301: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:15:54.821302: | starting up helper thread 3 Sep 21 07:15:54.821304: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:15:54.821314: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:15:54.821318: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:15:54.821322: | crypto helper 3 waiting (nothing to do) Sep 21 07:15:54.821326: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:15:54.821331: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:15:54.821334: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:15:54.821335: | -> UNDEFINED EVENT_NULL Sep 21 07:15:54.821338: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:15:54.821339: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:15:54.821341: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:15:54.821343: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:15:54.821345: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:15:54.821347: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:15:54.821353: | checking IKEv2 state table Sep 21 07:15:54.821358: | PARENT_I0: category: ignore flags: 0: Sep 21 07:15:54.821360: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:15:54.821362: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:15:54.821363: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:15:54.821365: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:15:54.821367: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:15:54.821369: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:15:54.821370: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:15:54.821372: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:15:54.821374: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:15:54.821375: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:15:54.821377: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:15:54.821378: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:15:54.821380: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:15:54.821382: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:15:54.821383: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:15:54.821385: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:15:54.821386: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:15:54.821388: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:15:54.821390: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:15:54.821391: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:15:54.821393: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:15:54.821397: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:15:54.821398: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:15:54.821400: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:15:54.821401: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:15:54.821403: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:15:54.821405: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:15:54.821406: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:15:54.821408: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:15:54.821410: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:15:54.821411: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:15:54.821413: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:15:54.821415: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:15:54.821416: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:15:54.821418: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:15:54.821420: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:15:54.821421: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:15:54.821423: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:15:54.821425: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:15:54.821426: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:15:54.821428: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:15:54.821430: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:15:54.821432: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:15:54.821433: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:15:54.821435: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:15:54.821436: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:15:54.821477: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:15:54.821527: | Hard-wiring algorithms Sep 21 07:15:54.821530: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:15:54.821533: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:15:54.821534: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:15:54.821536: | adding 3DES_CBC to kernel algorithm db Sep 21 07:15:54.821537: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:15:54.821539: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:15:54.821540: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:15:54.821542: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:15:54.821543: | adding AES_CTR to kernel algorithm db Sep 21 07:15:54.821544: | adding AES_CBC to kernel algorithm db Sep 21 07:15:54.821546: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:15:54.821547: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:15:54.821549: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:15:54.821550: | adding NULL to kernel algorithm db Sep 21 07:15:54.821552: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:15:54.821554: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:15:54.821556: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:15:54.821557: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:15:54.821559: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:15:54.821560: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:15:54.821562: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:15:54.821564: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:15:54.821565: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:15:54.821567: | adding NONE to kernel algorithm db Sep 21 07:15:54.821587: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:15:54.821593: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:15:54.821595: | setup kernel fd callback Sep 21 07:15:54.821597: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x56299651fec0 Sep 21 07:15:54.821599: | libevent_malloc: new ptr-libevent@0x562996527390 size 128 Sep 21 07:15:54.821602: | libevent_malloc: new ptr-libevent@0x562996515c50 size 16 Sep 21 07:15:54.821607: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x56299651a760 Sep 21 07:15:54.821609: | libevent_malloc: new ptr-libevent@0x562996527420 size 128 Sep 21 07:15:54.821610: | libevent_malloc: new ptr-libevent@0x56299651a6b0 size 16 Sep 21 07:15:54.821776: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:15:54.821788: selinux support is enabled. Sep 21 07:15:54.821854: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:15:54.821992: | unbound context created - setting debug level to 5 Sep 21 07:15:54.822016: | /etc/hosts lookups activated Sep 21 07:15:54.822030: | /etc/resolv.conf usage activated Sep 21 07:15:54.822062: | outgoing-port-avoid set 0-65535 Sep 21 07:15:54.822079: | outgoing-port-permit set 32768-60999 Sep 21 07:15:54.822081: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:15:54.822083: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:15:54.822085: | Setting up events, loop start Sep 21 07:15:54.822087: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x56299651a4b0 Sep 21 07:15:54.822090: | libevent_malloc: new ptr-libevent@0x562996531990 size 128 Sep 21 07:15:54.822099: | libevent_malloc: new ptr-libevent@0x562996531a20 size 16 Sep 21 07:15:54.822108: | libevent_realloc: new ptr-libevent@0x5629964975b0 size 256 Sep 21 07:15:54.822115: | libevent_malloc: new ptr-libevent@0x562996531a40 size 8 Sep 21 07:15:54.822121: | libevent_realloc: new ptr-libevent@0x562996526690 size 144 Sep 21 07:15:54.822123: | libevent_malloc: new ptr-libevent@0x562996531a60 size 152 Sep 21 07:15:54.822127: | libevent_malloc: new ptr-libevent@0x562996531b00 size 16 Sep 21 07:15:54.822132: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:15:54.822136: | libevent_malloc: new ptr-libevent@0x562996531b20 size 8 Sep 21 07:15:54.822143: | libevent_malloc: new ptr-libevent@0x562996531b40 size 152 Sep 21 07:15:54.822148: | signal event handler PLUTO_SIGTERM installed Sep 21 07:15:54.822151: | libevent_malloc: new ptr-libevent@0x562996531be0 size 8 Sep 21 07:15:54.822155: | libevent_malloc: new ptr-libevent@0x562996531c00 size 152 Sep 21 07:15:54.822158: | signal event handler PLUTO_SIGHUP installed Sep 21 07:15:54.822160: | libevent_malloc: new ptr-libevent@0x562996531ca0 size 8 Sep 21 07:15:54.822162: | libevent_realloc: release ptr-libevent@0x562996526690 Sep 21 07:15:54.822164: | libevent_realloc: new ptr-libevent@0x562996531cc0 size 256 Sep 21 07:15:54.822165: | libevent_malloc: new ptr-libevent@0x562996526690 size 152 Sep 21 07:15:54.822167: | signal event handler PLUTO_SIGSYS installed Sep 21 07:15:54.822459: | created addconn helper (pid:13408) using fork+execve Sep 21 07:15:54.822474: | forked child 13408 Sep 21 07:15:54.822515: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:15:54.822532: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:15:54.822540: listening for IKE messages Sep 21 07:15:54.822629: | Inspecting interface lo Sep 21 07:15:54.822636: | found lo with address 127.0.0.1 Sep 21 07:15:54.822639: | Inspecting interface eth0 Sep 21 07:15:54.822642: | found eth0 with address 192.0.1.254 Sep 21 07:15:54.822645: | Inspecting interface eth1 Sep 21 07:15:54.822648: | found eth1 with address 192.1.2.45 Sep 21 07:15:54.822695: Kernel supports NIC esp-hw-offload Sep 21 07:15:54.822720: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Sep 21 07:15:54.822808: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:15:54.822822: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:15:54.822826: adding interface eth1/eth1 192.1.2.45:4500 Sep 21 07:15:54.822868: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Sep 21 07:15:54.822897: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:15:54.822901: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:15:54.822905: adding interface eth0/eth0 192.0.1.254:4500 Sep 21 07:15:54.822957: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:15:54.822983: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:15:54.822988: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:15:54.822992: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:15:54.823043: | no interfaces to sort Sep 21 07:15:54.823048: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:15:54.823057: | add_fd_read_event_handler: new ethX-pe@0x56299651b230 Sep 21 07:15:54.823061: | libevent_malloc: new ptr-libevent@0x562996532030 size 128 Sep 21 07:15:54.823064: | libevent_malloc: new ptr-libevent@0x5629965320c0 size 16 Sep 21 07:15:54.823073: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:15:54.823077: | add_fd_read_event_handler: new ethX-pe@0x5629965320e0 Sep 21 07:15:54.823080: | libevent_malloc: new ptr-libevent@0x562996532120 size 128 Sep 21 07:15:54.823082: | libevent_malloc: new ptr-libevent@0x5629965321b0 size 16 Sep 21 07:15:54.823086: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:15:54.823089: | add_fd_read_event_handler: new ethX-pe@0x5629965321d0 Sep 21 07:15:54.823092: | libevent_malloc: new ptr-libevent@0x562996532210 size 128 Sep 21 07:15:54.823095: | libevent_malloc: new ptr-libevent@0x5629965322a0 size 16 Sep 21 07:15:54.823100: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:15:54.823103: | add_fd_read_event_handler: new ethX-pe@0x5629965322c0 Sep 21 07:15:54.823105: | libevent_malloc: new ptr-libevent@0x562996532300 size 128 Sep 21 07:15:54.823108: | libevent_malloc: new ptr-libevent@0x562996532390 size 16 Sep 21 07:15:54.823113: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:15:54.823115: | add_fd_read_event_handler: new ethX-pe@0x5629965323b0 Sep 21 07:15:54.823118: | libevent_malloc: new ptr-libevent@0x5629965323f0 size 128 Sep 21 07:15:54.823120: | libevent_malloc: new ptr-libevent@0x562996532480 size 16 Sep 21 07:15:54.823126: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:15:54.823128: | add_fd_read_event_handler: new ethX-pe@0x5629965324a0 Sep 21 07:15:54.823131: | libevent_malloc: new ptr-libevent@0x5629965324e0 size 128 Sep 21 07:15:54.823134: | libevent_malloc: new ptr-libevent@0x562996532570 size 16 Sep 21 07:15:54.823139: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:15:54.823144: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:15:54.823147: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:15:54.823168: loading secrets from "/etc/ipsec.secrets" Sep 21 07:15:54.823181: | id type added to secret(0x562996527570) PKK_PSK: @west Sep 21 07:15:54.823186: | id type added to secret(0x562996527570) PKK_PSK: @east Sep 21 07:15:54.823190: | Processing PSK at line 1: passed Sep 21 07:15:54.823193: | certs and keys locked by 'process_secret' Sep 21 07:15:54.823199: | certs and keys unlocked by 'process_secret' Sep 21 07:15:54.823205: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:15:54.823213: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:15:54.823220: | spent 0.704 milliseconds in whack Sep 21 07:15:54.854971: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:15:54.854994: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:15:54.855000: listening for IKE messages Sep 21 07:15:54.855036: | Inspecting interface lo Sep 21 07:15:54.855048: | found lo with address 127.0.0.1 Sep 21 07:15:54.855051: | Inspecting interface eth0 Sep 21 07:15:54.855055: | found eth0 with address 192.0.1.254 Sep 21 07:15:54.855058: | Inspecting interface eth1 Sep 21 07:15:54.855062: | found eth1 with address 192.1.2.45 Sep 21 07:15:54.855111: | no interfaces to sort Sep 21 07:15:54.855120: | libevent_free: release ptr-libevent@0x562996532030 Sep 21 07:15:54.855123: | free_event_entry: release EVENT_NULL-pe@0x56299651b230 Sep 21 07:15:54.855126: | add_fd_read_event_handler: new ethX-pe@0x56299651b230 Sep 21 07:15:54.855129: | libevent_malloc: new ptr-libevent@0x562996532030 size 128 Sep 21 07:15:54.855137: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:15:54.855141: | libevent_free: release ptr-libevent@0x562996532120 Sep 21 07:15:54.855144: | free_event_entry: release EVENT_NULL-pe@0x5629965320e0 Sep 21 07:15:54.855147: | add_fd_read_event_handler: new ethX-pe@0x5629965320e0 Sep 21 07:15:54.855149: | libevent_malloc: new ptr-libevent@0x562996532120 size 128 Sep 21 07:15:54.855154: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:15:54.855158: | libevent_free: release ptr-libevent@0x562996532210 Sep 21 07:15:54.855161: | free_event_entry: release EVENT_NULL-pe@0x5629965321d0 Sep 21 07:15:54.855163: | add_fd_read_event_handler: new ethX-pe@0x5629965321d0 Sep 21 07:15:54.855166: | libevent_malloc: new ptr-libevent@0x562996532210 size 128 Sep 21 07:15:54.855184: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:15:54.855187: | libevent_free: release ptr-libevent@0x562996532300 Sep 21 07:15:54.855189: | free_event_entry: release EVENT_NULL-pe@0x5629965322c0 Sep 21 07:15:54.855192: | add_fd_read_event_handler: new ethX-pe@0x5629965322c0 Sep 21 07:15:54.855194: | libevent_malloc: new ptr-libevent@0x562996532300 size 128 Sep 21 07:15:54.855199: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:15:54.855202: | libevent_free: release ptr-libevent@0x5629965323f0 Sep 21 07:15:54.855205: | free_event_entry: release EVENT_NULL-pe@0x5629965323b0 Sep 21 07:15:54.855207: | add_fd_read_event_handler: new ethX-pe@0x5629965323b0 Sep 21 07:15:54.855209: | libevent_malloc: new ptr-libevent@0x5629965323f0 size 128 Sep 21 07:15:54.855214: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:15:54.855217: | libevent_free: release ptr-libevent@0x5629965324e0 Sep 21 07:15:54.855220: | free_event_entry: release EVENT_NULL-pe@0x5629965324a0 Sep 21 07:15:54.855222: | add_fd_read_event_handler: new ethX-pe@0x5629965324a0 Sep 21 07:15:54.855225: | libevent_malloc: new ptr-libevent@0x5629965324e0 size 128 Sep 21 07:15:54.855229: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:15:54.855232: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:15:54.855234: forgetting secrets Sep 21 07:15:54.855254: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:15:54.855268: loading secrets from "/etc/ipsec.secrets" Sep 21 07:15:54.855276: | id type added to secret(0x562996527570) PKK_PSK: @west Sep 21 07:15:54.855279: | id type added to secret(0x562996527570) PKK_PSK: @east Sep 21 07:15:54.855296: | Processing PSK at line 1: passed Sep 21 07:15:54.855298: | certs and keys locked by 'process_secret' Sep 21 07:15:54.855300: | certs and keys unlocked by 'process_secret' Sep 21 07:15:54.855318: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:15:54.855326: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:15:54.855333: | spent 0.37 milliseconds in whack Sep 21 07:15:54.855651: | processing signal PLUTO_SIGCHLD Sep 21 07:15:54.855665: | waitpid returned pid 13408 (exited with status 0) Sep 21 07:15:54.855669: | reaped addconn helper child (status 0) Sep 21 07:15:54.855674: | waitpid returned ECHILD (no child processes left) Sep 21 07:15:54.855679: | spent 0.0174 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:15:54.937108: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:15:54.937142: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:15:54.937146: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:15:54.937149: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:15:54.937151: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:15:54.937155: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:15:54.937162: | Added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:15:54.937215: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:15:54.937222: | from whack: got --esp= Sep 21 07:15:54.937260: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:15:54.937266: | counting wild cards for @west is 0 Sep 21 07:15:54.937269: | counting wild cards for @east is 0 Sep 21 07:15:54.937280: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:15:54.937285: | new hp@0x5629964fe9c0 Sep 21 07:15:54.937289: added connection description "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:15:54.937299: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:15:54.937310: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:15:54.937317: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:15:54.937324: | spent 0.218 milliseconds in whack Sep 21 07:15:55.038778: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:15:55.039018: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:15:55.039023: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:15:55.039094: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:15:55.039105: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:15:55.039111: | spent 0.292 milliseconds in whack Sep 21 07:15:55.163518: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:15:55.163541: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:15:55.163545: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:15:55.163551: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:15:55.163554: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Sep 21 07:15:55.163557: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:15:55.163560: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:15:55.163581: | creating state object #1 at 0x562996533da0 Sep 21 07:15:55.163585: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:15:55.163593: | pstats #1 ikev2.ike started Sep 21 07:15:55.163596: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:15:55.163599: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:15:55.163605: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:15:55.163612: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:15:55.163618: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:15:55.163626: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:15:55.163631: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #1 "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:15:55.163636: "westnet-eastnet-ipv4-psk-ikev2" #1: initiating v2 parent SA Sep 21 07:15:55.163645: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE) Sep 21 07:15:55.163653: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:15:55.163661: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:15:55.163664: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:15:55.163670: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:15:55.163673: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:15:55.163679: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:15:55.163682: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:15:55.163687: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:15:55.163698: "westnet-eastnet-ipv4-psk-ikev2": constructed local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:15:55.163706: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:15:55.163709: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x562996536430 Sep 21 07:15:55.163713: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:15:55.163717: | libevent_malloc: new ptr-libevent@0x562996536470 size 128 Sep 21 07:15:55.163729: | #1 spent 0.177 milliseconds in ikev2_parent_outI1() Sep 21 07:15:55.163732: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:15:55.163736: | RESET processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:15:55.163739: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:15:55.163742: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:15:55.163746: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Sep 21 07:15:55.163749: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:15:55.163753: | spent 0.244 milliseconds in whack Sep 21 07:15:55.163765: | crypto helper 0 resuming Sep 21 07:15:55.163771: | crypto helper 0 starting work-order 1 for state #1 Sep 21 07:15:55.163774: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:15:55.164828: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001053 seconds Sep 21 07:15:55.164839: | (#1) spent 1.06 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:15:55.164843: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Sep 21 07:15:55.164846: | scheduling resume sending helper answer for #1 Sep 21 07:15:55.164849: | libevent_malloc: new ptr-libevent@0x7f713c006900 size 128 Sep 21 07:15:55.164857: | crypto helper 0 waiting (nothing to do) Sep 21 07:15:55.164868: | processing resume sending helper answer for #1 Sep 21 07:15:55.164874: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:15:55.164878: | crypto helper 0 replies to request ID 1 Sep 21 07:15:55.164880: | calling continuation function 0x562995e75630 Sep 21 07:15:55.164882: | ikev2_parent_outI1_continue for #1 Sep 21 07:15:55.164912: | **emit ISAKMP Message: Sep 21 07:15:55.164915: | initiator cookie: Sep 21 07:15:55.164917: | f7 f8 9a 6c 87 12 2b d5 Sep 21 07:15:55.164919: | responder cookie: Sep 21 07:15:55.164921: | 00 00 00 00 00 00 00 00 Sep 21 07:15:55.164924: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:15:55.164927: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:15:55.164929: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:15:55.164932: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:15:55.164934: | Message ID: 0 (0x0) Sep 21 07:15:55.164937: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:15:55.164954: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:15:55.164957: | Emitting ikev2_proposals ... Sep 21 07:15:55.164960: | ***emit IKEv2 Security Association Payload: Sep 21 07:15:55.164963: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:55.164965: | flags: none (0x0) Sep 21 07:15:55.164968: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:15:55.164970: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:15:55.164973: | discarding INTEG=NONE Sep 21 07:15:55.164976: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:15:55.164978: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:15:55.164980: | prop #: 1 (0x1) Sep 21 07:15:55.164983: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:15:55.164985: | spi size: 0 (0x0) Sep 21 07:15:55.164987: | # transforms: 11 (0xb) Sep 21 07:15:55.164990: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:15:55.164993: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.164996: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.164998: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:15:55.165000: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:15:55.165003: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165006: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:15:55.165012: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:15:55.165014: | length/value: 256 (0x100) Sep 21 07:15:55.165017: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:15:55.165019: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165022: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165024: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:15:55.165026: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:15:55.165029: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165032: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165034: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165037: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165039: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165041: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:15:55.165044: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:15:55.165046: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165049: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165052: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165054: | discarding INTEG=NONE Sep 21 07:15:55.165056: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165058: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165061: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165063: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:15:55.165066: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165068: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165071: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165073: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165075: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165078: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165080: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:15:55.165083: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165085: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165088: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165090: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165092: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165095: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165097: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:15:55.165100: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165102: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165105: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165107: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165109: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165112: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165114: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:15:55.165119: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165121: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165124: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165126: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165128: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165131: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165133: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:15:55.165136: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165139: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165141: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165143: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165146: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165148: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165150: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:15:55.165153: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165156: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165158: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165160: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165163: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165165: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165167: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:15:55.165170: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165173: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165175: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165177: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165180: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:15:55.165182: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165184: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:15:55.165187: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165190: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165192: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165195: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:15:55.165197: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:15:55.165200: | discarding INTEG=NONE Sep 21 07:15:55.165202: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:15:55.165204: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:15:55.165206: | prop #: 2 (0x2) Sep 21 07:15:55.165209: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:15:55.165211: | spi size: 0 (0x0) Sep 21 07:15:55.165213: | # transforms: 11 (0xb) Sep 21 07:15:55.165216: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:15:55.165220: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:15:55.165223: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165225: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165227: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:15:55.165229: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:15:55.165232: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165234: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:15:55.165237: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:15:55.165239: | length/value: 128 (0x80) Sep 21 07:15:55.165241: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:15:55.165244: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165246: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165248: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:15:55.165251: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:15:55.165253: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165256: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165258: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165261: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165263: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165265: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:15:55.165268: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:15:55.165270: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165273: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165275: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165277: | discarding INTEG=NONE Sep 21 07:15:55.165280: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165282: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165284: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165287: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:15:55.165290: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165292: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165295: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165297: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165299: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165301: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165304: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:15:55.165306: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165309: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165311: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165313: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165315: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165318: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165320: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:15:55.165325: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165327: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165330: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165332: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165334: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165336: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165339: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:15:55.165342: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165344: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165347: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165349: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165351: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165354: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165356: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:15:55.165359: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165361: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165364: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165366: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165368: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165371: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165373: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:15:55.165376: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165378: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165381: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165383: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165385: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165388: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165390: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:15:55.165392: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165395: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165397: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165399: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165401: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:15:55.165403: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165405: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:15:55.165408: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165411: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165414: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165417: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:15:55.165419: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:15:55.165426: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:15:55.165429: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:15:55.165432: | prop #: 3 (0x3) Sep 21 07:15:55.165434: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:15:55.165437: | spi size: 0 (0x0) Sep 21 07:15:55.165439: | # transforms: 13 (0xd) Sep 21 07:15:55.165443: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:15:55.165446: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:15:55.165448: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165451: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165454: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:15:55.165456: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:15:55.165459: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165462: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:15:55.165465: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:15:55.165468: | length/value: 256 (0x100) Sep 21 07:15:55.165471: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:15:55.165473: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165476: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165478: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:15:55.165481: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:15:55.165484: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165487: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165490: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165492: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165495: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165498: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:15:55.165500: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:15:55.165503: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165506: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165509: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165512: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165514: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165517: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:15:55.165520: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:15:55.165523: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165526: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165528: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165531: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165533: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165536: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:15:55.165539: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:15:55.165542: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165546: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165549: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165552: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165554: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165557: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165559: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:15:55.165562: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165565: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165568: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165571: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165573: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165576: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165579: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:15:55.165582: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165585: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165587: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165590: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165593: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165595: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165598: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:15:55.165601: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165604: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165606: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165609: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165612: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165614: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165617: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:15:55.165620: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165623: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165626: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165628: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165631: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165633: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165636: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:15:55.165639: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165642: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165645: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165647: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165650: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165653: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165655: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:15:55.165661: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165664: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165667: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165669: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165672: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165674: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165677: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:15:55.165680: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165683: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165686: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165688: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165691: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:15:55.165694: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165696: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:15:55.165699: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165702: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165705: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165707: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:15:55.165710: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:15:55.165713: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:15:55.165716: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:15:55.165718: | prop #: 4 (0x4) Sep 21 07:15:55.165721: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:15:55.165723: | spi size: 0 (0x0) Sep 21 07:15:55.165726: | # transforms: 13 (0xd) Sep 21 07:15:55.165729: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:15:55.165732: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:15:55.165735: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165737: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165740: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:15:55.165742: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:15:55.165745: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165748: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:15:55.165751: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:15:55.165753: | length/value: 128 (0x80) Sep 21 07:15:55.165756: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:15:55.165759: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165761: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165764: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:15:55.165766: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:15:55.165770: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165773: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165776: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165779: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165782: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165802: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:15:55.165805: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:15:55.165808: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165811: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165813: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165816: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165819: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165821: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:15:55.165824: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:15:55.165827: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165830: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165832: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165835: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165838: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165840: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:15:55.165843: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:15:55.165846: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165849: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165852: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165854: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165857: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165859: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165862: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:15:55.165865: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165868: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165871: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165873: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165876: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165879: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165881: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:15:55.165884: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165887: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165890: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165892: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165895: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165898: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165900: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:15:55.165903: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165908: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165911: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165913: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165916: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165918: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165921: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:15:55.165924: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165927: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165930: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165932: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165935: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165938: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165940: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:15:55.165943: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165946: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165949: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165951: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165954: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165957: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165959: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:15:55.165962: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165965: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165968: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165971: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165973: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165976: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165979: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:15:55.165982: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.165985: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.165987: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.165990: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.165993: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:15:55.165995: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.165998: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:15:55.166001: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.166004: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.166006: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.166009: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:15:55.166012: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:15:55.166016: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:15:55.166019: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:15:55.166022: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:15:55.166024: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:55.166027: | flags: none (0x0) Sep 21 07:15:55.166030: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:15:55.166033: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:15:55.166036: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:15:55.166040: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:15:55.166043: | ikev2 g^x 5f f1 ef 6e b2 6e e7 80 ab 1b 84 e1 5c c8 6b 1d Sep 21 07:15:55.166045: | ikev2 g^x b6 fc 2e 85 50 6a 9c 7e ab c1 b9 d6 77 81 28 46 Sep 21 07:15:55.166048: | ikev2 g^x 10 35 bc f4 bb a6 85 ef 6c 1a 44 54 d3 64 78 07 Sep 21 07:15:55.166050: | ikev2 g^x b4 40 f1 23 44 74 ed 2f 77 98 b4 a2 12 f0 82 f8 Sep 21 07:15:55.166053: | ikev2 g^x 90 6c 2a 27 5a 61 1b 95 2c 23 94 0a 7d 12 27 68 Sep 21 07:15:55.166055: | ikev2 g^x 2d 83 23 89 0c 4e d2 69 6f b7 96 48 e2 1a 74 c3 Sep 21 07:15:55.166058: | ikev2 g^x 11 50 3a c2 48 5b fc 44 f8 40 de e9 3d b3 01 33 Sep 21 07:15:55.166060: | ikev2 g^x 6c f2 2f ec a8 b9 75 12 d9 a0 b2 83 c1 c1 0a 27 Sep 21 07:15:55.166063: | ikev2 g^x 1c b9 73 9f 45 eb d3 b6 3d 40 30 2e 36 ac 5f 4b Sep 21 07:15:55.166065: | ikev2 g^x 48 7d 97 d1 e8 f0 6c 9a 31 df 49 09 97 db fc ad Sep 21 07:15:55.166068: | ikev2 g^x 93 6e f7 a7 d3 2b c5 a8 9b ae 6a cb 34 d9 ee 37 Sep 21 07:15:55.166070: | ikev2 g^x 06 29 35 06 c6 11 d6 d0 8c 4b 93 1c 1d 03 58 0a Sep 21 07:15:55.166073: | ikev2 g^x 40 20 aa 36 36 96 ce 60 42 62 82 ca f3 dd fa 58 Sep 21 07:15:55.166076: | ikev2 g^x f6 73 13 00 ab 0e 37 5c 14 94 6b 21 8f e9 a5 68 Sep 21 07:15:55.166078: | ikev2 g^x 3b 80 e6 d3 2c 84 12 cb 8e 3f 6b 9e c1 2a 5a 65 Sep 21 07:15:55.166080: | ikev2 g^x db e8 6d 4c 24 b8 62 25 f1 23 3f fd ec 6b e0 95 Sep 21 07:15:55.166083: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:15:55.166086: | ***emit IKEv2 Nonce Payload: Sep 21 07:15:55.166089: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:15:55.166180: | flags: none (0x0) Sep 21 07:15:55.166188: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:15:55.166192: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:15:55.166195: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:15:55.166199: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:15:55.166202: | IKEv2 nonce 43 7b 8a 14 b7 45 e8 ce b4 06 60 52 03 e6 ee 96 Sep 21 07:15:55.166205: | IKEv2 nonce 3b b7 e2 63 4e 96 70 2c c7 f7 9a 1b c1 9c 8b 3d Sep 21 07:15:55.166208: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:15:55.166210: | Adding a v2N Payload Sep 21 07:15:55.166213: | ***emit IKEv2 Notify Payload: Sep 21 07:15:55.166216: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:55.166219: | flags: none (0x0) Sep 21 07:15:55.166222: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:15:55.166225: | SPI size: 0 (0x0) Sep 21 07:15:55.166228: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:15:55.166232: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:15:55.166235: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:15:55.166237: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:15:55.166244: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:15:55.166247: | natd_hash: rcookie is zero Sep 21 07:15:55.166264: | natd_hash: hasher=0x562995f4b7a0(20) Sep 21 07:15:55.166267: | natd_hash: icookie= f7 f8 9a 6c 87 12 2b d5 Sep 21 07:15:55.166269: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:15:55.166272: | natd_hash: ip= c0 01 02 2d Sep 21 07:15:55.166274: | natd_hash: port= 01 f4 Sep 21 07:15:55.166277: | natd_hash: hash= df e1 82 da da 02 eb 9b eb a1 d8 d9 5c c1 d5 c1 Sep 21 07:15:55.166279: | natd_hash: hash= 71 1b a4 6a Sep 21 07:15:55.166282: | Adding a v2N Payload Sep 21 07:15:55.166285: | ***emit IKEv2 Notify Payload: Sep 21 07:15:55.166287: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:55.166290: | flags: none (0x0) Sep 21 07:15:55.166293: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:15:55.166295: | SPI size: 0 (0x0) Sep 21 07:15:55.166298: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:15:55.166301: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:15:55.166304: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:15:55.166308: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:15:55.166310: | Notify data df e1 82 da da 02 eb 9b eb a1 d8 d9 5c c1 d5 c1 Sep 21 07:15:55.166313: | Notify data 71 1b a4 6a Sep 21 07:15:55.166315: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:15:55.166318: | natd_hash: rcookie is zero Sep 21 07:15:55.166327: | natd_hash: hasher=0x562995f4b7a0(20) Sep 21 07:15:55.166330: | natd_hash: icookie= f7 f8 9a 6c 87 12 2b d5 Sep 21 07:15:55.166333: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:15:55.166335: | natd_hash: ip= c0 01 02 17 Sep 21 07:15:55.166338: | natd_hash: port= 01 f4 Sep 21 07:15:55.166341: | natd_hash: hash= 8a 8b 08 98 73 b3 64 a3 39 6b b8 2e 13 f8 50 27 Sep 21 07:15:55.166343: | natd_hash: hash= 53 9a d1 d8 Sep 21 07:15:55.166345: | Adding a v2N Payload Sep 21 07:15:55.166348: | ***emit IKEv2 Notify Payload: Sep 21 07:15:55.166351: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:55.166353: | flags: none (0x0) Sep 21 07:15:55.166356: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:15:55.166358: | SPI size: 0 (0x0) Sep 21 07:15:55.166361: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:15:55.166364: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:15:55.166367: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:15:55.166370: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:15:55.166373: | Notify data 8a 8b 08 98 73 b3 64 a3 39 6b b8 2e 13 f8 50 27 Sep 21 07:15:55.166375: | Notify data 53 9a d1 d8 Sep 21 07:15:55.166378: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:15:55.166381: | emitting length of ISAKMP Message: 828 Sep 21 07:15:55.166388: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:15:55.166400: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:15:55.166405: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:15:55.166408: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:15:55.166411: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:15:55.166414: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:15:55.166417: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:15:55.166423: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:15:55.166428: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:15:55.166440: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:15:55.166451: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:15:55.166454: | f7 f8 9a 6c 87 12 2b d5 00 00 00 00 00 00 00 00 Sep 21 07:15:55.166457: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:15:55.166459: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:15:55.166462: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:15:55.166464: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:15:55.166467: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:15:55.166469: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:15:55.166472: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:15:55.166474: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:15:55.166477: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:15:55.166479: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:15:55.166482: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:15:55.166484: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:15:55.166487: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:15:55.166489: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:15:55.166491: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:15:55.166494: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:15:55.166496: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:15:55.166499: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:15:55.166502: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:15:55.166504: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:15:55.166506: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:15:55.166509: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:15:55.166512: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:15:55.166514: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:15:55.166516: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:15:55.166519: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:15:55.166521: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:15:55.166524: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:15:55.166526: | 28 00 01 08 00 0e 00 00 5f f1 ef 6e b2 6e e7 80 Sep 21 07:15:55.166529: | ab 1b 84 e1 5c c8 6b 1d b6 fc 2e 85 50 6a 9c 7e Sep 21 07:15:55.166531: | ab c1 b9 d6 77 81 28 46 10 35 bc f4 bb a6 85 ef Sep 21 07:15:55.166534: | 6c 1a 44 54 d3 64 78 07 b4 40 f1 23 44 74 ed 2f Sep 21 07:15:55.166536: | 77 98 b4 a2 12 f0 82 f8 90 6c 2a 27 5a 61 1b 95 Sep 21 07:15:55.166539: | 2c 23 94 0a 7d 12 27 68 2d 83 23 89 0c 4e d2 69 Sep 21 07:15:55.166541: | 6f b7 96 48 e2 1a 74 c3 11 50 3a c2 48 5b fc 44 Sep 21 07:15:55.166544: | f8 40 de e9 3d b3 01 33 6c f2 2f ec a8 b9 75 12 Sep 21 07:15:55.166546: | d9 a0 b2 83 c1 c1 0a 27 1c b9 73 9f 45 eb d3 b6 Sep 21 07:15:55.166549: | 3d 40 30 2e 36 ac 5f 4b 48 7d 97 d1 e8 f0 6c 9a Sep 21 07:15:55.166552: | 31 df 49 09 97 db fc ad 93 6e f7 a7 d3 2b c5 a8 Sep 21 07:15:55.166554: | 9b ae 6a cb 34 d9 ee 37 06 29 35 06 c6 11 d6 d0 Sep 21 07:15:55.166557: | 8c 4b 93 1c 1d 03 58 0a 40 20 aa 36 36 96 ce 60 Sep 21 07:15:55.166559: | 42 62 82 ca f3 dd fa 58 f6 73 13 00 ab 0e 37 5c Sep 21 07:15:55.166562: | 14 94 6b 21 8f e9 a5 68 3b 80 e6 d3 2c 84 12 cb Sep 21 07:15:55.166564: | 8e 3f 6b 9e c1 2a 5a 65 db e8 6d 4c 24 b8 62 25 Sep 21 07:15:55.166567: | f1 23 3f fd ec 6b e0 95 29 00 00 24 43 7b 8a 14 Sep 21 07:15:55.166569: | b7 45 e8 ce b4 06 60 52 03 e6 ee 96 3b b7 e2 63 Sep 21 07:15:55.166573: | 4e 96 70 2c c7 f7 9a 1b c1 9c 8b 3d 29 00 00 08 Sep 21 07:15:55.166576: | 00 00 40 2e 29 00 00 1c 00 00 40 04 df e1 82 da Sep 21 07:15:55.166578: | da 02 eb 9b eb a1 d8 d9 5c c1 d5 c1 71 1b a4 6a Sep 21 07:15:55.166581: | 00 00 00 1c 00 00 40 05 8a 8b 08 98 73 b3 64 a3 Sep 21 07:15:55.166583: | 39 6b b8 2e 13 f8 50 27 53 9a d1 d8 Sep 21 07:15:55.166623: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:15:55.166629: | libevent_free: release ptr-libevent@0x562996536470 Sep 21 07:15:55.166632: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x562996536430 Sep 21 07:15:55.166635: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:15:55.166639: | event_schedule: new EVENT_RETRANSMIT-pe@0x562996536430 Sep 21 07:15:55.166643: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:15:55.166647: | libevent_malloc: new ptr-libevent@0x562996536470 size 128 Sep 21 07:15:55.166653: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48801.534903 Sep 21 07:15:55.166656: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:15:55.166662: | #1 spent 1.68 milliseconds in resume sending helper answer Sep 21 07:15:55.166668: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:15:55.166671: | libevent_free: release ptr-libevent@0x7f713c006900 Sep 21 07:15:55.169793: | spent 0.00276 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:15:55.169810: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:15:55.169813: | f7 f8 9a 6c 87 12 2b d5 e5 72 09 dd be df 06 a8 Sep 21 07:15:55.169816: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:15:55.169818: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:15:55.169820: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:15:55.169822: | 04 00 00 0e 28 00 01 08 00 0e 00 00 6c 95 22 3f Sep 21 07:15:55.169824: | 0b b3 6b 16 f3 f1 d0 43 6b 3c 29 4f 47 c9 e2 2a Sep 21 07:15:55.169826: | de e8 7f 65 4d 79 86 4f d9 10 3e d0 ea 39 46 df Sep 21 07:15:55.169829: | 5b 06 f6 9f 6d ab 0b 43 52 d4 3b 00 51 e8 e7 83 Sep 21 07:15:55.169831: | 5c 0a 42 a1 5c a1 86 65 8c 1d d5 5e e4 2e 97 02 Sep 21 07:15:55.169833: | 39 e1 fc 0d 56 1f df b9 3c 81 ca 76 fc 5b 46 b8 Sep 21 07:15:55.169835: | ff e1 81 93 80 e7 8d 4c f2 31 7a f8 30 f5 2a 87 Sep 21 07:15:55.169837: | 43 2d ad da 3c 10 68 92 bf d2 04 89 39 b9 f7 ff Sep 21 07:15:55.169839: | c4 d2 79 1d f3 26 34 4a 61 0a b4 2d 81 ef 87 24 Sep 21 07:15:55.169842: | be e3 23 dc f1 06 21 4e a7 58 e5 0e 01 bc 3a 9c Sep 21 07:15:55.169844: | 6e 90 b5 fa e2 89 ca c9 01 c2 de 9c a5 12 3f 0e Sep 21 07:15:55.169846: | 41 4c 86 35 d2 a8 73 51 82 31 ac 08 0d ce e8 20 Sep 21 07:15:55.169848: | e4 59 80 eb 77 38 29 d5 f1 3a de a5 a3 1e bd e6 Sep 21 07:15:55.169850: | f8 11 d5 08 b8 10 30 0b 93 79 d2 a5 9b 5d 4a 42 Sep 21 07:15:55.169852: | 0d 7f 36 c4 72 8d fb ee e2 f5 0b 3b f5 76 c6 3b Sep 21 07:15:55.169855: | 04 da 7f 6c c7 4e f6 c5 6f c1 8d 92 c4 0a f8 1f Sep 21 07:15:55.169857: | af ca 6d e3 02 04 f8 16 7c b1 a0 60 29 00 00 24 Sep 21 07:15:55.169859: | de 20 2d 25 da 27 ec 98 6f 10 9f 0d 5a 7a 13 ec Sep 21 07:15:55.169861: | e4 e7 c4 3c 13 03 6e fe 98 79 85 7e 59 35 cc 57 Sep 21 07:15:55.169863: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:15:55.169865: | 4e 49 b8 fa 6c cd cc d5 b8 25 f0 43 23 44 cc 3a Sep 21 07:15:55.169868: | 7d 7d b0 f1 00 00 00 1c 00 00 40 05 fb 34 f4 23 Sep 21 07:15:55.169870: | 79 ee ab de 4c f7 33 a6 42 bb af bd 3c 4e ea be Sep 21 07:15:55.169874: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:15:55.169877: | **parse ISAKMP Message: Sep 21 07:15:55.169881: | initiator cookie: Sep 21 07:15:55.169884: | f7 f8 9a 6c 87 12 2b d5 Sep 21 07:15:55.169886: | responder cookie: Sep 21 07:15:55.169888: | e5 72 09 dd be df 06 a8 Sep 21 07:15:55.169890: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:15:55.169893: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:15:55.169895: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:15:55.169898: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:15:55.169900: | Message ID: 0 (0x0) Sep 21 07:15:55.169903: | length: 432 (0x1b0) Sep 21 07:15:55.169905: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:15:55.169908: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:15:55.169912: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:15:55.169917: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:15:55.169922: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:15:55.169924: | #1 is idle Sep 21 07:15:55.169926: | #1 idle Sep 21 07:15:55.169929: | unpacking clear payload Sep 21 07:15:55.169931: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:15:55.169934: | ***parse IKEv2 Security Association Payload: Sep 21 07:15:55.169936: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:15:55.169938: | flags: none (0x0) Sep 21 07:15:55.169941: | length: 40 (0x28) Sep 21 07:15:55.169943: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:15:55.169946: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:15:55.169948: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:15:55.169950: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:15:55.169953: | flags: none (0x0) Sep 21 07:15:55.169955: | length: 264 (0x108) Sep 21 07:15:55.169957: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:15:55.169960: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:15:55.169962: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:15:55.169964: | ***parse IKEv2 Nonce Payload: Sep 21 07:15:55.169967: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:15:55.169969: | flags: none (0x0) Sep 21 07:15:55.169971: | length: 36 (0x24) Sep 21 07:15:55.169973: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:15:55.169976: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:15:55.169978: | ***parse IKEv2 Notify Payload: Sep 21 07:15:55.169980: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:15:55.169983: | flags: none (0x0) Sep 21 07:15:55.169985: | length: 8 (0x8) Sep 21 07:15:55.169987: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:15:55.169990: | SPI size: 0 (0x0) Sep 21 07:15:55.169992: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:15:55.169995: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:15:55.169997: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:15:55.169999: | ***parse IKEv2 Notify Payload: Sep 21 07:15:55.170001: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:15:55.170004: | flags: none (0x0) Sep 21 07:15:55.170006: | length: 28 (0x1c) Sep 21 07:15:55.170008: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:15:55.170010: | SPI size: 0 (0x0) Sep 21 07:15:55.170013: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:15:55.170015: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:15:55.170017: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:15:55.170020: | ***parse IKEv2 Notify Payload: Sep 21 07:15:55.170022: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:55.170024: | flags: none (0x0) Sep 21 07:15:55.170026: | length: 28 (0x1c) Sep 21 07:15:55.170029: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:15:55.170031: | SPI size: 0 (0x0) Sep 21 07:15:55.170034: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:15:55.170037: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:15:55.170039: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:15:55.170044: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:15:55.170047: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:15:55.170049: | Now let's proceed with state specific processing Sep 21 07:15:55.170051: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:15:55.170055: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:15:55.170071: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:15:55.170074: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:15:55.170078: | local proposal 1 type ENCR has 1 transforms Sep 21 07:15:55.170080: | local proposal 1 type PRF has 2 transforms Sep 21 07:15:55.170082: | local proposal 1 type INTEG has 1 transforms Sep 21 07:15:55.170085: | local proposal 1 type DH has 8 transforms Sep 21 07:15:55.170087: | local proposal 1 type ESN has 0 transforms Sep 21 07:15:55.170090: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:15:55.170134: | local proposal 2 type ENCR has 1 transforms Sep 21 07:15:55.170137: | local proposal 2 type PRF has 2 transforms Sep 21 07:15:55.170140: | local proposal 2 type INTEG has 1 transforms Sep 21 07:15:55.170143: | local proposal 2 type DH has 8 transforms Sep 21 07:15:55.170145: | local proposal 2 type ESN has 0 transforms Sep 21 07:15:55.170148: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:15:55.170151: | local proposal 3 type ENCR has 1 transforms Sep 21 07:15:55.170153: | local proposal 3 type PRF has 2 transforms Sep 21 07:15:55.170156: | local proposal 3 type INTEG has 2 transforms Sep 21 07:15:55.170158: | local proposal 3 type DH has 8 transforms Sep 21 07:15:55.170161: | local proposal 3 type ESN has 0 transforms Sep 21 07:15:55.170164: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:15:55.170166: | local proposal 4 type ENCR has 1 transforms Sep 21 07:15:55.170169: | local proposal 4 type PRF has 2 transforms Sep 21 07:15:55.170171: | local proposal 4 type INTEG has 2 transforms Sep 21 07:15:55.170173: | local proposal 4 type DH has 8 transforms Sep 21 07:15:55.170176: | local proposal 4 type ESN has 0 transforms Sep 21 07:15:55.170179: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:15:55.170181: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:15:55.170184: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:15:55.170186: | length: 36 (0x24) Sep 21 07:15:55.170189: | prop #: 1 (0x1) Sep 21 07:15:55.170191: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:15:55.170193: | spi size: 0 (0x0) Sep 21 07:15:55.170196: | # transforms: 3 (0x3) Sep 21 07:15:55.170199: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:15:55.170202: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:15:55.170204: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.170207: | length: 12 (0xc) Sep 21 07:15:55.170211: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:15:55.170214: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:15:55.170216: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:15:55.170219: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:15:55.170221: | length/value: 256 (0x100) Sep 21 07:15:55.170225: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:15:55.170228: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:15:55.170231: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.170233: | length: 8 (0x8) Sep 21 07:15:55.170235: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:15:55.170238: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:15:55.170241: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:15:55.170244: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:15:55.170246: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:15:55.170249: | length: 8 (0x8) Sep 21 07:15:55.170251: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:55.170253: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:15:55.170257: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:15:55.170260: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:15:55.170265: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:15:55.170267: | remote proposal 1 matches local proposal 1 Sep 21 07:15:55.170270: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:15:55.170273: | converting proposal to internal trans attrs Sep 21 07:15:55.170284: | natd_hash: hasher=0x562995f4b7a0(20) Sep 21 07:15:55.170287: | natd_hash: icookie= f7 f8 9a 6c 87 12 2b d5 Sep 21 07:15:55.170289: | natd_hash: rcookie= e5 72 09 dd be df 06 a8 Sep 21 07:15:55.170291: | natd_hash: ip= c0 01 02 2d Sep 21 07:15:55.170293: | natd_hash: port= 01 f4 Sep 21 07:15:55.170295: | natd_hash: hash= fb 34 f4 23 79 ee ab de 4c f7 33 a6 42 bb af bd Sep 21 07:15:55.170298: | natd_hash: hash= 3c 4e ea be Sep 21 07:15:55.170303: | natd_hash: hasher=0x562995f4b7a0(20) Sep 21 07:15:55.170306: | natd_hash: icookie= f7 f8 9a 6c 87 12 2b d5 Sep 21 07:15:55.170308: | natd_hash: rcookie= e5 72 09 dd be df 06 a8 Sep 21 07:15:55.170310: | natd_hash: ip= c0 01 02 17 Sep 21 07:15:55.170312: | natd_hash: port= 01 f4 Sep 21 07:15:55.170315: | natd_hash: hash= 4e 49 b8 fa 6c cd cc d5 b8 25 f0 43 23 44 cc 3a Sep 21 07:15:55.170317: | natd_hash: hash= 7d 7d b0 f1 Sep 21 07:15:55.170319: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:15:55.170321: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:15:55.170324: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:15:55.170327: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:15:55.170330: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:15:55.170333: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:15:55.170336: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:15:55.170339: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:15:55.170342: | libevent_free: release ptr-libevent@0x562996536470 Sep 21 07:15:55.170345: | free_event_entry: release EVENT_RETRANSMIT-pe@0x562996536430 Sep 21 07:15:55.170347: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x562996536430 Sep 21 07:15:55.170351: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:15:55.170354: | libevent_malloc: new ptr-libevent@0x562996536470 size 128 Sep 21 07:15:55.170363: | #1 spent 0.281 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:15:55.170368: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:15:55.170370: | crypto helper 2 resuming Sep 21 07:15:55.170377: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:15:55.170392: | suspending state #1 and saving MD Sep 21 07:15:55.170396: | #1 is busy; has a suspended MD Sep 21 07:15:55.170387: | crypto helper 2 starting work-order 2 for state #1 Sep 21 07:15:55.170402: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:15:55.170407: | crypto helper 2 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:15:55.170413: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:15:55.170424: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:15:55.170429: | #1 spent 0.594 milliseconds in ikev2_process_packet() Sep 21 07:15:55.170433: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:15:55.170436: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:15:55.170438: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:15:55.170442: | spent 0.608 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:15:55.171382: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:15:55.171818: | crypto helper 2 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.00141 seconds Sep 21 07:15:55.171827: | (#1) spent 1.41 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:15:55.171830: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Sep 21 07:15:55.171832: | scheduling resume sending helper answer for #1 Sep 21 07:15:55.171836: | libevent_malloc: new ptr-libevent@0x7f7134006b90 size 128 Sep 21 07:15:55.171843: | crypto helper 2 waiting (nothing to do) Sep 21 07:15:55.171852: | processing resume sending helper answer for #1 Sep 21 07:15:55.171862: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:15:55.171867: | crypto helper 2 replies to request ID 2 Sep 21 07:15:55.171870: | calling continuation function 0x562995e75630 Sep 21 07:15:55.171873: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:15:55.171881: | creating state object #2 at 0x562996538d70 Sep 21 07:15:55.171884: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:15:55.171888: | pstats #2 ikev2.child started Sep 21 07:15:55.171892: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Sep 21 07:15:55.171897: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:15:55.171904: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:15:55.171909: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:15:55.171913: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:15:55.171916: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:15:55.171920: | libevent_free: release ptr-libevent@0x562996536470 Sep 21 07:15:55.171923: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x562996536430 Sep 21 07:15:55.171926: | event_schedule: new EVENT_SA_REPLACE-pe@0x562996536430 Sep 21 07:15:55.171929: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:15:55.171932: | libevent_malloc: new ptr-libevent@0x562996536470 size 128 Sep 21 07:15:55.171938: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:15:55.171945: | **emit ISAKMP Message: Sep 21 07:15:55.171948: | initiator cookie: Sep 21 07:15:55.171950: | f7 f8 9a 6c 87 12 2b d5 Sep 21 07:15:55.171953: | responder cookie: Sep 21 07:15:55.171956: | e5 72 09 dd be df 06 a8 Sep 21 07:15:55.171958: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:15:55.171961: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:15:55.171964: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:15:55.171967: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:15:55.171969: | Message ID: 1 (0x1) Sep 21 07:15:55.171972: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:15:55.171975: | ***emit IKEv2 Encryption Payload: Sep 21 07:15:55.171978: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:55.171980: | flags: none (0x0) Sep 21 07:15:55.171983: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:15:55.171986: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:15:55.171990: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:15:55.171997: | IKEv2 CERT: send a certificate? Sep 21 07:15:55.172000: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Sep 21 07:15:55.172003: | IDr payload will be sent Sep 21 07:15:55.172020: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:15:55.172023: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:55.172025: | flags: none (0x0) Sep 21 07:15:55.172028: | ID type: ID_FQDN (0x2) Sep 21 07:15:55.172031: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:15:55.172034: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:15:55.172038: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:15:55.172040: | my identity 77 65 73 74 Sep 21 07:15:55.172043: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Sep 21 07:15:55.172052: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:15:55.172055: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:15:55.172058: | flags: none (0x0) Sep 21 07:15:55.172060: | ID type: ID_FQDN (0x2) Sep 21 07:15:55.172063: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:15:55.172066: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:15:55.172069: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:15:55.172072: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:15:55.172074: | IDr 65 61 73 74 Sep 21 07:15:55.172077: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:15:55.172079: | not sending INITIAL_CONTACT Sep 21 07:15:55.172082: | ****emit IKEv2 Authentication Payload: Sep 21 07:15:55.172084: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:55.172087: | flags: none (0x0) Sep 21 07:15:55.172089: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:15:55.172092: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:15:55.172095: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:15:55.172098: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Sep 21 07:15:55.172104: | started looking for secret for @west->@east of kind PKK_PSK Sep 21 07:15:55.172108: | actually looking for secret for @west->@east of kind PKK_PSK Sep 21 07:15:55.172111: | line 1: key type PKK_PSK(@west) to type PKK_PSK Sep 21 07:15:55.172115: | 1: compared key @east to @west / @east -> 004 Sep 21 07:15:55.172118: | 2: compared key @west to @west / @east -> 014 Sep 21 07:15:55.172120: | line 1: match=014 Sep 21 07:15:55.172123: | match 014 beats previous best_match 000 match=0x562996527570 (line=1) Sep 21 07:15:55.172126: | concluding with best_match=014 best=0x562996527570 (lineno=1) Sep 21 07:15:55.172196: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Sep 21 07:15:55.172201: | PSK auth 65 8d d7 e8 e4 bb 28 5f e2 ac 14 6a 09 55 03 08 Sep 21 07:15:55.172203: | PSK auth 5f 00 cd 88 59 27 70 59 5d 6e 51 78 a3 9c e9 fa Sep 21 07:15:55.172206: | PSK auth 12 3b 51 b4 76 6d 04 09 32 a3 26 93 58 30 ae 86 Sep 21 07:15:55.172208: | PSK auth 63 a6 d4 78 9a 80 4c 79 9e a0 b7 e9 6f ee b7 a1 Sep 21 07:15:55.172211: | emitting length of IKEv2 Authentication Payload: 72 Sep 21 07:15:55.172214: | getting first pending from state #1 Sep 21 07:15:55.172235: | netlink_get_spi: allocated 0x52ad1db7 for esp.0@192.1.2.45 Sep 21 07:15:55.172240: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:15:55.172246: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:15:55.172252: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:15:55.172255: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:15:55.172259: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:15:55.172262: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:15:55.172266: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:15:55.172269: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:15:55.172273: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:15:55.172281: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:15:55.172292: | Emitting ikev2_proposals ... Sep 21 07:15:55.172295: | ****emit IKEv2 Security Association Payload: Sep 21 07:15:55.172298: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:55.172300: | flags: none (0x0) Sep 21 07:15:55.172304: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:15:55.172307: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:15:55.172309: | discarding INTEG=NONE Sep 21 07:15:55.172312: | discarding DH=NONE Sep 21 07:15:55.172314: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:15:55.172317: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:15:55.172320: | prop #: 1 (0x1) Sep 21 07:15:55.172322: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:15:55.172324: | spi size: 4 (0x4) Sep 21 07:15:55.172327: | # transforms: 2 (0x2) Sep 21 07:15:55.172330: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:15:55.172333: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:15:55.172335: | our spi 52 ad 1d b7 Sep 21 07:15:55.172340: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.172343: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.172345: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:15:55.172348: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:15:55.172351: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.172354: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:15:55.172356: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:15:55.172359: | length/value: 256 (0x100) Sep 21 07:15:55.172362: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:15:55.172364: | discarding INTEG=NONE Sep 21 07:15:55.172366: | discarding DH=NONE Sep 21 07:15:55.172369: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.172371: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:15:55.172374: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:15:55.172376: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:15:55.172379: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.172382: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.172385: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.172387: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:15:55.172390: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:15:55.172392: | discarding INTEG=NONE Sep 21 07:15:55.172394: | discarding DH=NONE Sep 21 07:15:55.172397: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:15:55.172399: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:15:55.172401: | prop #: 2 (0x2) Sep 21 07:15:55.172403: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:15:55.172406: | spi size: 4 (0x4) Sep 21 07:15:55.172408: | # transforms: 2 (0x2) Sep 21 07:15:55.172411: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:15:55.172413: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:15:55.172416: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:15:55.172418: | our spi 52 ad 1d b7 Sep 21 07:15:55.172421: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.172423: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.172425: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:15:55.172428: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:15:55.172430: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.172433: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:15:55.172435: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:15:55.172438: | length/value: 128 (0x80) Sep 21 07:15:55.172440: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:15:55.172442: | discarding INTEG=NONE Sep 21 07:15:55.172444: | discarding DH=NONE Sep 21 07:15:55.172447: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.172449: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:15:55.172452: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:15:55.172454: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:15:55.172457: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.172459: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.172464: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.172466: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:15:55.172469: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:15:55.172471: | discarding DH=NONE Sep 21 07:15:55.172474: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:15:55.172476: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:15:55.172478: | prop #: 3 (0x3) Sep 21 07:15:55.172481: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:15:55.172483: | spi size: 4 (0x4) Sep 21 07:15:55.172485: | # transforms: 4 (0x4) Sep 21 07:15:55.172488: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:15:55.172491: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:15:55.172494: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:15:55.172496: | our spi 52 ad 1d b7 Sep 21 07:15:55.172499: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.172502: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.172504: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:15:55.172507: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:15:55.172510: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.172512: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:15:55.172515: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:15:55.172517: | length/value: 256 (0x100) Sep 21 07:15:55.172520: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:15:55.172522: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.172525: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.172527: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:15:55.172529: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:15:55.172532: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.172535: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.172537: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.172539: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.172542: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.172544: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:15:55.172546: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:15:55.172549: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.172552: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.172554: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.172556: | discarding DH=NONE Sep 21 07:15:55.172558: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.172561: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:15:55.172563: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:15:55.172565: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:15:55.172568: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.172571: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.172574: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.172577: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:15:55.172580: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:15:55.172582: | discarding DH=NONE Sep 21 07:15:55.172585: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:15:55.172587: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:15:55.172589: | prop #: 4 (0x4) Sep 21 07:15:55.172592: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:15:55.172594: | spi size: 4 (0x4) Sep 21 07:15:55.172596: | # transforms: 4 (0x4) Sep 21 07:15:55.172599: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:15:55.172602: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:15:55.172604: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:15:55.172607: | our spi 52 ad 1d b7 Sep 21 07:15:55.172609: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.172611: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.172614: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:15:55.172616: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:15:55.172619: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.172621: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:15:55.172624: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:15:55.172626: | length/value: 128 (0x80) Sep 21 07:15:55.172628: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:15:55.172631: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.172633: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.172635: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:15:55.172638: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:15:55.172640: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.172643: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.172645: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.172648: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.172650: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.172652: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:15:55.172655: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:15:55.172658: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.172660: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.172663: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.172665: | discarding DH=NONE Sep 21 07:15:55.172667: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:15:55.172669: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:15:55.172672: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:15:55.172674: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:15:55.172677: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.172680: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:55.172682: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:55.172685: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:15:55.172688: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:15:55.172691: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:15:55.172694: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:15:55.172697: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:15:55.172700: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:55.172702: | flags: none (0x0) Sep 21 07:15:55.172705: | number of TS: 1 (0x1) Sep 21 07:15:55.172708: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:15:55.172711: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:15:55.172713: | *****emit IKEv2 Traffic Selector: Sep 21 07:15:55.172715: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:15:55.172718: | IP Protocol ID: 0 (0x0) Sep 21 07:15:55.172720: | start port: 0 (0x0) Sep 21 07:15:55.172722: | end port: 65535 (0xffff) Sep 21 07:15:55.172726: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:15:55.172728: | IP start c0 00 01 00 Sep 21 07:15:55.172730: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:15:55.172732: | IP end c0 00 01 ff Sep 21 07:15:55.172735: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:15:55.172737: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:15:55.172740: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:15:55.172742: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:55.172744: | flags: none (0x0) Sep 21 07:15:55.172747: | number of TS: 1 (0x1) Sep 21 07:15:55.172750: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:15:55.172753: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:15:55.172755: | *****emit IKEv2 Traffic Selector: Sep 21 07:15:55.172757: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:15:55.172760: | IP Protocol ID: 0 (0x0) Sep 21 07:15:55.172762: | start port: 0 (0x0) Sep 21 07:15:55.172764: | end port: 65535 (0xffff) Sep 21 07:15:55.172767: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:15:55.172769: | IP start c0 00 02 00 Sep 21 07:15:55.172771: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:15:55.172773: | IP end c0 00 02 ff Sep 21 07:15:55.172776: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:15:55.172778: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:15:55.172781: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:15:55.172787: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:15:55.172794: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:15:55.172797: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:15:55.172800: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:15:55.172803: | emitting length of IKEv2 Encryption Payload: 337 Sep 21 07:15:55.172805: | emitting length of ISAKMP Message: 365 Sep 21 07:15:55.172821: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:15:55.172826: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:15:55.172830: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:15:55.172835: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:15:55.172839: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:15:55.172841: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:15:55.172847: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:15:55.172852: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:15:55.172856: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:15:55.172866: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:15:55.172871: | sending 365 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:15:55.172874: | f7 f8 9a 6c 87 12 2b d5 e5 72 09 dd be df 06 a8 Sep 21 07:15:55.172876: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Sep 21 07:15:55.172879: | e1 12 7a be c7 b9 6f a9 b6 60 09 20 00 75 4b 37 Sep 21 07:15:55.172881: | 7b 2a 53 ba 1d 47 9b 86 5a 6f e5 52 2c 2b 09 05 Sep 21 07:15:55.172883: | 17 33 1d b4 45 a0 ca b5 aa 3a f3 67 99 6c ee e2 Sep 21 07:15:55.172885: | 98 5b 23 a2 44 df a4 7c 23 ae 0e ae 9a ce 5f 3b Sep 21 07:15:55.172888: | c5 d0 a3 bb 29 29 1b ff 29 12 86 ef 5d 32 68 40 Sep 21 07:15:55.172890: | 9f 82 b9 a9 ec d9 c3 e8 e0 b6 3a bd 42 47 82 f6 Sep 21 07:15:55.172892: | e3 91 f5 6e 7b 3f de 89 da b0 17 df 82 ff 6c 0a Sep 21 07:15:55.172894: | 13 3b 1a 13 68 4e e1 06 7e 12 33 f9 96 78 27 5b Sep 21 07:15:55.172896: | 72 de 3e 23 ae a0 a1 02 17 c5 3e 2b b5 11 89 6e Sep 21 07:15:55.172899: | 83 b3 99 db 15 b4 23 2c 0a 0c 78 04 8c 87 9f 46 Sep 21 07:15:55.172901: | 21 4a 57 14 3b 93 5d 58 15 8d b8 fd bb b2 7c 64 Sep 21 07:15:55.172903: | 7c f1 95 4e ef aa 91 c6 50 99 c5 cb 5c ea c8 e0 Sep 21 07:15:55.172905: | 99 27 dc 65 a8 85 be 54 57 a7 5c 34 03 b2 f5 7e Sep 21 07:15:55.172907: | 2c 32 8c 6d 0f 86 07 8a 2e aa fc 07 d7 44 bb 7a Sep 21 07:15:55.172909: | 5d e1 c8 a2 ec a6 cb c9 ce c6 04 7c ba 2a 24 43 Sep 21 07:15:55.172911: | c0 71 9c 73 b0 c3 34 df 67 d8 f4 cb 61 ad 5d e5 Sep 21 07:15:55.172914: | 12 a2 87 30 b7 94 c4 0c 28 cf ce 18 cf ef 71 e7 Sep 21 07:15:55.172916: | 3d 27 a0 dc 92 54 c9 26 c1 a9 97 83 0c 41 1e e0 Sep 21 07:15:55.172918: | 07 2d 23 6c fb 9d d0 83 4f fe b1 b1 c7 02 16 da Sep 21 07:15:55.172920: | f5 15 ab ef 1b 26 a8 a0 4d 88 91 3f f2 a0 3b 67 Sep 21 07:15:55.172922: | 9e f4 cf 48 a1 af 26 1f 1a 70 45 1a 10 Sep 21 07:15:55.172954: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:15:55.172959: | event_schedule: new EVENT_RETRANSMIT-pe@0x5629965361b0 Sep 21 07:15:55.172963: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Sep 21 07:15:55.172966: | libevent_malloc: new ptr-libevent@0x562996536290 size 128 Sep 21 07:15:55.172970: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48801.541223 Sep 21 07:15:55.172974: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:15:55.172980: | #1 spent 1.09 milliseconds in resume sending helper answer Sep 21 07:15:55.172985: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:15:55.172988: | libevent_free: release ptr-libevent@0x7f7134006b90 Sep 21 07:15:55.220327: | spent 0.00262 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:15:55.220350: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:15:55.220357: | f7 f8 9a 6c 87 12 2b d5 e5 72 09 dd be df 06 a8 Sep 21 07:15:55.220360: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Sep 21 07:15:55.220362: | 31 0e 94 30 20 5d d6 e5 9a f4 be b2 d2 8c e9 de Sep 21 07:15:55.220365: | 5d 34 93 28 b8 b1 81 70 87 b0 98 0e ed b5 ab c3 Sep 21 07:15:55.220367: | e7 b9 81 c9 44 5c 32 c5 3e d6 d7 a8 88 3a 2c 50 Sep 21 07:15:55.220370: | 44 be b3 69 b5 68 28 3d d5 41 04 3e c8 05 24 ec Sep 21 07:15:55.220372: | 6f b2 c9 7b fc c8 c2 33 04 f7 51 b8 f5 46 c8 0e Sep 21 07:15:55.220375: | c7 32 20 65 28 96 82 54 80 10 5a b3 94 a0 e6 6e Sep 21 07:15:55.220377: | 1e 6a b2 6c 6a ab 3e a9 4d c3 02 57 91 3d 92 ca Sep 21 07:15:55.220380: | 6a 57 10 e7 9a e9 97 5b 88 e2 e4 65 3f d2 ce 47 Sep 21 07:15:55.220382: | 5b 9e 9d 0e f5 82 f5 f3 2a 60 ae a6 df b2 18 2d Sep 21 07:15:55.220385: | 30 d4 be 68 9c 36 5c 9b 09 62 07 e3 0e 1f 6a c0 Sep 21 07:15:55.220387: | a5 34 26 11 45 23 43 cf c6 52 2c 98 91 6b 2f 0b Sep 21 07:15:55.220390: | 31 20 ec 56 22 c7 02 51 14 d8 1d 6a 31 0e 69 3f Sep 21 07:15:55.220392: | fb Sep 21 07:15:55.220397: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:15:55.220401: | **parse ISAKMP Message: Sep 21 07:15:55.220404: | initiator cookie: Sep 21 07:15:55.220407: | f7 f8 9a 6c 87 12 2b d5 Sep 21 07:15:55.220410: | responder cookie: Sep 21 07:15:55.220412: | e5 72 09 dd be df 06 a8 Sep 21 07:15:55.220415: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:15:55.220418: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:15:55.220421: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:15:55.220424: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:15:55.220427: | Message ID: 1 (0x1) Sep 21 07:15:55.220429: | length: 225 (0xe1) Sep 21 07:15:55.220432: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:15:55.220436: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:15:55.220441: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:15:55.220447: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:15:55.220451: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:15:55.220456: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:15:55.220460: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:15:55.220463: | #2 is idle Sep 21 07:15:55.220466: | #2 idle Sep 21 07:15:55.220468: | unpacking clear payload Sep 21 07:15:55.220471: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:15:55.220474: | ***parse IKEv2 Encryption Payload: Sep 21 07:15:55.220477: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:15:55.220480: | flags: none (0x0) Sep 21 07:15:55.220483: | length: 197 (0xc5) Sep 21 07:15:55.220485: | processing payload: ISAKMP_NEXT_v2SK (len=193) Sep 21 07:15:55.220488: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:15:55.220503: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:15:55.220506: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:15:55.220510: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:15:55.220512: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:15:55.220515: | flags: none (0x0) Sep 21 07:15:55.220517: | length: 12 (0xc) Sep 21 07:15:55.220520: | ID type: ID_FQDN (0x2) Sep 21 07:15:55.220523: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:15:55.220526: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:15:55.220529: | **parse IKEv2 Authentication Payload: Sep 21 07:15:55.220531: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:15:55.220534: | flags: none (0x0) Sep 21 07:15:55.220538: | length: 72 (0x48) Sep 21 07:15:55.220541: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:15:55.220543: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Sep 21 07:15:55.220546: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:15:55.220548: | **parse IKEv2 Security Association Payload: Sep 21 07:15:55.220551: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:15:55.220554: | flags: none (0x0) Sep 21 07:15:55.220556: | length: 36 (0x24) Sep 21 07:15:55.220559: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:15:55.220561: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:15:55.220564: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:15:55.220567: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:15:55.220569: | flags: none (0x0) Sep 21 07:15:55.220572: | length: 24 (0x18) Sep 21 07:15:55.220574: | number of TS: 1 (0x1) Sep 21 07:15:55.220577: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:15:55.220580: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:15:55.220582: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:15:55.220585: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:55.220587: | flags: none (0x0) Sep 21 07:15:55.220590: | length: 24 (0x18) Sep 21 07:15:55.220592: | number of TS: 1 (0x1) Sep 21 07:15:55.220595: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:15:55.220598: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:15:55.220601: | Now let's proceed with state specific processing Sep 21 07:15:55.220603: | calling processor Initiator: process IKE_AUTH response Sep 21 07:15:55.220609: | offered CA: '%none' Sep 21 07:15:55.220614: "westnet-eastnet-ipv4-psk-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:15:55.220649: | verifying AUTH payload Sep 21 07:15:55.220654: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Sep 21 07:15:55.220658: | started looking for secret for @west->@east of kind PKK_PSK Sep 21 07:15:55.220661: | actually looking for secret for @west->@east of kind PKK_PSK Sep 21 07:15:55.220665: | line 1: key type PKK_PSK(@west) to type PKK_PSK Sep 21 07:15:55.220669: | 1: compared key @east to @west / @east -> 004 Sep 21 07:15:55.220672: | 2: compared key @west to @west / @east -> 014 Sep 21 07:15:55.220675: | line 1: match=014 Sep 21 07:15:55.220678: | match 014 beats previous best_match 000 match=0x562996527570 (line=1) Sep 21 07:15:55.220681: | concluding with best_match=014 best=0x562996527570 (lineno=1) Sep 21 07:15:55.220747: "westnet-eastnet-ipv4-psk-ikev2" #2: Authenticated using authby=secret Sep 21 07:15:55.220756: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:15:55.220761: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:15:55.220764: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:15:55.220768: | libevent_free: release ptr-libevent@0x562996536470 Sep 21 07:15:55.220771: | free_event_entry: release EVENT_SA_REPLACE-pe@0x562996536430 Sep 21 07:15:55.220774: | event_schedule: new EVENT_SA_REKEY-pe@0x562996536430 Sep 21 07:15:55.220778: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:15:55.220781: | libevent_malloc: new ptr-libevent@0x562996536470 size 128 Sep 21 07:15:55.220928: | pstats #1 ikev2.ike established Sep 21 07:15:55.220938: | TSi: parsing 1 traffic selectors Sep 21 07:15:55.220942: | ***parse IKEv2 Traffic Selector: Sep 21 07:15:55.220948: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:15:55.220951: | IP Protocol ID: 0 (0x0) Sep 21 07:15:55.220953: | length: 16 (0x10) Sep 21 07:15:55.220956: | start port: 0 (0x0) Sep 21 07:15:55.220958: | end port: 65535 (0xffff) Sep 21 07:15:55.220961: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:15:55.220964: | TS low c0 00 01 00 Sep 21 07:15:55.220967: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:15:55.220971: | TS high c0 00 01 ff Sep 21 07:15:55.220974: | TSi: parsed 1 traffic selectors Sep 21 07:15:55.220977: | TSr: parsing 1 traffic selectors Sep 21 07:15:55.220979: | ***parse IKEv2 Traffic Selector: Sep 21 07:15:55.220982: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:15:55.220984: | IP Protocol ID: 0 (0x0) Sep 21 07:15:55.220987: | length: 16 (0x10) Sep 21 07:15:55.220989: | start port: 0 (0x0) Sep 21 07:15:55.220991: | end port: 65535 (0xffff) Sep 21 07:15:55.220994: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:15:55.220996: | TS low c0 00 02 00 Sep 21 07:15:55.220999: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:15:55.221001: | TS high c0 00 02 ff Sep 21 07:15:55.221003: | TSr: parsed 1 traffic selectors Sep 21 07:15:55.221010: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:15:55.221015: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:15:55.221023: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:15:55.221026: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:15:55.221028: | TSi[0] port match: YES fitness 65536 Sep 21 07:15:55.221031: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:15:55.221035: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:15:55.221039: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:15:55.221045: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:15:55.221048: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:15:55.221051: | TSr[0] port match: YES fitness 65536 Sep 21 07:15:55.221054: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:15:55.221057: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:15:55.221059: | best fit so far: TSi[0] TSr[0] Sep 21 07:15:55.221062: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:15:55.221064: | printing contents struct traffic_selector Sep 21 07:15:55.221066: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:15:55.221069: | ipprotoid: 0 Sep 21 07:15:55.221071: | port range: 0-65535 Sep 21 07:15:55.221075: | ip range: 192.0.1.0-192.0.1.255 Sep 21 07:15:55.221077: | printing contents struct traffic_selector Sep 21 07:15:55.221079: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:15:55.221082: | ipprotoid: 0 Sep 21 07:15:55.221084: | port range: 0-65535 Sep 21 07:15:55.221088: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:15:55.221101: | using existing local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:15:55.221105: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:15:55.221109: | local proposal 1 type ENCR has 1 transforms Sep 21 07:15:55.221112: | local proposal 1 type PRF has 0 transforms Sep 21 07:15:55.221114: | local proposal 1 type INTEG has 1 transforms Sep 21 07:15:55.221117: | local proposal 1 type DH has 1 transforms Sep 21 07:15:55.221119: | local proposal 1 type ESN has 1 transforms Sep 21 07:15:55.221122: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:15:55.221125: | local proposal 2 type ENCR has 1 transforms Sep 21 07:15:55.221127: | local proposal 2 type PRF has 0 transforms Sep 21 07:15:55.221130: | local proposal 2 type INTEG has 1 transforms Sep 21 07:15:55.221132: | local proposal 2 type DH has 1 transforms Sep 21 07:15:55.221135: | local proposal 2 type ESN has 1 transforms Sep 21 07:15:55.221140: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:15:55.221142: | local proposal 3 type ENCR has 1 transforms Sep 21 07:15:55.221145: | local proposal 3 type PRF has 0 transforms Sep 21 07:15:55.221147: | local proposal 3 type INTEG has 2 transforms Sep 21 07:15:55.221149: | local proposal 3 type DH has 1 transforms Sep 21 07:15:55.221152: | local proposal 3 type ESN has 1 transforms Sep 21 07:15:55.221155: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:15:55.221157: | local proposal 4 type ENCR has 1 transforms Sep 21 07:15:55.221160: | local proposal 4 type PRF has 0 transforms Sep 21 07:15:55.221162: | local proposal 4 type INTEG has 2 transforms Sep 21 07:15:55.221164: | local proposal 4 type DH has 1 transforms Sep 21 07:15:55.221167: | local proposal 4 type ESN has 1 transforms Sep 21 07:15:55.221170: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:15:55.221173: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:15:55.221176: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:15:55.221178: | length: 32 (0x20) Sep 21 07:15:55.221180: | prop #: 1 (0x1) Sep 21 07:15:55.221183: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:15:55.221185: | spi size: 4 (0x4) Sep 21 07:15:55.221188: | # transforms: 2 (0x2) Sep 21 07:15:55.221191: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:15:55.221193: | remote SPI 5e a3 04 a7 Sep 21 07:15:55.221196: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:15:55.221199: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:15:55.221202: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:55.221204: | length: 12 (0xc) Sep 21 07:15:55.221206: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:15:55.221209: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:15:55.221211: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:15:55.221214: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:15:55.221216: | length/value: 256 (0x100) Sep 21 07:15:55.221221: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:15:55.221223: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:15:55.221226: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:15:55.221228: | length: 8 (0x8) Sep 21 07:15:55.221231: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:15:55.221233: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:15:55.221237: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:15:55.221240: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:15:55.221244: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:15:55.221247: | remote proposal 1 matches local proposal 1 Sep 21 07:15:55.221250: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:15:55.221255: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=5ea304a7;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:15:55.221257: | converting proposal to internal trans attrs Sep 21 07:15:55.221263: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:15:55.221435: | #1 spent 1.03 milliseconds Sep 21 07:15:55.221439: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:15:55.221442: | could_route called for westnet-eastnet-ipv4-psk-ikev2 (kind=CK_PERMANENT) Sep 21 07:15:55.221445: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:15:55.221448: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:15:55.221451: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:15:55.221456: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:15:55.221461: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:15:55.221465: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:15:55.221467: | AES_GCM_16 requires 4 salt bytes Sep 21 07:15:55.221470: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:15:55.221474: | setting IPsec SA replay-window to 32 Sep 21 07:15:55.221477: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Sep 21 07:15:55.221480: | netlink: enabling tunnel mode Sep 21 07:15:55.221483: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:15:55.221485: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:15:55.221562: | netlink response for Add SA esp.5ea304a7@192.1.2.23 included non-error error Sep 21 07:15:55.221566: | set up outgoing SA, ref=0/0 Sep 21 07:15:55.221569: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:15:55.221572: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:15:55.221574: | AES_GCM_16 requires 4 salt bytes Sep 21 07:15:55.221577: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:15:55.221580: | setting IPsec SA replay-window to 32 Sep 21 07:15:55.221583: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Sep 21 07:15:55.221585: | netlink: enabling tunnel mode Sep 21 07:15:55.221588: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:15:55.221590: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:15:55.221630: | netlink response for Add SA esp.52ad1db7@192.1.2.45 included non-error error Sep 21 07:15:55.221634: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:15:55.221641: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Sep 21 07:15:55.221644: | IPsec Sa SPD priority set to 1042407 Sep 21 07:15:55.221684: | raw_eroute result=success Sep 21 07:15:55.221687: | set up incoming SA, ref=0/0 Sep 21 07:15:55.221690: | sr for #2: unrouted Sep 21 07:15:55.221693: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:15:55.221695: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:15:55.221698: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:15:55.221701: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:15:55.221704: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:15:55.221707: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:15:55.221711: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:15:55.221718: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:15:55.221720: | IPsec Sa SPD priority set to 1042407 Sep 21 07:15:55.221741: | raw_eroute result=success Sep 21 07:15:55.221744: | running updown command "ipsec _updown" for verb up Sep 21 07:15:55.221746: | command executing up-client Sep 21 07:15:55.221772: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Sep 21 07:15:55.221778: | popen cmd is 1049 chars long Sep 21 07:15:55.221781: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Sep 21 07:15:55.221791: | cmd( 80):4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.: Sep 21 07:15:55.221796: | cmd( 160):2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='19: Sep 21 07:15:55.221799: | cmd( 240):2.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCO: Sep 21 07:15:55.221801: | cmd( 320):L='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_P: Sep 21 07:15:55.221804: | cmd( 400):EER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0: Sep 21 07:15:55.221806: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Sep 21 07:15:55.221809: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=': Sep 21 07:15:55.221811: | cmd( 640):PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: Sep 21 07:15:55.221814: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Sep 21 07:15:55.221816: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Sep 21 07:15:55.221819: | cmd( 880):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Sep 21 07:15:55.221821: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5ea304a7 SPI_OUT=0x52ad1db7 ipsec _up: Sep 21 07:15:55.221824: | cmd(1040):down 2>&1: Sep 21 07:15:55.237868: | route_and_eroute: firewall_notified: true Sep 21 07:15:55.237881: | running updown command "ipsec _updown" for verb prepare Sep 21 07:15:55.237886: | command executing prepare-client Sep 21 07:15:55.237919: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR Sep 21 07:15:55.237924: | popen cmd is 1054 chars long Sep 21 07:15:55.237927: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:15:55.237930: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: Sep 21 07:15:55.237933: | cmd( 160):92.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NE: Sep 21 07:15:55.237935: | cmd( 240):T='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Sep 21 07:15:55.237938: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PL: Sep 21 07:15:55.237940: | cmd( 400):UTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.: Sep 21 07:15:55.237943: | cmd( 480):0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: Sep 21 07:15:55.237946: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL: Sep 21 07:15:55.237953: | cmd( 640):ICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Sep 21 07:15:55.237955: | cmd( 720):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Sep 21 07:15:55.237958: | cmd( 800):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Sep 21 07:15:55.237961: | cmd( 880):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Sep 21 07:15:55.237963: | cmd( 960):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5ea304a7 SPI_OUT=0x52ad1db7 ipse: Sep 21 07:15:55.237965: | cmd(1040):c _updown 2>&1: Sep 21 07:15:55.248462: | running updown command "ipsec _updown" for verb route Sep 21 07:15:55.248473: | command executing route-client Sep 21 07:15:55.248494: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=' Sep 21 07:15:55.248497: | popen cmd is 1052 chars long Sep 21 07:15:55.248499: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Sep 21 07:15:55.248501: | cmd( 80):ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192: Sep 21 07:15:55.248503: | cmd( 160):.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET=: Sep 21 07:15:55.248504: | cmd( 240):'192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROT: Sep 21 07:15:55.248506: | cmd( 320):OCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUT: Sep 21 07:15:55.248508: | cmd( 400):O_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Sep 21 07:15:55.248509: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Sep 21 07:15:55.248511: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Sep 21 07:15:55.248513: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUT: Sep 21 07:15:55.248514: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Sep 21 07:15:55.248516: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Sep 21 07:15:55.248518: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Sep 21 07:15:55.248519: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5ea304a7 SPI_OUT=0x52ad1db7 ipsec : Sep 21 07:15:55.248521: | cmd(1040):_updown 2>&1: Sep 21 07:15:55.264168: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x562996532f00,sr=0x562996532f00} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:15:55.264263: | #1 spent 0.88 milliseconds in install_ipsec_sa() Sep 21 07:15:55.264272: | inR2: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:15:55.264276: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:15:55.264280: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:15:55.264289: | libevent_free: release ptr-libevent@0x562996536290 Sep 21 07:15:55.264293: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5629965361b0 Sep 21 07:15:55.264299: | #2 spent 1.68 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:15:55.264307: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:15:55.264312: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:15:55.264315: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:15:55.264319: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:15:55.264322: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:15:55.264329: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:15:55.264334: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:15:55.264338: | pstats #2 ikev2.child established Sep 21 07:15:55.264346: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:15:55.264357: | NAT-T: encaps is 'auto' Sep 21 07:15:55.264362: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x5ea304a7 <0x52ad1db7 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:15:55.264367: | releasing whack for #2 (sock=fd@25) Sep 21 07:15:55.264384: | close_any(fd@25) (in release_whack() at state.c:654) Sep 21 07:15:55.264387: | releasing whack and unpending for parent #1 Sep 21 07:15:55.264390: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:15:55.264395: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:15:55.264397: | removing pending policy for no connection {0x5629964c32f0} Sep 21 07:15:55.264405: | close_any(fd@24) (in release_whack() at state.c:654) Sep 21 07:15:55.264410: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:15:55.264413: | event_schedule: new EVENT_SA_REKEY-pe@0x5629965361b0 Sep 21 07:15:55.264416: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:15:55.264420: | libevent_malloc: new ptr-libevent@0x562996536290 size 128 Sep 21 07:15:55.264427: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:15:55.264432: | #1 spent 2.08 milliseconds in ikev2_process_packet() Sep 21 07:15:55.264436: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:15:55.264439: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:15:55.264442: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:15:55.264446: | spent 2.09 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:15:55.264457: | processing signal PLUTO_SIGCHLD Sep 21 07:15:55.264462: | waitpid returned ECHILD (no child processes left) Sep 21 07:15:55.264466: | spent 0.00448 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:15:55.264469: | processing signal PLUTO_SIGCHLD Sep 21 07:15:55.264472: | waitpid returned ECHILD (no child processes left) Sep 21 07:15:55.264476: | spent 0.00366 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:15:55.264478: | processing signal PLUTO_SIGCHLD Sep 21 07:15:55.264481: | waitpid returned ECHILD (no child processes left) Sep 21 07:15:55.264485: | spent 0.00318 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:15:56.448260: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:15:56.448283: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:15:56.448291: | FOR_EACH_STATE_... in sort_states Sep 21 07:15:56.448299: | get_sa_info esp.52ad1db7@192.1.2.45 Sep 21 07:15:56.448317: | get_sa_info esp.5ea304a7@192.1.2.23 Sep 21 07:15:56.448339: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:15:56.448347: | spent 0.0953 milliseconds in whack Sep 21 07:15:58.168331: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:15:58.168560: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:15:58.168566: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:15:58.168638: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:15:58.168642: | FOR_EACH_STATE_... in sort_states Sep 21 07:15:58.168656: | get_sa_info esp.52ad1db7@192.1.2.45 Sep 21 07:15:58.168676: | get_sa_info esp.5ea304a7@192.1.2.23 Sep 21 07:15:58.168698: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:15:58.168706: | spent 0.382 milliseconds in whack Sep 21 07:15:58.699489: | spent 0.00289 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:15:58.699509: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:15:58.699513: | f7 f8 9a 6c 87 12 2b d5 e5 72 09 dd be df 06 a8 Sep 21 07:15:58.699515: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:15:58.699517: | 5b cc 2f 7d 2b f4 c2 8c 3b d0 cf c6 80 bd 60 16 Sep 21 07:15:58.699520: | d7 5d aa f7 66 4c 2d e0 43 46 f8 aa 55 03 18 b5 Sep 21 07:15:58.699522: | 48 4b 9c 05 eb Sep 21 07:15:58.699527: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:15:58.699531: | **parse ISAKMP Message: Sep 21 07:15:58.699533: | initiator cookie: Sep 21 07:15:58.699536: | f7 f8 9a 6c 87 12 2b d5 Sep 21 07:15:58.699538: | responder cookie: Sep 21 07:15:58.699540: | e5 72 09 dd be df 06 a8 Sep 21 07:15:58.699543: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:15:58.699546: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:15:58.699549: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:15:58.699551: | flags: none (0x0) Sep 21 07:15:58.699554: | Message ID: 0 (0x0) Sep 21 07:15:58.699556: | length: 69 (0x45) Sep 21 07:15:58.699559: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:15:58.699563: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:15:58.699567: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:15:58.699573: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:15:58.699576: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:15:58.699581: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:15:58.699584: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:15:58.699589: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Sep 21 07:15:58.699591: | unpacking clear payload Sep 21 07:15:58.699594: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:15:58.699596: | ***parse IKEv2 Encryption Payload: Sep 21 07:15:58.699599: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:15:58.699601: | flags: none (0x0) Sep 21 07:15:58.699604: | length: 41 (0x29) Sep 21 07:15:58.699606: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:15:58.699611: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:15:58.699614: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:15:58.699628: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:15:58.699631: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:15:58.699635: | **parse IKEv2 Delete Payload: Sep 21 07:15:58.699638: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:58.699641: | flags: none (0x0) Sep 21 07:15:58.699643: | length: 12 (0xc) Sep 21 07:15:58.699646: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:15:58.699648: | SPI size: 4 (0x4) Sep 21 07:15:58.699650: | number of SPIs: 1 (0x1) Sep 21 07:15:58.699653: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:15:58.699656: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:15:58.699658: | Now let's proceed with state specific processing Sep 21 07:15:58.699660: | calling processor I3: INFORMATIONAL Request Sep 21 07:15:58.699664: | an informational request should send a response Sep 21 07:15:58.699668: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:15:58.699672: | **emit ISAKMP Message: Sep 21 07:15:58.699674: | initiator cookie: Sep 21 07:15:58.699677: | f7 f8 9a 6c 87 12 2b d5 Sep 21 07:15:58.699679: | responder cookie: Sep 21 07:15:58.699681: | e5 72 09 dd be df 06 a8 Sep 21 07:15:58.699684: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:15:58.699686: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:15:58.699689: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:15:58.699692: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:15:58.699694: | Message ID: 0 (0x0) Sep 21 07:15:58.699697: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:15:58.699700: | ***emit IKEv2 Encryption Payload: Sep 21 07:15:58.699702: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:58.699704: | flags: none (0x0) Sep 21 07:15:58.699708: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:15:58.699711: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:15:58.699714: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:15:58.699719: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:15:58.699722: | SPI 5e a3 04 a7 Sep 21 07:15:58.699724: | delete PROTO_v2_ESP SA(0x5ea304a7) Sep 21 07:15:58.699727: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:15:58.699730: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:15:58.699733: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x5ea304a7) Sep 21 07:15:58.699736: "westnet-eastnet-ipv4-psk-ikev2" #1: received Delete SA payload: replace IPsec State #2 now Sep 21 07:15:58.699739: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:15:58.699742: | libevent_free: release ptr-libevent@0x562996536290 Sep 21 07:15:58.699745: | free_event_entry: release EVENT_SA_REKEY-pe@0x5629965361b0 Sep 21 07:15:58.699748: | event_schedule: new EVENT_SA_REPLACE-pe@0x5629965361b0 Sep 21 07:15:58.699752: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Sep 21 07:15:58.699755: | libevent_malloc: new ptr-libevent@0x562996536290 size 128 Sep 21 07:15:58.699758: | ****emit IKEv2 Delete Payload: Sep 21 07:15:58.699761: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:58.699763: | flags: none (0x0) Sep 21 07:15:58.699766: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:15:58.699768: | SPI size: 4 (0x4) Sep 21 07:15:58.699771: | number of SPIs: 1 (0x1) Sep 21 07:15:58.699774: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:15:58.699777: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:15:58.699780: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:15:58.699782: | local SPIs 52 ad 1d b7 Sep 21 07:15:58.699795: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:15:58.699799: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:15:58.699802: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:15:58.699805: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:15:58.699808: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:15:58.699811: | emitting length of ISAKMP Message: 69 Sep 21 07:15:58.699822: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:15:58.699825: | f7 f8 9a 6c 87 12 2b d5 e5 72 09 dd be df 06 a8 Sep 21 07:15:58.699830: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:15:58.699833: | bd ec 29 f9 bb 0a 30 7f 9b 8c 03 01 21 c3 36 6b Sep 21 07:15:58.699835: | 09 be b6 57 2f a7 60 b6 d4 76 46 a5 bb 96 aa 37 Sep 21 07:15:58.699837: | 4b 99 b2 79 5f Sep 21 07:15:58.699858: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:15:58.699864: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:15:58.699870: | #1 spent 0.19 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:15:58.699875: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:15:58.699879: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:15:58.699882: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:15:58.699887: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:15:58.699891: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:15:58.699894: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:15:58.699899: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:15:58.699903: | #1 spent 0.388 milliseconds in ikev2_process_packet() Sep 21 07:15:58.699907: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:15:58.699910: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:15:58.699913: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:15:58.699917: | spent 0.401 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:15:58.699923: | timer_event_cb: processing event@0x5629965361b0 Sep 21 07:15:58.699926: | handling event EVENT_SA_REPLACE for child state #2 Sep 21 07:15:58.699931: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:15:58.699934: | picked newest_ipsec_sa #2 for #2 Sep 21 07:15:58.699937: | replacing stale CHILD SA Sep 21 07:15:58.699940: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:15:58.699943: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:15:58.699946: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:15:58.699950: | creating state object #3 at 0x56299653d6c0 Sep 21 07:15:58.699953: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:15:58.699959: | pstats #3 ikev2.child started Sep 21 07:15:58.699963: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #3 for IPSEC SA Sep 21 07:15:58.699967: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:15:58.699974: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:15:58.699980: | suspend processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:15:58.699985: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:15:58.699988: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:15:58.699992: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:15:58.699995: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals) Sep 21 07:15:58.700001: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:15:58.700007: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:15:58.700010: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:15:58.700014: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:15:58.700017: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:15:58.700022: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:15:58.700025: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:15:58.700029: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:15:58.700037: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:15:58.700042: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Sep 21 07:15:58.700045: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7f713c002b20 Sep 21 07:15:58.700048: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Sep 21 07:15:58.700051: | libevent_malloc: new ptr-libevent@0x562996538a80 size 128 Sep 21 07:15:58.700056: | RESET processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:15:58.700059: | event_schedule: new EVENT_SA_EXPIRE-pe@0x5629965366d0 Sep 21 07:15:58.700062: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Sep 21 07:15:58.700065: | libevent_malloc: new ptr-libevent@0x562996538680 size 128 Sep 21 07:15:58.700067: | libevent_free: release ptr-libevent@0x562996536290 Sep 21 07:15:58.700070: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5629965361b0 Sep 21 07:15:58.700075: | #2 spent 0.151 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:15:58.700077: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:15:58.700082: | timer_event_cb: processing event@0x7f713c002b20 Sep 21 07:15:58.700084: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Sep 21 07:15:58.700089: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:15:58.700093: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Sep 21 07:15:58.700096: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5629965361b0 Sep 21 07:15:58.700099: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:15:58.700101: | libevent_malloc: new ptr-libevent@0x562996536290 size 128 Sep 21 07:15:58.700108: | libevent_free: release ptr-libevent@0x562996538a80 Sep 21 07:15:58.700116: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7f713c002b20 Sep 21 07:15:58.700121: | #3 spent 0.0378 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:15:58.700125: | stop processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:15:58.700128: | timer_event_cb: processing event@0x5629965366d0 Sep 21 07:15:58.700131: | handling event EVENT_SA_EXPIRE for child state #2 Sep 21 07:15:58.700135: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:15:58.700138: | picked newest_ipsec_sa #2 for #2 Sep 21 07:15:58.700141: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:15:58.700143: | pstats #2 ikev2.child re-failed exchange-timeout Sep 21 07:15:58.700146: | pstats #2 ikev2.child deleted completed Sep 21 07:15:58.700149: | #2 spent 1.84 milliseconds in total Sep 21 07:15:58.700153: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:15:58.700156: "westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_V2_IPSEC_I) aged 3.528s and NOT sending notification Sep 21 07:15:58.700159: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:15:58.700163: | get_sa_info esp.5ea304a7@192.1.2.23 Sep 21 07:15:58.700174: | get_sa_info esp.52ad1db7@192.1.2.45 Sep 21 07:15:58.700181: "westnet-eastnet-ipv4-psk-ikev2" #2: ESP traffic information: in=168B out=168B Sep 21 07:15:58.700184: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:15:58.700323: | crypto helper 4 resuming Sep 21 07:15:58.700331: | crypto helper 4 starting work-order 3 for state #3 Sep 21 07:15:58.700335: | crypto helper 4 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Sep 21 07:15:58.701339: | running updown command "ipsec _updown" for verb down Sep 21 07:15:58.701350: | command executing down-client Sep 21 07:15:58.701380: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050155' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Sep 21 07:15:58.701384: | popen cmd is 1060 chars long Sep 21 07:15:58.701388: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Sep 21 07:15:58.701390: | cmd( 80):pv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.: Sep 21 07:15:58.701393: | cmd( 160):1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET=': Sep 21 07:15:58.701395: | cmd( 240):192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTO: Sep 21 07:15:58.701398: | cmd( 320):COL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO: Sep 21 07:15:58.701401: | cmd( 400):_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Sep 21 07:15:58.701403: | cmd( 480):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Sep 21 07:15:58.701406: | cmd( 560):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050155' PLUTO_CO: Sep 21 07:15:58.701411: | cmd( 640):NN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_: Sep 21 07:15:58.701414: | cmd( 720):NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 P: Sep 21 07:15:58.701417: | cmd( 800):LUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PE: Sep 21 07:15:58.701420: | cmd( 880):ER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' V: Sep 21 07:15:58.701422: | cmd( 960):TI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5ea304a7 SPI_OUT=0x52ad1db: Sep 21 07:15:58.701425: | cmd(1040):7 ipsec _updown 2>&1: Sep 21 07:15:58.701611: | crypto helper 4 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.001275 seconds Sep 21 07:15:58.701621: | (#3) spent 0.926 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:15:58.701625: | crypto helper 4 sending results from work-order 3 for state #3 to event queue Sep 21 07:15:58.701628: | scheduling resume sending helper answer for #3 Sep 21 07:15:58.701631: | libevent_malloc: new ptr-libevent@0x7f7138006900 size 128 Sep 21 07:15:58.701637: | crypto helper 4 waiting (nothing to do) Sep 21 07:15:58.764933: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:15:58.764949: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:15:58.764954: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:15:58.764957: | IPsec Sa SPD priority set to 1042407 Sep 21 07:15:58.764997: | delete esp.5ea304a7@192.1.2.23 Sep 21 07:15:58.765025: | netlink response for Del SA esp.5ea304a7@192.1.2.23 included non-error error Sep 21 07:15:58.765029: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:15:58.765036: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Sep 21 07:15:58.765079: | raw_eroute result=success Sep 21 07:15:58.765084: | delete esp.52ad1db7@192.1.2.45 Sep 21 07:15:58.765107: | netlink response for Del SA esp.52ad1db7@192.1.2.45 included non-error error Sep 21 07:15:58.765112: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:15:58.765115: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:15:58.765120: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:15:58.765126: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:15:58.765133: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:15:58.765135: | can't expire unused IKE SA #1; it has the child #3 Sep 21 07:15:58.765141: | libevent_free: release ptr-libevent@0x562996538680 Sep 21 07:15:58.765144: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x5629965366d0 Sep 21 07:15:58.765147: | in statetime_stop() and could not find #2 Sep 21 07:15:58.765150: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:15:58.765169: | spent 0.00229 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:15:58.765181: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:15:58.765184: | f7 f8 9a 6c 87 12 2b d5 e5 72 09 dd be df 06 a8 Sep 21 07:15:58.765186: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Sep 21 07:15:58.765189: | e3 31 0f 78 38 c8 e3 9b b0 09 fe c8 d8 c7 76 05 Sep 21 07:15:58.765191: | d5 25 6b b8 ee d9 0c 8b 5d 05 7e d5 5c 64 cd 39 Sep 21 07:15:58.765193: | 0e Sep 21 07:15:58.765198: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:15:58.765202: | **parse ISAKMP Message: Sep 21 07:15:58.765204: | initiator cookie: Sep 21 07:15:58.765206: | f7 f8 9a 6c 87 12 2b d5 Sep 21 07:15:58.765209: | responder cookie: Sep 21 07:15:58.765213: | e5 72 09 dd be df 06 a8 Sep 21 07:15:58.765216: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:15:58.765219: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:15:58.765221: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:15:58.765224: | flags: none (0x0) Sep 21 07:15:58.765226: | Message ID: 1 (0x1) Sep 21 07:15:58.765229: | length: 65 (0x41) Sep 21 07:15:58.765231: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:15:58.765235: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:15:58.765238: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:15:58.765244: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:15:58.765247: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:15:58.765251: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:15:58.765255: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:15:58.765258: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Sep 21 07:15:58.765261: | unpacking clear payload Sep 21 07:15:58.765263: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:15:58.765266: | ***parse IKEv2 Encryption Payload: Sep 21 07:15:58.765269: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:15:58.765271: | flags: none (0x0) Sep 21 07:15:58.765274: | length: 37 (0x25) Sep 21 07:15:58.765276: | processing payload: ISAKMP_NEXT_v2SK (len=33) Sep 21 07:15:58.765281: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:15:58.765284: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:15:58.765299: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:15:58.765302: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:15:58.765305: | **parse IKEv2 Delete Payload: Sep 21 07:15:58.765307: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:58.765310: | flags: none (0x0) Sep 21 07:15:58.765312: | length: 8 (0x8) Sep 21 07:15:58.765315: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:15:58.765317: | SPI size: 0 (0x0) Sep 21 07:15:58.765319: | number of SPIs: 0 (0x0) Sep 21 07:15:58.765322: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:15:58.765324: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:15:58.765327: | Now let's proceed with state specific processing Sep 21 07:15:58.765328: | calling processor I3: INFORMATIONAL Request Sep 21 07:15:58.765332: | an informational request should send a response Sep 21 07:15:58.765338: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:15:58.765342: | **emit ISAKMP Message: Sep 21 07:15:58.765345: | initiator cookie: Sep 21 07:15:58.765347: | f7 f8 9a 6c 87 12 2b d5 Sep 21 07:15:58.765349: | responder cookie: Sep 21 07:15:58.765351: | e5 72 09 dd be df 06 a8 Sep 21 07:15:58.765353: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:15:58.765356: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:15:58.765359: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:15:58.765361: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:15:58.765364: | Message ID: 1 (0x1) Sep 21 07:15:58.765367: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:15:58.765370: | ***emit IKEv2 Encryption Payload: Sep 21 07:15:58.765372: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:58.765374: | flags: none (0x0) Sep 21 07:15:58.765377: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:15:58.765383: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:15:58.765386: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:15:58.765394: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:15:58.765398: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:15:58.765401: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:15:58.765403: | emitting length of IKEv2 Encryption Payload: 29 Sep 21 07:15:58.765405: | emitting length of ISAKMP Message: 57 Sep 21 07:15:58.765418: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:15:58.765421: | f7 f8 9a 6c 87 12 2b d5 e5 72 09 dd be df 06 a8 Sep 21 07:15:58.765424: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Sep 21 07:15:58.765426: | 21 de fb 8c bb 70 88 f6 97 8f d0 e2 aa 35 8f 35 Sep 21 07:15:58.765428: | c8 5c e9 03 2a 4d 36 5f e4 Sep 21 07:15:58.765463: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:15:58.765469: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:15:58.765472: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:15:58.765475: | pstats #3 ikev2.child deleted other Sep 21 07:15:58.765480: | #3 spent 0.0378 milliseconds in total Sep 21 07:15:58.765484: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:15:58.765489: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:15:58.765493: "westnet-eastnet-ipv4-psk-ikev2" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.065s and NOT sending notification Sep 21 07:15:58.765496: | child state #3: CHILDSA_DEL(informational) => delete Sep 21 07:15:58.765499: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:15:58.765503: | libevent_free: release ptr-libevent@0x562996536290 Sep 21 07:15:58.765505: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5629965361b0 Sep 21 07:15:58.765509: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:15:58.765516: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Sep 21 07:15:58.765527: | raw_eroute result=success Sep 21 07:15:58.765531: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:15:58.765533: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Sep 21 07:15:58.765537: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:15:58.765541: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:15:58.765546: | resume processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:15:58.765550: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:15:58.765553: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:15:58.765555: | pstats #1 ikev2.ike deleted completed Sep 21 07:15:58.765559: | #1 spent 8.48 milliseconds in total Sep 21 07:15:58.765563: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:15:58.765566: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting state (STATE_IKESA_DEL) aged 3.601s and NOT sending notification Sep 21 07:15:58.765569: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:15:58.765632: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:15:58.765636: | libevent_free: release ptr-libevent@0x562996536470 Sep 21 07:15:58.765639: | free_event_entry: release EVENT_SA_REKEY-pe@0x562996536430 Sep 21 07:15:58.765642: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:15:58.765644: | picked newest_isakmp_sa #0 for #1 Sep 21 07:15:58.765647: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:15:58.765650: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 0 seconds Sep 21 07:15:58.765653: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:15:58.765658: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:15:58.765661: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:15:58.765664: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:15:58.765679: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:15:58.765694: | in statetime_stop() and could not find #1 Sep 21 07:15:58.765698: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:15:58.765702: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Sep 21 07:15:58.765705: | STF_OK but no state object remains Sep 21 07:15:58.765708: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:15:58.765710: | in statetime_stop() and could not find #1 Sep 21 07:15:58.765714: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:15:58.765717: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:15:58.765720: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:15:58.765724: | spent 0.532 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:15:58.765732: | processing resume sending helper answer for #3 Sep 21 07:15:58.765736: | crypto helper 4 replies to request ID 3 Sep 21 07:15:58.765739: | calling continuation function 0x562995e75630 Sep 21 07:15:58.765742: | work-order 3 state #3 crypto result suppressed Sep 21 07:15:58.765753: | (#3) spent 0.0158 milliseconds in resume sending helper answer Sep 21 07:15:58.765756: | libevent_free: release ptr-libevent@0x7f7138006900 Sep 21 07:15:58.765759: | processing signal PLUTO_SIGCHLD Sep 21 07:15:58.765764: | waitpid returned ECHILD (no child processes left) Sep 21 07:15:58.765768: | spent 0.00533 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:15:58.765773: | processing global timer EVENT_REVIVE_CONNS Sep 21 07:15:58.765776: Initiating connection westnet-eastnet-ipv4-psk-ikev2 which received a Delete/Notify but must remain up per local policy Sep 21 07:15:58.765779: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:15:58.765787: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:15:58.765794: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Sep 21 07:15:58.765797: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:15:58.765800: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:15:58.765805: | creating state object #4 at 0x56299653d6c0 Sep 21 07:15:58.765808: | State DB: adding IKEv2 state #4 in UNDEFINED Sep 21 07:15:58.765814: | pstats #4 ikev2.ike started Sep 21 07:15:58.765817: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:15:58.765820: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:15:58.765826: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:15:58.765831: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:15:58.765838: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:15:58.765841: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:15:58.765846: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #4 "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:15:58.765849: "westnet-eastnet-ipv4-psk-ikev2" #4: initiating v2 parent SA Sep 21 07:15:58.765866: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:15:58.765871: | adding ikev2_outI1 KE work-order 4 for state #4 Sep 21 07:15:58.765874: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f7138002b20 Sep 21 07:15:58.765877: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:15:58.765880: | libevent_malloc: new ptr-libevent@0x7f7138006900 size 128 Sep 21 07:15:58.765889: | #4 spent 0.103 milliseconds in ikev2_parent_outI1() Sep 21 07:15:58.765894: | RESET processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:15:58.765897: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:15:58.765900: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:15:58.765904: | spent 0.124 milliseconds in global timer EVENT_REVIVE_CONNS Sep 21 07:15:58.765915: | crypto helper 5 resuming Sep 21 07:15:58.765919: | crypto helper 5 starting work-order 4 for state #4 Sep 21 07:15:58.765923: | crypto helper 5 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Sep 21 07:15:58.766918: | crypto helper 5 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.000994 seconds Sep 21 07:15:58.766928: | (#4) spent 0.999 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Sep 21 07:15:58.766931: | crypto helper 5 sending results from work-order 4 for state #4 to event queue Sep 21 07:15:58.766934: | scheduling resume sending helper answer for #4 Sep 21 07:15:58.766937: | libevent_malloc: new ptr-libevent@0x7f712c006900 size 128 Sep 21 07:15:58.766944: | crypto helper 5 waiting (nothing to do) Sep 21 07:15:58.766953: | processing resume sending helper answer for #4 Sep 21 07:15:58.766959: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:15:58.766962: | crypto helper 5 replies to request ID 4 Sep 21 07:15:58.766964: | calling continuation function 0x562995e75630 Sep 21 07:15:58.766967: | ikev2_parent_outI1_continue for #4 Sep 21 07:15:58.766972: | **emit ISAKMP Message: Sep 21 07:15:58.766975: | initiator cookie: Sep 21 07:15:58.766977: | cd d6 df 78 4d 28 11 5a Sep 21 07:15:58.766979: | responder cookie: Sep 21 07:15:58.766982: | 00 00 00 00 00 00 00 00 Sep 21 07:15:58.766984: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:15:58.766987: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:15:58.766989: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:15:58.766992: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:15:58.766994: | Message ID: 0 (0x0) Sep 21 07:15:58.766997: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:15:58.767015: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:15:58.767018: | Emitting ikev2_proposals ... Sep 21 07:15:58.767021: | ***emit IKEv2 Security Association Payload: Sep 21 07:15:58.767024: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:58.767026: | flags: none (0x0) Sep 21 07:15:58.767029: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:15:58.767032: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:15:58.767035: | discarding INTEG=NONE Sep 21 07:15:58.767037: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:15:58.767040: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:15:58.767042: | prop #: 1 (0x1) Sep 21 07:15:58.767045: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:15:58.767047: | spi size: 0 (0x0) Sep 21 07:15:58.767049: | # transforms: 11 (0xb) Sep 21 07:15:58.767052: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:15:58.767055: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767057: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767060: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:15:58.767062: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:15:58.767065: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767067: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:15:58.767070: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:15:58.767073: | length/value: 256 (0x100) Sep 21 07:15:58.767075: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:15:58.767078: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767080: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767083: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:15:58.767085: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:15:58.767088: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767091: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767093: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767096: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767098: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767100: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:15:58.767103: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:15:58.767106: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767108: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767111: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767114: | discarding INTEG=NONE Sep 21 07:15:58.767117: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767119: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767121: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767124: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:15:58.767126: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767129: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767132: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767134: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767136: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767139: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767141: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:15:58.767144: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767146: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767149: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767151: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767154: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767156: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767158: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:15:58.767161: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767164: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767166: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767169: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767171: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767173: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767176: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:15:58.767179: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767181: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767184: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767186: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767188: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767191: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767193: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:15:58.767196: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767199: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767201: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767203: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767206: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767208: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767211: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:15:58.767213: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767217: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767220: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767222: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767224: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767227: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767229: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:15:58.767232: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767235: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767237: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767239: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767242: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:15:58.767244: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767246: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:15:58.767249: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767252: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767254: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767257: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:15:58.767259: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:15:58.767262: | discarding INTEG=NONE Sep 21 07:15:58.767264: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:15:58.767266: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:15:58.767269: | prop #: 2 (0x2) Sep 21 07:15:58.767271: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:15:58.767273: | spi size: 0 (0x0) Sep 21 07:15:58.767276: | # transforms: 11 (0xb) Sep 21 07:15:58.767279: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:15:58.767281: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:15:58.767284: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767286: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767288: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:15:58.767291: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:15:58.767294: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767296: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:15:58.767298: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:15:58.767301: | length/value: 128 (0x80) Sep 21 07:15:58.767303: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:15:58.767306: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767308: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767310: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:15:58.767313: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:15:58.767316: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767318: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767321: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767323: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767326: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767329: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:15:58.767331: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:15:58.767334: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767337: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767339: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767341: | discarding INTEG=NONE Sep 21 07:15:58.767344: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767346: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767348: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767351: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:15:58.767353: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767356: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767359: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767361: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767363: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767366: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767368: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:15:58.767371: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767373: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767376: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767378: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767380: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767383: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767385: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:15:58.767388: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767390: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767393: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767395: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767398: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767400: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767402: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:15:58.767405: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767407: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767410: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767412: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767414: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767417: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767419: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:15:58.767422: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767424: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767428: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767430: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767433: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767435: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767437: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:15:58.767440: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767443: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767445: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767447: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767450: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767452: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767454: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:15:58.767457: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767460: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767462: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767465: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767467: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:15:58.767469: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767472: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:15:58.767475: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767477: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767480: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767482: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:15:58.767485: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:15:58.767487: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:15:58.767490: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:15:58.767492: | prop #: 3 (0x3) Sep 21 07:15:58.767494: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:15:58.767497: | spi size: 0 (0x0) Sep 21 07:15:58.767499: | # transforms: 13 (0xd) Sep 21 07:15:58.767502: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:15:58.767504: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:15:58.767507: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767509: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767512: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:15:58.767514: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:15:58.767517: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767519: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:15:58.767522: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:15:58.767524: | length/value: 256 (0x100) Sep 21 07:15:58.767526: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:15:58.767529: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767531: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767535: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:15:58.767537: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:15:58.767540: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767543: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767545: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767547: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767550: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767552: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:15:58.767555: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:15:58.767557: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767560: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767563: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767565: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767567: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767570: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:15:58.767572: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:15:58.767575: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767577: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767580: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767582: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767585: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767587: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:15:58.767589: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:15:58.767592: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767595: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767597: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767600: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767602: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767604: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767607: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:15:58.767610: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767612: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767615: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767617: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767619: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767622: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767624: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:15:58.767627: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767630: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767635: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767637: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767640: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767642: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767644: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:15:58.767647: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767650: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767652: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767655: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767657: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767659: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767662: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:15:58.767665: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767667: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767670: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767672: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767674: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767677: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767679: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:15:58.767682: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767685: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767687: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767690: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767692: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767694: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767697: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:15:58.767699: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767702: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767705: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767707: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767709: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767712: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767714: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:15:58.767717: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767720: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767722: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767724: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767727: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:15:58.767729: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767732: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:15:58.767734: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767738: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767741: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767743: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:15:58.767746: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:15:58.767748: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:15:58.767751: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:15:58.767753: | prop #: 4 (0x4) Sep 21 07:15:58.767755: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:15:58.767757: | spi size: 0 (0x0) Sep 21 07:15:58.767760: | # transforms: 13 (0xd) Sep 21 07:15:58.767763: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:15:58.767765: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:15:58.767768: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767770: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767773: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:15:58.767775: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:15:58.767778: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767780: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:15:58.767786: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:15:58.767790: | length/value: 128 (0x80) Sep 21 07:15:58.767793: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:15:58.767795: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767798: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767800: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:15:58.767803: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:15:58.767805: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767808: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767811: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767813: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767815: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767818: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:15:58.767820: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:15:58.767823: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767826: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767828: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767830: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767833: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767835: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:15:58.767838: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:15:58.767840: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767843: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767846: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767848: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767851: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767854: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:15:58.767856: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:15:58.767859: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767862: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767864: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767867: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767869: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767871: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767874: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:15:58.767877: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767879: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767882: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767884: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767887: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767889: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767891: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:15:58.767894: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767897: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767899: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767902: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767904: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767906: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767909: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:15:58.767911: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767914: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767917: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767919: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767921: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767924: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767926: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:15:58.767929: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767932: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767934: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767936: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767939: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767941: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767944: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:15:58.767946: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767949: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767952: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767955: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767957: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767960: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767962: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:15:58.767965: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767967: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767970: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767972: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767975: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767977: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767980: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:15:58.767982: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.767985: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.767988: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.767990: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:15:58.767992: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:15:58.767995: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:15:58.767997: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:15:58.768000: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:15:58.768003: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:15:58.768005: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:15:58.768007: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:15:58.768010: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:15:58.768013: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:15:58.768015: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:15:58.768018: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:15:58.768020: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:58.768023: | flags: none (0x0) Sep 21 07:15:58.768025: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:15:58.768028: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:15:58.768031: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:15:58.768034: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:15:58.768037: | ikev2 g^x d1 d0 a7 64 0d 6e 5a 88 37 81 79 e5 ea ed f9 bb Sep 21 07:15:58.768039: | ikev2 g^x ca 68 35 12 af dc 2c 76 03 72 01 90 62 ca a9 1a Sep 21 07:15:58.768041: | ikev2 g^x 6c 02 da 09 df f7 bd 8b a8 d7 57 e2 f0 45 44 0a Sep 21 07:15:58.768044: | ikev2 g^x 7f 96 09 b1 ca d9 0f 09 4f 60 9e 9f 04 b3 01 32 Sep 21 07:15:58.768046: | ikev2 g^x 94 7f 39 7d 9d c2 3d 5d 99 77 29 10 8c 3b b1 ce Sep 21 07:15:58.768048: | ikev2 g^x 1c b7 24 11 cc 28 3f 40 fb 62 42 70 4d d9 c1 e8 Sep 21 07:15:58.768051: | ikev2 g^x b0 3c a5 58 8a 72 8a 19 0d c3 cf 42 9c 88 a6 91 Sep 21 07:15:58.768053: | ikev2 g^x ef 36 c2 b2 a1 c8 72 32 d4 85 59 d1 ab a7 30 51 Sep 21 07:15:58.768058: | ikev2 g^x 38 88 fd 2f 41 7b 1e 95 68 e5 30 13 fd 6f ed 2a Sep 21 07:15:58.768060: | ikev2 g^x a0 68 e6 ae a3 55 57 b1 10 40 5c 7e 0b 4a 02 12 Sep 21 07:15:58.768062: | ikev2 g^x 8f 87 43 80 5c 29 12 e2 5f 13 fe fa 3b 8b a4 fe Sep 21 07:15:58.768065: | ikev2 g^x e5 69 07 7c 78 2f 37 61 34 21 5f ef 38 14 26 05 Sep 21 07:15:58.768067: | ikev2 g^x ab 4c 12 60 a8 f7 4d 90 85 48 65 61 30 d4 a7 34 Sep 21 07:15:58.768069: | ikev2 g^x ae 48 32 a9 11 1e 42 31 c4 a5 19 a6 d8 b1 c5 ca Sep 21 07:15:58.768072: | ikev2 g^x b6 31 f3 d0 73 61 01 54 14 72 86 8e 21 26 c1 fc Sep 21 07:15:58.768074: | ikev2 g^x 84 f8 49 20 bc f3 e1 7b 86 b9 82 bf 2b 55 50 03 Sep 21 07:15:58.768076: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:15:58.768079: | ***emit IKEv2 Nonce Payload: Sep 21 07:15:58.768081: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:15:58.768083: | flags: none (0x0) Sep 21 07:15:58.768086: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:15:58.768089: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:15:58.768092: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:15:58.768095: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:15:58.768097: | IKEv2 nonce 94 73 ad 3a d5 ab 42 40 ad 39 45 dd 4b b8 4e d4 Sep 21 07:15:58.768100: | IKEv2 nonce 27 37 a6 eb 9f 53 94 3f de eb 2a 0b e4 93 3d 1b Sep 21 07:15:58.768102: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:15:58.768104: | Adding a v2N Payload Sep 21 07:15:58.768107: | ***emit IKEv2 Notify Payload: Sep 21 07:15:58.768109: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:58.768111: | flags: none (0x0) Sep 21 07:15:58.768114: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:15:58.768116: | SPI size: 0 (0x0) Sep 21 07:15:58.768119: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:15:58.768122: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:15:58.768125: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:15:58.768127: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:15:58.768130: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:15:58.768133: | natd_hash: rcookie is zero Sep 21 07:15:58.768142: | natd_hash: hasher=0x562995f4b7a0(20) Sep 21 07:15:58.768145: | natd_hash: icookie= cd d6 df 78 4d 28 11 5a Sep 21 07:15:58.768147: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:15:58.768150: | natd_hash: ip= c0 01 02 2d Sep 21 07:15:58.768152: | natd_hash: port= 01 f4 Sep 21 07:15:58.768154: | natd_hash: hash= aa b9 6d cb a8 59 fd 0d 3c c1 3d fd d7 1b fb 13 Sep 21 07:15:58.768156: | natd_hash: hash= 9e 27 28 05 Sep 21 07:15:58.768159: | Adding a v2N Payload Sep 21 07:15:58.768161: | ***emit IKEv2 Notify Payload: Sep 21 07:15:58.768163: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:58.768166: | flags: none (0x0) Sep 21 07:15:58.768168: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:15:58.768170: | SPI size: 0 (0x0) Sep 21 07:15:58.768173: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:15:58.768176: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:15:58.768178: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:15:58.768181: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:15:58.768184: | Notify data aa b9 6d cb a8 59 fd 0d 3c c1 3d fd d7 1b fb 13 Sep 21 07:15:58.768186: | Notify data 9e 27 28 05 Sep 21 07:15:58.768188: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:15:58.768192: | natd_hash: rcookie is zero Sep 21 07:15:58.768197: | natd_hash: hasher=0x562995f4b7a0(20) Sep 21 07:15:58.768200: | natd_hash: icookie= cd d6 df 78 4d 28 11 5a Sep 21 07:15:58.768202: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:15:58.768204: | natd_hash: ip= c0 01 02 17 Sep 21 07:15:58.768207: | natd_hash: port= 01 f4 Sep 21 07:15:58.768209: | natd_hash: hash= 22 c4 04 25 96 b9 e6 95 91 14 aa e3 c7 14 7e 3d Sep 21 07:15:58.768211: | natd_hash: hash= 86 94 fe 89 Sep 21 07:15:58.768213: | Adding a v2N Payload Sep 21 07:15:58.768216: | ***emit IKEv2 Notify Payload: Sep 21 07:15:58.768218: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:15:58.768220: | flags: none (0x0) Sep 21 07:15:58.768223: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:15:58.768225: | SPI size: 0 (0x0) Sep 21 07:15:58.768227: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:15:58.768230: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:15:58.768233: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:15:58.768235: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:15:58.768238: | Notify data 22 c4 04 25 96 b9 e6 95 91 14 aa e3 c7 14 7e 3d Sep 21 07:15:58.768240: | Notify data 86 94 fe 89 Sep 21 07:15:58.768242: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:15:58.768245: | emitting length of ISAKMP Message: 828 Sep 21 07:15:58.768251: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:15:58.768256: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:15:58.768260: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:15:58.768263: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:15:58.768266: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:15:58.768269: | Message ID: updating counters for #4 to 4294967295 after switching state Sep 21 07:15:58.768271: | Message ID: IKE #4 skipping update_recv as MD is fake Sep 21 07:15:58.768276: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:15:58.768279: "westnet-eastnet-ipv4-psk-ikev2" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:15:58.768284: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:15:58.768290: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Sep 21 07:15:58.768293: | cd d6 df 78 4d 28 11 5a 00 00 00 00 00 00 00 00 Sep 21 07:15:58.768295: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:15:58.768297: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:15:58.768299: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:15:58.768302: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:15:58.768304: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:15:58.768306: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:15:58.768309: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:15:58.768311: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:15:58.768313: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:15:58.768315: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:15:58.768317: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:15:58.768320: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:15:58.768322: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:15:58.768324: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:15:58.768327: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:15:58.768330: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:15:58.768333: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:15:58.768335: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:15:58.768337: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:15:58.768339: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:15:58.768342: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:15:58.768344: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:15:58.768346: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:15:58.768348: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:15:58.768351: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:15:58.768353: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:15:58.768355: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:15:58.768358: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:15:58.768360: | 28 00 01 08 00 0e 00 00 d1 d0 a7 64 0d 6e 5a 88 Sep 21 07:15:58.768362: | 37 81 79 e5 ea ed f9 bb ca 68 35 12 af dc 2c 76 Sep 21 07:15:58.768364: | 03 72 01 90 62 ca a9 1a 6c 02 da 09 df f7 bd 8b Sep 21 07:15:58.768367: | a8 d7 57 e2 f0 45 44 0a 7f 96 09 b1 ca d9 0f 09 Sep 21 07:15:58.768369: | 4f 60 9e 9f 04 b3 01 32 94 7f 39 7d 9d c2 3d 5d Sep 21 07:15:58.768371: | 99 77 29 10 8c 3b b1 ce 1c b7 24 11 cc 28 3f 40 Sep 21 07:15:58.768373: | fb 62 42 70 4d d9 c1 e8 b0 3c a5 58 8a 72 8a 19 Sep 21 07:15:58.768376: | 0d c3 cf 42 9c 88 a6 91 ef 36 c2 b2 a1 c8 72 32 Sep 21 07:15:58.768378: | d4 85 59 d1 ab a7 30 51 38 88 fd 2f 41 7b 1e 95 Sep 21 07:15:58.768380: | 68 e5 30 13 fd 6f ed 2a a0 68 e6 ae a3 55 57 b1 Sep 21 07:15:58.768383: | 10 40 5c 7e 0b 4a 02 12 8f 87 43 80 5c 29 12 e2 Sep 21 07:15:58.768385: | 5f 13 fe fa 3b 8b a4 fe e5 69 07 7c 78 2f 37 61 Sep 21 07:15:58.768387: | 34 21 5f ef 38 14 26 05 ab 4c 12 60 a8 f7 4d 90 Sep 21 07:15:58.768389: | 85 48 65 61 30 d4 a7 34 ae 48 32 a9 11 1e 42 31 Sep 21 07:15:58.768392: | c4 a5 19 a6 d8 b1 c5 ca b6 31 f3 d0 73 61 01 54 Sep 21 07:15:58.768394: | 14 72 86 8e 21 26 c1 fc 84 f8 49 20 bc f3 e1 7b Sep 21 07:15:58.768396: | 86 b9 82 bf 2b 55 50 03 29 00 00 24 94 73 ad 3a Sep 21 07:15:58.768398: | d5 ab 42 40 ad 39 45 dd 4b b8 4e d4 27 37 a6 eb Sep 21 07:15:58.768401: | 9f 53 94 3f de eb 2a 0b e4 93 3d 1b 29 00 00 08 Sep 21 07:15:58.768403: | 00 00 40 2e 29 00 00 1c 00 00 40 04 aa b9 6d cb Sep 21 07:15:58.768405: | a8 59 fd 0d 3c c1 3d fd d7 1b fb 13 9e 27 28 05 Sep 21 07:15:58.768408: | 00 00 00 1c 00 00 40 05 22 c4 04 25 96 b9 e6 95 Sep 21 07:15:58.768410: | 91 14 aa e3 c7 14 7e 3d 86 94 fe 89 Sep 21 07:15:58.768434: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:15:58.768438: | libevent_free: release ptr-libevent@0x7f7138006900 Sep 21 07:15:58.768441: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f7138002b20 Sep 21 07:15:58.768444: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:15:58.768447: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f7138002b20 Sep 21 07:15:58.768451: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Sep 21 07:15:58.768454: | libevent_malloc: new ptr-libevent@0x7f7138006900 size 128 Sep 21 07:15:58.768459: | #4 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48805.136711 Sep 21 07:15:58.768462: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Sep 21 07:15:58.768467: | #4 spent 1.49 milliseconds in resume sending helper answer Sep 21 07:15:58.768472: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:15:58.768475: | libevent_free: release ptr-libevent@0x7f712c006900 Sep 21 07:15:59.268806: | timer_event_cb: processing event@0x7f7138002b20 Sep 21 07:15:59.268826: | handling event EVENT_RETRANSMIT for parent state #4 Sep 21 07:15:59.268836: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:15:59.268840: | IKEv2 retransmit event Sep 21 07:15:59.268847: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:144) Sep 21 07:15:59.268852: | handling event EVENT_RETRANSMIT for 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" #4 attempt 2 of 0 Sep 21 07:15:59.268857: | and parent for 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" #4 keying attempt 1 of 0; retransmit 1 Sep 21 07:15:59.268865: | retransmits: current time 48805.637126; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.500415 exceeds limit? NO Sep 21 07:15:59.268870: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f712c002b20 Sep 21 07:15:59.268875: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Sep 21 07:15:59.268879: | libevent_malloc: new ptr-libevent@0x7f712c006900 size 128 Sep 21 07:15:59.268884: "westnet-eastnet-ipv4-psk-ikev2" #4: STATE_PARENT_I1: retransmission; will wait 0.5 seconds for response Sep 21 07:15:59.268892: | sending 828 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Sep 21 07:15:59.268896: | cd d6 df 78 4d 28 11 5a 00 00 00 00 00 00 00 00 Sep 21 07:15:59.268899: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:15:59.268901: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:15:59.268904: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:15:59.268907: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:15:59.268910: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:15:59.268913: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:15:59.268916: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:15:59.268918: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:15:59.268921: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:15:59.268924: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:15:59.268927: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:15:59.268930: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:15:59.268933: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:15:59.268935: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:15:59.268938: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:15:59.268941: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:15:59.268944: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:15:59.268947: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:15:59.268950: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:15:59.268953: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:15:59.268955: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:15:59.268958: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:15:59.268961: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:15:59.268964: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:15:59.268967: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:15:59.268970: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:15:59.268972: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:15:59.268975: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:15:59.268978: | 28 00 01 08 00 0e 00 00 d1 d0 a7 64 0d 6e 5a 88 Sep 21 07:15:59.268981: | 37 81 79 e5 ea ed f9 bb ca 68 35 12 af dc 2c 76 Sep 21 07:15:59.268984: | 03 72 01 90 62 ca a9 1a 6c 02 da 09 df f7 bd 8b Sep 21 07:15:59.268987: | a8 d7 57 e2 f0 45 44 0a 7f 96 09 b1 ca d9 0f 09 Sep 21 07:15:59.268989: | 4f 60 9e 9f 04 b3 01 32 94 7f 39 7d 9d c2 3d 5d Sep 21 07:15:59.268996: | 99 77 29 10 8c 3b b1 ce 1c b7 24 11 cc 28 3f 40 Sep 21 07:15:59.268999: | fb 62 42 70 4d d9 c1 e8 b0 3c a5 58 8a 72 8a 19 Sep 21 07:15:59.269002: | 0d c3 cf 42 9c 88 a6 91 ef 36 c2 b2 a1 c8 72 32 Sep 21 07:15:59.269005: | d4 85 59 d1 ab a7 30 51 38 88 fd 2f 41 7b 1e 95 Sep 21 07:15:59.269008: | 68 e5 30 13 fd 6f ed 2a a0 68 e6 ae a3 55 57 b1 Sep 21 07:15:59.269011: | 10 40 5c 7e 0b 4a 02 12 8f 87 43 80 5c 29 12 e2 Sep 21 07:15:59.269014: | 5f 13 fe fa 3b 8b a4 fe e5 69 07 7c 78 2f 37 61 Sep 21 07:15:59.269017: | 34 21 5f ef 38 14 26 05 ab 4c 12 60 a8 f7 4d 90 Sep 21 07:15:59.269019: | 85 48 65 61 30 d4 a7 34 ae 48 32 a9 11 1e 42 31 Sep 21 07:15:59.269022: | c4 a5 19 a6 d8 b1 c5 ca b6 31 f3 d0 73 61 01 54 Sep 21 07:15:59.269025: | 14 72 86 8e 21 26 c1 fc 84 f8 49 20 bc f3 e1 7b Sep 21 07:15:59.269028: | 86 b9 82 bf 2b 55 50 03 29 00 00 24 94 73 ad 3a Sep 21 07:15:59.269031: | d5 ab 42 40 ad 39 45 dd 4b b8 4e d4 27 37 a6 eb Sep 21 07:15:59.269033: | 9f 53 94 3f de eb 2a 0b e4 93 3d 1b 29 00 00 08 Sep 21 07:15:59.269036: | 00 00 40 2e 29 00 00 1c 00 00 40 04 aa b9 6d cb Sep 21 07:15:59.269039: | a8 59 fd 0d 3c c1 3d fd d7 1b fb 13 9e 27 28 05 Sep 21 07:15:59.269042: | 00 00 00 1c 00 00 40 05 22 c4 04 25 96 b9 e6 95 Sep 21 07:15:59.269045: | 91 14 aa e3 c7 14 7e 3d 86 94 fe 89 Sep 21 07:15:59.269070: | libevent_free: release ptr-libevent@0x7f7138006900 Sep 21 07:15:59.269074: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f7138002b20 Sep 21 07:15:59.269083: | #4 spent 0.274 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:15:59.269089: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:15:59.770675: | timer_event_cb: processing event@0x7f712c002b20 Sep 21 07:15:59.770691: | handling event EVENT_RETRANSMIT for parent state #4 Sep 21 07:15:59.770699: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:15:59.770702: | IKEv2 retransmit event Sep 21 07:15:59.770706: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:144) Sep 21 07:15:59.770710: | handling event EVENT_RETRANSMIT for 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" #4 attempt 2 of 0 Sep 21 07:15:59.770714: | and parent for 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" #4 keying attempt 1 of 0; retransmit 2 Sep 21 07:15:59.770720: | retransmits: current time 48806.138982; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.002271 exceeds limit? NO Sep 21 07:15:59.770723: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f7138002b20 Sep 21 07:15:59.770727: | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #4 Sep 21 07:15:59.770731: | libevent_malloc: new ptr-libevent@0x7f7138006900 size 128 Sep 21 07:15:59.770735: "westnet-eastnet-ipv4-psk-ikev2" #4: STATE_PARENT_I1: retransmission; will wait 1 seconds for response Sep 21 07:15:59.770742: | sending 828 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Sep 21 07:15:59.770745: | cd d6 df 78 4d 28 11 5a 00 00 00 00 00 00 00 00 Sep 21 07:15:59.770747: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:15:59.770749: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:15:59.770751: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:15:59.770753: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:15:59.770755: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:15:59.770757: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:15:59.770759: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:15:59.770761: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:15:59.770763: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:15:59.770769: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:15:59.770772: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:15:59.770774: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:15:59.770776: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:15:59.770778: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:15:59.770781: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:15:59.770787: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:15:59.770792: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:15:59.770794: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:15:59.770796: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:15:59.770799: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:15:59.770801: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:15:59.770803: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:15:59.770805: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:15:59.770808: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:15:59.770810: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:15:59.770812: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:15:59.770814: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:15:59.770817: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:15:59.770819: | 28 00 01 08 00 0e 00 00 d1 d0 a7 64 0d 6e 5a 88 Sep 21 07:15:59.770821: | 37 81 79 e5 ea ed f9 bb ca 68 35 12 af dc 2c 76 Sep 21 07:15:59.770823: | 03 72 01 90 62 ca a9 1a 6c 02 da 09 df f7 bd 8b Sep 21 07:15:59.770826: | a8 d7 57 e2 f0 45 44 0a 7f 96 09 b1 ca d9 0f 09 Sep 21 07:15:59.770829: | 4f 60 9e 9f 04 b3 01 32 94 7f 39 7d 9d c2 3d 5d Sep 21 07:15:59.770831: | 99 77 29 10 8c 3b b1 ce 1c b7 24 11 cc 28 3f 40 Sep 21 07:15:59.770833: | fb 62 42 70 4d d9 c1 e8 b0 3c a5 58 8a 72 8a 19 Sep 21 07:15:59.770835: | 0d c3 cf 42 9c 88 a6 91 ef 36 c2 b2 a1 c8 72 32 Sep 21 07:15:59.770837: | d4 85 59 d1 ab a7 30 51 38 88 fd 2f 41 7b 1e 95 Sep 21 07:15:59.770839: | 68 e5 30 13 fd 6f ed 2a a0 68 e6 ae a3 55 57 b1 Sep 21 07:15:59.770841: | 10 40 5c 7e 0b 4a 02 12 8f 87 43 80 5c 29 12 e2 Sep 21 07:15:59.770843: | 5f 13 fe fa 3b 8b a4 fe e5 69 07 7c 78 2f 37 61 Sep 21 07:15:59.770844: | 34 21 5f ef 38 14 26 05 ab 4c 12 60 a8 f7 4d 90 Sep 21 07:15:59.770847: | 85 48 65 61 30 d4 a7 34 ae 48 32 a9 11 1e 42 31 Sep 21 07:15:59.770848: | c4 a5 19 a6 d8 b1 c5 ca b6 31 f3 d0 73 61 01 54 Sep 21 07:15:59.770850: | 14 72 86 8e 21 26 c1 fc 84 f8 49 20 bc f3 e1 7b Sep 21 07:15:59.770853: | 86 b9 82 bf 2b 55 50 03 29 00 00 24 94 73 ad 3a Sep 21 07:15:59.770855: | d5 ab 42 40 ad 39 45 dd 4b b8 4e d4 27 37 a6 eb Sep 21 07:15:59.770857: | 9f 53 94 3f de eb 2a 0b e4 93 3d 1b 29 00 00 08 Sep 21 07:15:59.770859: | 00 00 40 2e 29 00 00 1c 00 00 40 04 aa b9 6d cb Sep 21 07:15:59.770861: | a8 59 fd 0d 3c c1 3d fd d7 1b fb 13 9e 27 28 05 Sep 21 07:15:59.770863: | 00 00 00 1c 00 00 40 05 22 c4 04 25 96 b9 e6 95 Sep 21 07:15:59.770865: | 91 14 aa e3 c7 14 7e 3d 86 94 fe 89 Sep 21 07:15:59.770896: | libevent_free: release ptr-libevent@0x7f712c006900 Sep 21 07:15:59.770901: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f712c002b20 Sep 21 07:15:59.770909: | #4 spent 0.227 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:15:59.770915: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:16:00.056846: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:00.056867: shutting down Sep 21 07:16:00.056875: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:16:00.056879: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:16:00.056885: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:00.056891: forgetting secrets Sep 21 07:16:00.056894: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:00.056899: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in delete_connection() at connections.c:189) Sep 21 07:16:00.056903: | removing pending policy for no connection {0x5629964c32f0} Sep 21 07:16:00.056906: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:16:00.056908: | pass 0 Sep 21 07:16:00.056911: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:00.056913: | state #4 Sep 21 07:16:00.056917: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:16:00.056923: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:16:00.056927: | pstats #4 ikev2.ike deleted other Sep 21 07:16:00.056932: | #4 spent 3.09 milliseconds in total Sep 21 07:16:00.056937: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:00.056941: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting state (STATE_PARENT_I1) aged 1.291s and NOT sending notification Sep 21 07:16:00.056944: | parent state #4: PARENT_I1(half-open IKE SA) => delete Sep 21 07:16:00.056948: | state #4 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:00.056950: | #4 STATE_PARENT_I1: retransmits: cleared Sep 21 07:16:00.056955: | libevent_free: release ptr-libevent@0x7f7138006900 Sep 21 07:16:00.056958: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f7138002b20 Sep 21 07:16:00.056961: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:16:00.056964: | picked newest_isakmp_sa #0 for #4 Sep 21 07:16:00.056967: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:16:00.056971: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 5 seconds Sep 21 07:16:00.056974: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Sep 21 07:16:00.056981: | stop processing: connection "westnet-eastnet-ipv4-psk-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:16:00.056983: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:16:00.056986: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:16:00.056989: | State DB: deleting IKEv2 state #4 in PARENT_I1 Sep 21 07:16:00.056993: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:16:00.057012: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:00.057016: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:16:00.057019: | pass 1 Sep 21 07:16:00.057022: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:00.057028: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:16:00.057034: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:16:00.057038: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:16:00.057080: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:16:00.057095: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:00.057100: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:00.057104: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:16:00.057108: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL Sep 21 07:16:00.057111: | running updown command "ipsec _updown" for verb unroute Sep 21 07:16:00.057116: | command executing unroute-client Sep 21 07:16:00.057147: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA Sep 21 07:16:00.057153: | popen cmd is 1041 chars long Sep 21 07:16:00.057156: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:16:00.057159: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: Sep 21 07:16:00.057162: | cmd( 160):92.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NE: Sep 21 07:16:00.057165: | cmd( 240):T='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Sep 21 07:16:00.057167: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' P: Sep 21 07:16:00.057170: | cmd( 400):LUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192: Sep 21 07:16:00.057172: | cmd( 480):.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PR: Sep 21 07:16:00.057175: | cmd( 560):OTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO: Sep 21 07:16:00.057178: | cmd( 640):LICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' P: Sep 21 07:16:00.057180: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Sep 21 07:16:00.057183: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Sep 21 07:16:00.057186: | cmd( 880):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Sep 21 07:16:00.057188: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&: Sep 21 07:16:00.057190: | cmd(1040):1: Sep 21 07:16:00.129622: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129639: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129651: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129670: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129688: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129709: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129722: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129738: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129755: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129819: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129824: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129827: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129830: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129833: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129837: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129852: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129867: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129879: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129894: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129907: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.129921: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130221: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130247: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130271: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130296: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130314: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130331: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130350: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130379: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130400: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130422: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130448: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130471: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130495: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130514: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130527: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130541: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130555: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130682: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130694: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.130707: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:00.204584: | free hp@0x5629964fe9c0 Sep 21 07:16:00.204598: | flush revival: connection 'westnet-eastnet-ipv4-psk-ikev2' revival flushed Sep 21 07:16:00.204602: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:16:00.204612: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:16:00.204614: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:16:00.204625: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:16:00.204629: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:16:00.204632: shutting down interface eth0/eth0 192.0.1.254:4500 Sep 21 07:16:00.204635: shutting down interface eth0/eth0 192.0.1.254:500 Sep 21 07:16:00.204638: shutting down interface eth1/eth1 192.1.2.45:4500 Sep 21 07:16:00.204641: shutting down interface eth1/eth1 192.1.2.45:500 Sep 21 07:16:00.204646: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:16:00.204653: | libevent_free: release ptr-libevent@0x562996532030 Sep 21 07:16:00.204656: | free_event_entry: release EVENT_NULL-pe@0x56299651b230 Sep 21 07:16:00.204665: | libevent_free: release ptr-libevent@0x562996532120 Sep 21 07:16:00.204668: | free_event_entry: release EVENT_NULL-pe@0x5629965320e0 Sep 21 07:16:00.204674: | libevent_free: release ptr-libevent@0x562996532210 Sep 21 07:16:00.204677: | free_event_entry: release EVENT_NULL-pe@0x5629965321d0 Sep 21 07:16:00.204682: | libevent_free: release ptr-libevent@0x562996532300 Sep 21 07:16:00.204685: | free_event_entry: release EVENT_NULL-pe@0x5629965322c0 Sep 21 07:16:00.204690: | libevent_free: release ptr-libevent@0x5629965323f0 Sep 21 07:16:00.204693: | free_event_entry: release EVENT_NULL-pe@0x5629965323b0 Sep 21 07:16:00.204699: | libevent_free: release ptr-libevent@0x5629965324e0 Sep 21 07:16:00.204702: | free_event_entry: release EVENT_NULL-pe@0x5629965324a0 Sep 21 07:16:00.204710: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:16:00.208109: | libevent_free: release ptr-libevent@0x562996531990 Sep 21 07:16:00.208120: | free_event_entry: release EVENT_NULL-pe@0x56299651a4b0 Sep 21 07:16:00.208124: | libevent_free: release ptr-libevent@0x562996527420 Sep 21 07:16:00.208127: | free_event_entry: release EVENT_NULL-pe@0x56299651a760 Sep 21 07:16:00.208130: | libevent_free: release ptr-libevent@0x562996527390 Sep 21 07:16:00.208133: | free_event_entry: release EVENT_NULL-pe@0x56299651fec0 Sep 21 07:16:00.208136: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:16:00.208139: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:16:00.208141: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:16:00.208143: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:16:00.208146: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:16:00.208148: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:16:00.208151: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:16:00.208153: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:16:00.208155: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:16:00.208160: | libevent_free: release ptr-libevent@0x562996531a60 Sep 21 07:16:00.208163: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:16:00.208166: | libevent_free: release ptr-libevent@0x562996531b40 Sep 21 07:16:00.208168: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:16:00.208171: | libevent_free: release ptr-libevent@0x562996531c00 Sep 21 07:16:00.208174: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:16:00.208177: | libevent_free: release ptr-libevent@0x562996526690 Sep 21 07:16:00.208179: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:16:00.208181: | releasing event base Sep 21 07:16:00.208194: | libevent_free: release ptr-libevent@0x562996531cc0 Sep 21 07:16:00.208197: | libevent_free: release ptr-libevent@0x562996507200 Sep 21 07:16:00.208201: | libevent_free: release ptr-libevent@0x562996515a40 Sep 21 07:16:00.208203: | libevent_free: release ptr-libevent@0x562996515b10 Sep 21 07:16:00.208206: | libevent_free: release ptr-libevent@0x562996515a60 Sep 21 07:16:00.208208: | libevent_free: release ptr-libevent@0x562996531a20 Sep 21 07:16:00.208211: | libevent_free: release ptr-libevent@0x562996531b00 Sep 21 07:16:00.208213: | libevent_free: release ptr-libevent@0x562996515af0 Sep 21 07:16:00.208216: | libevent_free: release ptr-libevent@0x562996515c50 Sep 21 07:16:00.208218: | libevent_free: release ptr-libevent@0x56299651a6b0 Sep 21 07:16:00.208221: | libevent_free: release ptr-libevent@0x562996532570 Sep 21 07:16:00.208223: | libevent_free: release ptr-libevent@0x562996532480 Sep 21 07:16:00.208225: | libevent_free: release ptr-libevent@0x562996532390 Sep 21 07:16:00.208228: | libevent_free: release ptr-libevent@0x5629965322a0 Sep 21 07:16:00.208230: | libevent_free: release ptr-libevent@0x5629965321b0 Sep 21 07:16:00.208233: | libevent_free: release ptr-libevent@0x5629965320c0 Sep 21 07:16:00.208235: | libevent_free: release ptr-libevent@0x562996499370 Sep 21 07:16:00.208238: | libevent_free: release ptr-libevent@0x562996531be0 Sep 21 07:16:00.208240: | libevent_free: release ptr-libevent@0x562996531b20 Sep 21 07:16:00.208242: | libevent_free: release ptr-libevent@0x562996531a40 Sep 21 07:16:00.208245: | libevent_free: release ptr-libevent@0x562996531ca0 Sep 21 07:16:00.208247: | libevent_free: release ptr-libevent@0x5629964975b0 Sep 21 07:16:00.208250: | libevent_free: release ptr-libevent@0x562996515a80 Sep 21 07:16:00.208253: | libevent_free: release ptr-libevent@0x562996515ab0 Sep 21 07:16:00.208255: | libevent_free: release ptr-libevent@0x5629965157a0 Sep 21 07:16:00.208257: | releasing global libevent data Sep 21 07:16:00.208260: | libevent_free: release ptr-libevent@0x562996514490 Sep 21 07:16:00.208263: | libevent_free: release ptr-libevent@0x562996515740 Sep 21 07:16:00.208266: | libevent_free: release ptr-libevent@0x562996515770