Sep 21 07:16:05.035350: FIPS Product: YES Sep 21 07:16:05.035386: FIPS Kernel: NO Sep 21 07:16:05.035389: FIPS Mode: NO Sep 21 07:16:05.035392: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:16:05.035590: Initializing NSS Sep 21 07:16:05.035596: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:16:05.154369: NSS initialized Sep 21 07:16:05.154387: NSS crypto library initialized Sep 21 07:16:05.154390: FIPS HMAC integrity support [enabled] Sep 21 07:16:05.154393: FIPS mode disabled for pluto daemon Sep 21 07:16:05.252706: FIPS HMAC integrity verification self-test FAILED Sep 21 07:16:05.252867: libcap-ng support [enabled] Sep 21 07:16:05.252878: Linux audit support [enabled] Sep 21 07:16:05.252908: Linux audit activated Sep 21 07:16:05.252915: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:22671 Sep 21 07:16:05.252918: core dump dir: /tmp Sep 21 07:16:05.252920: secrets file: /etc/ipsec.secrets Sep 21 07:16:05.252923: leak-detective disabled Sep 21 07:16:05.252925: NSS crypto [enabled] Sep 21 07:16:05.252927: XAUTH PAM support [enabled] Sep 21 07:16:05.253004: | libevent is using pluto's memory allocator Sep 21 07:16:05.253011: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:16:05.253024: | libevent_malloc: new ptr-libevent@0x561e34b562d0 size 40 Sep 21 07:16:05.253027: | libevent_malloc: new ptr-libevent@0x561e34b56300 size 40 Sep 21 07:16:05.253031: | libevent_malloc: new ptr-libevent@0x561e34b57ae0 size 40 Sep 21 07:16:05.253033: | creating event base Sep 21 07:16:05.253036: | libevent_malloc: new ptr-libevent@0x561e34b57aa0 size 56 Sep 21 07:16:05.253039: | libevent_malloc: new ptr-libevent@0x561e34b57b10 size 664 Sep 21 07:16:05.253052: | libevent_malloc: new ptr-libevent@0x561e34b57db0 size 24 Sep 21 07:16:05.253056: | libevent_malloc: new ptr-libevent@0x561e34b0f580 size 384 Sep 21 07:16:05.253067: | libevent_malloc: new ptr-libevent@0x561e34b57dd0 size 16 Sep 21 07:16:05.253070: | libevent_malloc: new ptr-libevent@0x561e34b57df0 size 40 Sep 21 07:16:05.253072: | libevent_malloc: new ptr-libevent@0x561e34b57e20 size 48 Sep 21 07:16:05.253079: | libevent_realloc: new ptr-libevent@0x561e34b57e60 size 256 Sep 21 07:16:05.253081: | libevent_malloc: new ptr-libevent@0x561e34b57f70 size 16 Sep 21 07:16:05.253087: | libevent_free: release ptr-libevent@0x561e34b57aa0 Sep 21 07:16:05.253090: | libevent initialized Sep 21 07:16:05.253094: | libevent_realloc: new ptr-libevent@0x561e34b57f90 size 64 Sep 21 07:16:05.253101: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:16:05.253117: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:16:05.253119: NAT-Traversal support [enabled] Sep 21 07:16:05.253122: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:16:05.253129: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:16:05.253133: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:16:05.253164: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:16:05.253168: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:16:05.253171: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:16:05.253222: Encryption algorithms: Sep 21 07:16:05.253228: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:16:05.253232: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:16:05.253236: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:16:05.253240: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:16:05.253243: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:16:05.253253: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:16:05.253257: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:16:05.253260: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:16:05.253264: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:16:05.253267: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:16:05.253270: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:16:05.253274: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:16:05.253277: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:16:05.253281: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:16:05.253284: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:16:05.253287: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:16:05.253290: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:16:05.253297: Hash algorithms: Sep 21 07:16:05.253300: MD5 IKEv1: IKE IKEv2: Sep 21 07:16:05.253303: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:16:05.253306: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:16:05.253309: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:16:05.253312: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:16:05.253328: PRF algorithms: Sep 21 07:16:05.253331: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:16:05.253335: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:16:05.253339: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:16:05.253343: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:16:05.253346: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:16:05.253349: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:16:05.253376: Integrity algorithms: Sep 21 07:16:05.253379: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:16:05.253383: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:16:05.253387: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:16:05.253391: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:16:05.253395: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:16:05.253397: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:16:05.253401: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:16:05.253404: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:16:05.253407: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:16:05.253419: DH algorithms: Sep 21 07:16:05.253422: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:16:05.253425: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:16:05.253428: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:16:05.253433: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:16:05.253436: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:16:05.253438: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:16:05.253441: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:16:05.253444: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:16:05.253448: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:16:05.253451: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:16:05.253454: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:16:05.253456: testing CAMELLIA_CBC: Sep 21 07:16:05.253458: Camellia: 16 bytes with 128-bit key Sep 21 07:16:05.253574: Camellia: 16 bytes with 128-bit key Sep 21 07:16:05.253605: Camellia: 16 bytes with 256-bit key Sep 21 07:16:05.253635: Camellia: 16 bytes with 256-bit key Sep 21 07:16:05.253663: testing AES_GCM_16: Sep 21 07:16:05.253666: empty string Sep 21 07:16:05.253692: one block Sep 21 07:16:05.253716: two blocks Sep 21 07:16:05.253741: two blocks with associated data Sep 21 07:16:05.253768: testing AES_CTR: Sep 21 07:16:05.253771: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:16:05.253801: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:16:05.253831: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:16:05.253861: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:16:05.253887: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:16:05.253915: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:16:05.253942: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:16:05.253967: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:16:05.253994: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:16:05.254022: testing AES_CBC: Sep 21 07:16:05.254024: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:16:05.254050: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:16:05.254079: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:16:05.257323: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:16:05.257378: testing AES_XCBC: Sep 21 07:16:05.257382: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:16:05.257501: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:16:05.257630: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:16:05.257754: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:16:05.258083: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:16:05.258284: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:16:05.258475: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:16:05.258771: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:16:05.258909: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:16:05.259051: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:16:05.259292: testing HMAC_MD5: Sep 21 07:16:05.259296: RFC 2104: MD5_HMAC test 1 Sep 21 07:16:05.259465: RFC 2104: MD5_HMAC test 2 Sep 21 07:16:05.259620: RFC 2104: MD5_HMAC test 3 Sep 21 07:16:05.259814: 8 CPU cores online Sep 21 07:16:05.259821: starting up 7 crypto helpers Sep 21 07:16:05.259854: started thread for crypto helper 0 Sep 21 07:16:05.259881: started thread for crypto helper 1 Sep 21 07:16:05.259901: started thread for crypto helper 2 Sep 21 07:16:05.259919: started thread for crypto helper 3 Sep 21 07:16:05.259942: started thread for crypto helper 4 Sep 21 07:16:05.259959: started thread for crypto helper 5 Sep 21 07:16:05.259981: started thread for crypto helper 6 Sep 21 07:16:05.259989: | checking IKEv1 state table Sep 21 07:16:05.259997: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:05.259999: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:16:05.260002: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:05.260005: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:16:05.260007: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:16:05.260010: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:16:05.260012: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:05.260014: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:05.260017: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:16:05.260019: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:16:05.260022: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:05.260024: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:05.260027: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:16:05.260029: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:05.260031: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:05.260034: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:05.260036: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:16:05.260039: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:05.260041: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:05.260043: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:05.260046: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:16:05.260048: | -> UNDEFINED EVENT_NULL Sep 21 07:16:05.260051: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:16:05.260053: | -> UNDEFINED EVENT_NULL Sep 21 07:16:05.260056: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:05.260058: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:16:05.260061: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:05.260063: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:05.260066: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:05.260068: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:16:05.260071: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:05.260073: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:05.260076: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:16:05.260078: | -> UNDEFINED EVENT_NULL Sep 21 07:16:05.260081: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:16:05.260083: | -> UNDEFINED EVENT_NULL Sep 21 07:16:05.260086: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:16:05.260088: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:16:05.260091: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:16:05.260093: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:16:05.260096: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:16:05.260098: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:16:05.260101: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:16:05.260103: | -> UNDEFINED EVENT_NULL Sep 21 07:16:05.260106: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:16:05.260108: | -> UNDEFINED EVENT_NULL Sep 21 07:16:05.260111: | INFO: category: informational flags: 0: Sep 21 07:16:05.260113: | -> UNDEFINED EVENT_NULL Sep 21 07:16:05.260116: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:16:05.260118: | -> UNDEFINED EVENT_NULL Sep 21 07:16:05.260121: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:16:05.260123: | -> XAUTH_R1 EVENT_NULL Sep 21 07:16:05.260126: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:16:05.260128: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:05.260131: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:16:05.260133: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:16:05.260136: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:16:05.260138: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:16:05.260141: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:16:05.260143: | -> UNDEFINED EVENT_NULL Sep 21 07:16:05.260146: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:16:05.260150: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:05.260153: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:16:05.260155: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:16:05.260158: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:16:05.260161: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:16:05.260166: | checking IKEv2 state table Sep 21 07:16:05.260172: | PARENT_I0: category: ignore flags: 0: Sep 21 07:16:05.260175: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:16:05.260178: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:05.260181: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:16:05.260183: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:16:05.260186: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:16:05.260189: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:16:05.260192: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:16:05.260195: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:16:05.260197: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:16:05.260200: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:16:05.260203: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:16:05.260206: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:16:05.260208: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:16:05.260211: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:16:05.260213: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:16:05.260216: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:05.260219: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:16:05.260221: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:16:05.260224: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:16:05.260227: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:16:05.260229: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:16:05.260232: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:16:05.260235: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:16:05.260237: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:16:05.260240: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:16:05.260243: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:16:05.260245: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:16:05.260248: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:16:05.260250: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:16:05.260253: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:16:05.260255: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:05.260257: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:16:05.260259: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:16:05.260262: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:16:05.260264: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:16:05.260266: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:16:05.260268: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:16:05.260271: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:16:05.260275: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:16:05.260277: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:05.260280: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:16:05.260282: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:16:05.260284: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:16:05.260287: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:16:05.260289: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:16:05.260291: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:16:05.260362: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:16:05.260419: | Hard-wiring algorithms Sep 21 07:16:05.260423: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:16:05.260427: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:16:05.260430: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:16:05.260432: | adding 3DES_CBC to kernel algorithm db Sep 21 07:16:05.260434: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:16:05.260436: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:16:05.260439: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:16:05.260441: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:16:05.260443: | adding AES_CTR to kernel algorithm db Sep 21 07:16:05.260446: | adding AES_CBC to kernel algorithm db Sep 21 07:16:05.260448: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:16:05.260451: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:16:05.260453: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:16:05.260456: | adding NULL to kernel algorithm db Sep 21 07:16:05.260458: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:16:05.260461: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:16:05.260463: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:16:05.260466: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:16:05.260468: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:16:05.260471: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:16:05.260473: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:16:05.260476: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:16:05.260478: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:16:05.260480: | adding NONE to kernel algorithm db Sep 21 07:16:05.260502: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:16:05.260508: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:16:05.260511: | setup kernel fd callback Sep 21 07:16:05.260514: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x561e34b62750 Sep 21 07:16:05.260517: | libevent_malloc: new ptr-libevent@0x561e34b69720 size 128 Sep 21 07:16:05.260520: | libevent_malloc: new ptr-libevent@0x561e34b626b0 size 16 Sep 21 07:16:05.260526: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x561e34b5cc00 Sep 21 07:16:05.260529: | libevent_malloc: new ptr-libevent@0x561e34b697b0 size 128 Sep 21 07:16:05.260531: | libevent_malloc: new ptr-libevent@0x561e34b62690 size 16 Sep 21 07:16:05.260749: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:16:05.260760: selinux support is enabled. Sep 21 07:16:05.261240: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:16:05.261420: | unbound context created - setting debug level to 5 Sep 21 07:16:05.261453: | /etc/hosts lookups activated Sep 21 07:16:05.261475: | /etc/resolv.conf usage activated Sep 21 07:16:05.261540: | outgoing-port-avoid set 0-65535 Sep 21 07:16:05.261570: | outgoing-port-permit set 32768-60999 Sep 21 07:16:05.261573: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:16:05.261576: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:16:05.261579: | Setting up events, loop start Sep 21 07:16:05.261583: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x561e34b5c9c0 Sep 21 07:16:05.261589: | libevent_malloc: new ptr-libevent@0x561e34b73d30 size 128 Sep 21 07:16:05.261594: | libevent_malloc: new ptr-libevent@0x561e34b73dc0 size 16 Sep 21 07:16:05.261600: | libevent_realloc: new ptr-libevent@0x561e34b73de0 size 256 Sep 21 07:16:05.261603: | libevent_malloc: new ptr-libevent@0x561e34b73ef0 size 8 Sep 21 07:16:05.261606: | libevent_realloc: new ptr-libevent@0x561e34b68b20 size 144 Sep 21 07:16:05.261609: | libevent_malloc: new ptr-libevent@0x561e34b73f10 size 152 Sep 21 07:16:05.261612: | libevent_malloc: new ptr-libevent@0x561e34b73fb0 size 16 Sep 21 07:16:05.261616: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:16:05.261619: | libevent_malloc: new ptr-libevent@0x561e34b73fd0 size 8 Sep 21 07:16:05.261621: | libevent_malloc: new ptr-libevent@0x561e34b73ff0 size 152 Sep 21 07:16:05.261624: | signal event handler PLUTO_SIGTERM installed Sep 21 07:16:05.261627: | libevent_malloc: new ptr-libevent@0x561e34b74090 size 8 Sep 21 07:16:05.261629: | libevent_malloc: new ptr-libevent@0x561e34b740b0 size 152 Sep 21 07:16:05.261632: | signal event handler PLUTO_SIGHUP installed Sep 21 07:16:05.261635: | libevent_malloc: new ptr-libevent@0x561e34b74150 size 8 Sep 21 07:16:05.261637: | libevent_realloc: release ptr-libevent@0x561e34b68b20 Sep 21 07:16:05.261640: | libevent_realloc: new ptr-libevent@0x561e34b74170 size 256 Sep 21 07:16:05.261643: | libevent_malloc: new ptr-libevent@0x561e34b68b20 size 152 Sep 21 07:16:05.261646: | signal event handler PLUTO_SIGSYS installed Sep 21 07:16:05.263614: | created addconn helper (pid:22846) using fork+execve Sep 21 07:16:05.263633: | forked child 22846 Sep 21 07:16:05.263679: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:05.263695: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:05.263703: listening for IKE messages Sep 21 07:16:05.263876: | Inspecting interface lo Sep 21 07:16:05.263886: | found lo with address 127.0.0.1 Sep 21 07:16:05.263889: | Inspecting interface eth0 Sep 21 07:16:05.263894: | found eth0 with address 192.0.2.254 Sep 21 07:16:05.263898: | Inspecting interface eth0 Sep 21 07:16:05.263902: | found eth0 with address 192.0.22.254 Sep 21 07:16:05.263905: | Inspecting interface eth1 Sep 21 07:16:05.263909: | found eth1 with address 192.1.2.23 Sep 21 07:16:05.263958: Kernel supports NIC esp-hw-offload Sep 21 07:16:05.263971: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Sep 21 07:16:05.264034: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:05.264039: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:05.264044: adding interface eth1/eth1 192.1.2.23:4500 Sep 21 07:16:05.264072: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.22.254:500 Sep 21 07:16:05.264095: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:05.264100: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:05.264104: adding interface eth0/eth0 192.0.22.254:4500 Sep 21 07:16:05.264129: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Sep 21 07:16:05.264150: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:05.264154: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:05.264158: adding interface eth0/eth0 192.0.2.254:4500 Sep 21 07:16:05.264185: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:16:05.264207: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:05.264211: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:05.264215: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:16:05.264267: | no interfaces to sort Sep 21 07:16:05.264271: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:16:05.264281: | add_fd_read_event_handler: new ethX-pe@0x561e34b74630 Sep 21 07:16:05.264285: | libevent_malloc: new ptr-libevent@0x561e34b74670 size 128 Sep 21 07:16:05.264295: | libevent_malloc: new ptr-libevent@0x561e34b74700 size 16 Sep 21 07:16:05.264303: | setup callback for interface lo 127.0.0.1:4500 fd 24 Sep 21 07:16:05.264306: | add_fd_read_event_handler: new ethX-pe@0x561e34b74720 Sep 21 07:16:05.264309: | libevent_malloc: new ptr-libevent@0x561e34b74760 size 128 Sep 21 07:16:05.264312: | libevent_malloc: new ptr-libevent@0x561e34b747f0 size 16 Sep 21 07:16:05.264317: | setup callback for interface lo 127.0.0.1:500 fd 23 Sep 21 07:16:05.264319: | add_fd_read_event_handler: new ethX-pe@0x561e34b74810 Sep 21 07:16:05.264322: | libevent_malloc: new ptr-libevent@0x561e34b74850 size 128 Sep 21 07:16:05.264325: | libevent_malloc: new ptr-libevent@0x561e34b748e0 size 16 Sep 21 07:16:05.264330: | setup callback for interface eth0 192.0.2.254:4500 fd 22 Sep 21 07:16:05.264333: | add_fd_read_event_handler: new ethX-pe@0x561e34b74900 Sep 21 07:16:05.264336: | libevent_malloc: new ptr-libevent@0x561e34b74940 size 128 Sep 21 07:16:05.264339: | libevent_malloc: new ptr-libevent@0x561e34b749d0 size 16 Sep 21 07:16:05.264343: | setup callback for interface eth0 192.0.2.254:500 fd 21 Sep 21 07:16:05.264346: | add_fd_read_event_handler: new ethX-pe@0x561e34b749f0 Sep 21 07:16:05.264349: | libevent_malloc: new ptr-libevent@0x561e34b74a30 size 128 Sep 21 07:16:05.264352: | libevent_malloc: new ptr-libevent@0x561e34b74ac0 size 16 Sep 21 07:16:05.264357: | setup callback for interface eth0 192.0.22.254:4500 fd 20 Sep 21 07:16:05.264360: | add_fd_read_event_handler: new ethX-pe@0x561e34b74ae0 Sep 21 07:16:05.264363: | libevent_malloc: new ptr-libevent@0x561e34b74b20 size 128 Sep 21 07:16:05.264366: | libevent_malloc: new ptr-libevent@0x561e34b74bb0 size 16 Sep 21 07:16:05.264370: | setup callback for interface eth0 192.0.22.254:500 fd 19 Sep 21 07:16:05.264373: | add_fd_read_event_handler: new ethX-pe@0x561e34b74bd0 Sep 21 07:16:05.264376: | libevent_malloc: new ptr-libevent@0x561e34b75240 size 128 Sep 21 07:16:05.264379: | libevent_malloc: new ptr-libevent@0x561e34b74c10 size 16 Sep 21 07:16:05.264384: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:16:05.264387: | add_fd_read_event_handler: new ethX-pe@0x561e34b74c30 Sep 21 07:16:05.264390: | libevent_malloc: new ptr-libevent@0x561e34b752d0 size 128 Sep 21 07:16:05.264393: | libevent_malloc: new ptr-libevent@0x561e34b74c70 size 16 Sep 21 07:16:05.264398: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:16:05.264402: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:05.264405: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:05.264425: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:05.264444: | saving Modulus Sep 21 07:16:05.264448: | saving PublicExponent Sep 21 07:16:05.264452: | ignoring PrivateExponent Sep 21 07:16:05.264456: | ignoring Prime1 Sep 21 07:16:05.264459: | ignoring Prime2 Sep 21 07:16:05.264462: | ignoring Exponent1 Sep 21 07:16:05.264466: | ignoring Exponent2 Sep 21 07:16:05.264469: | ignoring Coefficient Sep 21 07:16:05.264473: | ignoring CKAIDNSS Sep 21 07:16:05.264510: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:16:05.264513: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:16:05.264518: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Sep 21 07:16:05.264525: | certs and keys locked by 'process_secret' Sep 21 07:16:05.264529: | certs and keys unlocked by 'process_secret' Sep 21 07:16:05.264534: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:05.264543: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:05.264550: | spent 0.827 milliseconds in whack Sep 21 07:16:05.264563: | starting up helper thread 0 Sep 21 07:16:05.264569: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:16:05.264573: | crypto helper 0 waiting (nothing to do) Sep 21 07:16:05.266800: | starting up helper thread 1 Sep 21 07:16:05.266819: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:16:05.266828: | crypto helper 1 waiting (nothing to do) Sep 21 07:16:05.266839: | starting up helper thread 3 Sep 21 07:16:05.266844: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:16:05.266846: | crypto helper 3 waiting (nothing to do) Sep 21 07:16:05.266854: | starting up helper thread 5 Sep 21 07:16:05.266859: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:16:05.266861: | crypto helper 5 waiting (nothing to do) Sep 21 07:16:05.271802: | starting up helper thread 2 Sep 21 07:16:05.271818: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:16:05.271821: | crypto helper 2 waiting (nothing to do) Sep 21 07:16:05.271832: | starting up helper thread 4 Sep 21 07:16:05.271837: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:16:05.271839: | crypto helper 4 waiting (nothing to do) Sep 21 07:16:05.271847: | starting up helper thread 6 Sep 21 07:16:05.271852: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:16:05.271854: | crypto helper 6 waiting (nothing to do) Sep 21 07:16:05.308005: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:05.308027: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:05.308033: listening for IKE messages Sep 21 07:16:05.308068: | Inspecting interface lo Sep 21 07:16:05.308075: | found lo with address 127.0.0.1 Sep 21 07:16:05.308078: | Inspecting interface eth0 Sep 21 07:16:05.308082: | found eth0 with address 192.0.2.254 Sep 21 07:16:05.308085: | Inspecting interface eth0 Sep 21 07:16:05.308088: | found eth0 with address 192.0.22.254 Sep 21 07:16:05.308091: | Inspecting interface eth1 Sep 21 07:16:05.308094: | found eth1 with address 192.1.2.23 Sep 21 07:16:05.308149: | no interfaces to sort Sep 21 07:16:05.308157: | libevent_free: release ptr-libevent@0x561e34b74670 Sep 21 07:16:05.308160: | free_event_entry: release EVENT_NULL-pe@0x561e34b74630 Sep 21 07:16:05.308163: | add_fd_read_event_handler: new ethX-pe@0x561e34b74630 Sep 21 07:16:05.308166: | libevent_malloc: new ptr-libevent@0x561e34b74670 size 128 Sep 21 07:16:05.308173: | setup callback for interface lo 127.0.0.1:4500 fd 24 Sep 21 07:16:05.308177: | libevent_free: release ptr-libevent@0x561e34b74760 Sep 21 07:16:05.308179: | free_event_entry: release EVENT_NULL-pe@0x561e34b74720 Sep 21 07:16:05.308182: | add_fd_read_event_handler: new ethX-pe@0x561e34b74720 Sep 21 07:16:05.308184: | libevent_malloc: new ptr-libevent@0x561e34b74760 size 128 Sep 21 07:16:05.308189: | setup callback for interface lo 127.0.0.1:500 fd 23 Sep 21 07:16:05.308193: | libevent_free: release ptr-libevent@0x561e34b74850 Sep 21 07:16:05.308196: | free_event_entry: release EVENT_NULL-pe@0x561e34b74810 Sep 21 07:16:05.308198: | add_fd_read_event_handler: new ethX-pe@0x561e34b74810 Sep 21 07:16:05.308201: | libevent_malloc: new ptr-libevent@0x561e34b74850 size 128 Sep 21 07:16:05.308205: | setup callback for interface eth0 192.0.2.254:4500 fd 22 Sep 21 07:16:05.308209: | libevent_free: release ptr-libevent@0x561e34b74940 Sep 21 07:16:05.308211: | free_event_entry: release EVENT_NULL-pe@0x561e34b74900 Sep 21 07:16:05.308214: | add_fd_read_event_handler: new ethX-pe@0x561e34b74900 Sep 21 07:16:05.308216: | libevent_malloc: new ptr-libevent@0x561e34b74940 size 128 Sep 21 07:16:05.308221: | setup callback for interface eth0 192.0.2.254:500 fd 21 Sep 21 07:16:05.308224: | libevent_free: release ptr-libevent@0x561e34b74a30 Sep 21 07:16:05.308227: | free_event_entry: release EVENT_NULL-pe@0x561e34b749f0 Sep 21 07:16:05.308229: | add_fd_read_event_handler: new ethX-pe@0x561e34b749f0 Sep 21 07:16:05.308232: | libevent_malloc: new ptr-libevent@0x561e34b74a30 size 128 Sep 21 07:16:05.308236: | setup callback for interface eth0 192.0.22.254:4500 fd 20 Sep 21 07:16:05.308240: | libevent_free: release ptr-libevent@0x561e34b74b20 Sep 21 07:16:05.308246: | free_event_entry: release EVENT_NULL-pe@0x561e34b74ae0 Sep 21 07:16:05.308249: | add_fd_read_event_handler: new ethX-pe@0x561e34b74ae0 Sep 21 07:16:05.308252: | libevent_malloc: new ptr-libevent@0x561e34b74b20 size 128 Sep 21 07:16:05.308257: | setup callback for interface eth0 192.0.22.254:500 fd 19 Sep 21 07:16:05.308260: | libevent_free: release ptr-libevent@0x561e34b75240 Sep 21 07:16:05.308263: | free_event_entry: release EVENT_NULL-pe@0x561e34b74bd0 Sep 21 07:16:05.308265: | add_fd_read_event_handler: new ethX-pe@0x561e34b74bd0 Sep 21 07:16:05.308268: | libevent_malloc: new ptr-libevent@0x561e34b75240 size 128 Sep 21 07:16:05.308272: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:16:05.308276: | libevent_free: release ptr-libevent@0x561e34b752d0 Sep 21 07:16:05.308278: | free_event_entry: release EVENT_NULL-pe@0x561e34b74c30 Sep 21 07:16:05.308280: | add_fd_read_event_handler: new ethX-pe@0x561e34b74c30 Sep 21 07:16:05.308283: | libevent_malloc: new ptr-libevent@0x561e34b752d0 size 128 Sep 21 07:16:05.308287: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:16:05.308290: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:05.308293: forgetting secrets Sep 21 07:16:05.308301: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:05.308317: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:05.308331: | saving Modulus Sep 21 07:16:05.308334: | saving PublicExponent Sep 21 07:16:05.308338: | ignoring PrivateExponent Sep 21 07:16:05.308341: | ignoring Prime1 Sep 21 07:16:05.308344: | ignoring Prime2 Sep 21 07:16:05.308347: | ignoring Exponent1 Sep 21 07:16:05.308350: | ignoring Exponent2 Sep 21 07:16:05.308353: | ignoring Coefficient Sep 21 07:16:05.308356: | ignoring CKAIDNSS Sep 21 07:16:05.308381: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:16:05.308383: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:16:05.308387: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Sep 21 07:16:05.308395: | certs and keys locked by 'process_secret' Sep 21 07:16:05.308398: | certs and keys unlocked by 'process_secret' Sep 21 07:16:05.308403: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:05.308411: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:05.308418: | spent 0.423 milliseconds in whack Sep 21 07:16:05.308981: | processing signal PLUTO_SIGCHLD Sep 21 07:16:05.308994: | waitpid returned pid 22846 (exited with status 0) Sep 21 07:16:05.308998: | reaped addconn helper child (status 0) Sep 21 07:16:05.309002: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:05.309006: | spent 0.0148 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:05.399179: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:05.399205: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:05.399209: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:05.399211: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:05.399214: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:05.399218: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:05.399225: | Added new connection northnet-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:05.399228: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:16:05.399282: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:16:05.399286: | from whack: got --esp= Sep 21 07:16:05.399322: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:16:05.400161: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:16:05.400177: | loading left certificate 'north' pubkey Sep 21 07:16:05.400275: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561e34b776c0 Sep 21 07:16:05.400280: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561e34b771e0 Sep 21 07:16:05.400283: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561e34b770f0 Sep 21 07:16:05.400408: | unreference key: 0x561e34b76d70 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:05.400510: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Sep 21 07:16:05.400521: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Sep 21 07:16:05.400834: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:16:05.400842: | loading right certificate 'east' pubkey Sep 21 07:16:05.400921: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561e34b77540 Sep 21 07:16:05.400925: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561e34b771e0 Sep 21 07:16:05.400928: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561e34b770f0 Sep 21 07:16:05.400930: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561e34b78260 Sep 21 07:16:05.400932: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561e34b777e0 Sep 21 07:16:05.401128: | unreference key: 0x561e34b7b1f0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:05.401288: | certs and keys locked by 'lsw_add_rsa_secret' Sep 21 07:16:05.401292: | certs and keys unlocked by 'lsw_add_rsa_secret' Sep 21 07:16:05.401302: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Sep 21 07:16:05.401312: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Sep 21 07:16:05.401315: | new hp@0x561e34b7b590 Sep 21 07:16:05.401320: added connection description "northnet-eastnets/0x1" Sep 21 07:16:05.401334: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:05.401538: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Sep 21 07:16:05.401552: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:05.401559: | spent 2.2 milliseconds in whack Sep 21 07:16:05.401602: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:05.401613: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:05.401616: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:05.401619: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:05.401621: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:05.401624: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:05.401629: | Added new connection northnet-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:05.401632: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:16:05.401685: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:16:05.401693: | from whack: got --esp= Sep 21 07:16:05.401729: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:16:05.401845: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:16:05.401853: | loading left certificate 'north' pubkey Sep 21 07:16:05.401906: | unreference key: 0x561e34b7b130 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:05.401917: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561e34b7ff00 Sep 21 07:16:05.401920: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561e34b7fdc0 Sep 21 07:16:05.401923: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561e34b77540 Sep 21 07:16:05.401967: | unreference key: 0x561e34b77270 @north.testing.libreswan.org cnt 1-- Sep 21 07:16:05.402010: | unreference key: 0x561e34b7acd0 user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:05.402059: | unreference key: 0x561e34b800b0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:05.402318: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Sep 21 07:16:05.402331: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Sep 21 07:16:05.402413: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:16:05.402419: | loading right certificate 'east' pubkey Sep 21 07:16:05.402470: | unreference key: 0x561e34b81170 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:05.402482: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561e34b7ff00 Sep 21 07:16:05.402485: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561e34b7fdc0 Sep 21 07:16:05.402487: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561e34b77540 Sep 21 07:16:05.402490: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561e34b771e0 Sep 21 07:16:05.402492: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561e34b770f0 Sep 21 07:16:05.402539: | unreference key: 0x561e34b80250 192.1.2.23 cnt 1-- Sep 21 07:16:05.402584: | unreference key: 0x561e34b80670 east@testing.libreswan.org cnt 1-- Sep 21 07:16:05.402628: | unreference key: 0x561e34b80a50 @east.testing.libreswan.org cnt 1-- Sep 21 07:16:05.402671: | unreference key: 0x561e34b80d60 user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:05.402720: | unreference key: 0x561e34b82130 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:05.402764: | secrets entry for east already exists Sep 21 07:16:05.402775: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Sep 21 07:16:05.402782: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:16:05.402794: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@0x561e34b7b590: northnet-eastnets/0x1 Sep 21 07:16:05.402796: added connection description "northnet-eastnets/0x2" Sep 21 07:16:05.402808: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:05.402831: | 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Sep 21 07:16:05.402838: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:05.402843: | spent 1.1 milliseconds in whack Sep 21 07:16:05.493481: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:05.493691: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:05.493698: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:05.493880: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:16:05.493896: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:05.493902: | spent 0.425 milliseconds in whack Sep 21 07:16:05.555502: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:05.555530: | old debugging base+cpu-usage + none Sep 21 07:16:05.555534: | base debugging = base+cpu-usage Sep 21 07:16:05.555538: | old impairing none + suppress-retransmits Sep 21 07:16:05.555540: | base impairing = suppress-retransmits Sep 21 07:16:05.555549: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:05.555557: | spent 0.0634 milliseconds in whack Sep 21 07:16:08.637507: | spent 0.00252 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:08.637532: | *received 828 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:16:08.637535: | c5 12 f2 fa f0 f0 3a 66 00 00 00 00 00 00 00 00 Sep 21 07:16:08.637538: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:16:08.637540: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:16:08.637543: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:16:08.637545: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:16:08.637548: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:16:08.637550: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:16:08.637552: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:16:08.637555: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:16:08.637557: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:16:08.637559: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:16:08.637562: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:16:08.637564: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:16:08.637566: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:16:08.637569: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:16:08.637571: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:16:08.637573: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:16:08.637576: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:16:08.637578: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:16:08.637580: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:16:08.637583: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:16:08.637585: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:16:08.637587: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:16:08.637590: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:16:08.637592: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:16:08.637594: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:16:08.637597: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:16:08.637599: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:16:08.637601: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:16:08.637607: | 28 00 01 08 00 0e 00 00 12 b3 75 01 1a c3 8f 30 Sep 21 07:16:08.637609: | ae a1 ad 2e f6 a8 cd ca 39 c9 08 35 b2 11 8e c4 Sep 21 07:16:08.637612: | d7 5d b5 8c 9c e5 9a 4d 14 6d 4c bd 90 f0 05 ee Sep 21 07:16:08.637614: | 2e 5d 84 14 5e cf c2 1c df 5c d6 6c 45 12 54 48 Sep 21 07:16:08.637616: | e5 f1 d0 82 4a ba b6 23 a7 85 a7 69 36 44 ce ab Sep 21 07:16:08.637619: | f4 bf 3a 33 5c 6d cb 1b 73 5b db 59 bb 4b 6a 28 Sep 21 07:16:08.637621: | aa 42 19 45 86 de 01 53 73 53 b4 8f 7a 14 be 33 Sep 21 07:16:08.637623: | 6d 66 e3 7a d5 cf f2 b0 0d 51 29 5d bd a5 d1 a3 Sep 21 07:16:08.637626: | 61 42 4c 94 51 62 31 53 a8 c6 f2 5b 62 7c dd 48 Sep 21 07:16:08.637628: | 9c 24 bc b6 5b d2 3c ec bc a0 d4 62 21 5e 7e f6 Sep 21 07:16:08.637630: | 7d 35 93 ce b3 f7 b9 af a3 00 4a d0 82 d2 70 23 Sep 21 07:16:08.637633: | 60 12 f8 d3 b9 0f 04 09 c3 13 0a ea 35 2d 2f 42 Sep 21 07:16:08.637635: | 76 c9 40 a3 c1 d1 c2 46 19 c0 42 33 4f ba 43 c5 Sep 21 07:16:08.637637: | 5b 61 03 f1 72 99 f9 2f 13 1a 9f 60 dd 79 d1 10 Sep 21 07:16:08.637640: | 88 b6 5c 6a 20 7d df e5 2f 99 74 3c c7 32 ad cd Sep 21 07:16:08.637642: | 93 d2 f9 2a 0c 08 86 36 93 cf 45 b6 87 7e f5 da Sep 21 07:16:08.637644: | 7d 24 35 d7 02 e2 e9 c4 29 00 00 24 49 a0 13 b9 Sep 21 07:16:08.637647: | c8 96 e9 c7 66 29 91 4e 0a a1 d3 0b 85 65 1f 53 Sep 21 07:16:08.637649: | b8 9a 0d 23 5b a8 64 64 b5 cd 21 c3 29 00 00 08 Sep 21 07:16:08.637652: | 00 00 40 2e 29 00 00 1c 00 00 40 04 f1 ae f2 53 Sep 21 07:16:08.637654: | 24 18 a9 4a 8c 30 d7 bf 5b d6 8d 39 09 c0 1e de Sep 21 07:16:08.637656: | 00 00 00 1c 00 00 40 05 0b a4 28 84 b0 e5 96 8e Sep 21 07:16:08.637659: | 58 19 4a 83 d3 59 ef a5 7f 4a 04 20 Sep 21 07:16:08.637665: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:16:08.637669: | **parse ISAKMP Message: Sep 21 07:16:08.637672: | initiator cookie: Sep 21 07:16:08.637674: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.637676: | responder cookie: Sep 21 07:16:08.637679: | 00 00 00 00 00 00 00 00 Sep 21 07:16:08.637681: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:08.637684: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.637687: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:08.637689: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:08.637692: | Message ID: 0 (0x0) Sep 21 07:16:08.637695: | length: 828 (0x33c) Sep 21 07:16:08.637698: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:16:08.637701: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Sep 21 07:16:08.637704: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Sep 21 07:16:08.637708: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:08.637711: | ***parse IKEv2 Security Association Payload: Sep 21 07:16:08.637713: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:16:08.637716: | flags: none (0x0) Sep 21 07:16:08.637718: | length: 436 (0x1b4) Sep 21 07:16:08.637721: | processing payload: ISAKMP_NEXT_v2SA (len=432) Sep 21 07:16:08.637723: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:16:08.637726: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:16:08.637728: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:16:08.637731: | flags: none (0x0) Sep 21 07:16:08.637733: | length: 264 (0x108) Sep 21 07:16:08.637736: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.637738: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:16:08.637741: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:16:08.637743: | ***parse IKEv2 Nonce Payload: Sep 21 07:16:08.637746: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:08.637748: | flags: none (0x0) Sep 21 07:16:08.637750: | length: 36 (0x24) Sep 21 07:16:08.637753: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:16:08.637755: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:08.637759: | ***parse IKEv2 Notify Payload: Sep 21 07:16:08.637762: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:08.637764: | flags: none (0x0) Sep 21 07:16:08.637767: | length: 8 (0x8) Sep 21 07:16:08.637769: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:08.637771: | SPI size: 0 (0x0) Sep 21 07:16:08.637774: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:08.637777: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:16:08.637779: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:08.637782: | ***parse IKEv2 Notify Payload: Sep 21 07:16:08.637789: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:08.637792: | flags: none (0x0) Sep 21 07:16:08.637794: | length: 28 (0x1c) Sep 21 07:16:08.637796: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:08.637799: | SPI size: 0 (0x0) Sep 21 07:16:08.637801: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:08.637804: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:08.637806: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:08.637809: | ***parse IKEv2 Notify Payload: Sep 21 07:16:08.637811: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.637813: | flags: none (0x0) Sep 21 07:16:08.637816: | length: 28 (0x1c) Sep 21 07:16:08.637818: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:08.637820: | SPI size: 0 (0x0) Sep 21 07:16:08.637823: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:08.637825: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:08.637828: | DDOS disabled and no cookie sent, continuing Sep 21 07:16:08.637834: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:16:08.637839: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:16:08.637842: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:16:08.637846: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x2) Sep 21 07:16:08.637849: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x1) Sep 21 07:16:08.637852: | find_next_host_connection returns empty Sep 21 07:16:08.637856: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:16:08.637859: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:16:08.637861: | find_next_host_connection returns empty Sep 21 07:16:08.637865: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Sep 21 07:16:08.637870: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Sep 21 07:16:08.637875: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:16:08.637878: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:16:08.637881: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x2) Sep 21 07:16:08.637883: | find_next_host_connection returns northnet-eastnets/0x2 Sep 21 07:16:08.637886: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:16:08.637889: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x1) Sep 21 07:16:08.637891: | find_next_host_connection returns northnet-eastnets/0x1 Sep 21 07:16:08.637894: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:16:08.637896: | find_next_host_connection returns empty Sep 21 07:16:08.637899: | found connection: northnet-eastnets/0x2 with policy RSASIG+IKEV2_ALLOW Sep 21 07:16:08.637916: | creating state object #1 at 0x561e34b82770 Sep 21 07:16:08.637919: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:16:08.637927: | pstats #1 ikev2.ike started Sep 21 07:16:08.637934: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:16:08.637938: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Sep 21 07:16:08.637943: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:08.637951: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:08.637955: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:16:08.637959: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:16:08.637963: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:16:08.637967: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Sep 21 07:16:08.637971: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:16:08.637974: | #1 in state PARENT_R0: processing SA_INIT request Sep 21 07:16:08.637977: | selected state microcode Respond to IKE_SA_INIT Sep 21 07:16:08.637979: | Now let's proceed with state specific processing Sep 21 07:16:08.637982: | calling processor Respond to IKE_SA_INIT Sep 21 07:16:08.637988: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:16:08.637991: | constructing local IKE proposals for northnet-eastnets/0x2 (IKE SA responder matching remote proposals) Sep 21 07:16:08.637998: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:08.638005: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:08.638009: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:08.638015: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:08.638019: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:08.638024: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:08.638028: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:08.638033: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:08.638044: "northnet-eastnets/0x2": constructed local IKE proposals for northnet-eastnets/0x2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:08.638048: | Comparing remote proposals against IKE responder 4 local proposals Sep 21 07:16:08.638051: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:08.638057: | local proposal 1 type PRF has 2 transforms Sep 21 07:16:08.638060: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:08.638062: | local proposal 1 type DH has 8 transforms Sep 21 07:16:08.638065: | local proposal 1 type ESN has 0 transforms Sep 21 07:16:08.638068: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:16:08.638070: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:08.638073: | local proposal 2 type PRF has 2 transforms Sep 21 07:16:08.638075: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:08.638078: | local proposal 2 type DH has 8 transforms Sep 21 07:16:08.638080: | local proposal 2 type ESN has 0 transforms Sep 21 07:16:08.638083: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:16:08.638086: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:08.638088: | local proposal 3 type PRF has 2 transforms Sep 21 07:16:08.638090: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:08.638093: | local proposal 3 type DH has 8 transforms Sep 21 07:16:08.638095: | local proposal 3 type ESN has 0 transforms Sep 21 07:16:08.638098: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:16:08.638101: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:08.638103: | local proposal 4 type PRF has 2 transforms Sep 21 07:16:08.638106: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:08.638108: | local proposal 4 type DH has 8 transforms Sep 21 07:16:08.638111: | local proposal 4 type ESN has 0 transforms Sep 21 07:16:08.638114: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:16:08.638117: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.638119: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.638122: | length: 100 (0x64) Sep 21 07:16:08.638124: | prop #: 1 (0x1) Sep 21 07:16:08.638127: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:08.638129: | spi size: 0 (0x0) Sep 21 07:16:08.638132: | # transforms: 11 (0xb) Sep 21 07:16:08.638135: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:16:08.638138: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638141: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638143: | length: 12 (0xc) Sep 21 07:16:08.638146: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.638148: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:08.638151: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.638153: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.638156: | length/value: 256 (0x100) Sep 21 07:16:08.638160: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:08.638163: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638165: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638168: | length: 8 (0x8) Sep 21 07:16:08.638170: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:08.638173: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:08.638176: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:16:08.638180: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Sep 21 07:16:08.638183: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Sep 21 07:16:08.638186: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Sep 21 07:16:08.638189: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638191: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638193: | length: 8 (0x8) Sep 21 07:16:08.638196: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:08.638198: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:08.638202: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638205: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638207: | length: 8 (0x8) Sep 21 07:16:08.638210: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638212: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.638215: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:16:08.638219: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Sep 21 07:16:08.638222: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Sep 21 07:16:08.638225: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Sep 21 07:16:08.638227: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638230: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638232: | length: 8 (0x8) Sep 21 07:16:08.638235: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638237: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:08.638240: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638242: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638245: | length: 8 (0x8) Sep 21 07:16:08.638247: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638250: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:08.638252: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638255: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638257: | length: 8 (0x8) Sep 21 07:16:08.638260: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638262: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:08.638265: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638267: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638269: | length: 8 (0x8) Sep 21 07:16:08.638272: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638274: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:08.638277: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638280: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638282: | length: 8 (0x8) Sep 21 07:16:08.638284: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638287: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:08.638290: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638292: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638294: | length: 8 (0x8) Sep 21 07:16:08.638297: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638299: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:08.638302: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638304: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.638307: | length: 8 (0x8) Sep 21 07:16:08.638309: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638312: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:08.638315: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:16:08.638320: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:16:08.638323: | remote proposal 1 matches local proposal 1 Sep 21 07:16:08.638325: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.638328: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.638330: | length: 100 (0x64) Sep 21 07:16:08.638333: | prop #: 2 (0x2) Sep 21 07:16:08.638335: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:08.638337: | spi size: 0 (0x0) Sep 21 07:16:08.638340: | # transforms: 11 (0xb) Sep 21 07:16:08.638343: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:16:08.638347: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638350: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638352: | length: 12 (0xc) Sep 21 07:16:08.638354: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.638357: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:08.638359: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.638362: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.638364: | length/value: 128 (0x80) Sep 21 07:16:08.638367: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638370: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638372: | length: 8 (0x8) Sep 21 07:16:08.638375: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:08.638377: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:08.638380: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638382: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638385: | length: 8 (0x8) Sep 21 07:16:08.638387: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:08.638389: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:08.638392: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638395: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638397: | length: 8 (0x8) Sep 21 07:16:08.638399: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638402: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.638404: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638407: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638409: | length: 8 (0x8) Sep 21 07:16:08.638411: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638414: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:08.638417: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638419: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638421: | length: 8 (0x8) Sep 21 07:16:08.638424: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638426: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:08.638429: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638431: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638434: | length: 8 (0x8) Sep 21 07:16:08.638436: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638439: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:08.638441: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638444: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638446: | length: 8 (0x8) Sep 21 07:16:08.638449: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638451: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:08.638454: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638456: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638459: | length: 8 (0x8) Sep 21 07:16:08.638461: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638464: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:08.638466: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638469: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638471: | length: 8 (0x8) Sep 21 07:16:08.638473: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638476: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:08.638479: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638481: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.638483: | length: 8 (0x8) Sep 21 07:16:08.638486: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638488: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:08.638492: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Sep 21 07:16:08.638495: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Sep 21 07:16:08.638499: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.638501: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.638504: | length: 116 (0x74) Sep 21 07:16:08.638506: | prop #: 3 (0x3) Sep 21 07:16:08.638508: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:08.638511: | spi size: 0 (0x0) Sep 21 07:16:08.638513: | # transforms: 13 (0xd) Sep 21 07:16:08.638516: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:16:08.638519: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638521: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638524: | length: 12 (0xc) Sep 21 07:16:08.638526: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.638529: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:08.638531: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.638534: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.638536: | length/value: 256 (0x100) Sep 21 07:16:08.638539: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638542: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638544: | length: 8 (0x8) Sep 21 07:16:08.638546: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:08.638549: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:08.638551: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638554: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638556: | length: 8 (0x8) Sep 21 07:16:08.638559: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:08.638561: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:08.638564: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638566: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638569: | length: 8 (0x8) Sep 21 07:16:08.638571: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.638574: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:08.638577: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638579: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638581: | length: 8 (0x8) Sep 21 07:16:08.638584: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.638586: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:08.638589: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638591: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638594: | length: 8 (0x8) Sep 21 07:16:08.638596: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638599: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.638601: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638604: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638606: | length: 8 (0x8) Sep 21 07:16:08.638609: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638611: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:08.638614: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638616: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638618: | length: 8 (0x8) Sep 21 07:16:08.638621: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638623: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:08.638626: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638628: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638631: | length: 8 (0x8) Sep 21 07:16:08.638637: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638640: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:08.638642: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638645: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638647: | length: 8 (0x8) Sep 21 07:16:08.638649: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638653: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:08.638656: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638658: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638661: | length: 8 (0x8) Sep 21 07:16:08.638663: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638665: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:08.638668: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638671: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638673: | length: 8 (0x8) Sep 21 07:16:08.638675: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638678: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:08.638680: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638683: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.638685: | length: 8 (0x8) Sep 21 07:16:08.638687: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638690: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:08.638694: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:16:08.638697: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:16:08.638699: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.638702: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:08.638704: | length: 116 (0x74) Sep 21 07:16:08.638706: | prop #: 4 (0x4) Sep 21 07:16:08.638709: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:08.638711: | spi size: 0 (0x0) Sep 21 07:16:08.638713: | # transforms: 13 (0xd) Sep 21 07:16:08.638717: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:16:08.638719: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638722: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638724: | length: 12 (0xc) Sep 21 07:16:08.638726: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.638729: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:08.638731: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.638734: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.638736: | length/value: 128 (0x80) Sep 21 07:16:08.638739: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638741: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638744: | length: 8 (0x8) Sep 21 07:16:08.638746: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:08.638749: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:08.638751: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638754: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638756: | length: 8 (0x8) Sep 21 07:16:08.638758: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:08.638761: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:08.638764: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638766: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638769: | length: 8 (0x8) Sep 21 07:16:08.638771: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.638773: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:08.638776: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638778: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638781: | length: 8 (0x8) Sep 21 07:16:08.638786: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.638790: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:08.638793: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638795: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638798: | length: 8 (0x8) Sep 21 07:16:08.638800: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638802: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.638806: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638809: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638811: | length: 8 (0x8) Sep 21 07:16:08.638813: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638816: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:08.638819: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638821: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638823: | length: 8 (0x8) Sep 21 07:16:08.638826: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638828: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:08.638831: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638833: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638836: | length: 8 (0x8) Sep 21 07:16:08.638838: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638841: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:08.638843: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638846: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638848: | length: 8 (0x8) Sep 21 07:16:08.638850: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638853: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:08.638856: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638858: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638860: | length: 8 (0x8) Sep 21 07:16:08.638863: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638865: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:08.638868: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638870: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.638872: | length: 8 (0x8) Sep 21 07:16:08.638874: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638876: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:08.638878: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.638881: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.638883: | length: 8 (0x8) Sep 21 07:16:08.638885: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.638887: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:08.638890: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:16:08.638893: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:16:08.638898: "northnet-eastnets/0x2" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Sep 21 07:16:08.638902: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Sep 21 07:16:08.638905: | converting proposal to internal trans attrs Sep 21 07:16:08.638909: | natd_hash: rcookie is zero Sep 21 07:16:08.638921: | natd_hash: hasher=0x561e338357a0(20) Sep 21 07:16:08.638924: | natd_hash: icookie= c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.638926: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:08.638928: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:08.638931: | natd_hash: port= 01 f4 Sep 21 07:16:08.638935: | natd_hash: hash= 0b a4 28 84 b0 e5 96 8e 58 19 4a 83 d3 59 ef a5 Sep 21 07:16:08.638937: | natd_hash: hash= 7f 4a 04 20 Sep 21 07:16:08.638940: | natd_hash: rcookie is zero Sep 21 07:16:08.638945: | natd_hash: hasher=0x561e338357a0(20) Sep 21 07:16:08.638948: | natd_hash: icookie= c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.638950: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:08.638952: | natd_hash: ip= c0 01 03 21 Sep 21 07:16:08.638955: | natd_hash: port= 01 f4 Sep 21 07:16:08.638957: | natd_hash: hash= f1 ae f2 53 24 18 a9 4a 8c 30 d7 bf 5b d6 8d 39 Sep 21 07:16:08.638959: | natd_hash: hash= 09 c0 1e de Sep 21 07:16:08.638962: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:16:08.638964: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:16:08.638967: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:16:08.638970: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Sep 21 07:16:08.638975: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Sep 21 07:16:08.638978: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x561e34b832b0 Sep 21 07:16:08.638986: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:16:08.638989: | libevent_malloc: new ptr-libevent@0x561e34b77150 size 128 Sep 21 07:16:08.638999: | #1 spent 1 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Sep 21 07:16:08.639006: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:08.639009: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Sep 21 07:16:08.639012: | suspending state #1 and saving MD Sep 21 07:16:08.639014: | #1 is busy; has a suspended MD Sep 21 07:16:08.639018: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:08.639022: | "northnet-eastnets/0x2" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:08.639026: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:08.639031: | #1 spent 1.5 milliseconds in ikev2_process_packet() Sep 21 07:16:08.639035: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:16:08.639037: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:08.639040: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:08.639044: | spent 1.52 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:08.639340: | crypto helper 0 resuming Sep 21 07:16:08.639347: | crypto helper 0 starting work-order 1 for state #1 Sep 21 07:16:08.639351: | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Sep 21 07:16:08.640227: | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000875 seconds Sep 21 07:16:08.640239: | (#1) spent 0.882 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Sep 21 07:16:08.640243: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Sep 21 07:16:08.640246: | scheduling resume sending helper answer for #1 Sep 21 07:16:08.640249: | libevent_malloc: new ptr-libevent@0x7f0f8c006900 size 128 Sep 21 07:16:08.640258: | crypto helper 0 waiting (nothing to do) Sep 21 07:16:08.640325: | processing resume sending helper answer for #1 Sep 21 07:16:08.640333: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:16:08.640337: | crypto helper 0 replies to request ID 1 Sep 21 07:16:08.640339: | calling continuation function 0x561e3375f630 Sep 21 07:16:08.640342: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Sep 21 07:16:08.640373: | **emit ISAKMP Message: Sep 21 07:16:08.640376: | initiator cookie: Sep 21 07:16:08.640378: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.640383: | responder cookie: Sep 21 07:16:08.640385: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.640388: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:08.640390: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.640393: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:08.640396: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:08.640398: | Message ID: 0 (0x0) Sep 21 07:16:08.640401: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:08.640404: | Emitting ikev2_proposal ... Sep 21 07:16:08.640407: | ***emit IKEv2 Security Association Payload: Sep 21 07:16:08.640409: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.640412: | flags: none (0x0) Sep 21 07:16:08.640415: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:08.640418: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.640421: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.640423: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:08.640426: | prop #: 1 (0x1) Sep 21 07:16:08.640428: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:08.640430: | spi size: 0 (0x0) Sep 21 07:16:08.640433: | # transforms: 3 (0x3) Sep 21 07:16:08.640436: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:08.640438: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.640441: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.640443: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.640446: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:08.640449: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.640452: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.640455: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.640457: | length/value: 256 (0x100) Sep 21 07:16:08.640460: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:08.640462: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.640465: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.640467: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:08.640470: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:08.640473: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.640475: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.640478: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.640481: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.640483: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.640485: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.640488: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.640491: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.640494: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.640496: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.640499: | emitting length of IKEv2 Proposal Substructure Payload: 36 Sep 21 07:16:08.640501: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:08.640504: | emitting length of IKEv2 Security Association Payload: 40 Sep 21 07:16:08.640508: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:08.640511: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:16:08.640513: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.640516: | flags: none (0x0) Sep 21 07:16:08.640518: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.640521: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:08.640524: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.640527: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:08.640530: | ikev2 g^x 5d 6d 7e e0 13 33 c0 00 4f bf ed 1f fc b4 d6 58 Sep 21 07:16:08.640532: | ikev2 g^x 70 31 cd 55 2d c8 a7 72 bf 61 bc 3a 57 fe 66 0a Sep 21 07:16:08.640535: | ikev2 g^x bc ab 9e 0c 54 bb b3 e3 55 dc b1 87 06 a2 9a ef Sep 21 07:16:08.640537: | ikev2 g^x 0a 20 65 fa 1a 69 5b 22 ac 87 c3 21 89 6b 6f be Sep 21 07:16:08.640539: | ikev2 g^x cd e3 8f c3 94 83 f4 64 6b e4 9b 4d d4 ad 45 16 Sep 21 07:16:08.640542: | ikev2 g^x c7 de 64 70 39 09 9a 32 c8 98 69 81 b3 dd 3f b5 Sep 21 07:16:08.640544: | ikev2 g^x bf e5 f3 05 2c 3c e4 ec 8b 96 41 40 3d fc 4e d9 Sep 21 07:16:08.640546: | ikev2 g^x 5b 2a 58 47 10 8a df 30 1c 47 94 4c 5d 94 cf 0e Sep 21 07:16:08.640549: | ikev2 g^x af 47 13 2f 64 cd f3 20 26 f3 a6 78 d7 14 31 3d Sep 21 07:16:08.640551: | ikev2 g^x 5d 6b 5b 1e 09 c7 54 3a e2 b6 5c 53 b4 7c 9b da Sep 21 07:16:08.640553: | ikev2 g^x b2 90 0c aa f1 d3 ef 7c 98 35 b1 81 0d 90 ac 66 Sep 21 07:16:08.640555: | ikev2 g^x 86 20 1a 3c 42 88 4e 4d ad 96 d4 81 04 65 a8 61 Sep 21 07:16:08.640558: | ikev2 g^x 5d 21 82 35 d7 03 aa 43 f6 8d 13 0f 23 db 36 16 Sep 21 07:16:08.640560: | ikev2 g^x 54 0f aa 2f f6 de 29 1d 54 ac 43 ac 68 57 82 8a Sep 21 07:16:08.640562: | ikev2 g^x 79 c8 84 29 4f 66 2d 32 a9 a2 c3 fb 06 5f 37 d0 Sep 21 07:16:08.640565: | ikev2 g^x 85 97 ce e1 cf 7e 7a aa 62 b4 5b 01 bd 19 95 bf Sep 21 07:16:08.640567: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:16:08.640570: | ***emit IKEv2 Nonce Payload: Sep 21 07:16:08.640572: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:08.640574: | flags: none (0x0) Sep 21 07:16:08.640577: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:16:08.640580: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:08.640583: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.640586: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:08.640588: | IKEv2 nonce 99 77 b2 d6 1d 43 27 6b ec b6 68 42 7e 47 9a 54 Sep 21 07:16:08.640591: | IKEv2 nonce b8 07 5a 7f e6 80 ab 30 0b d2 f0 d2 f0 26 5c 59 Sep 21 07:16:08.640593: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:08.640597: | Adding a v2N Payload Sep 21 07:16:08.640599: | ***emit IKEv2 Notify Payload: Sep 21 07:16:08.640602: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.640604: | flags: none (0x0) Sep 21 07:16:08.640607: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:08.640609: | SPI size: 0 (0x0) Sep 21 07:16:08.640612: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:08.640615: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:08.640617: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.640620: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:16:08.640623: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:16:08.640632: | natd_hash: hasher=0x561e338357a0(20) Sep 21 07:16:08.640636: | natd_hash: icookie= c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.640638: | natd_hash: rcookie= f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.640641: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:08.640643: | natd_hash: port= 01 f4 Sep 21 07:16:08.640645: | natd_hash: hash= a1 fb be d6 78 00 79 14 88 49 60 6e 01 9b 2c b6 Sep 21 07:16:08.640648: | natd_hash: hash= a9 fb 5d cb Sep 21 07:16:08.640650: | Adding a v2N Payload Sep 21 07:16:08.640652: | ***emit IKEv2 Notify Payload: Sep 21 07:16:08.640655: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.640657: | flags: none (0x0) Sep 21 07:16:08.640659: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:08.640662: | SPI size: 0 (0x0) Sep 21 07:16:08.640664: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:08.640667: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:08.640670: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.640673: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:08.640675: | Notify data a1 fb be d6 78 00 79 14 88 49 60 6e 01 9b 2c b6 Sep 21 07:16:08.640677: | Notify data a9 fb 5d cb Sep 21 07:16:08.640680: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:08.640685: | natd_hash: hasher=0x561e338357a0(20) Sep 21 07:16:08.640688: | natd_hash: icookie= c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.640690: | natd_hash: rcookie= f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.640692: | natd_hash: ip= c0 01 03 21 Sep 21 07:16:08.640695: | natd_hash: port= 01 f4 Sep 21 07:16:08.640697: | natd_hash: hash= ab 32 44 bf 54 c8 98 15 86 56 aa 08 b1 86 94 f0 Sep 21 07:16:08.640700: | natd_hash: hash= 84 da f4 2e Sep 21 07:16:08.640702: | Adding a v2N Payload Sep 21 07:16:08.640704: | ***emit IKEv2 Notify Payload: Sep 21 07:16:08.640707: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.640709: | flags: none (0x0) Sep 21 07:16:08.640711: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:08.640714: | SPI size: 0 (0x0) Sep 21 07:16:08.640716: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:08.640719: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:08.640721: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.640724: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:08.640726: | Notify data ab 32 44 bf 54 c8 98 15 86 56 aa 08 b1 86 94 f0 Sep 21 07:16:08.640728: | Notify data 84 da f4 2e Sep 21 07:16:08.640731: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:08.640733: | going to send a certreq Sep 21 07:16:08.640736: | connection->kind is CK_PERMANENT so send CERTREQ Sep 21 07:16:08.640739: | ***emit IKEv2 Certificate Request Payload: Sep 21 07:16:08.640741: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.640743: | flags: none (0x0) Sep 21 07:16:08.640746: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:16:08.640749: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ) Sep 21 07:16:08.640752: | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.641414: | located CA cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA for CERTREQ Sep 21 07:16:08.641427: | emitting 20 raw bytes of CA cert public key hash into IKEv2 Certificate Request Payload Sep 21 07:16:08.641430: | CA cert public key hash Sep 21 07:16:08.641433: | 4e cf af 8c 44 87 de 90 be 28 67 b9 ce 53 17 3f Sep 21 07:16:08.641435: | 8e eb 22 c0 Sep 21 07:16:08.641438: | emitting length of IKEv2 Certificate Request Payload: 25 Sep 21 07:16:08.641442: | emitting length of ISAKMP Message: 457 Sep 21 07:16:08.641449: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:08.641453: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Sep 21 07:16:08.641456: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Sep 21 07:16:08.641459: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Sep 21 07:16:08.641462: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:16:08.641467: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:16:08.641472: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:08.641477: "northnet-eastnets/0x2" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:16:08.641482: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:16:08.641491: | sending 457 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:16:08.641494: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.641496: | 21 20 22 20 00 00 00 00 00 00 01 c9 22 00 00 28 Sep 21 07:16:08.641499: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:16:08.641501: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:16:08.641503: | 04 00 00 0e 28 00 01 08 00 0e 00 00 5d 6d 7e e0 Sep 21 07:16:08.641505: | 13 33 c0 00 4f bf ed 1f fc b4 d6 58 70 31 cd 55 Sep 21 07:16:08.641508: | 2d c8 a7 72 bf 61 bc 3a 57 fe 66 0a bc ab 9e 0c Sep 21 07:16:08.641510: | 54 bb b3 e3 55 dc b1 87 06 a2 9a ef 0a 20 65 fa Sep 21 07:16:08.641512: | 1a 69 5b 22 ac 87 c3 21 89 6b 6f be cd e3 8f c3 Sep 21 07:16:08.641515: | 94 83 f4 64 6b e4 9b 4d d4 ad 45 16 c7 de 64 70 Sep 21 07:16:08.641517: | 39 09 9a 32 c8 98 69 81 b3 dd 3f b5 bf e5 f3 05 Sep 21 07:16:08.641519: | 2c 3c e4 ec 8b 96 41 40 3d fc 4e d9 5b 2a 58 47 Sep 21 07:16:08.641521: | 10 8a df 30 1c 47 94 4c 5d 94 cf 0e af 47 13 2f Sep 21 07:16:08.641524: | 64 cd f3 20 26 f3 a6 78 d7 14 31 3d 5d 6b 5b 1e Sep 21 07:16:08.641526: | 09 c7 54 3a e2 b6 5c 53 b4 7c 9b da b2 90 0c aa Sep 21 07:16:08.641528: | f1 d3 ef 7c 98 35 b1 81 0d 90 ac 66 86 20 1a 3c Sep 21 07:16:08.641531: | 42 88 4e 4d ad 96 d4 81 04 65 a8 61 5d 21 82 35 Sep 21 07:16:08.641533: | d7 03 aa 43 f6 8d 13 0f 23 db 36 16 54 0f aa 2f Sep 21 07:16:08.641535: | f6 de 29 1d 54 ac 43 ac 68 57 82 8a 79 c8 84 29 Sep 21 07:16:08.641537: | 4f 66 2d 32 a9 a2 c3 fb 06 5f 37 d0 85 97 ce e1 Sep 21 07:16:08.641539: | cf 7e 7a aa 62 b4 5b 01 bd 19 95 bf 29 00 00 24 Sep 21 07:16:08.641542: | 99 77 b2 d6 1d 43 27 6b ec b6 68 42 7e 47 9a 54 Sep 21 07:16:08.641544: | b8 07 5a 7f e6 80 ab 30 0b d2 f0 d2 f0 26 5c 59 Sep 21 07:16:08.641546: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:16:08.641548: | a1 fb be d6 78 00 79 14 88 49 60 6e 01 9b 2c b6 Sep 21 07:16:08.641551: | a9 fb 5d cb 26 00 00 1c 00 00 40 05 ab 32 44 bf Sep 21 07:16:08.641553: | 54 c8 98 15 86 56 aa 08 b1 86 94 f0 84 da f4 2e Sep 21 07:16:08.641555: | 00 00 00 19 04 4e cf af 8c 44 87 de 90 be 28 67 Sep 21 07:16:08.641557: | b9 ce 53 17 3f 8e eb 22 c0 Sep 21 07:16:08.641611: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:08.641617: | libevent_free: release ptr-libevent@0x561e34b77150 Sep 21 07:16:08.641620: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x561e34b832b0 Sep 21 07:16:08.641624: | event_schedule: new EVENT_SO_DISCARD-pe@0x561e34b832b0 Sep 21 07:16:08.641628: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Sep 21 07:16:08.641634: | libevent_malloc: new ptr-libevent@0x561e34b77150 size 128 Sep 21 07:16:08.641638: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:16:08.641644: | #1 spent 1.27 milliseconds in resume sending helper answer Sep 21 07:16:08.641650: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:16:08.641653: | libevent_free: release ptr-libevent@0x7f0f8c006900 Sep 21 07:16:08.659073: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:08.659091: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:16:08.659094: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.659097: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Sep 21 07:16:08.659099: | 00 01 00 05 be c7 6d a3 c2 5d db 93 ed 17 d6 43 Sep 21 07:16:08.659102: | d0 44 1b 68 96 6e 8d c8 e5 e9 cb 96 eb b8 b4 0d Sep 21 07:16:08.659104: | 1d 28 b3 af 1f 86 34 3b 89 c3 53 17 c4 46 4d d5 Sep 21 07:16:08.659106: | 76 a5 18 23 d1 28 80 2a 51 23 16 e1 ca f9 0a d0 Sep 21 07:16:08.659109: | 1a f9 c5 4f a7 57 8f 0e 6a 23 56 cc 3d 57 6c ec Sep 21 07:16:08.659111: | c8 26 d9 63 74 71 fe 72 ec 98 5b ac 06 a0 64 e7 Sep 21 07:16:08.659113: | 07 17 63 95 ff 9c 7f bc 8c 1d 39 dc 9a 9d 7a d9 Sep 21 07:16:08.659115: | e6 34 99 3c 71 a6 e2 61 9b 70 84 89 48 b5 f8 6f Sep 21 07:16:08.659118: | fe a5 1c 62 ac 6c 5d 8a 66 6d 9b 77 dc 63 fd 0c Sep 21 07:16:08.659120: | 47 06 af 4e 89 76 77 09 4a 26 fa 8c 84 7b c2 3c Sep 21 07:16:08.659122: | d0 45 53 b3 a7 85 8c 0f b5 22 da 73 91 61 58 88 Sep 21 07:16:08.659125: | 21 c5 8f ea 19 30 dc ce 07 8e ae c2 6c 80 69 1d Sep 21 07:16:08.659127: | 0f 88 73 e0 91 9d 94 49 99 4e 51 66 df 0b 89 95 Sep 21 07:16:08.659129: | 65 51 3c f8 73 58 a4 80 ff 23 03 0d 01 47 2f cf Sep 21 07:16:08.659131: | 40 8d 8c e2 dd 5c 0c 2c 7e f6 13 87 40 dd 11 96 Sep 21 07:16:08.659134: | 1b 7d 94 35 43 a4 ef 1b c8 cd c2 f6 f3 df 80 49 Sep 21 07:16:08.659136: | b8 fe 63 ef 8a 20 d9 15 af ae 2d 40 c8 a5 1c 53 Sep 21 07:16:08.659138: | 7d ec ef 71 36 c9 59 44 32 03 04 0a 07 11 c4 b1 Sep 21 07:16:08.659141: | f9 09 c2 f5 a8 a2 2e 36 4b b2 45 27 ff b5 53 6b Sep 21 07:16:08.659143: | c4 2c f9 94 68 4c 50 da 1a ac f3 96 d6 60 24 f9 Sep 21 07:16:08.659145: | 0e a2 aa 09 28 a4 c7 39 59 19 22 dc 51 b7 ef 40 Sep 21 07:16:08.659148: | 0e cb 91 89 58 5e b2 f5 28 d6 31 23 4a dc 6b b5 Sep 21 07:16:08.659150: | 22 68 16 dd d1 5a 0f e0 64 b9 ea 61 50 6c 7b 0f Sep 21 07:16:08.659152: | de d4 9e 5f 15 26 48 ed ee 0f ed 18 fc d2 a1 f1 Sep 21 07:16:08.659155: | 1e 67 b2 8b 26 3a 26 d4 5c be 0c c3 63 fd bc 01 Sep 21 07:16:08.659157: | 00 34 81 7b 14 c2 f7 05 6e 1f e1 e9 d9 0d c6 ff Sep 21 07:16:08.659159: | 9f f0 ff 72 94 4c 4c 39 6a d2 a5 f4 79 f1 3b cc Sep 21 07:16:08.659162: | a1 58 58 75 4c a3 c8 b3 93 75 85 a0 33 78 cb 53 Sep 21 07:16:08.659164: | fa 3c 2c 64 2f c4 99 f1 f6 37 e7 ce f2 22 41 ef Sep 21 07:16:08.659166: | 5b 69 17 4b bc 03 81 72 cc ab a8 01 60 c0 70 41 Sep 21 07:16:08.659169: | bc 6b 06 52 b5 23 59 19 cb 9e 0b 01 cc 6b 76 97 Sep 21 07:16:08.659171: | 5d 9e 37 e1 80 b3 53 aa 33 8f b8 Sep 21 07:16:08.659176: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:16:08.659179: | **parse ISAKMP Message: Sep 21 07:16:08.659182: | initiator cookie: Sep 21 07:16:08.659184: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.659186: | responder cookie: Sep 21 07:16:08.659189: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.659191: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:16:08.659194: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.659196: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.659199: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:08.659202: | Message ID: 1 (0x1) Sep 21 07:16:08.659204: | length: 539 (0x21b) Sep 21 07:16:08.659210: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:08.659213: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:16:08.659217: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:16:08.659223: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:08.659226: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:16:08.659231: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:16:08.659234: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:16:08.659238: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Sep 21 07:16:08.659241: | unpacking clear payload Sep 21 07:16:08.659243: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.659246: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:16:08.659249: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:16:08.659251: | flags: none (0x0) Sep 21 07:16:08.659253: | length: 511 (0x1ff) Sep 21 07:16:08.659256: | fragment number: 1 (0x1) Sep 21 07:16:08.659258: | total fragments: 5 (0x5) Sep 21 07:16:08.659261: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:16:08.659265: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:16:08.659268: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:16:08.659272: | received IKE encrypted fragment number '1', total number '5', next payload '35' Sep 21 07:16:08.659275: | updated IKE fragment state to respond using fragments without waiting for re-transmits Sep 21 07:16:08.659280: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:08.659285: | #1 spent 0.202 milliseconds in ikev2_process_packet() Sep 21 07:16:08.659289: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:16:08.659292: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:08.659295: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:08.659299: | spent 0.216 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:08.659420: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:08.659430: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:16:08.659433: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.659435: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:16:08.659437: | 00 02 00 05 7f 44 eb a6 7d 38 f6 0a 0b 43 49 8c Sep 21 07:16:08.659440: | eb 9e 2a e8 ca 12 a0 fa 5e 04 d9 1e c0 07 ec 91 Sep 21 07:16:08.659442: | 14 68 76 cb 2a 58 18 2d 1f e1 4a 79 64 86 a7 b6 Sep 21 07:16:08.659444: | 44 4f 11 00 65 3c 41 9d 81 a5 84 59 30 95 18 2e Sep 21 07:16:08.659447: | 5c 03 d4 48 23 6b 0d d3 3c c3 7b 42 5f 45 83 3c Sep 21 07:16:08.659449: | ac ca 49 c6 85 27 b9 61 6d fa 2d 9f 9e a8 f7 4f Sep 21 07:16:08.659451: | 6b b9 30 8a dd d1 18 2b ea 03 bb 60 2c 11 10 f4 Sep 21 07:16:08.659454: | e1 8f d0 1a 40 0d ed 82 12 d3 35 d9 2e fb ad aa Sep 21 07:16:08.659456: | b7 d1 e7 95 f1 07 4b 0e 05 f4 f5 6c a6 a5 1d af Sep 21 07:16:08.659458: | 54 e6 ff 25 7f 71 c1 a8 f1 86 3a 81 fb 70 78 6f Sep 21 07:16:08.659461: | 21 d9 8f c2 9f 15 7f 7b 05 78 36 bb ae 26 1a bc Sep 21 07:16:08.659463: | b9 84 7a a5 ba c4 a8 90 9f 80 cf 32 b6 4f 04 7a Sep 21 07:16:08.659465: | 93 45 ff f3 9d b9 fc 0b 02 6a dc 79 bf 77 12 42 Sep 21 07:16:08.659468: | 63 90 b6 99 9b d0 f9 c6 c3 d1 ea 05 6f 43 67 0b Sep 21 07:16:08.659470: | 1c 69 1c ac 71 5f 9a 0b 83 c5 b0 8c a4 04 52 71 Sep 21 07:16:08.659472: | 6c 73 ff 22 24 83 ca ca 36 f5 b0 26 ff 19 dc 85 Sep 21 07:16:08.659478: | e4 1d 69 18 db 0c 82 9c 93 96 48 d8 61 47 b8 aa Sep 21 07:16:08.659480: | 4b d1 25 d0 93 a9 e0 e6 d8 55 c8 e8 25 8f 16 44 Sep 21 07:16:08.659482: | fc a4 d7 ad 59 97 a7 98 54 b5 a7 29 77 75 35 0b Sep 21 07:16:08.659485: | b7 29 e6 f0 dc ef 88 7f 68 88 1a bf a9 f7 e6 bc Sep 21 07:16:08.659487: | 48 e4 7d 0d b6 e8 46 b1 96 11 b7 67 60 0f b9 e6 Sep 21 07:16:08.659489: | b2 03 43 37 dc 2a ca 7b f3 55 08 78 0b 37 bd f8 Sep 21 07:16:08.659492: | 25 b0 5d 71 c3 af 8b cc 3f c4 f0 2f 00 28 7c 79 Sep 21 07:16:08.659494: | 3f e9 15 57 fd e4 56 34 f4 7e 48 e9 43 9e d7 6b Sep 21 07:16:08.659496: | dd e0 4d 67 e6 7a 8c ee ec c3 c3 2c 00 41 5c 82 Sep 21 07:16:08.659499: | 93 ec eb 32 0a 61 f9 65 fb a3 a5 3f 4a b3 c0 dd Sep 21 07:16:08.659501: | 27 cc 6b 5f 1a 69 86 b5 90 49 32 e7 8d 19 02 91 Sep 21 07:16:08.659503: | 54 d1 1f e1 27 86 af 09 8d 49 07 dd c4 bc 8d e7 Sep 21 07:16:08.659506: | a0 6c 24 59 18 e4 f6 42 9e 4f 35 68 0c d7 6c eb Sep 21 07:16:08.659508: | 3f 83 88 e0 68 0b 21 a0 ff b2 0a 38 0f f8 34 27 Sep 21 07:16:08.659510: | f4 ce 35 2e 6e dd 8e 80 41 4c 6a bd bc 0e b9 f6 Sep 21 07:16:08.659512: | b1 75 c0 f9 1a 1d a5 d5 5e 35 e4 Sep 21 07:16:08.659517: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:16:08.659520: | **parse ISAKMP Message: Sep 21 07:16:08.659522: | initiator cookie: Sep 21 07:16:08.659525: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.659527: | responder cookie: Sep 21 07:16:08.659529: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.659532: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:16:08.659534: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.659537: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.659539: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:08.659542: | Message ID: 1 (0x1) Sep 21 07:16:08.659544: | length: 539 (0x21b) Sep 21 07:16:08.659547: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:08.659550: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:16:08.659553: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:16:08.659558: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:08.659563: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:08.659565: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:16:08.659568: | #1 is idle Sep 21 07:16:08.659570: | #1 idle Sep 21 07:16:08.659575: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:16:08.659577: | unpacking clear payload Sep 21 07:16:08.659580: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.659583: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:16:08.659585: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.659588: | flags: none (0x0) Sep 21 07:16:08.659590: | length: 511 (0x1ff) Sep 21 07:16:08.659592: | fragment number: 2 (0x2) Sep 21 07:16:08.659595: | total fragments: 5 (0x5) Sep 21 07:16:08.659597: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:16:08.659600: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:16:08.659603: | received IKE encrypted fragment number '2', total number '5', next payload '0' Sep 21 07:16:08.659608: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:08.659612: | #1 spent 0.187 milliseconds in ikev2_process_packet() Sep 21 07:16:08.659616: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:16:08.659619: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:08.659623: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:08.659627: | spent 0.202 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:08.659735: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:08.659744: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:16:08.659746: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.659749: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:16:08.659751: | 00 03 00 05 e2 5d fb c1 48 9f 10 0c ff 70 22 d7 Sep 21 07:16:08.659753: | a7 7e 11 8f 4e 20 cd 09 df a1 c5 79 a0 83 c9 64 Sep 21 07:16:08.659755: | 1e d8 05 a0 43 06 a0 8d 0d ec 97 01 1b dd 9a 62 Sep 21 07:16:08.659758: | 1f 0e ac 08 e6 ec 98 47 65 67 c5 22 3f 96 08 65 Sep 21 07:16:08.659760: | 08 8c b8 6f 9a 19 0f df 32 d7 9b f7 94 8f d3 f2 Sep 21 07:16:08.659762: | 32 a2 e5 ec 31 37 27 c2 ae 8d 28 56 9d 16 b6 9b Sep 21 07:16:08.659765: | 5b 6a 95 c2 46 24 99 f6 b6 95 5b fd 86 d1 bd 94 Sep 21 07:16:08.659767: | 5b 83 e9 e6 3c 91 4d d8 98 63 4a bf 6e da 70 fb Sep 21 07:16:08.659769: | 22 1e c6 5c 95 42 fb 3b 75 b1 c5 67 82 76 65 6c Sep 21 07:16:08.659772: | d2 84 bc 49 36 39 5e d5 a7 ad c1 0a e3 f0 a3 8e Sep 21 07:16:08.659774: | e1 f2 34 24 dd 50 62 92 49 55 5f f8 42 d5 f9 45 Sep 21 07:16:08.659776: | 07 99 91 10 de c9 ac a3 f5 86 89 ec b9 a3 17 85 Sep 21 07:16:08.659779: | 97 ed da de 61 fb fc 8b 87 3a 0f ca 63 54 0a 86 Sep 21 07:16:08.659781: | 84 ec d4 14 67 f7 44 1c 8a a2 2f d2 c5 de de 09 Sep 21 07:16:08.659791: | 90 18 c9 e5 94 01 27 9e ba 2d ff df 79 45 18 6e Sep 21 07:16:08.659796: | 60 4d aa 84 3d 34 97 4c bf 4f 00 a1 5f 64 f2 b8 Sep 21 07:16:08.659798: | 24 1c 1d 77 46 37 3f b5 bd 6e 07 3b d5 58 2b 5f Sep 21 07:16:08.659800: | 22 28 87 76 61 47 92 a8 3b ab 27 16 cf 87 62 81 Sep 21 07:16:08.659803: | 74 e6 7b 1a f0 8d 92 fa db 6e ff 6e a5 4a 1e c4 Sep 21 07:16:08.659805: | f0 0a 70 06 dc 4b a4 50 2f 81 df d0 64 02 9a 25 Sep 21 07:16:08.659807: | 27 7e 9c a9 bb f0 ac 71 31 24 6f 5a c8 15 17 75 Sep 21 07:16:08.659810: | 83 41 9f c4 c2 43 d7 b5 88 f5 eb 5f c4 2d 97 6d Sep 21 07:16:08.659812: | 26 19 b4 93 3a b8 6b 0d 54 de 51 85 f4 13 0e 83 Sep 21 07:16:08.659814: | a3 10 d9 df 81 ae 08 62 b3 b1 d8 8f 49 71 10 ad Sep 21 07:16:08.659817: | d8 f4 fb c2 48 ae 29 61 9f 7e e6 5f 00 e8 8c a8 Sep 21 07:16:08.659819: | 41 5e 33 75 26 07 97 54 df 23 fc 59 b2 12 4a 19 Sep 21 07:16:08.659821: | 2d 49 55 d5 39 50 16 ad bd 22 63 6a e2 43 8b 52 Sep 21 07:16:08.659823: | 56 97 bd 72 59 00 84 cd 7c a5 54 0b 7e 1b 11 58 Sep 21 07:16:08.659826: | fd 60 7d 32 17 71 66 67 a2 9a 85 9e aa ab 25 8b Sep 21 07:16:08.659828: | 59 ca e0 d6 81 f2 dc 8a 34 11 cd 93 08 f2 00 e3 Sep 21 07:16:08.659830: | 99 72 08 3b 5d 29 53 0d 20 4f e1 3d 96 9b 30 35 Sep 21 07:16:08.659832: | 55 00 13 1e 4e 18 3f b8 1d 35 75 Sep 21 07:16:08.659837: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:16:08.659839: | **parse ISAKMP Message: Sep 21 07:16:08.659842: | initiator cookie: Sep 21 07:16:08.659844: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.659846: | responder cookie: Sep 21 07:16:08.659849: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.659851: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:16:08.659854: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.659856: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.659859: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:08.659861: | Message ID: 1 (0x1) Sep 21 07:16:08.659864: | length: 539 (0x21b) Sep 21 07:16:08.659866: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:08.659869: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:16:08.659872: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:16:08.659879: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:08.659884: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:08.659886: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:16:08.659889: | #1 is idle Sep 21 07:16:08.659891: | #1 idle Sep 21 07:16:08.659895: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:16:08.659897: | unpacking clear payload Sep 21 07:16:08.659900: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.659902: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:16:08.659905: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.659907: | flags: none (0x0) Sep 21 07:16:08.659910: | length: 511 (0x1ff) Sep 21 07:16:08.659912: | fragment number: 3 (0x3) Sep 21 07:16:08.659914: | total fragments: 5 (0x5) Sep 21 07:16:08.659917: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:16:08.659919: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:16:08.659922: | received IKE encrypted fragment number '3', total number '5', next payload '0' Sep 21 07:16:08.659927: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:08.659931: | #1 spent 0.184 milliseconds in ikev2_process_packet() Sep 21 07:16:08.659935: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:16:08.659938: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:08.659940: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:08.659944: | spent 0.197 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:08.660059: | spent 0.00223 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:08.660074: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:16:08.660077: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.660079: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:16:08.660082: | 00 04 00 05 e0 d1 b0 cf 6b 6b 9b d4 7f 61 eb b8 Sep 21 07:16:08.660084: | e2 c4 26 5c c3 79 65 66 cb 37 62 6b 92 48 21 e2 Sep 21 07:16:08.660087: | 90 dc 19 f2 52 c3 64 70 b2 b5 f4 3d 7c 99 ab e2 Sep 21 07:16:08.660089: | 24 dd ef 22 c1 64 1b 38 f1 b0 92 69 9d 6f 95 d0 Sep 21 07:16:08.660091: | e4 64 da 74 ab 85 ca b6 8f c8 7a d7 0e a0 2f 55 Sep 21 07:16:08.660094: | 63 e0 9b bb b4 8f e1 ed dd 5d 63 e8 f3 79 d5 02 Sep 21 07:16:08.660096: | ba bd cb ec 12 09 ac dd 70 0a 1d 92 13 50 be a2 Sep 21 07:16:08.660099: | d6 53 0a 00 fa 7e 34 3c 21 82 4f 6e 72 37 a8 c6 Sep 21 07:16:08.660101: | 79 b1 d9 86 b3 cf b1 07 12 58 92 6d 3b c2 99 c0 Sep 21 07:16:08.660103: | 22 15 10 92 a4 fe 98 91 42 69 c2 c0 0e f1 49 2c Sep 21 07:16:08.660106: | f5 6b 06 17 28 5f 90 ff 8f 6f c5 79 b7 4a 3f 32 Sep 21 07:16:08.660108: | ab ff cb 52 f0 9d e4 84 c4 8c 90 c2 cf 0b 7c ea Sep 21 07:16:08.660110: | ac fe 9e 0f 23 1d 19 77 2e f7 77 a5 c1 67 35 32 Sep 21 07:16:08.660112: | 14 83 f4 ee 87 23 da 7d 58 a9 c5 0a 4c 02 90 48 Sep 21 07:16:08.660115: | b9 15 5f 55 4e b3 68 31 9a 9f 10 af 62 a7 11 51 Sep 21 07:16:08.660117: | aa fd 30 90 fd 44 82 4b cc 50 e0 52 d6 a7 24 61 Sep 21 07:16:08.660119: | c0 cd 29 bf 9c 59 1b 95 0e d8 bf bd e1 5e 52 97 Sep 21 07:16:08.660122: | fc 84 4c a6 f9 6a 15 65 5c 16 73 50 84 fc 7c 85 Sep 21 07:16:08.660124: | ec 8a c0 07 86 15 e7 29 61 9e 7f f4 e9 ff cc b1 Sep 21 07:16:08.660126: | 34 25 d2 95 d9 35 28 de 18 2f d1 0f 15 1d 4b 19 Sep 21 07:16:08.660129: | f5 26 9b 61 62 62 f1 e7 e5 79 b1 45 01 f4 29 a6 Sep 21 07:16:08.660131: | d2 d6 88 07 7d a7 35 d9 12 e3 b3 db b7 ae 85 31 Sep 21 07:16:08.660133: | bc 09 80 a4 39 41 80 4b c7 51 38 ad 68 84 e3 ab Sep 21 07:16:08.660138: | 17 6b 7b 11 59 9a d1 8c 61 3a 92 7a e4 34 79 b2 Sep 21 07:16:08.660140: | c8 b2 26 e8 0a 1a cb 7f de 3d e3 6c 02 e3 06 f9 Sep 21 07:16:08.660143: | 85 d5 87 ca e0 d6 23 db 18 11 b9 06 c7 3a 4d 43 Sep 21 07:16:08.660145: | c7 db fd ad ba 3d 7c 46 9b 39 5e 4d a9 41 a5 64 Sep 21 07:16:08.660147: | b8 f2 01 3b bc b5 83 2d 8c 8d ea 66 ed 96 11 6a Sep 21 07:16:08.660150: | 8b 1e f6 6f 14 58 ba 81 be 78 d6 44 21 6f 5f 27 Sep 21 07:16:08.660152: | db 61 8a 8a 67 16 93 2d 61 54 53 af 9c 96 7d 60 Sep 21 07:16:08.660154: | 05 75 46 0d 7a 64 99 be ba 3a 8b 1e 02 74 14 de Sep 21 07:16:08.660156: | fd 40 11 bc 83 d3 46 7b 9f c6 26 Sep 21 07:16:08.660161: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:16:08.660165: | **parse ISAKMP Message: Sep 21 07:16:08.660167: | initiator cookie: Sep 21 07:16:08.660169: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.660172: | responder cookie: Sep 21 07:16:08.660174: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.660177: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:16:08.660180: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.660182: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.660185: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:08.660187: | Message ID: 1 (0x1) Sep 21 07:16:08.660190: | length: 539 (0x21b) Sep 21 07:16:08.660193: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:08.660196: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:16:08.660199: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:16:08.660205: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:08.660209: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:08.660212: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:16:08.660215: | #1 is idle Sep 21 07:16:08.660217: | #1 idle Sep 21 07:16:08.660222: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:16:08.660224: | unpacking clear payload Sep 21 07:16:08.660227: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.660229: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:16:08.660232: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.660234: | flags: none (0x0) Sep 21 07:16:08.660237: | length: 511 (0x1ff) Sep 21 07:16:08.660239: | fragment number: 4 (0x4) Sep 21 07:16:08.660242: | total fragments: 5 (0x5) Sep 21 07:16:08.660244: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:16:08.660247: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:16:08.660250: | received IKE encrypted fragment number '4', total number '5', next payload '0' Sep 21 07:16:08.660255: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:08.660260: | #1 spent 0.193 milliseconds in ikev2_process_packet() Sep 21 07:16:08.660264: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:16:08.660267: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:08.660269: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:08.660273: | spent 0.207 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:08.660280: | spent 0.0013 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:08.660288: | *received 394 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:16:08.660291: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.660293: | 35 20 23 08 00 00 00 01 00 00 01 8a 00 00 01 6e Sep 21 07:16:08.660300: | 00 05 00 05 49 89 ee d2 54 4b 86 e5 d2 d6 1b 85 Sep 21 07:16:08.660303: | c0 25 1d 51 2a e7 81 c6 73 33 19 af c6 23 93 46 Sep 21 07:16:08.660305: | a8 3f c7 c5 10 58 ea 01 8d 61 e0 e7 84 9f 42 13 Sep 21 07:16:08.660308: | 74 c2 90 92 9b be 88 7f 43 8f cb bb 3d b5 81 d2 Sep 21 07:16:08.660310: | 9c 30 52 ea 34 57 ff 5c 56 f9 59 7a 96 da 94 29 Sep 21 07:16:08.660312: | b3 e0 bf c7 c5 7e cd 43 c2 a3 fb 32 a7 60 8a 23 Sep 21 07:16:08.660315: | 7d 0f 05 ad a7 4b 6b cd f8 af 64 df fd 8e 5d 12 Sep 21 07:16:08.660317: | 4d c8 cb 76 a6 00 96 4a 41 1e 34 7a db da c0 8e Sep 21 07:16:08.660319: | 6e bd f0 0b 21 69 7a e3 e2 27 37 2c d2 a3 81 70 Sep 21 07:16:08.660322: | f0 e6 d2 9b 32 d2 e9 27 60 96 b0 61 94 58 b7 7c Sep 21 07:16:08.660324: | 66 50 23 8b ab 63 8d 81 af 97 8f a0 7a e6 7b c3 Sep 21 07:16:08.660326: | ab ac 56 b7 01 8d b0 92 ca 0d 86 4f e0 f9 d1 7c Sep 21 07:16:08.660328: | 7e 5a ae cf da e8 fc d4 f1 c7 81 51 3b 80 0c 13 Sep 21 07:16:08.660331: | 9c 2f 6f c0 51 14 c7 38 6f f8 4f 7e db 5b a2 08 Sep 21 07:16:08.660333: | ea 3d 13 20 1e 1f e8 32 3d cf 42 af 14 a9 59 4b Sep 21 07:16:08.660335: | 47 ba 77 ac 8c 6d e6 be 28 f1 c6 80 7b 19 ff 71 Sep 21 07:16:08.660338: | 92 a6 24 85 c7 92 16 3b 31 e8 af f4 a2 06 72 07 Sep 21 07:16:08.660340: | 65 16 99 e1 cb 96 f9 02 27 47 20 46 ea 74 0e a2 Sep 21 07:16:08.660342: | b5 b8 d7 e5 75 9f f4 15 13 0b 19 a2 3d c5 c0 66 Sep 21 07:16:08.660345: | 17 31 46 5d 43 4d b3 37 12 0d 42 01 24 9f 85 e8 Sep 21 07:16:08.660347: | af 2f 63 dc 24 9a 83 c5 3f 07 fa 08 e7 45 28 ab Sep 21 07:16:08.660349: | c9 7d 6c 8b 5d 55 04 7e c7 03 b3 83 5a 33 cf c4 Sep 21 07:16:08.660352: | 03 7e 96 f2 c9 45 ab a1 11 b3 Sep 21 07:16:08.660356: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:16:08.660358: | **parse ISAKMP Message: Sep 21 07:16:08.660361: | initiator cookie: Sep 21 07:16:08.660363: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.660366: | responder cookie: Sep 21 07:16:08.660368: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.660370: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:16:08.660373: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.660376: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.660378: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:08.660380: | Message ID: 1 (0x1) Sep 21 07:16:08.660383: | length: 394 (0x18a) Sep 21 07:16:08.660385: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:08.660388: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:16:08.660391: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:16:08.660396: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:08.660401: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:08.660403: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:16:08.660406: | #1 is idle Sep 21 07:16:08.660408: | #1 idle Sep 21 07:16:08.660412: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:16:08.660415: | unpacking clear payload Sep 21 07:16:08.660417: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.660420: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:16:08.660422: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.660425: | flags: none (0x0) Sep 21 07:16:08.660427: | length: 366 (0x16e) Sep 21 07:16:08.660430: | fragment number: 5 (0x5) Sep 21 07:16:08.660432: | total fragments: 5 (0x5) Sep 21 07:16:08.660434: | processing payload: ISAKMP_NEXT_v2SKF (len=358) Sep 21 07:16:08.660437: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:16:08.660441: | received IKE encrypted fragment number '5', total number '5', next payload '0' Sep 21 07:16:08.660446: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:16:08.660449: | Now let's proceed with state specific processing Sep 21 07:16:08.660452: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:16:08.660455: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Sep 21 07:16:08.660459: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:16:08.660463: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Sep 21 07:16:08.660466: | state #1 requesting EVENT_SO_DISCARD to be deleted Sep 21 07:16:08.660469: | libevent_free: release ptr-libevent@0x561e34b77150 Sep 21 07:16:08.660472: | free_event_entry: release EVENT_SO_DISCARD-pe@0x561e34b832b0 Sep 21 07:16:08.660475: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x561e34b832b0 Sep 21 07:16:08.660479: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:16:08.660482: | libevent_malloc: new ptr-libevent@0x561e34b77150 size 128 Sep 21 07:16:08.660493: | #1 spent 0.0366 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Sep 21 07:16:08.660498: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:08.660501: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Sep 21 07:16:08.660504: | suspending state #1 and saving MD Sep 21 07:16:08.660506: | #1 is busy; has a suspended MD Sep 21 07:16:08.660511: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:08.660514: | "northnet-eastnets/0x2" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:08.660518: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:08.660522: | #1 spent 0.238 milliseconds in ikev2_process_packet() Sep 21 07:16:08.660526: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:16:08.660529: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:08.660532: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:08.660535: | spent 0.251 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:08.660544: | crypto helper 1 resuming Sep 21 07:16:08.660548: | crypto helper 1 starting work-order 2 for state #1 Sep 21 07:16:08.660551: | crypto helper 1 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Sep 21 07:16:08.661499: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:16:08.661943: | crypto helper 1 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.00139 seconds Sep 21 07:16:08.661953: | (#1) spent 1.39 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Sep 21 07:16:08.661957: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Sep 21 07:16:08.661959: | scheduling resume sending helper answer for #1 Sep 21 07:16:08.661962: | libevent_malloc: new ptr-libevent@0x7f0f84006b90 size 128 Sep 21 07:16:08.661969: | crypto helper 1 waiting (nothing to do) Sep 21 07:16:08.661979: | processing resume sending helper answer for #1 Sep 21 07:16:08.661984: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:16:08.661987: | crypto helper 1 replies to request ID 2 Sep 21 07:16:08.661989: | calling continuation function 0x561e3375f630 Sep 21 07:16:08.661992: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Sep 21 07:16:08.661995: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:16:08.661998: | already have all fragments, skipping fragment collection Sep 21 07:16:08.662002: | already have all fragments, skipping fragment collection Sep 21 07:16:08.662024: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:16:08.662028: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Sep 21 07:16:08.662031: | **parse IKEv2 Identification - Initiator - Payload: Sep 21 07:16:08.662034: | next payload type: ISAKMP_NEXT_v2CERT (0x25) Sep 21 07:16:08.662037: | flags: none (0x0) Sep 21 07:16:08.662039: | length: 193 (0xc1) Sep 21 07:16:08.662042: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:16:08.662044: | processing payload: ISAKMP_NEXT_v2IDi (len=185) Sep 21 07:16:08.662046: | Now let's proceed with payload (ISAKMP_NEXT_v2CERT) Sep 21 07:16:08.662049: | **parse IKEv2 Certificate Payload: Sep 21 07:16:08.662052: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Sep 21 07:16:08.662054: | flags: none (0x0) Sep 21 07:16:08.662057: | length: 1232 (0x4d0) Sep 21 07:16:08.662059: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:16:08.662061: | processing payload: ISAKMP_NEXT_v2CERT (len=1227) Sep 21 07:16:08.662063: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Sep 21 07:16:08.662066: | **parse IKEv2 Certificate Request Payload: Sep 21 07:16:08.662068: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:16:08.662070: | flags: none (0x0) Sep 21 07:16:08.662072: | length: 25 (0x19) Sep 21 07:16:08.662074: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:16:08.662076: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=20) Sep 21 07:16:08.662079: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:16:08.662081: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:16:08.662083: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:16:08.662085: | flags: none (0x0) Sep 21 07:16:08.662088: | length: 191 (0xbf) Sep 21 07:16:08.662090: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:16:08.662092: | processing payload: ISAKMP_NEXT_v2IDr (len=183) Sep 21 07:16:08.662094: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:16:08.662097: | **parse IKEv2 Authentication Payload: Sep 21 07:16:08.662099: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:08.662101: | flags: none (0x0) Sep 21 07:16:08.662104: | length: 392 (0x188) Sep 21 07:16:08.662106: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:16:08.662109: | processing payload: ISAKMP_NEXT_v2AUTH (len=384) Sep 21 07:16:08.662111: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:08.662114: | **parse IKEv2 Security Association Payload: Sep 21 07:16:08.662116: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:16:08.662118: | flags: none (0x0) Sep 21 07:16:08.662121: | length: 164 (0xa4) Sep 21 07:16:08.662123: | processing payload: ISAKMP_NEXT_v2SA (len=160) Sep 21 07:16:08.662125: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:16:08.662127: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:08.662130: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:16:08.662132: | flags: none (0x0) Sep 21 07:16:08.662134: | length: 24 (0x18) Sep 21 07:16:08.662136: | number of TS: 1 (0x1) Sep 21 07:16:08.662139: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:16:08.662141: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:16:08.662143: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:08.662146: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.662148: | flags: none (0x0) Sep 21 07:16:08.662150: | length: 24 (0x18) Sep 21 07:16:08.662152: | number of TS: 1 (0x1) Sep 21 07:16:08.662155: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:16:08.662157: | selected state microcode Responder: process IKE_AUTH request Sep 21 07:16:08.662160: | Now let's proceed with state specific processing Sep 21 07:16:08.662162: | calling processor Responder: process IKE_AUTH request Sep 21 07:16:08.662168: "northnet-eastnets/0x2" #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,IDr,AUTH,SA,TSi,TSr} Sep 21 07:16:08.662178: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:16:08.662184: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Sep 21 07:16:08.662187: loading root certificate cache Sep 21 07:16:08.665464: | spent 3.24 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Sep 21 07:16:08.665504: | spent 0.0258 milliseconds in get_root_certs() filtering CAs Sep 21 07:16:08.665511: | #1 spent 3.3 milliseconds in find_and_verify_certs() calling get_root_certs() Sep 21 07:16:08.665515: | checking for known CERT payloads Sep 21 07:16:08.665519: | saving certificate of type 'X509_SIGNATURE' Sep 21 07:16:08.665563: | decoded cert: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:16:08.665570: | #1 spent 0.0535 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Sep 21 07:16:08.665575: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:16:08.665625: | #1 spent 0.0477 milliseconds in find_and_verify_certs() calling crl_update_check() Sep 21 07:16:08.665629: | missing or expired CRL Sep 21 07:16:08.665633: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Sep 21 07:16:08.665637: | verify_end_cert trying profile IPsec Sep 21 07:16:08.665753: | certificate is valid (profile IPsec) Sep 21 07:16:08.665762: | #1 spent 0.128 milliseconds in find_and_verify_certs() calling verify_end_cert() Sep 21 07:16:08.665768: "northnet-eastnets/0x2" #1: certificate verified OK: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:16:08.665846: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561e34b80190 Sep 21 07:16:08.665854: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561e34b82670 Sep 21 07:16:08.665856: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561e34b80850 Sep 21 07:16:08.666010: | unreference key: 0x561e34b8d6e0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:08.666019: | #1 spent 0.243 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Sep 21 07:16:08.666023: | #1 spent 3.81 milliseconds in decode_certs() Sep 21 07:16:08.666027: | DER ASN1 DN: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:16:08.666029: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:16:08.666031: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:16:08.666033: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:16:08.666035: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:16:08.666038: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:16:08.666040: | DER ASN1 DN: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Sep 21 07:16:08.666042: | DER ASN1 DN: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Sep 21 07:16:08.666045: | DER ASN1 DN: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Sep 21 07:16:08.666047: | DER ASN1 DN: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Sep 21 07:16:08.666049: | DER ASN1 DN: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:16:08.666051: | DER ASN1 DN: 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:16:08.666053: | received IDr payload - extracting our alleged ID Sep 21 07:16:08.666056: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:16:08.666058: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:16:08.666060: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:16:08.666063: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:16:08.666068: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:16:08.666071: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:16:08.666073: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Sep 21 07:16:08.666075: | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:16:08.666077: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Sep 21 07:16:08.666080: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Sep 21 07:16:08.666082: | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:16:08.666084: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Sep 21 07:16:08.666100: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:16:08.666106: | ID_DER_ASN1_DN 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' matched our ID 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:16:08.666109: | X509: CERT and ID matches current connection Sep 21 07:16:08.666111: | CERT_X509_SIGNATURE CR: Sep 21 07:16:08.666114: | 4e cf af 8c 44 87 de 90 be 28 67 b9 ce 53 17 3f Sep 21 07:16:08.666116: | 8e eb 22 c0 Sep 21 07:16:08.666119: | cert blob content is not binary ASN.1 Sep 21 07:16:08.666122: | refine_host_connection for IKEv2: starting with "northnet-eastnets/0x2" Sep 21 07:16:08.666130: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.666138: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.666141: | refine_host_connection: happy with starting point: "northnet-eastnets/0x2" Sep 21 07:16:08.666152: "northnet-eastnets/0x2" #1: No matching subjectAltName found for '=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:16:08.666156: | IDr payload 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' is NOT a valid certificate SAN for this connection Sep 21 07:16:08.666159: | The remote specified our ID in its IDr payload Sep 21 07:16:08.666166: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.666175: "northnet-eastnets/0x2" #1: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:16:08.666202: | received CERTREQ payload; going to decode it Sep 21 07:16:08.666206: | CERT_X509_SIGNATURE CR: Sep 21 07:16:08.666208: | 4e cf af 8c 44 87 de 90 be 28 67 b9 ce 53 17 3f Sep 21 07:16:08.666211: | 8e eb 22 c0 Sep 21 07:16:08.666213: | cert blob content is not binary ASN.1 Sep 21 07:16:08.666215: | verifying AUTH payload Sep 21 07:16:08.666234: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.666250: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:16:08.666259: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.666269: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.666278: | RSA key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.666426: | an RSA Sig check passed with *AwEAAbrCE [remote certificates] Sep 21 07:16:08.666433: | #1 spent 0.15 milliseconds in try_all_keys() trying a pubkey Sep 21 07:16:08.666435: "northnet-eastnets/0x2" #1: Authenticated using RSA Sep 21 07:16:08.666439: | #1 spent 0.219 milliseconds in ikev2_verify_rsa_hash() Sep 21 07:16:08.666443: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Sep 21 07:16:08.666448: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:16:08.666451: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:08.666456: | libevent_free: release ptr-libevent@0x561e34b77150 Sep 21 07:16:08.666459: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x561e34b832b0 Sep 21 07:16:08.666462: | event_schedule: new EVENT_SA_REKEY-pe@0x561e34b7fef0 Sep 21 07:16:08.666466: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Sep 21 07:16:08.666469: | libevent_malloc: new ptr-libevent@0x561e34b77150 size 128 Sep 21 07:16:08.666564: | pstats #1 ikev2.ike established Sep 21 07:16:08.666573: | **emit ISAKMP Message: Sep 21 07:16:08.666576: | initiator cookie: Sep 21 07:16:08.666578: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.666581: | responder cookie: Sep 21 07:16:08.666583: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.666586: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:08.666589: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.666592: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.666595: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:08.666598: | Message ID: 1 (0x1) Sep 21 07:16:08.666600: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:08.666603: | IKEv2 CERT: send a certificate? Sep 21 07:16:08.666606: | IKEv2 CERT: OK to send a certificate (always) Sep 21 07:16:08.666609: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:08.666612: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.666614: | flags: none (0x0) Sep 21 07:16:08.666617: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:08.666621: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.666625: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:08.666633: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:16:08.666650: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:16:08.666654: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.666656: | flags: none (0x0) Sep 21 07:16:08.666659: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:16:08.666663: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:16:08.666666: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.666669: | emitting 183 raw bytes of my identity into IKEv2 Identification - Responder - Payload Sep 21 07:16:08.666672: | my identity 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:16:08.666674: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:16:08.666677: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:16:08.666679: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:16:08.666682: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:16:08.666686: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:16:08.666689: | my identity 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Sep 21 07:16:08.666691: | my identity 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:16:08.666693: | my identity 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Sep 21 07:16:08.666696: | my identity 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Sep 21 07:16:08.666698: | my identity 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:16:08.666700: | my identity 77 61 6e 2e 6f 72 67 Sep 21 07:16:08.666703: | emitting length of IKEv2 Identification - Responder - Payload: 191 Sep 21 07:16:08.666713: | assembled IDr payload Sep 21 07:16:08.666717: | Sending [CERT] of certificate: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:16:08.666720: | ****emit IKEv2 Certificate Payload: Sep 21 07:16:08.666723: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.666725: | flags: none (0x0) Sep 21 07:16:08.666728: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:16:08.666731: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) Sep 21 07:16:08.666734: | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.666737: | emitting 1260 raw bytes of CERT into IKEv2 Certificate Payload Sep 21 07:16:08.666739: | CERT 30 82 04 e8 30 82 04 51 a0 03 02 01 02 02 01 03 Sep 21 07:16:08.666741: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Sep 21 07:16:08.666744: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Sep 21 07:16:08.666746: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Sep 21 07:16:08.666748: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Sep 21 07:16:08.666750: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Sep 21 07:16:08.666752: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Sep 21 07:16:08.666754: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Sep 21 07:16:08.666757: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Sep 21 07:16:08.666759: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Sep 21 07:16:08.666761: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Sep 21 07:16:08.666764: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Sep 21 07:16:08.666766: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Sep 21 07:16:08.666768: | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 Sep 21 07:16:08.666771: | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 Sep 21 07:16:08.666773: | CERT 39 5a 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 Sep 21 07:16:08.666776: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Sep 21 07:16:08.666778: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Sep 21 07:16:08.666780: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Sep 21 07:16:08.666787: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Sep 21 07:16:08.666792: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Sep 21 07:16:08.666795: | CERT 6d 65 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 Sep 21 07:16:08.666797: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:16:08.666799: | CERT 65 73 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a Sep 21 07:16:08.666802: | CERT 86 48 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 Sep 21 07:16:08.666804: | CERT 61 73 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:16:08.666806: | CERT 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 Sep 21 07:16:08.666808: | CERT 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f Sep 21 07:16:08.666811: | CERT 00 30 82 01 8a 02 82 01 81 00 b0 0d 9e ca 2d 55 Sep 21 07:16:08.666813: | CERT 24 59 06 37 09 58 0d 06 ab 90 5e 98 7c 00 0b 66 Sep 21 07:16:08.666817: | CERT 73 f4 12 27 69 75 6e d4 8d 13 e9 c6 e9 4f c4 b1 Sep 21 07:16:08.666820: | CERT 19 1a 1a 4f e6 4e 06 da 29 ec cf 8d 4c c3 c3 57 Sep 21 07:16:08.666822: | CERT c0 24 57 83 7a 1b 7f 96 a3 21 66 67 52 68 8e 77 Sep 21 07:16:08.666825: | CERT b9 bb f6 9b d2 43 11 57 c9 d6 ca e2 39 73 93 ea Sep 21 07:16:08.666827: | CERT 99 99 f7 52 38 4d 58 69 7f a5 18 9b ff 66 72 6c Sep 21 07:16:08.666830: | CERT df 6d df 18 50 cf 10 98 a3 f5 f9 69 27 5b 3f bd Sep 21 07:16:08.666833: | CERT 0f 34 18 93 99 1a be 8a 46 84 37 69 71 7f a7 df Sep 21 07:16:08.666835: | CERT d0 9d b2 9d ad 80 0f d0 1a 40 cb ff 37 20 ac ac Sep 21 07:16:08.666838: | CERT 3d a9 8e 56 56 cf 25 c0 5e 55 52 86 5a c5 b4 ce Sep 21 07:16:08.666840: | CERT a8 dd 95 cf ab 38 91 f6 1f 9f 83 36 d5 3f 8c d3 Sep 21 07:16:08.666843: | CERT 1d f5 3f 23 3c d2 5c 87 23 bc 6a 67 f7 00 c3 96 Sep 21 07:16:08.666845: | CERT 3f 76 5c b9 8e 6f 2b 16 90 2c 00 c0 05 a0 e2 8d Sep 21 07:16:08.666847: | CERT 57 d5 76 34 7f 6f be e8 48 79 08 91 a8 17 72 1f Sep 21 07:16:08.666849: | CERT c0 1c 8a 52 a8 18 aa 32 3c 9a e4 d9 90 58 25 5e Sep 21 07:16:08.666851: | CERT 4c 49 8e cb 7a 33 19 d2 87 1a 2a 8e b5 04 f7 f9 Sep 21 07:16:08.666853: | CERT cd 80 8c 59 ae 34 61 c5 1d de 53 65 fe 4f f3 f4 Sep 21 07:16:08.666856: | CERT 09 f2 b4 21 7a 2b eb 1f 4a f2 5f 85 3a f0 f8 2b Sep 21 07:16:08.666858: | CERT 3b 42 5b da 89 c1 ef b2 81 18 2a 4b 57 a2 ca 63 Sep 21 07:16:08.666860: | CERT 8b a7 60 8e 54 95 c3 20 5c e5 53 f0 4a 57 df 41 Sep 21 07:16:08.666862: | CERT fa 06 e6 ab 4e 0b 46 49 14 0d db b0 dc 10 2e 6d Sep 21 07:16:08.666865: | CERT 5f 52 cb 75 36 1b e2 1d 9d 77 0f 73 9d 0a 64 07 Sep 21 07:16:08.666867: | CERT 84 f4 0e 0a 98 97 58 c4 40 f6 1b ac a3 be 21 aa Sep 21 07:16:08.666869: | CERT 67 3a 2b b1 0e b7 9a 36 ff 67 02 03 01 00 01 a3 Sep 21 07:16:08.666872: | CERT 82 01 06 30 82 01 02 30 09 06 03 55 1d 13 04 02 Sep 21 07:16:08.666874: | CERT 30 00 30 47 06 03 55 1d 11 04 40 30 3e 82 1a 65 Sep 21 07:16:08.666876: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:16:08.666878: | CERT 65 73 77 61 6e 2e 6f 72 67 81 1a 65 61 73 74 40 Sep 21 07:16:08.666881: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Sep 21 07:16:08.666883: | CERT 6e 2e 6f 72 67 87 04 c0 01 02 17 30 0b 06 03 55 Sep 21 07:16:08.666886: | CERT 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 Sep 21 07:16:08.666888: | CERT 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b Sep 21 07:16:08.666890: | CERT 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 Sep 21 07:16:08.666893: | CERT 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 Sep 21 07:16:08.666895: | CERT 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e Sep 21 07:16:08.666898: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Sep 21 07:16:08.666900: | CERT 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d Sep 21 07:16:08.666903: | CERT 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 Sep 21 07:16:08.666905: | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Sep 21 07:16:08.666908: | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 Sep 21 07:16:08.666910: | CERT 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 Sep 21 07:16:08.666912: | CERT 86 f7 0d 01 01 0b 05 00 03 81 81 00 bf 3c 12 c5 Sep 21 07:16:08.666915: | CERT 00 3e 71 2a 2b 2b 60 83 b9 b9 f2 4d b1 ca 0e fd Sep 21 07:16:08.666917: | CERT b4 e0 0b 6a ad 54 d7 c9 98 57 e0 5c 26 4d bf 11 Sep 21 07:16:08.666919: | CERT 23 20 79 05 b6 1b 9b 09 ed 4f 2e fd 7e da 55 53 Sep 21 07:16:08.666921: | CERT b6 8c 88 fa f3 9b ce ec ef 95 37 11 70 ce 1c 98 Sep 21 07:16:08.666923: | CERT d3 d5 cf f6 30 71 44 78 fb 45 03 69 50 d5 a5 c3 Sep 21 07:16:08.666926: | CERT de 00 4c f7 0a 7d 00 cb 3a ab 11 74 6b 57 67 4d Sep 21 07:16:08.666928: | CERT e7 c0 3a 97 98 44 e2 15 9d f2 6f 1b c7 b1 15 d0 Sep 21 07:16:08.666930: | CERT 88 c4 dc 32 b7 72 1d 9c ac 1b 37 63 Sep 21 07:16:08.666933: | emitting length of IKEv2 Certificate Payload: 1265 Sep 21 07:16:08.666937: | CHILD SA proposals received Sep 21 07:16:08.666940: | going to assemble AUTH payload Sep 21 07:16:08.666943: | ****emit IKEv2 Authentication Payload: Sep 21 07:16:08.666945: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:08.666948: | flags: none (0x0) Sep 21 07:16:08.666951: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:16:08.666954: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Sep 21 07:16:08.666957: | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:16:08.666960: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.666977: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_RSA Sep 21 07:16:08.667042: | searching for certificate PKK_RSA:AwEAAbANn vs PKK_RSA:AwEAAbANn Sep 21 07:16:08.678017: | #1 spent 9.65 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Sep 21 07:16:08.678036: | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload Sep 21 07:16:08.678039: | rsa signature a2 89 9b 7a e3 a2 83 53 b7 c5 c5 36 0a e4 6b 59 Sep 21 07:16:08.678042: | rsa signature 28 67 86 7a a0 2f f0 c0 7c 2a f4 9e 81 c1 bf c8 Sep 21 07:16:08.678044: | rsa signature e5 1f 06 cb 1a c8 b9 91 f7 e1 fe 65 ed ac 02 c6 Sep 21 07:16:08.678047: | rsa signature f5 b4 44 8c c3 a7 9a e6 e6 74 8b bd 0e 9e 7e 47 Sep 21 07:16:08.678049: | rsa signature 7b 94 e3 77 be ed 58 7b ec 24 3d db c8 cd 39 4a Sep 21 07:16:08.678051: | rsa signature 94 9c 9c 47 e7 3f 1c 18 03 42 cf 1c 25 ce 77 60 Sep 21 07:16:08.678054: | rsa signature b6 6c 06 d2 63 b3 33 70 0a fd 78 37 fb 30 ba 78 Sep 21 07:16:08.678056: | rsa signature cc e9 0c bb fa fc 65 17 29 ed 20 42 fb 69 12 c3 Sep 21 07:16:08.678058: | rsa signature 58 59 29 35 50 07 75 b4 32 bb c2 25 45 db 7e 04 Sep 21 07:16:08.678061: | rsa signature 65 63 bd f1 67 f2 20 94 44 fa f3 81 a5 b6 a5 0a Sep 21 07:16:08.678063: | rsa signature 71 8a e4 90 97 00 c5 95 26 e1 f4 c0 aa 52 5c 3e Sep 21 07:16:08.678065: | rsa signature 49 1e ec d0 05 04 89 ab a5 dd 3d 02 ed e4 cb c1 Sep 21 07:16:08.678068: | rsa signature 9f b1 5f fd 39 bf 37 bd 2c a8 73 73 7d e6 cd c3 Sep 21 07:16:08.678070: | rsa signature 50 20 2b ea 38 f9 53 73 ff 3f d8 b5 5f c4 ae bc Sep 21 07:16:08.678072: | rsa signature 35 3e 5d 65 34 02 d6 89 30 6e 09 08 41 a3 e2 a0 Sep 21 07:16:08.678075: | rsa signature 7e 95 ec c4 e2 98 f8 c9 11 b8 ce f4 f1 cd ad f1 Sep 21 07:16:08.678077: | rsa signature e2 99 24 f3 0d aa 3f 67 29 99 23 de 34 a8 63 a4 Sep 21 07:16:08.678079: | rsa signature cf d7 66 d4 c2 04 fe 39 f7 cb c6 da af 3c eb f5 Sep 21 07:16:08.678082: | rsa signature 2c eb 97 be 7b f3 ff c0 7c e4 31 12 e2 eb 97 22 Sep 21 07:16:08.678084: | rsa signature 42 b2 dc e5 fa 0e 15 97 38 40 d0 7b 0b 55 14 91 Sep 21 07:16:08.678086: | rsa signature 50 3b 27 50 43 a5 be 10 f4 ba 01 c0 fd d1 1e 5b Sep 21 07:16:08.678089: | rsa signature c2 dc 7b eb 47 82 27 c5 f0 d3 43 27 0f 5c a3 e2 Sep 21 07:16:08.678091: | rsa signature a6 5d b5 76 fa 08 77 58 f9 9e dd e7 06 f8 07 46 Sep 21 07:16:08.678093: | rsa signature ab 77 af ec c1 73 a7 f2 df b3 89 50 d6 c2 56 22 Sep 21 07:16:08.678098: | #1 spent 9.83 milliseconds in ikev2_calculate_rsa_hash() Sep 21 07:16:08.678101: | emitting length of IKEv2 Authentication Payload: 392 Sep 21 07:16:08.678107: | creating state object #2 at 0x561e34b95ef0 Sep 21 07:16:08.678111: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:16:08.678115: | pstats #2 ikev2.child started Sep 21 07:16:08.678118: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA Sep 21 07:16:08.678129: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:08.678136: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:08.678141: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Sep 21 07:16:08.678146: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Sep 21 07:16:08.678149: | Child SA TS Request has ike->sa == md->st; so using parent connection Sep 21 07:16:08.678152: | TSi: parsing 1 traffic selectors Sep 21 07:16:08.678156: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:08.678159: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:08.678161: | IP Protocol ID: 0 (0x0) Sep 21 07:16:08.678164: | length: 16 (0x10) Sep 21 07:16:08.678166: | start port: 0 (0x0) Sep 21 07:16:08.678168: | end port: 65535 (0xffff) Sep 21 07:16:08.678171: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:08.678174: | TS low c0 00 03 00 Sep 21 07:16:08.678177: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:08.678179: | TS high c0 00 03 ff Sep 21 07:16:08.678182: | TSi: parsed 1 traffic selectors Sep 21 07:16:08.678184: | TSr: parsing 1 traffic selectors Sep 21 07:16:08.678186: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:08.678189: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:08.678191: | IP Protocol ID: 0 (0x0) Sep 21 07:16:08.678194: | length: 16 (0x10) Sep 21 07:16:08.678196: | start port: 0 (0x0) Sep 21 07:16:08.678198: | end port: 65535 (0xffff) Sep 21 07:16:08.678201: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:08.678203: | TS low c0 00 02 00 Sep 21 07:16:08.678206: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:08.678208: | TS high c0 00 02 ff Sep 21 07:16:08.678210: | TSr: parsed 1 traffic selectors Sep 21 07:16:08.678212: | looking for best SPD in current connection Sep 21 07:16:08.678219: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Sep 21 07:16:08.678224: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:08.678231: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:16:08.678234: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:16:08.678237: | TSi[0] port match: YES fitness 65536 Sep 21 07:16:08.678240: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:16:08.678243: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:08.678247: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:08.678253: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Sep 21 07:16:08.678256: | looking for better host pair Sep 21 07:16:08.678261: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:16:08.678266: | checking hostpair 192.0.22.0/24:0 -> 192.0.3.0/24:0 is found Sep 21 07:16:08.678269: | investigating connection "northnet-eastnets/0x2" as a better match Sep 21 07:16:08.678281: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:16:08.678290: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:16:08.678292: | results matched Sep 21 07:16:08.678301: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.678310: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.678316: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Sep 21 07:16:08.678321: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:08.678327: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:16:08.678330: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:16:08.678332: | TSi[0] port match: YES fitness 65536 Sep 21 07:16:08.678335: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:16:08.678338: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:08.678342: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:08.678348: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Sep 21 07:16:08.678350: | investigating connection "northnet-eastnets/0x1" as a better match Sep 21 07:16:08.678360: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:16:08.678367: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:16:08.678370: | results matched Sep 21 07:16:08.678378: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.678386: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.678391: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:16:08.678396: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:08.678401: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:16:08.678404: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:16:08.678407: | TSi[0] port match: YES fitness 65536 Sep 21 07:16:08.678409: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:16:08.678412: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:08.678416: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:08.678422: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:16:08.678425: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:16:08.678427: | TSr[0] port match: YES fitness 65536 Sep 21 07:16:08.678430: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:16:08.678433: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:08.678435: | best fit so far: TSi[0] TSr[0] Sep 21 07:16:08.678438: | protocol fitness found better match d northnet-eastnets/0x1, TSi[0],TSr[0] Sep 21 07:16:08.678442: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:16:08.678444: | printing contents struct traffic_selector Sep 21 07:16:08.678447: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:16:08.678449: | ipprotoid: 0 Sep 21 07:16:08.678451: | port range: 0-65535 Sep 21 07:16:08.678455: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:16:08.678457: | printing contents struct traffic_selector Sep 21 07:16:08.678460: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:16:08.678462: | ipprotoid: 0 Sep 21 07:16:08.678464: | port range: 0-65535 Sep 21 07:16:08.678468: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:16:08.678472: | constructing ESP/AH proposals with all DH removed for northnet-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals) Sep 21 07:16:08.678479: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:16:08.678485: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:16:08.678488: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:16:08.678491: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:16:08.678494: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:08.678498: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:08.678501: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:08.678505: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:08.678512: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:08.678517: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Sep 21 07:16:08.678520: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:08.678522: | local proposal 1 type PRF has 0 transforms Sep 21 07:16:08.678525: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:08.678527: | local proposal 1 type DH has 1 transforms Sep 21 07:16:08.678529: | local proposal 1 type ESN has 1 transforms Sep 21 07:16:08.678532: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:16:08.678534: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:08.678536: | local proposal 2 type PRF has 0 transforms Sep 21 07:16:08.678538: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:08.678540: | local proposal 2 type DH has 1 transforms Sep 21 07:16:08.678542: | local proposal 2 type ESN has 1 transforms Sep 21 07:16:08.678544: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:16:08.678546: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:08.678548: | local proposal 3 type PRF has 0 transforms Sep 21 07:16:08.678550: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:08.678553: | local proposal 3 type DH has 1 transforms Sep 21 07:16:08.678555: | local proposal 3 type ESN has 1 transforms Sep 21 07:16:08.678558: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:16:08.678560: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:08.678562: | local proposal 4 type PRF has 0 transforms Sep 21 07:16:08.678564: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:08.678567: | local proposal 4 type DH has 1 transforms Sep 21 07:16:08.678569: | local proposal 4 type ESN has 1 transforms Sep 21 07:16:08.678572: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:16:08.678575: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.678578: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.678580: | length: 32 (0x20) Sep 21 07:16:08.678582: | prop #: 1 (0x1) Sep 21 07:16:08.678585: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.678587: | spi size: 4 (0x4) Sep 21 07:16:08.678589: | # transforms: 2 (0x2) Sep 21 07:16:08.678592: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:16:08.678594: | remote SPI f7 1e cb ee Sep 21 07:16:08.678597: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:16:08.678600: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.678603: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.678605: | length: 12 (0xc) Sep 21 07:16:08.678608: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.678612: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:08.678615: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.678618: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.678621: | length/value: 256 (0x100) Sep 21 07:16:08.678625: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:08.678627: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.678630: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.678632: | length: 8 (0x8) Sep 21 07:16:08.678634: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.678636: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.678640: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:16:08.678643: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Sep 21 07:16:08.678646: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Sep 21 07:16:08.678649: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Sep 21 07:16:08.678653: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:16:08.678658: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:16:08.678661: | remote proposal 1 matches local proposal 1 Sep 21 07:16:08.678664: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.678666: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.678668: | length: 32 (0x20) Sep 21 07:16:08.678671: | prop #: 2 (0x2) Sep 21 07:16:08.678674: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.678676: | spi size: 4 (0x4) Sep 21 07:16:08.678678: | # transforms: 2 (0x2) Sep 21 07:16:08.678682: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:16:08.678684: | remote SPI f7 1e cb ee Sep 21 07:16:08.678687: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:16:08.678690: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.678693: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.678695: | length: 12 (0xc) Sep 21 07:16:08.678698: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.678700: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:08.678703: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.678705: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.678708: | length/value: 128 (0x80) Sep 21 07:16:08.678711: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.678713: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.678715: | length: 8 (0x8) Sep 21 07:16:08.678718: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.678721: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.678724: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Sep 21 07:16:08.678728: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Sep 21 07:16:08.678730: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.678733: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.678736: | length: 48 (0x30) Sep 21 07:16:08.678738: | prop #: 3 (0x3) Sep 21 07:16:08.678741: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.678743: | spi size: 4 (0x4) Sep 21 07:16:08.678745: | # transforms: 4 (0x4) Sep 21 07:16:08.678749: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:16:08.678751: | remote SPI f7 1e cb ee Sep 21 07:16:08.678754: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:16:08.678757: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.678759: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.678763: | length: 12 (0xc) Sep 21 07:16:08.678766: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.678768: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:08.678771: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.678774: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.678776: | length/value: 256 (0x100) Sep 21 07:16:08.678780: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.678782: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.678791: | length: 8 (0x8) Sep 21 07:16:08.678794: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.678796: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:08.678800: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.678802: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.678805: | length: 8 (0x8) Sep 21 07:16:08.678807: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.678809: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:08.678812: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.678815: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.678817: | length: 8 (0x8) Sep 21 07:16:08.678819: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.678822: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.678826: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Sep 21 07:16:08.678828: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Sep 21 07:16:08.678831: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.678834: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:08.678836: | length: 48 (0x30) Sep 21 07:16:08.678838: | prop #: 4 (0x4) Sep 21 07:16:08.678841: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.678843: | spi size: 4 (0x4) Sep 21 07:16:08.678845: | # transforms: 4 (0x4) Sep 21 07:16:08.678848: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:16:08.678850: | remote SPI f7 1e cb ee Sep 21 07:16:08.678853: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:16:08.678856: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.678858: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.678861: | length: 12 (0xc) Sep 21 07:16:08.678863: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.678866: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:08.678868: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.678871: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.678873: | length/value: 128 (0x80) Sep 21 07:16:08.678876: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.678878: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.678881: | length: 8 (0x8) Sep 21 07:16:08.678883: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.678886: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:08.678888: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.678891: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.678893: | length: 8 (0x8) Sep 21 07:16:08.678895: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.678898: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:08.678901: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.678903: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.678906: | length: 8 (0x8) Sep 21 07:16:08.678908: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.678910: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.678914: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Sep 21 07:16:08.678917: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Sep 21 07:16:08.678925: "northnet-eastnets/0x2" #1: proposal 1:ESP:SPI=f71ecbee;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Sep 21 07:16:08.678930: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=f71ecbee;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:16:08.678933: | converting proposal to internal trans attrs Sep 21 07:16:08.678956: | netlink_get_spi: allocated 0x5631025 for esp.0@192.1.2.23 Sep 21 07:16:08.678959: | Emitting ikev2_proposal ... Sep 21 07:16:08.678962: | ****emit IKEv2 Security Association Payload: Sep 21 07:16:08.678964: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.678967: | flags: none (0x0) Sep 21 07:16:08.678971: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:08.678974: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.678977: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.678980: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:08.678982: | prop #: 1 (0x1) Sep 21 07:16:08.678984: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.678987: | spi size: 4 (0x4) Sep 21 07:16:08.678989: | # transforms: 2 (0x2) Sep 21 07:16:08.678992: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:08.678995: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:08.678998: | our spi 05 63 10 25 Sep 21 07:16:08.679000: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.679003: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.679005: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.679008: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:08.679011: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.679013: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.679016: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.679019: | length/value: 256 (0x100) Sep 21 07:16:08.679022: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:08.679024: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.679026: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.679028: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.679031: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.679034: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.679037: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.679039: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.679042: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:16:08.679045: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:08.679047: | emitting length of IKEv2 Security Association Payload: 36 Sep 21 07:16:08.679050: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:08.679053: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:08.679056: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.679058: | flags: none (0x0) Sep 21 07:16:08.679060: | number of TS: 1 (0x1) Sep 21 07:16:08.679063: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:16:08.679070: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.679073: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:08.679076: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:08.679078: | IP Protocol ID: 0 (0x0) Sep 21 07:16:08.679080: | start port: 0 (0x0) Sep 21 07:16:08.679082: | end port: 65535 (0xffff) Sep 21 07:16:08.679085: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:08.679088: | IP start c0 00 03 00 Sep 21 07:16:08.679090: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:08.679093: | IP end c0 00 03 ff Sep 21 07:16:08.679095: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:08.679098: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:16:08.679100: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:08.679102: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.679104: | flags: none (0x0) Sep 21 07:16:08.679106: | number of TS: 1 (0x1) Sep 21 07:16:08.679109: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:16:08.679112: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.679115: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:08.679117: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:08.679119: | IP Protocol ID: 0 (0x0) Sep 21 07:16:08.679121: | start port: 0 (0x0) Sep 21 07:16:08.679124: | end port: 65535 (0xffff) Sep 21 07:16:08.679127: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:08.679130: | IP start c0 00 02 00 Sep 21 07:16:08.679132: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:08.679134: | IP end c0 00 02 ff Sep 21 07:16:08.679136: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:08.679138: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:16:08.679141: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:16:08.679144: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:16:08.679319: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Sep 21 07:16:08.679332: | #1 spent 1.23 milliseconds Sep 21 07:16:08.679339: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:16:08.679345: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Sep 21 07:16:08.679349: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:08.679355: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:08.679360: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:08.679366: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:08.679371: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:08.679380: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:16:08.679387: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:08.679392: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:08.679397: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:08.679402: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:08.679408: | setting IPsec SA replay-window to 32 Sep 21 07:16:08.679411: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Sep 21 07:16:08.679414: | netlink: enabling tunnel mode Sep 21 07:16:08.679416: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:08.679419: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:08.679518: | netlink response for Add SA esp.f71ecbee@192.1.3.33 included non-error error Sep 21 07:16:08.679524: | set up outgoing SA, ref=0/0 Sep 21 07:16:08.679529: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:08.679535: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:08.679539: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:08.679543: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:08.679549: | setting IPsec SA replay-window to 32 Sep 21 07:16:08.679554: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Sep 21 07:16:08.679560: | netlink: enabling tunnel mode Sep 21 07:16:08.679564: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:08.679566: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:08.679611: | netlink response for Add SA esp.5631025@192.1.2.23 included non-error error Sep 21 07:16:08.679615: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:08.679622: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Sep 21 07:16:08.679625: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:08.679667: | raw_eroute result=success Sep 21 07:16:08.679671: | set up incoming SA, ref=0/0 Sep 21 07:16:08.679673: | sr for #2: unrouted Sep 21 07:16:08.679676: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:16:08.679678: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:08.679681: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:08.679684: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:08.679687: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:08.679690: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:08.679693: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:16:08.679697: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:16:08.679700: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:08.679707: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Sep 21 07:16:08.679710: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:08.679731: | raw_eroute result=success Sep 21 07:16:08.679734: | running updown command "ipsec _updown" for verb up Sep 21 07:16:08.679736: | command executing up-client Sep 21 07:16:08.679766: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.679774: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.679797: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RS Sep 21 07:16:08.679802: | popen cmd is 1402 chars long Sep 21 07:16:08.679807: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Sep 21 07:16:08.679810: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PL: Sep 21 07:16:08.679812: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east: Sep 21 07:16:08.679815: | cmd( 240):.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.: Sep 21 07:16:08.679817: | cmd( 320):0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' P: Sep 21 07:16:08.679819: | cmd( 400):LUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP: Sep 21 07:16:08.679821: | cmd( 480):' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswa: Sep 21 07:16:08.679823: | cmd( 560):n, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libr: Sep 21 07:16:08.679825: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PL: Sep 21 07:16:08.679828: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Sep 21 07:16:08.679830: | cmd( 800): PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:16:08.679832: | cmd( 880):=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLU: Sep 21 07:16:08.679834: | cmd( 960):TO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TR: Sep 21 07:16:08.679837: | cmd(1040):ACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY=: Sep 21 07:16:08.679839: | cmd(1120):'ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_: Sep 21 07:16:08.679842: | cmd(1200):DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL: Sep 21 07:16:08.679844: | cmd(1280):UTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xf71: Sep 21 07:16:08.679846: | cmd(1360):ecbee SPI_OUT=0x5631025 ipsec _updown 2>&1: Sep 21 07:16:08.693848: | route_and_eroute: firewall_notified: true Sep 21 07:16:08.693861: | running updown command "ipsec _updown" for verb prepare Sep 21 07:16:08.693865: | command executing prepare-client Sep 21 07:16:08.693904: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.693914: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.693935: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_ Sep 21 07:16:08.693938: | popen cmd is 1407 chars long Sep 21 07:16:08.693941: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:16:08.693944: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.2: Sep 21 07:16:08.693947: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:16:08.693953: | cmd( 240):=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT=: Sep 21 07:16:08.693955: | cmd( 320):'192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255: Sep 21 07:16:08.693958: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Sep 21 07:16:08.693960: | cmd( 480):='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Sep 21 07:16:08.693963: | cmd( 560):reswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing: Sep 21 07:16:08.693965: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.: Sep 21 07:16:08.693968: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Sep 21 07:16:08.693971: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Sep 21 07:16:08.693973: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Sep 21 07:16:08.693975: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAR: Sep 21 07:16:08.693978: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Sep 21 07:16:08.693980: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Sep 21 07:16:08.693983: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Sep 21 07:16:08.693985: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Sep 21 07:16:08.693988: | cmd(1360):0xf71ecbee SPI_OUT=0x5631025 ipsec _updown 2>&1: Sep 21 07:16:08.708836: | running updown command "ipsec _updown" for verb route Sep 21 07:16:08.708846: | command executing route-client Sep 21 07:16:08.708884: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.708892: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.708917: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI Sep 21 07:16:08.708921: | popen cmd is 1405 chars long Sep 21 07:16:08.708924: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Sep 21 07:16:08.708927: | cmd( 80):s/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23': Sep 21 07:16:08.708929: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=e: Sep 21 07:16:08.708932: | cmd( 240):ast.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='1: Sep 21 07:16:08.708934: | cmd( 320):92.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0: Sep 21 07:16:08.708937: | cmd( 400):' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=': Sep 21 07:16:08.708939: | cmd( 480):ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libre: Sep 21 07:16:08.708944: | cmd( 560):swan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.l: Sep 21 07:16:08.708947: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0': Sep 21 07:16:08.708949: | cmd( 720): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Sep 21 07:16:08.708952: | cmd( 800):'0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department,: Sep 21 07:16:08.708954: | cmd( 880): CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' : Sep 21 07:16:08.708957: | cmd( 960):PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF: Sep 21 07:16:08.708960: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Sep 21 07:16:08.708963: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Sep 21 07:16:08.708965: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Sep 21 07:16:08.708968: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Sep 21 07:16:08.708970: | cmd(1360):f71ecbee SPI_OUT=0x5631025 ipsec _updown 2>&1: Sep 21 07:16:08.737166: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x561e34b75f70,sr=0x561e34b75f70} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:16:08.737238: | #1 spent 1.08 milliseconds in install_ipsec_sa() Sep 21 07:16:08.737247: | ISAKMP_v2_IKE_AUTH: instance northnet-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:16:08.737251: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:08.737255: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:08.737259: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:08.737262: | emitting length of IKEv2 Encryption Payload: 1961 Sep 21 07:16:08.737264: | emitting length of ISAKMP Message: 1989 Sep 21 07:16:08.737269: | **parse ISAKMP Message: Sep 21 07:16:08.737272: | initiator cookie: Sep 21 07:16:08.737275: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.737277: | responder cookie: Sep 21 07:16:08.737280: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.737283: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:08.737286: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.737289: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.737292: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:08.737295: | Message ID: 1 (0x1) Sep 21 07:16:08.737298: | length: 1989 (0x7c5) Sep 21 07:16:08.737301: | **parse IKEv2 Encryption Payload: Sep 21 07:16:08.737304: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:16:08.737306: | flags: none (0x0) Sep 21 07:16:08.737308: | length: 1961 (0x7a9) Sep 21 07:16:08.737309: | **emit ISAKMP Message: Sep 21 07:16:08.737311: | initiator cookie: Sep 21 07:16:08.737312: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.737314: | responder cookie: Sep 21 07:16:08.737315: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.737317: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:08.737319: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.737320: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.737322: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:08.737324: | Message ID: 1 (0x1) Sep 21 07:16:08.737326: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:08.737328: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:16:08.737329: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:16:08.737331: | flags: none (0x0) Sep 21 07:16:08.737332: | fragment number: 1 (0x1) Sep 21 07:16:08.737334: | total fragments: 5 (0x5) Sep 21 07:16:08.737336: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 36:ISAKMP_NEXT_v2IDr Sep 21 07:16:08.737340: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.737342: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:16:08.737344: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:16:08.737350: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:16:08.737352: | cleartext fragment 25 00 00 bf 09 00 00 00 30 81 b4 31 0b 30 09 06 Sep 21 07:16:08.737354: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Sep 21 07:16:08.737355: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Sep 21 07:16:08.737357: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Sep 21 07:16:08.737358: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Sep 21 07:16:08.737360: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Sep 21 07:16:08.737361: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Sep 21 07:16:08.737363: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Sep 21 07:16:08.737364: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Sep 21 07:16:08.737366: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Sep 21 07:16:08.737367: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Sep 21 07:16:08.737369: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 27 Sep 21 07:16:08.737370: | cleartext fragment 00 04 f1 04 30 82 04 e8 30 82 04 51 a0 03 02 01 Sep 21 07:16:08.737372: | cleartext fragment 02 02 01 03 30 0d 06 09 2a 86 48 86 f7 0d 01 01 Sep 21 07:16:08.737373: | cleartext fragment 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 06 13 Sep 21 07:16:08.737375: | cleartext fragment 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e Sep 21 07:16:08.737376: | cleartext fragment 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 Sep 21 07:16:08.737378: | cleartext fragment 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a Sep 21 07:16:08.737379: | cleartext fragment 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 Sep 21 07:16:08.737381: | cleartext fragment 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 Sep 21 07:16:08.737382: | cleartext fragment 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 0c 1c Sep 21 07:16:08.737384: | cleartext fragment 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 20 43 Sep 21 07:16:08.737385: | cleartext fragment 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 Sep 21 07:16:08.737387: | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 65 73 Sep 21 07:16:08.737388: | cleartext fragment 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f Sep 21 07:16:08.737390: | cleartext fragment 72 67 30 22 18 0f 32 30 31 39 30 39 31 35 31 39 Sep 21 07:16:08.737391: | cleartext fragment 34 34 35 39 5a 18 0f 32 30 32 32 30 39 31 34 31 Sep 21 07:16:08.737393: | cleartext fragment 39 34 34 35 39 5a 30 81 b4 31 0b 30 09 06 03 55 Sep 21 07:16:08.737394: | cleartext fragment 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c Sep 21 07:16:08.737396: | cleartext fragment 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Sep 21 07:16:08.737397: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:08.737399: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:16:08.737401: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:16:08.737403: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:16:08.737404: | emitting length of ISAKMP Message: 539 Sep 21 07:16:08.737415: | **emit ISAKMP Message: Sep 21 07:16:08.737417: | initiator cookie: Sep 21 07:16:08.737418: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.737420: | responder cookie: Sep 21 07:16:08.737422: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.737424: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:08.737425: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.737427: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.737429: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:08.737430: | Message ID: 1 (0x1) Sep 21 07:16:08.737432: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:08.737434: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:16:08.737435: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.737437: | flags: none (0x0) Sep 21 07:16:08.737438: | fragment number: 2 (0x2) Sep 21 07:16:08.737440: | total fragments: 5 (0x5) Sep 21 07:16:08.737442: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:16:08.737444: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.737445: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:16:08.737449: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:16:08.737456: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:16:08.737459: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Sep 21 07:16:08.737461: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Sep 21 07:16:08.737464: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Sep 21 07:16:08.737466: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Sep 21 07:16:08.737469: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Sep 21 07:16:08.737471: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Sep 21 07:16:08.737473: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Sep 21 07:16:08.737476: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Sep 21 07:16:08.737478: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 Sep 21 07:16:08.737480: | cleartext fragment 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 Sep 21 07:16:08.737482: | cleartext fragment 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 81 00 Sep 21 07:16:08.737485: | cleartext fragment b0 0d 9e ca 2d 55 24 59 06 37 09 58 0d 06 ab 90 Sep 21 07:16:08.737487: | cleartext fragment 5e 98 7c 00 0b 66 73 f4 12 27 69 75 6e d4 8d 13 Sep 21 07:16:08.737489: | cleartext fragment e9 c6 e9 4f c4 b1 19 1a 1a 4f e6 4e 06 da 29 ec Sep 21 07:16:08.737491: | cleartext fragment cf 8d 4c c3 c3 57 c0 24 57 83 7a 1b 7f 96 a3 21 Sep 21 07:16:08.737494: | cleartext fragment 66 67 52 68 8e 77 b9 bb f6 9b d2 43 11 57 c9 d6 Sep 21 07:16:08.737497: | cleartext fragment ca e2 39 73 93 ea 99 99 f7 52 38 4d 58 69 7f a5 Sep 21 07:16:08.737499: | cleartext fragment 18 9b ff 66 72 6c df 6d df 18 50 cf 10 98 a3 f5 Sep 21 07:16:08.737502: | cleartext fragment f9 69 27 5b 3f bd 0f 34 18 93 99 1a be 8a 46 84 Sep 21 07:16:08.737504: | cleartext fragment 37 69 71 7f a7 df d0 9d b2 9d ad 80 0f d0 1a 40 Sep 21 07:16:08.737507: | cleartext fragment cb ff 37 20 ac ac 3d a9 8e 56 56 cf 25 c0 5e 55 Sep 21 07:16:08.737510: | cleartext fragment 52 86 5a c5 b4 ce a8 dd 95 cf ab 38 91 f6 1f 9f Sep 21 07:16:08.737512: | cleartext fragment 83 36 d5 3f 8c d3 1d f5 3f 23 3c d2 5c 87 23 bc Sep 21 07:16:08.737514: | cleartext fragment 6a 67 f7 00 c3 96 3f 76 5c b9 8e 6f 2b 16 90 2c Sep 21 07:16:08.737516: | cleartext fragment 00 c0 05 a0 e2 8d 57 d5 76 34 7f 6f be e8 48 79 Sep 21 07:16:08.737519: | cleartext fragment 08 91 a8 17 72 1f c0 1c 8a 52 a8 18 aa 32 3c 9a Sep 21 07:16:08.737521: | cleartext fragment e4 d9 90 58 25 5e 4c 49 8e cb 7a 33 19 d2 87 1a Sep 21 07:16:08.737523: | cleartext fragment 2a 8e b5 04 f7 f9 cd 80 8c 59 ae 34 61 c5 1d de Sep 21 07:16:08.737527: | cleartext fragment 53 65 fe 4f f3 f4 09 f2 b4 21 7a 2b eb 1f 4a f2 Sep 21 07:16:08.737529: | cleartext fragment 5f 85 3a f0 f8 2b 3b 42 5b da 89 c1 ef b2 Sep 21 07:16:08.737532: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:08.737534: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:16:08.737537: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:16:08.737539: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:16:08.737541: | emitting length of ISAKMP Message: 539 Sep 21 07:16:08.737550: | **emit ISAKMP Message: Sep 21 07:16:08.737553: | initiator cookie: Sep 21 07:16:08.737556: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.737558: | responder cookie: Sep 21 07:16:08.737560: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.737562: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:08.737563: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.737565: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.737566: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:08.737568: | Message ID: 1 (0x1) Sep 21 07:16:08.737570: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:08.737572: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:16:08.737573: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.737575: | flags: none (0x0) Sep 21 07:16:08.737576: | fragment number: 3 (0x3) Sep 21 07:16:08.737578: | total fragments: 5 (0x5) Sep 21 07:16:08.737580: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:16:08.737581: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.737583: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:16:08.737585: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:16:08.737588: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:16:08.737589: | cleartext fragment 81 18 2a 4b 57 a2 ca 63 8b a7 60 8e 54 95 c3 20 Sep 21 07:16:08.737591: | cleartext fragment 5c e5 53 f0 4a 57 df 41 fa 06 e6 ab 4e 0b 46 49 Sep 21 07:16:08.737592: | cleartext fragment 14 0d db b0 dc 10 2e 6d 5f 52 cb 75 36 1b e2 1d Sep 21 07:16:08.737594: | cleartext fragment 9d 77 0f 73 9d 0a 64 07 84 f4 0e 0a 98 97 58 c4 Sep 21 07:16:08.737595: | cleartext fragment 40 f6 1b ac a3 be 21 aa 67 3a 2b b1 0e b7 9a 36 Sep 21 07:16:08.737597: | cleartext fragment ff 67 02 03 01 00 01 a3 82 01 06 30 82 01 02 30 Sep 21 07:16:08.737598: | cleartext fragment 09 06 03 55 1d 13 04 02 30 00 30 47 06 03 55 1d Sep 21 07:16:08.737600: | cleartext fragment 11 04 40 30 3e 82 1a 65 61 73 74 2e 74 65 73 74 Sep 21 07:16:08.737601: | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 Sep 21 07:16:08.737603: | cleartext fragment 67 81 1a 65 61 73 74 40 74 65 73 74 69 6e 67 2e Sep 21 07:16:08.737604: | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 87 04 c0 Sep 21 07:16:08.737606: | cleartext fragment 01 02 17 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 Sep 21 07:16:08.737607: | cleartext fragment 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 Sep 21 07:16:08.737609: | cleartext fragment 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 Sep 21 07:16:08.737610: | cleartext fragment 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 30 Sep 21 07:16:08.737612: | cleartext fragment 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 74 Sep 21 07:16:08.737613: | cleartext fragment 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Sep 21 07:16:08.737614: | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 Sep 21 07:16:08.737616: | cleartext fragment 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 Sep 21 07:16:08.737619: | cleartext fragment 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e Sep 21 07:16:08.737620: | cleartext fragment 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Sep 21 07:16:08.737622: | cleartext fragment 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 Sep 21 07:16:08.737623: | cleartext fragment 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 Sep 21 07:16:08.737625: | cleartext fragment 03 81 81 00 bf 3c 12 c5 00 3e 71 2a 2b 2b 60 83 Sep 21 07:16:08.737626: | cleartext fragment b9 b9 f2 4d b1 ca 0e fd b4 e0 0b 6a ad 54 d7 c9 Sep 21 07:16:08.737628: | cleartext fragment 98 57 e0 5c 26 4d bf 11 23 20 79 05 b6 1b 9b 09 Sep 21 07:16:08.737629: | cleartext fragment ed 4f 2e fd 7e da 55 53 b6 8c 88 fa f3 9b ce ec Sep 21 07:16:08.737631: | cleartext fragment ef 95 37 11 70 ce 1c 98 d3 d5 cf f6 30 71 44 78 Sep 21 07:16:08.737632: | cleartext fragment fb 45 03 69 50 d5 a5 c3 de 00 4c f7 0a 7d 00 cb Sep 21 07:16:08.737634: | cleartext fragment 3a ab 11 74 6b 57 67 4d e7 c0 3a 97 98 44 Sep 21 07:16:08.737635: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:08.737637: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:16:08.737639: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:16:08.737640: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:16:08.737642: | emitting length of ISAKMP Message: 539 Sep 21 07:16:08.737646: | **emit ISAKMP Message: Sep 21 07:16:08.737648: | initiator cookie: Sep 21 07:16:08.737650: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.737651: | responder cookie: Sep 21 07:16:08.737652: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.737654: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:08.737656: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.737657: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.737659: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:08.737660: | Message ID: 1 (0x1) Sep 21 07:16:08.737662: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:08.737663: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:16:08.737665: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.737666: | flags: none (0x0) Sep 21 07:16:08.737668: | fragment number: 4 (0x4) Sep 21 07:16:08.737669: | total fragments: 5 (0x5) Sep 21 07:16:08.737671: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:16:08.737673: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.737675: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:16:08.737676: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:16:08.737681: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:16:08.737682: | cleartext fragment e2 15 9d f2 6f 1b c7 b1 15 d0 88 c4 dc 32 b7 72 Sep 21 07:16:08.737684: | cleartext fragment 1d 9c ac 1b 37 63 21 00 01 88 01 00 00 00 a2 89 Sep 21 07:16:08.737685: | cleartext fragment 9b 7a e3 a2 83 53 b7 c5 c5 36 0a e4 6b 59 28 67 Sep 21 07:16:08.737687: | cleartext fragment 86 7a a0 2f f0 c0 7c 2a f4 9e 81 c1 bf c8 e5 1f Sep 21 07:16:08.737688: | cleartext fragment 06 cb 1a c8 b9 91 f7 e1 fe 65 ed ac 02 c6 f5 b4 Sep 21 07:16:08.737690: | cleartext fragment 44 8c c3 a7 9a e6 e6 74 8b bd 0e 9e 7e 47 7b 94 Sep 21 07:16:08.737691: | cleartext fragment e3 77 be ed 58 7b ec 24 3d db c8 cd 39 4a 94 9c Sep 21 07:16:08.737693: | cleartext fragment 9c 47 e7 3f 1c 18 03 42 cf 1c 25 ce 77 60 b6 6c Sep 21 07:16:08.737694: | cleartext fragment 06 d2 63 b3 33 70 0a fd 78 37 fb 30 ba 78 cc e9 Sep 21 07:16:08.737696: | cleartext fragment 0c bb fa fc 65 17 29 ed 20 42 fb 69 12 c3 58 59 Sep 21 07:16:08.737698: | cleartext fragment 29 35 50 07 75 b4 32 bb c2 25 45 db 7e 04 65 63 Sep 21 07:16:08.737700: | cleartext fragment bd f1 67 f2 20 94 44 fa f3 81 a5 b6 a5 0a 71 8a Sep 21 07:16:08.737701: | cleartext fragment e4 90 97 00 c5 95 26 e1 f4 c0 aa 52 5c 3e 49 1e Sep 21 07:16:08.737702: | cleartext fragment ec d0 05 04 89 ab a5 dd 3d 02 ed e4 cb c1 9f b1 Sep 21 07:16:08.737704: | cleartext fragment 5f fd 39 bf 37 bd 2c a8 73 73 7d e6 cd c3 50 20 Sep 21 07:16:08.737705: | cleartext fragment 2b ea 38 f9 53 73 ff 3f d8 b5 5f c4 ae bc 35 3e Sep 21 07:16:08.737707: | cleartext fragment 5d 65 34 02 d6 89 30 6e 09 08 41 a3 e2 a0 7e 95 Sep 21 07:16:08.737708: | cleartext fragment ec c4 e2 98 f8 c9 11 b8 ce f4 f1 cd ad f1 e2 99 Sep 21 07:16:08.737710: | cleartext fragment 24 f3 0d aa 3f 67 29 99 23 de 34 a8 63 a4 cf d7 Sep 21 07:16:08.737711: | cleartext fragment 66 d4 c2 04 fe 39 f7 cb c6 da af 3c eb f5 2c eb Sep 21 07:16:08.737713: | cleartext fragment 97 be 7b f3 ff c0 7c e4 31 12 e2 eb 97 22 42 b2 Sep 21 07:16:08.737714: | cleartext fragment dc e5 fa 0e 15 97 38 40 d0 7b 0b 55 14 91 50 3b Sep 21 07:16:08.737716: | cleartext fragment 27 50 43 a5 be 10 f4 ba 01 c0 fd d1 1e 5b c2 dc Sep 21 07:16:08.737717: | cleartext fragment 7b eb 47 82 27 c5 f0 d3 43 27 0f 5c a3 e2 a6 5d Sep 21 07:16:08.737719: | cleartext fragment b5 76 fa 08 77 58 f9 9e dd e7 06 f8 07 46 ab 77 Sep 21 07:16:08.737720: | cleartext fragment af ec c1 73 a7 f2 df b3 89 50 d6 c2 56 22 2c 00 Sep 21 07:16:08.737722: | cleartext fragment 00 24 00 00 00 20 01 03 04 02 05 63 10 25 03 00 Sep 21 07:16:08.737723: | cleartext fragment 00 0c 01 00 00 14 80 0e 01 00 00 00 00 08 05 00 Sep 21 07:16:08.737725: | cleartext fragment 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 Sep 21 07:16:08.737726: | cleartext fragment ff ff c0 00 03 00 c0 00 03 ff 00 00 00 18 Sep 21 07:16:08.737728: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:08.737729: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:16:08.737731: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:16:08.737733: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:16:08.737734: | emitting length of ISAKMP Message: 539 Sep 21 07:16:08.737740: | **emit ISAKMP Message: Sep 21 07:16:08.737742: | initiator cookie: Sep 21 07:16:08.737744: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.737745: | responder cookie: Sep 21 07:16:08.737746: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.737748: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:08.737750: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.737751: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.737753: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:08.737754: | Message ID: 1 (0x1) Sep 21 07:16:08.737756: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:08.737757: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:16:08.737759: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.737760: | flags: none (0x0) Sep 21 07:16:08.737762: | fragment number: 5 (0x5) Sep 21 07:16:08.737763: | total fragments: 5 (0x5) Sep 21 07:16:08.737765: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:16:08.737767: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.737768: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:16:08.737770: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:16:08.737772: | emitting 20 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:16:08.737774: | cleartext fragment 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 Sep 21 07:16:08.737776: | cleartext fragment c0 00 02 ff Sep 21 07:16:08.737778: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:08.737779: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:16:08.737781: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:16:08.737806: | emitting length of IKEv2 Encrypted Fragment: 53 Sep 21 07:16:08.737810: | emitting length of ISAKMP Message: 81 Sep 21 07:16:08.737815: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Sep 21 07:16:08.737820: | #1 spent 17.5 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Sep 21 07:16:08.737824: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:08.737827: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:08.737830: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Sep 21 07:16:08.737832: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Sep 21 07:16:08.737835: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Sep 21 07:16:08.737836: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:16:08.737840: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Sep 21 07:16:08.737843: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Sep 21 07:16:08.737845: | pstats #2 ikev2.child established Sep 21 07:16:08.737850: "northnet-eastnets/0x1" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Sep 21 07:16:08.737852: | NAT-T: encaps is 'auto' Sep 21 07:16:08.737856: "northnet-eastnets/0x1" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xf71ecbee <0x05631025 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:16:08.737859: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:16:08.737861: | sending fragments ... Sep 21 07:16:08.737864: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:16:08.737866: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.737867: | 35 20 23 20 00 00 00 01 00 00 02 1b 24 00 01 ff Sep 21 07:16:08.737869: | 00 01 00 05 23 73 36 51 79 2d e0 ec 9a 67 c0 79 Sep 21 07:16:08.737870: | 29 70 d7 31 3e d1 41 42 06 bb 04 09 c2 4d a7 b1 Sep 21 07:16:08.737872: | e1 56 47 bb d2 00 82 3e 66 64 c6 47 77 4d 4a 5b Sep 21 07:16:08.737873: | 97 e0 b2 54 ab 1a db 24 2d d1 ab a0 4d b7 e3 70 Sep 21 07:16:08.737874: | fd 97 91 d7 a1 01 35 3b 38 96 71 c5 77 de 13 ce Sep 21 07:16:08.737876: | 7e eb d2 7f 69 d5 3b 9f 07 72 7d 10 05 59 44 cd Sep 21 07:16:08.737877: | dd 39 42 08 57 25 ba 02 48 0a c3 26 0b 34 ff 8a Sep 21 07:16:08.737879: | c3 95 8b 90 8e 21 b1 24 61 56 28 d6 65 74 55 51 Sep 21 07:16:08.737880: | b2 f1 aa 5d 3d 25 88 1c e9 71 83 52 b9 0b ec f3 Sep 21 07:16:08.737882: | b1 2a ac 9b d2 0c e0 0f bd d8 9e 56 d7 00 f2 0e Sep 21 07:16:08.737883: | ad a1 61 97 5f 19 f2 2a e3 d5 a0 d3 7e 23 b9 ae Sep 21 07:16:08.737884: | b6 1c 45 8b d1 49 ba b0 5e ff d3 81 82 4c 79 34 Sep 21 07:16:08.737886: | 94 c8 88 37 a4 b9 0c c6 1d 7b f2 87 be ed 0d 25 Sep 21 07:16:08.737887: | 09 1a 85 13 5c 41 3d 6a d5 bb 59 21 c6 e7 2e cb Sep 21 07:16:08.737889: | b1 7b c9 bc 83 a4 9c 5a ca 92 47 17 8f 91 b1 c7 Sep 21 07:16:08.737890: | 41 fe 6e ee 17 e0 9f f2 2d 3a 29 75 94 1f 18 44 Sep 21 07:16:08.737891: | 6b bc 11 a2 2d e8 5b e2 bf 94 f6 6c 3e 6c fd 25 Sep 21 07:16:08.737894: | 37 2b 29 fd c5 f7 2d 89 1c a7 5f 25 40 67 c7 05 Sep 21 07:16:08.737896: | 8d 86 98 4a 5b 56 0b 1b f8 c3 fc f4 37 af 8a b6 Sep 21 07:16:08.737897: | 1a 9e 2d 91 fe e2 87 4f 83 a2 2a bd ca e5 5d 0f Sep 21 07:16:08.737898: | 0a 83 c3 ac 7b a6 1e 42 25 12 75 74 c9 4d ea df Sep 21 07:16:08.737900: | 8d 59 6e 42 2a e6 3b 01 15 a4 32 db 56 04 a3 2a Sep 21 07:16:08.737901: | 47 49 f0 88 a6 e1 85 c9 b2 76 cb 68 37 30 cf bf Sep 21 07:16:08.737903: | 85 11 37 63 cf 7e 91 52 e4 ba b5 ea 3e aa b0 85 Sep 21 07:16:08.737904: | 42 6c 0a 17 00 ea ea 89 5a ab 7e 06 81 d6 6e 90 Sep 21 07:16:08.737906: | 69 51 6a ec 47 0e 31 2c b3 3a 85 8c 0f 34 ef 53 Sep 21 07:16:08.737907: | 1d 55 ec b6 62 d6 97 88 63 51 50 25 c4 c4 ad 4f Sep 21 07:16:08.737908: | 3f d0 d5 e7 42 ea 32 3e c1 08 b2 5e 92 7d a5 47 Sep 21 07:16:08.737910: | 23 f0 d8 3a cb 37 0e 64 99 33 ba bc 46 8d d8 c0 Sep 21 07:16:08.737911: | 4e c8 d0 a8 45 3b f9 fa e2 3d 3b 4d a6 e1 f5 f5 Sep 21 07:16:08.737913: | 99 30 9d 03 7e ff 73 46 4a 21 3c f9 d5 d2 39 16 Sep 21 07:16:08.737914: | 61 4b ed 86 aa 88 3e dc 98 07 a3 Sep 21 07:16:08.737950: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:16:08.737953: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.737955: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:16:08.737957: | 00 02 00 05 0a b6 9a 98 63 b5 ab fb 45 68 8f 59 Sep 21 07:16:08.737959: | a4 6d 73 7a 30 ec 69 4f fc f3 08 3d 90 c2 16 3d Sep 21 07:16:08.737961: | cf e8 2c 4f 2a 8c da 0b 0c 48 80 7b 84 0b 7a d0 Sep 21 07:16:08.737963: | c8 01 f5 48 a6 7b b4 2f eb 24 b6 4b b7 80 e2 2d Sep 21 07:16:08.737965: | 9b 4f 6c 50 1c f2 5f 6d f4 07 67 7b 52 fe a4 46 Sep 21 07:16:08.737967: | 3a 2c 81 c2 e2 3f 8c 52 44 26 2c 68 d0 6d 68 34 Sep 21 07:16:08.737969: | c6 8d b9 cd 76 22 4c 18 ec d3 5e 18 62 7a fe ec Sep 21 07:16:08.737971: | 8f 7b 1d ca dc da 8a 10 44 e0 ca 7d 04 9f e6 54 Sep 21 07:16:08.737974: | bf ef 30 a2 7b 2f 44 d5 70 56 dd 4b 82 1b 46 3c Sep 21 07:16:08.737976: | 99 0d a7 28 76 50 65 5d 93 4b 23 cc 42 2d fc a9 Sep 21 07:16:08.737978: | d4 a3 a1 39 95 18 ad cd 80 e4 95 ef 16 50 ff 5a Sep 21 07:16:08.737980: | 3f 1f 69 63 33 58 dd 0d 6e d7 36 5a 92 9f e9 ec Sep 21 07:16:08.737983: | 5f 2e f2 2f 64 47 c4 22 c8 95 2a 88 b0 48 5c 5c Sep 21 07:16:08.737985: | b5 e8 bd a8 7a 24 d4 bf 37 57 00 22 db 9a 9c 6f Sep 21 07:16:08.737987: | 39 f4 b3 5d 96 dc aa 1c b3 17 95 97 7a 0b 00 00 Sep 21 07:16:08.737990: | e0 4e a7 00 56 73 d4 98 a2 17 7e ca ca b7 68 13 Sep 21 07:16:08.737992: | 6f e8 31 dc 33 df 2d 7e 08 89 36 2d f6 93 b2 e9 Sep 21 07:16:08.737994: | ec 12 33 8d f6 92 29 e8 48 b0 f9 60 6a 92 d1 da Sep 21 07:16:08.737997: | 5f 9c 6e 8e c9 a3 01 62 e3 a7 0d fe 57 fa a5 e5 Sep 21 07:16:08.737999: | 0e 1a 7d 4d 33 75 30 38 dd 5a 1a 90 d3 81 e2 27 Sep 21 07:16:08.738001: | 57 fb 7c 04 c8 e9 70 df 28 d7 78 7e 51 f5 b9 ef Sep 21 07:16:08.738004: | 52 d6 70 6a c6 f5 94 0a 04 af 4f 9d 31 8a 5e f0 Sep 21 07:16:08.738006: | cc b6 64 b2 0e d6 75 f8 cf 09 03 40 fa 4e 81 3f Sep 21 07:16:08.738009: | d3 84 29 72 12 59 90 22 69 90 b9 02 76 a9 91 37 Sep 21 07:16:08.738011: | 72 cf 1d ce b0 08 fd 18 59 95 a4 1c 0b c6 ac 41 Sep 21 07:16:08.738013: | 5b 1a 0a 3e d7 bd 64 70 71 47 dc c5 7e de a9 ae Sep 21 07:16:08.738016: | ae 67 bb 4b d8 97 c1 ca 35 de 8a 91 80 44 03 0a Sep 21 07:16:08.738018: | 84 6c b3 20 b2 4e d0 2e 8a ad c6 05 29 14 5f d5 Sep 21 07:16:08.738021: | dd 5b ba d1 ce db 6b f0 fd 40 09 9c b4 c7 85 fc Sep 21 07:16:08.738023: | 35 50 e8 80 27 6e 07 0b 79 03 af 4f c4 98 89 ff Sep 21 07:16:08.738025: | b6 5a 96 f7 66 89 0e 3b 20 60 b8 90 8a 99 28 f2 Sep 21 07:16:08.738028: | 77 6c 08 5d dc bc 59 1c ab 62 a1 Sep 21 07:16:08.738046: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:16:08.738051: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.738053: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:16:08.738056: | 00 03 00 05 b1 ce b2 54 a2 49 8c 44 23 18 d0 c5 Sep 21 07:16:08.738058: | 29 5d e2 80 08 29 7b 8a fd 70 f4 9d c8 14 c9 58 Sep 21 07:16:08.738060: | 9f d5 46 03 96 75 d4 fe 61 48 47 12 86 ec d1 88 Sep 21 07:16:08.738063: | 01 93 4a 9a 35 25 49 db d7 4e 91 16 bb e3 d6 a0 Sep 21 07:16:08.738065: | d1 e3 9d 4a 3f 6e 0f 26 f0 cc a1 c1 eb cc cd 93 Sep 21 07:16:08.738067: | 50 38 3f 53 92 70 eb 42 82 2e d9 8b 79 09 de a3 Sep 21 07:16:08.738070: | 10 0f fd 63 ac 93 3d 57 c4 75 2d 27 ae 9d 7d f8 Sep 21 07:16:08.738072: | f5 0e 42 4d 30 5c d7 c4 32 f9 de 2f f3 c3 d8 6d Sep 21 07:16:08.738074: | 5a 99 ce 9a c4 34 b0 27 78 c7 94 dc 24 e8 2b 23 Sep 21 07:16:08.738077: | ae c6 a1 44 2b c8 c3 a7 a0 c8 10 c7 81 ed 8e 74 Sep 21 07:16:08.738079: | b6 40 f6 ef 14 a1 19 b5 92 ca 85 2e bc 2d 75 6d Sep 21 07:16:08.738081: | aa ac b7 2f 13 84 e2 07 55 bf fc 3c 60 0a e7 88 Sep 21 07:16:08.738084: | 87 57 48 c3 18 3b ed fd 98 36 35 c1 74 ad 30 b6 Sep 21 07:16:08.738086: | ce d4 31 ea e0 4d 08 a2 30 db fb 2c 0a 3d 87 ca Sep 21 07:16:08.738088: | 53 75 33 7c 94 47 bb 69 c5 ef e4 b6 6f 96 59 bf Sep 21 07:16:08.738091: | 52 f2 41 5f 65 fa d4 ac b3 1d 51 0f 47 db e4 e1 Sep 21 07:16:08.738093: | 52 a4 73 13 96 7a 95 e6 ea 9b 67 4b 24 eb 82 b6 Sep 21 07:16:08.738095: | 20 9c 7f 16 94 26 56 63 6b 67 f3 57 82 47 5a b6 Sep 21 07:16:08.738098: | ba 21 71 aa bc 8c a2 32 45 28 ff 49 a6 f0 d0 de Sep 21 07:16:08.738100: | ac 91 e1 c1 0d ef 61 dd ce 7c fc b9 04 57 fc 2f Sep 21 07:16:08.738103: | 31 79 59 8f aa 1c be 0a 73 db ac a2 3f 90 f4 b8 Sep 21 07:16:08.738105: | 5b d7 0b ee 32 3f 17 f4 fa 0f 9f 1e 6a 78 1f 63 Sep 21 07:16:08.738107: | d7 70 93 a8 a9 a0 3c 7c 27 a7 fd 99 b4 d8 b1 f0 Sep 21 07:16:08.738109: | 64 69 3d 4d bf 69 f6 46 20 95 06 4a 78 69 f5 27 Sep 21 07:16:08.738112: | 46 2c 5d 11 9d 45 c0 bc a6 1e bc 0c f2 53 1a cb Sep 21 07:16:08.738114: | 81 b6 be cf f5 a5 19 f2 aa b8 3f 07 d0 9d 26 f0 Sep 21 07:16:08.738116: | 08 1a c3 8f 86 6f db eb bb f3 6c 2c c0 be cc c7 Sep 21 07:16:08.738118: | fd 26 40 4b e4 0c bc 57 53 10 9e b0 b8 40 4f c2 Sep 21 07:16:08.738121: | db ce 31 ab 0b d2 b3 51 35 de c7 09 fb 41 db 52 Sep 21 07:16:08.738123: | 82 69 8d e8 ac 5a 67 b9 12 3b a7 0c 70 eb 60 38 Sep 21 07:16:08.738125: | c9 0b 59 4d e5 5e 5e c5 72 9c 3e 65 ea 28 11 c4 Sep 21 07:16:08.738128: | b1 a7 97 85 8d 0b 29 ea 60 9d 20 Sep 21 07:16:08.738143: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:16:08.738146: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.738148: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:16:08.738150: | 00 04 00 05 c0 ab 74 5b 12 67 d1 d4 82 c3 31 f9 Sep 21 07:16:08.738153: | f8 7d c9 65 32 45 d7 31 e9 79 54 bc e2 73 a6 70 Sep 21 07:16:08.738155: | 39 1f 30 02 2f b4 43 b0 48 84 43 d6 54 e9 a2 42 Sep 21 07:16:08.738158: | 35 3b 39 ef 17 22 30 8e 66 00 e4 bc d3 48 0a 97 Sep 21 07:16:08.738160: | 1d c3 d0 98 08 5d 80 f6 32 4a 9d 71 6e e1 cd 92 Sep 21 07:16:08.738162: | b1 a8 fc 60 1a 6f df 45 70 54 9e 46 1d 9a 98 a4 Sep 21 07:16:08.738165: | cf 41 2a b0 cd a7 32 2e 60 98 23 6e 8b 4e 95 d3 Sep 21 07:16:08.738167: | 97 cf eb 3d 66 10 50 e0 18 75 6c fc ef f7 fe 5c Sep 21 07:16:08.738169: | 83 72 0e ea 3a 1b 08 eb 47 c1 31 93 2e 98 57 28 Sep 21 07:16:08.738172: | ca 23 44 c4 49 d1 c5 53 8a 5e bc 7f e1 11 19 7c Sep 21 07:16:08.738174: | 0d f3 d5 51 d5 2c 66 88 c5 0d 1c bd 24 26 32 ae Sep 21 07:16:08.738176: | d0 44 b8 4d 05 3c da 3d 60 65 30 06 ca 1f 52 08 Sep 21 07:16:08.738179: | 4f ef d2 37 d8 74 b9 98 bf 11 db 7c ae 86 3e 96 Sep 21 07:16:08.738181: | b4 79 37 32 7c 8d b8 28 17 ca d9 60 12 30 cd b8 Sep 21 07:16:08.738183: | fa ff ab ac b0 c3 32 be fe f4 82 9c 20 fa 20 a7 Sep 21 07:16:08.738187: | 1f 80 f8 78 09 55 1e d7 bf d7 c5 18 9b 14 b6 4f Sep 21 07:16:08.738189: | c2 f3 a2 5e ee 0b ca 18 a5 aa 6e 62 86 7b 39 ce Sep 21 07:16:08.738192: | 05 a0 e8 8d 11 81 e2 93 c9 c6 6d 97 25 14 ab 47 Sep 21 07:16:08.738194: | 10 ab 2e fb f4 28 75 2f 5e dc 14 d2 40 7f a1 bf Sep 21 07:16:08.738196: | ee 2a b2 d1 e1 4a bc 05 26 58 5d 0b 68 d8 4c 09 Sep 21 07:16:08.738199: | 2b 1d 37 7b cc c1 59 fc 75 08 65 3a 5b 9d c6 73 Sep 21 07:16:08.738201: | 99 8c aa 22 0c df 60 6d 7a 50 a9 82 2c b5 e0 b8 Sep 21 07:16:08.738203: | 2d 46 fa 5b 3e 1b 19 8a 2e 01 0f 8f 7e e3 21 e9 Sep 21 07:16:08.738206: | 8f 4d 0b f8 ac a8 ee 0e f2 a5 dc 6f 94 52 c5 d6 Sep 21 07:16:08.738208: | f1 c4 43 1d 2a ac de 9d 47 c5 df d8 01 3f 91 2b Sep 21 07:16:08.738210: | a1 a3 e8 83 19 84 f1 a4 a8 ad 53 c5 fc 6c 03 c9 Sep 21 07:16:08.738213: | 8d ad f1 b2 b8 64 34 e2 74 9c f4 77 04 81 cd 61 Sep 21 07:16:08.738215: | f0 fd 7a 9c ed ca a6 50 6c 4f db a9 61 51 95 1f Sep 21 07:16:08.738217: | 4c e3 fd be 65 d7 e9 69 bb 83 c1 d7 66 5c 15 2b Sep 21 07:16:08.738220: | d1 6f 13 38 32 92 eb e4 23 70 3e 4b 1f f1 6a 38 Sep 21 07:16:08.738222: | 66 e9 48 4e 0a 4f 70 3f 43 76 33 ee ed b2 db 3a Sep 21 07:16:08.738225: | fb f0 9d ed dd 7f c7 1d fa 39 7b Sep 21 07:16:08.738240: | sending 81 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:16:08.738243: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.738245: | 35 20 23 20 00 00 00 01 00 00 00 51 00 00 00 35 Sep 21 07:16:08.738247: | 00 05 00 05 76 ed e8 22 59 63 51 6e 6a 19 d0 2f Sep 21 07:16:08.738250: | 07 56 2b b3 c5 0d c5 24 9a 20 b3 da 5a 9d 40 f3 Sep 21 07:16:08.738252: | 8f 25 2f 17 89 24 3a be 05 e9 47 c0 72 08 3b 32 Sep 21 07:16:08.738254: | ed Sep 21 07:16:08.738264: | sent 5 fragments Sep 21 07:16:08.738267: | releasing whack for #2 (sock=fd@-1) Sep 21 07:16:08.738270: | releasing whack and unpending for parent #1 Sep 21 07:16:08.738273: | unpending state #1 connection "northnet-eastnets/0x1" Sep 21 07:16:08.738277: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:16:08.738280: | event_schedule: new EVENT_SA_REKEY-pe@0x561e34b832b0 Sep 21 07:16:08.738284: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Sep 21 07:16:08.738287: | libevent_malloc: new ptr-libevent@0x561e34b8b9d0 size 128 Sep 21 07:16:08.738292: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:16:08.738298: | #1 spent 18.1 milliseconds in resume sending helper answer Sep 21 07:16:08.738303: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:16:08.738307: | libevent_free: release ptr-libevent@0x7f0f84006b90 Sep 21 07:16:08.738317: | processing signal PLUTO_SIGCHLD Sep 21 07:16:08.738322: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:08.738326: | spent 0.00478 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:08.738329: | processing signal PLUTO_SIGCHLD Sep 21 07:16:08.738332: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:08.738336: | spent 0.00344 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:08.738338: | processing signal PLUTO_SIGCHLD Sep 21 07:16:08.738342: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:08.738345: | spent 0.0034 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:08.863414: | spent 0.00292 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:08.863436: | *received 601 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:16:08.863440: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.863442: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Sep 21 07:16:08.863445: | 52 27 bf 61 26 95 a4 63 35 d7 d2 51 a1 7d 83 27 Sep 21 07:16:08.863447: | 63 cc 44 b1 66 a5 ef 48 53 fa 45 c9 c8 73 f7 4d Sep 21 07:16:08.863452: | 20 f5 c0 52 77 28 ef 05 67 3b e3 d4 fc 4c 61 1e Sep 21 07:16:08.863455: | 5a 14 f6 3b d5 4a ff 30 08 11 8f 91 17 82 30 83 Sep 21 07:16:08.863457: | 78 68 da 6b 93 b3 87 97 46 9d f9 d4 29 46 4a 2c Sep 21 07:16:08.863459: | c5 3c ff bf 3b 7a 2c 5c a4 dc db fe ad c0 71 8a Sep 21 07:16:08.863461: | f9 d4 ce f2 14 77 9e 13 fc cf 3e 31 42 72 a8 92 Sep 21 07:16:08.863463: | 96 ac 4d 6a 5b 13 a7 1f ef 63 04 0e 38 9d cc ba Sep 21 07:16:08.863466: | 70 a1 16 34 ee 71 44 d6 86 91 7a 1c ac 6a bf b6 Sep 21 07:16:08.863468: | f7 24 24 f7 3a 12 a6 b3 ce 42 50 a1 06 42 8e 1d Sep 21 07:16:08.863470: | 6e f9 b3 31 86 d1 5d b9 72 77 17 dd 49 78 97 0f Sep 21 07:16:08.863472: | 6c 94 15 6e 57 20 0e 10 94 ac c1 0f e4 95 56 fe Sep 21 07:16:08.863474: | 88 9c c8 32 46 af c3 9c dc 7a e9 e2 83 c1 88 92 Sep 21 07:16:08.863476: | fd c9 bd ca 23 cb 8b c2 8d b2 60 c1 c2 c4 3b 5f Sep 21 07:16:08.863478: | c3 1b 73 96 f9 30 ea 2f 0c 9a c5 91 8c 8e c6 36 Sep 21 07:16:08.863481: | d9 ee e3 d6 bf 63 fd 20 77 e0 7a 0b 5c 90 58 f5 Sep 21 07:16:08.863483: | bc be 83 a0 11 40 22 8d d5 4a c2 f9 91 26 2e e7 Sep 21 07:16:08.863485: | c7 21 6b fe 38 38 dc 18 a8 ad 50 d3 fb cf 01 c2 Sep 21 07:16:08.863487: | 7a b9 a3 fd 2f c0 63 6d b0 6d 92 91 ec 54 bf 0e Sep 21 07:16:08.863490: | f9 30 a8 61 5c 50 7a aa 52 8d 5f 6e 90 31 58 07 Sep 21 07:16:08.863492: | e6 03 9a 84 69 40 63 06 6f 86 3e 70 2f 72 ab 38 Sep 21 07:16:08.863494: | 97 b6 cd 13 b8 ee cf 9b 1c 2a 46 c7 e9 c3 ef 6e Sep 21 07:16:08.863496: | d5 46 df 5b 2d 15 2d 10 fa 70 4c 00 59 c9 07 16 Sep 21 07:16:08.863499: | 68 7e 48 38 c9 f0 4f 2e a1 5b 80 b0 df bf 06 7f Sep 21 07:16:08.863500: | 5c d6 90 1f 0c f1 11 5e de 03 20 14 26 11 81 ea Sep 21 07:16:08.863502: | bb 39 31 c1 95 82 8f 85 e5 a7 be 26 d0 2d cc 20 Sep 21 07:16:08.863504: | 18 e0 71 68 6b fd 7b 49 54 2e 02 b8 49 19 d9 53 Sep 21 07:16:08.863506: | 75 51 1b 7a 1c 27 45 71 db b6 cf 24 6a 69 13 b1 Sep 21 07:16:08.863508: | 07 9c 52 50 9c 68 32 5d 44 2a 41 d1 ac ff b6 0c Sep 21 07:16:08.863510: | 5a 7d 34 bc 53 3e c6 f1 28 ea 01 4f 18 66 9d 22 Sep 21 07:16:08.863512: | 38 d4 55 bb 99 35 11 e1 93 bf 9b f5 0f 3c 29 07 Sep 21 07:16:08.863514: | c5 2f dc db 7d d5 2e 17 8f 65 a3 ba 38 32 4a e8 Sep 21 07:16:08.863516: | a6 f2 a4 f9 e2 0e 32 51 35 46 2f 80 72 bd ad 9d Sep 21 07:16:08.863518: | 49 41 39 a0 63 f7 48 e8 2f 87 6a a7 ee 04 60 77 Sep 21 07:16:08.863520: | 1f 51 11 2d d3 d5 42 8c d3 7b 54 30 2b 69 d2 06 Sep 21 07:16:08.863522: | 0f ec f4 bf 51 8c 8e 40 28 Sep 21 07:16:08.863526: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:16:08.863529: | **parse ISAKMP Message: Sep 21 07:16:08.863532: | initiator cookie: Sep 21 07:16:08.863533: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.863535: | responder cookie: Sep 21 07:16:08.863537: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.863540: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:08.863542: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.863544: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:16:08.863547: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:08.863549: | Message ID: 2 (0x2) Sep 21 07:16:08.863551: | length: 601 (0x259) Sep 21 07:16:08.863554: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Sep 21 07:16:08.863557: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Sep 21 07:16:08.863561: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Sep 21 07:16:08.863567: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:08.863570: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:16:08.863574: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:16:08.863578: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Sep 21 07:16:08.863582: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 Sep 21 07:16:08.863584: | unpacking clear payload Sep 21 07:16:08.863587: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:08.863589: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:08.863591: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:08.863593: | flags: none (0x0) Sep 21 07:16:08.863595: | length: 573 (0x23d) Sep 21 07:16:08.863598: | processing payload: ISAKMP_NEXT_v2SK (len=569) Sep 21 07:16:08.863602: | Message ID: start-responder #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Sep 21 07:16:08.863604: | #1 in state PARENT_R2: received v2I2, PARENT SA established Sep 21 07:16:08.863619: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Sep 21 07:16:08.863622: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:08.863625: | **parse IKEv2 Security Association Payload: Sep 21 07:16:08.863627: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:16:08.863629: | flags: none (0x0) Sep 21 07:16:08.863632: | length: 196 (0xc4) Sep 21 07:16:08.863634: | processing payload: ISAKMP_NEXT_v2SA (len=192) Sep 21 07:16:08.863636: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:16:08.863638: | **parse IKEv2 Nonce Payload: Sep 21 07:16:08.863641: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:16:08.863643: | flags: none (0x0) Sep 21 07:16:08.863645: | length: 36 (0x24) Sep 21 07:16:08.863647: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:16:08.863649: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:16:08.863652: | **parse IKEv2 Key Exchange Payload: Sep 21 07:16:08.863654: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:16:08.863656: | flags: none (0x0) Sep 21 07:16:08.863658: | length: 264 (0x108) Sep 21 07:16:08.863660: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.863663: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:16:08.863665: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:16:08.863668: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:08.863670: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:16:08.863673: | flags: none (0x0) Sep 21 07:16:08.863675: | length: 24 (0x18) Sep 21 07:16:08.863678: | number of TS: 1 (0x1) Sep 21 07:16:08.863680: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:16:08.863683: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:16:08.863685: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:08.863688: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.863690: | flags: none (0x0) Sep 21 07:16:08.863692: | length: 24 (0x18) Sep 21 07:16:08.863695: | number of TS: 1 (0x1) Sep 21 07:16:08.863697: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:16:08.863700: | state #1 forced to match CREATE_CHILD_SA from V2_CREATE_R->V2_IPSEC_R by ignoring from state Sep 21 07:16:08.863703: | selected state microcode Respond to CREATE_CHILD_SA IPsec SA Request Sep 21 07:16:08.863709: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:16:08.863713: | creating state object #3 at 0x561e34b85c70 Sep 21 07:16:08.863716: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:16:08.863722: | pstats #3 ikev2.child started Sep 21 07:16:08.863726: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA Sep 21 07:16:08.863731: | #3 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:08.863737: | Message ID: init_child #1.#3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:08.863744: | child state #3: UNDEFINED(ignore) => V2_CREATE_R(established IKE SA) Sep 21 07:16:08.863750: | "northnet-eastnets/0x2" #1 received Child SA Request CREATE_CHILD_SA from 192.1.3.33:500 Child "northnet-eastnets/0x2" #3 in STATE_V2_CREATE_R will process it further Sep 21 07:16:08.863755: | Message ID: switch-from #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2->-1 Sep 21 07:16:08.863760: | Message ID: switch-to #1.#3 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1->2 Sep 21 07:16:08.863763: | forcing ST #1 to CHILD #1.#3 in FSM processor Sep 21 07:16:08.863765: | Now let's proceed with state specific processing Sep 21 07:16:08.863768: | calling processor Respond to CREATE_CHILD_SA IPsec SA Request Sep 21 07:16:08.863773: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:16:08.863777: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals) Sep 21 07:16:08.863782: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:16:08.863813: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:16:08.863817: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:16:08.863820: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:16:08.863823: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:08.863827: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:08.863830: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:08.863834: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:08.863841: "northnet-eastnets/0x2": constructed local ESP/AH proposals for northnet-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:08.863844: | Comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 4 local proposals Sep 21 07:16:08.863847: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:08.863850: | local proposal 1 type PRF has 0 transforms Sep 21 07:16:08.863852: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:08.863854: | local proposal 1 type DH has 1 transforms Sep 21 07:16:08.863857: | local proposal 1 type ESN has 1 transforms Sep 21 07:16:08.863860: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Sep 21 07:16:08.863862: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:08.863864: | local proposal 2 type PRF has 0 transforms Sep 21 07:16:08.863867: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:08.863869: | local proposal 2 type DH has 1 transforms Sep 21 07:16:08.863871: | local proposal 2 type ESN has 1 transforms Sep 21 07:16:08.863874: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Sep 21 07:16:08.863876: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:08.863879: | local proposal 3 type PRF has 0 transforms Sep 21 07:16:08.863881: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:08.863883: | local proposal 3 type DH has 1 transforms Sep 21 07:16:08.863885: | local proposal 3 type ESN has 1 transforms Sep 21 07:16:08.863888: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:16:08.863890: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:08.863893: | local proposal 4 type PRF has 0 transforms Sep 21 07:16:08.863897: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:08.863899: | local proposal 4 type DH has 1 transforms Sep 21 07:16:08.863950: | local proposal 4 type ESN has 1 transforms Sep 21 07:16:08.863953: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:16:08.863956: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.863959: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.863961: | length: 40 (0x28) Sep 21 07:16:08.863964: | prop #: 1 (0x1) Sep 21 07:16:08.863966: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.863969: | spi size: 4 (0x4) Sep 21 07:16:08.863971: | # transforms: 3 (0x3) Sep 21 07:16:08.863974: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:16:08.863977: | remote SPI 79 70 04 7c Sep 21 07:16:08.863980: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:16:08.863984: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.863987: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.863989: | length: 12 (0xc) Sep 21 07:16:08.863991: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.863993: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:08.863996: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.863999: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.864002: | length/value: 256 (0x100) Sep 21 07:16:08.864009: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:08.864012: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.864015: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.864017: | length: 8 (0x8) Sep 21 07:16:08.864020: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.864022: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.864026: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:16:08.864029: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Sep 21 07:16:08.864032: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Sep 21 07:16:08.864036: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Sep 21 07:16:08.864038: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.864041: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.864043: | length: 8 (0x8) Sep 21 07:16:08.864046: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.864049: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.864053: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:16:08.864056: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Sep 21 07:16:08.864059: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Sep 21 07:16:08.864062: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Sep 21 07:16:08.864066: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Sep 21 07:16:08.864071: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Sep 21 07:16:08.864074: | remote proposal 1 matches local proposal 1 Sep 21 07:16:08.864077: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.864079: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.864082: | length: 40 (0x28) Sep 21 07:16:08.864084: | prop #: 2 (0x2) Sep 21 07:16:08.864086: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.864089: | spi size: 4 (0x4) Sep 21 07:16:08.864091: | # transforms: 3 (0x3) Sep 21 07:16:08.864094: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:16:08.864101: | remote SPI 79 70 04 7c Sep 21 07:16:08.864104: | Comparing remote proposal 2 containing 3 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:16:08.864107: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.864110: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.864112: | length: 12 (0xc) Sep 21 07:16:08.864114: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.864117: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:08.864119: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.864122: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.864124: | length/value: 128 (0x80) Sep 21 07:16:08.864127: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.864129: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.864132: | length: 8 (0x8) Sep 21 07:16:08.864134: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.864137: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.864139: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.864142: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.864144: | length: 8 (0x8) Sep 21 07:16:08.864146: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.864149: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.864152: | remote proposal 2 proposed transforms: ENCR+DH+ESN; matched: none; unmatched: ENCR+DH+ESN Sep 21 07:16:08.864155: | remote proposal 2 does not match; unmatched remote transforms: ENCR+DH+ESN Sep 21 07:16:08.864158: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.864161: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.864163: | length: 56 (0x38) Sep 21 07:16:08.864165: | prop #: 3 (0x3) Sep 21 07:16:08.864168: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.864170: | spi size: 4 (0x4) Sep 21 07:16:08.864172: | # transforms: 5 (0x5) Sep 21 07:16:08.864175: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:16:08.864177: | remote SPI 79 70 04 7c Sep 21 07:16:08.864180: | Comparing remote proposal 3 containing 5 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:16:08.864182: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.864185: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.864187: | length: 12 (0xc) Sep 21 07:16:08.864190: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.864192: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:08.864195: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.864197: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.864199: | length/value: 256 (0x100) Sep 21 07:16:08.864202: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.864205: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.864208: | length: 8 (0x8) Sep 21 07:16:08.864210: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.864213: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:08.864216: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.864218: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.864221: | length: 8 (0x8) Sep 21 07:16:08.864223: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.864226: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:08.864228: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.864231: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.864233: | length: 8 (0x8) Sep 21 07:16:08.864236: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.864238: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.864241: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.864243: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.864246: | length: 8 (0x8) Sep 21 07:16:08.864248: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.864252: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.864256: | remote proposal 3 proposed transforms: ENCR+INTEG+DH+ESN; matched: none; unmatched: ENCR+INTEG+DH+ESN Sep 21 07:16:08.864259: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+DH+ESN Sep 21 07:16:08.864262: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.864264: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:08.864266: | length: 56 (0x38) Sep 21 07:16:08.864268: | prop #: 4 (0x4) Sep 21 07:16:08.864271: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.864273: | spi size: 4 (0x4) Sep 21 07:16:08.864275: | # transforms: 5 (0x5) Sep 21 07:16:08.864278: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:16:08.864281: | remote SPI 79 70 04 7c Sep 21 07:16:08.864284: | Comparing remote proposal 4 containing 5 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:16:08.864286: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.864288: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.864291: | length: 12 (0xc) Sep 21 07:16:08.864293: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.864296: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:08.864298: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.864301: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.864303: | length/value: 128 (0x80) Sep 21 07:16:08.864306: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.864308: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.864310: | length: 8 (0x8) Sep 21 07:16:08.864313: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.864315: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:08.864318: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.864320: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.864322: | length: 8 (0x8) Sep 21 07:16:08.864324: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.864327: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:08.864330: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.864332: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.864335: | length: 8 (0x8) Sep 21 07:16:08.864337: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.864339: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.864342: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.864345: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.864347: | length: 8 (0x8) Sep 21 07:16:08.864349: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.864351: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.864355: | remote proposal 4 proposed transforms: ENCR+INTEG+DH+ESN; matched: none; unmatched: ENCR+INTEG+DH+ESN Sep 21 07:16:08.864358: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+DH+ESN Sep 21 07:16:08.864364: "northnet-eastnets/0x2" #1: proposal 1:ESP:SPI=7970047c;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:08.864369: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=7970047c;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Sep 21 07:16:08.864372: | converting proposal to internal trans attrs Sep 21 07:16:08.864376: | updating #3's .st_oakley with preserved PRF, but why update? Sep 21 07:16:08.864380: | Child SA TS Request has child->sa == md->st; so using child connection Sep 21 07:16:08.864382: | TSi: parsing 1 traffic selectors Sep 21 07:16:08.864385: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:08.864389: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:08.864392: | IP Protocol ID: 0 (0x0) Sep 21 07:16:08.864395: | length: 16 (0x10) Sep 21 07:16:08.864397: | start port: 0 (0x0) Sep 21 07:16:08.864400: | end port: 65535 (0xffff) Sep 21 07:16:08.864402: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:08.864405: | TS low c0 00 03 00 Sep 21 07:16:08.864407: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:08.864409: | TS high c0 00 03 ff Sep 21 07:16:08.864412: | TSi: parsed 1 traffic selectors Sep 21 07:16:08.864414: | TSr: parsing 1 traffic selectors Sep 21 07:16:08.864417: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:08.864419: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:08.864422: | IP Protocol ID: 0 (0x0) Sep 21 07:16:08.864424: | length: 16 (0x10) Sep 21 07:16:08.864426: | start port: 0 (0x0) Sep 21 07:16:08.864429: | end port: 65535 (0xffff) Sep 21 07:16:08.864431: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:08.864433: | TS low c0 00 16 00 Sep 21 07:16:08.864436: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:08.864438: | TS high c0 00 16 ff Sep 21 07:16:08.864440: | TSr: parsed 1 traffic selectors Sep 21 07:16:08.864443: | looking for best SPD in current connection Sep 21 07:16:08.864450: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Sep 21 07:16:08.864455: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:08.864462: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:16:08.864466: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:16:08.864468: | TSi[0] port match: YES fitness 65536 Sep 21 07:16:08.864472: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:16:08.864475: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:08.864480: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:08.864486: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Sep 21 07:16:08.864489: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:16:08.864492: | TSr[0] port match: YES fitness 65536 Sep 21 07:16:08.864495: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:16:08.864498: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:08.864501: | best fit so far: TSi[0] TSr[0] Sep 21 07:16:08.864504: | found better spd route for TSi[0],TSr[0] Sep 21 07:16:08.864506: | looking for better host pair Sep 21 07:16:08.864512: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:16:08.864517: | checking hostpair 192.0.22.0/24:0 -> 192.0.3.0/24:0 is found Sep 21 07:16:08.864520: | investigating connection "northnet-eastnets/0x2" as a better match Sep 21 07:16:08.864533: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:16:08.864543: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:16:08.864546: | results matched Sep 21 07:16:08.864555: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.864564: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.864570: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Sep 21 07:16:08.864574: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:08.864581: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:16:08.864586: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:16:08.864589: | TSi[0] port match: YES fitness 65536 Sep 21 07:16:08.864592: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:16:08.864595: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:08.864600: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:08.864606: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Sep 21 07:16:08.864609: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:16:08.864612: | TSr[0] port match: YES fitness 65536 Sep 21 07:16:08.864615: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:16:08.864618: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:08.864620: | best fit so far: TSi[0] TSr[0] Sep 21 07:16:08.864623: | investigating connection "northnet-eastnets/0x1" as a better match Sep 21 07:16:08.864633: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:16:08.864640: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:16:08.864643: | results matched Sep 21 07:16:08.864651: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.864660: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.864665: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:16:08.864671: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:08.864677: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:16:08.864680: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:16:08.864683: | TSi[0] port match: YES fitness 65536 Sep 21 07:16:08.864685: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:16:08.864688: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:08.864693: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:08.864699: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: NO Sep 21 07:16:08.864701: | did not find a better connection using host pair Sep 21 07:16:08.864704: | printing contents struct traffic_selector Sep 21 07:16:08.864706: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:16:08.864708: | ipprotoid: 0 Sep 21 07:16:08.864711: | port range: 0-65535 Sep 21 07:16:08.864715: | ip range: 192.0.22.0-192.0.22.255 Sep 21 07:16:08.864718: | printing contents struct traffic_selector Sep 21 07:16:08.864720: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:16:08.864722: | ipprotoid: 0 Sep 21 07:16:08.864724: | port range: 0-65535 Sep 21 07:16:08.864728: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:16:08.864732: | adding Child Responder KE and nonce nr work-order 3 for state #3 Sep 21 07:16:08.864736: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f0f8c002b20 Sep 21 07:16:08.864739: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:16:08.864743: | libevent_malloc: new ptr-libevent@0x7f0f84006b90 size 128 Sep 21 07:16:08.864747: | libevent_realloc: release ptr-libevent@0x561e34b57f90 Sep 21 07:16:08.864750: | libevent_realloc: new ptr-libevent@0x561e34b8c0f0 size 128 Sep 21 07:16:08.864761: | #3 spent 0.916 milliseconds in processing: Respond to CREATE_CHILD_SA IPsec SA Request in ikev2_process_state_packet() Sep 21 07:16:08.864764: | crypto helper 3 resuming Sep 21 07:16:08.864782: | crypto helper 3 starting work-order 3 for state #3 Sep 21 07:16:08.864803: | crypto helper 3 doing build KE and nonce (Child Responder KE and nonce nr); request ID 3 Sep 21 07:16:08.864767: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:08.864962: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:08.864967: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND Sep 21 07:16:08.864970: | suspending state #3 and saving MD Sep 21 07:16:08.864972: | #3 is busy; has a suspended MD Sep 21 07:16:08.864977: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:08.864981: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:08.864986: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:08.864992: | #1 spent 1.32 milliseconds in ikev2_process_packet() Sep 21 07:16:08.864996: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:16:08.864999: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:08.865002: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:08.865007: | spent 1.33 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:08.865802: | crypto helper 3 finished build KE and nonce (Child Responder KE and nonce nr); request ID 3 time elapsed 0.000999 seconds Sep 21 07:16:08.865811: | (#3) spent 1 milliseconds in crypto helper computing work-order 3: Child Responder KE and nonce nr (pcr) Sep 21 07:16:08.865815: | crypto helper 3 sending results from work-order 3 for state #3 to event queue Sep 21 07:16:08.865818: | scheduling resume sending helper answer for #3 Sep 21 07:16:08.865821: | libevent_malloc: new ptr-libevent@0x7f0f88006900 size 128 Sep 21 07:16:08.865829: | crypto helper 3 waiting (nothing to do) Sep 21 07:16:08.865840: | processing resume sending helper answer for #3 Sep 21 07:16:08.865846: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:16:08.865850: | crypto helper 3 replies to request ID 3 Sep 21 07:16:08.865852: | calling continuation function 0x561e3375f630 Sep 21 07:16:08.865969: | ikev2_child_inIoutR_continue for #3 STATE_V2_CREATE_R Sep 21 07:16:08.865978: | adding DHv2 for child sa work-order 4 for state #3 Sep 21 07:16:08.865981: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:08.865985: | libevent_free: release ptr-libevent@0x7f0f84006b90 Sep 21 07:16:08.865988: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f0f8c002b20 Sep 21 07:16:08.865991: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f0f8c002b20 Sep 21 07:16:08.865994: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:16:08.865997: | libevent_malloc: new ptr-libevent@0x7f0f84006b90 size 128 Sep 21 07:16:08.866008: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:08.866012: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND Sep 21 07:16:08.866015: | suspending state #3 and saving MD Sep 21 07:16:08.866017: | #3 is busy; has a suspended MD Sep 21 07:16:08.866022: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:08.866026: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:08.866029: | resume sending helper answer for #3 suppresed complete_v2_state_transition() and stole MD Sep 21 07:16:08.866034: | #3 spent 0.0731 milliseconds in resume sending helper answer Sep 21 07:16:08.866044: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:16:08.866048: | libevent_free: release ptr-libevent@0x7f0f88006900 Sep 21 07:16:08.866057: | crypto helper 5 resuming Sep 21 07:16:08.866060: | crypto helper 5 starting work-order 4 for state #3 Sep 21 07:16:08.866064: | crypto helper 5 doing crypto (DHv2 for child sa); request ID 4 Sep 21 07:16:08.867115: | crypto helper 5 finished crypto (DHv2 for child sa); request ID 4 time elapsed 0.00105 seconds Sep 21 07:16:08.867128: | (#3) spent 0.99 milliseconds in crypto helper computing work-order 4: DHv2 for child sa (dh) Sep 21 07:16:08.867131: | crypto helper 5 sending results from work-order 4 for state #3 to event queue Sep 21 07:16:08.867134: | scheduling resume sending helper answer for #3 Sep 21 07:16:08.867137: | libevent_malloc: new ptr-libevent@0x7f0f7c001ef0 size 128 Sep 21 07:16:08.867145: | crypto helper 5 waiting (nothing to do) Sep 21 07:16:08.867155: | processing resume sending helper answer for #3 Sep 21 07:16:08.867160: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:16:08.867164: | crypto helper 5 replies to request ID 4 Sep 21 07:16:08.867166: | calling continuation function 0x561e337604f0 Sep 21 07:16:08.867170: | ikev2_child_inIoutR_continue_continue for #3 STATE_V2_CREATE_R Sep 21 07:16:08.867175: | **emit ISAKMP Message: Sep 21 07:16:08.867178: | initiator cookie: Sep 21 07:16:08.867180: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.867183: | responder cookie: Sep 21 07:16:08.867185: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.867188: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:08.867190: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.867193: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:16:08.867196: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:08.867199: | Message ID: 2 (0x2) Sep 21 07:16:08.867202: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:08.867205: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:08.867208: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.867210: | flags: none (0x0) Sep 21 07:16:08.867213: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:08.867216: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.867219: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:08.867244: | netlink_get_spi: allocated 0xb3d9ed9f for esp.0@192.1.2.23 Sep 21 07:16:08.867246: | Emitting ikev2_proposal ... Sep 21 07:16:08.867249: | ****emit IKEv2 Security Association Payload: Sep 21 07:16:08.867252: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.867254: | flags: none (0x0) Sep 21 07:16:08.867257: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:08.867260: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.867264: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.867266: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:08.867269: | prop #: 1 (0x1) Sep 21 07:16:08.867271: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.867274: | spi size: 4 (0x4) Sep 21 07:16:08.867276: | # transforms: 3 (0x3) Sep 21 07:16:08.867279: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:08.867282: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:08.867285: | our spi b3 d9 ed 9f Sep 21 07:16:08.867288: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.867293: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.867295: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.867298: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:08.867301: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.867304: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.867307: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.867309: | length/value: 256 (0x100) Sep 21 07:16:08.867312: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:08.867315: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.867317: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.867320: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.867323: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.867326: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.867328: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.867331: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.867334: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.867336: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.867338: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.867341: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.867344: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.867347: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.867349: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.867352: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:16:08.867355: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:08.867357: | emitting length of IKEv2 Security Association Payload: 44 Sep 21 07:16:08.867360: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:08.867362: | ****emit IKEv2 Nonce Payload: Sep 21 07:16:08.867365: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.867367: | flags: none (0x0) Sep 21 07:16:08.867370: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:08.867373: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.867376: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:08.867379: | IKEv2 nonce 8d 8f 56 dd 8a 18 f7 5c 91 7b a7 d6 3b 51 08 1a Sep 21 07:16:08.867381: | IKEv2 nonce 16 94 b0 1b 66 0e 1e cc 87 53 ed 9f f3 76 d8 67 Sep 21 07:16:08.867384: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:08.867386: | ****emit IKEv2 Key Exchange Payload: Sep 21 07:16:08.867389: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.867391: | flags: none (0x0) Sep 21 07:16:08.867394: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.867397: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:08.867399: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.867402: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:08.867405: | ikev2 g^x 7e 3f 2f 02 f5 39 1e a4 ce f1 5f d4 f9 a1 ed 75 Sep 21 07:16:08.867408: | ikev2 g^x 73 65 f3 d5 2d 3f 4d d0 8d 60 48 82 1b 9c 9e 3a Sep 21 07:16:08.867411: | ikev2 g^x 52 27 2d 6d fd 74 a7 f5 9b a0 c4 e1 6f d3 e6 c1 Sep 21 07:16:08.867413: | ikev2 g^x 07 e9 4c 86 a0 7b 84 47 55 66 be ee ec 5a 2c 0b Sep 21 07:16:08.867415: | ikev2 g^x d2 7b 39 23 4d 68 76 1d 17 12 b4 5b 1d df 4b 4c Sep 21 07:16:08.867418: | ikev2 g^x 15 d5 e2 61 4e 68 0e 7e 15 02 5b 25 1d 78 48 ad Sep 21 07:16:08.867420: | ikev2 g^x c2 12 50 33 ab d4 34 98 17 90 e5 f2 11 90 62 31 Sep 21 07:16:08.867422: | ikev2 g^x 93 3f 72 13 f0 93 9c 4a 0d 85 98 81 67 7d 5d 20 Sep 21 07:16:08.867425: | ikev2 g^x 64 9c 42 5d 96 71 cc 49 4f 89 b9 62 3b 50 94 ba Sep 21 07:16:08.867427: | ikev2 g^x 1b 2b b2 4c 93 b5 98 38 be 58 39 b2 43 55 c4 a9 Sep 21 07:16:08.867429: | ikev2 g^x 2d 4c d1 69 48 cd e2 3d 37 09 b1 92 ff 9b 97 1a Sep 21 07:16:08.867432: | ikev2 g^x 0b db b1 ed f1 ff 1d 24 bf 38 e5 83 13 ee 00 99 Sep 21 07:16:08.867434: | ikev2 g^x d8 16 c5 78 ff 6e 51 90 55 72 1a 35 ef c3 5b 6f Sep 21 07:16:08.867437: | ikev2 g^x 90 70 95 16 ff 67 6e b3 36 02 0e 1d 00 19 ae 3b Sep 21 07:16:08.867439: | ikev2 g^x 72 77 21 f9 3b 9b 22 c9 5d 38 53 3b dd 82 54 a7 Sep 21 07:16:08.867441: | ikev2 g^x 44 e1 3e 8f 48 58 04 da 1f 79 ca cb cb 38 c5 ba Sep 21 07:16:08.867444: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:16:08.867447: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:08.867449: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.867451: | flags: none (0x0) Sep 21 07:16:08.867454: | number of TS: 1 (0x1) Sep 21 07:16:08.867457: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:16:08.867460: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.867463: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:08.867465: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:08.867467: | IP Protocol ID: 0 (0x0) Sep 21 07:16:08.867470: | start port: 0 (0x0) Sep 21 07:16:08.867472: | end port: 65535 (0xffff) Sep 21 07:16:08.867475: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:08.867478: | IP start c0 00 03 00 Sep 21 07:16:08.867480: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:08.867482: | IP end c0 00 03 ff Sep 21 07:16:08.867485: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:08.867487: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:16:08.867490: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:08.867492: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.867495: | flags: none (0x0) Sep 21 07:16:08.867497: | number of TS: 1 (0x1) Sep 21 07:16:08.867500: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:16:08.867503: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.867505: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:08.867508: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:08.867510: | IP Protocol ID: 0 (0x0) Sep 21 07:16:08.867513: | start port: 0 (0x0) Sep 21 07:16:08.867515: | end port: 65535 (0xffff) Sep 21 07:16:08.867518: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:08.867520: | IP start c0 00 16 00 Sep 21 07:16:08.867522: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:08.867525: | IP end c0 00 16 ff Sep 21 07:16:08.867527: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:08.867529: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:16:08.867532: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:16:08.867537: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:16:08.867714: | install_ipsec_sa() for #3: inbound and outbound Sep 21 07:16:08.867719: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Sep 21 07:16:08.867722: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:08.867725: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:08.867728: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:08.867731: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:08.867734: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:08.867738: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Sep 21 07:16:08.867742: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:08.867746: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:08.867749: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:08.867751: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:08.867755: | setting IPsec SA replay-window to 32 Sep 21 07:16:08.867758: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Sep 21 07:16:08.867761: | netlink: enabling tunnel mode Sep 21 07:16:08.867764: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:08.867767: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:08.868022: | netlink response for Add SA esp.7970047c@192.1.3.33 included non-error error Sep 21 07:16:08.868030: | set up outgoing SA, ref=0/0 Sep 21 07:16:08.868033: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:08.868037: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:08.868039: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:08.868042: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:08.868046: | setting IPsec SA replay-window to 32 Sep 21 07:16:08.868049: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Sep 21 07:16:08.868052: | netlink: enabling tunnel mode Sep 21 07:16:08.868055: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:08.868057: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:08.868222: | netlink response for Add SA esp.b3d9ed9f@192.1.2.23 included non-error error Sep 21 07:16:08.868229: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:08.868237: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Sep 21 07:16:08.868240: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:08.868383: | raw_eroute result=success Sep 21 07:16:08.868389: | set up incoming SA, ref=0/0 Sep 21 07:16:08.868392: | sr for #3: unrouted Sep 21 07:16:08.868395: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:16:08.868398: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:08.868401: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:08.868404: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:08.868407: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:08.868410: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:08.868414: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Sep 21 07:16:08.868418: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:northnet-eastnets/0x1 rosr:{0x561e34b75f70} and state: #3 Sep 21 07:16:08.868421: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:08.868429: | eroute_connection add eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Sep 21 07:16:08.868432: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:08.868457: | raw_eroute result=success Sep 21 07:16:08.868461: | running updown command "ipsec _updown" for verb up Sep 21 07:16:08.868464: | command executing up-client Sep 21 07:16:08.868502: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.868511: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.868532: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Sep 21 07:16:08.868535: | popen cmd is 1405 chars long Sep 21 07:16:08.868538: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Sep 21 07:16:08.868541: | cmd( 80):x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PL: Sep 21 07:16:08.868544: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east: Sep 21 07:16:08.868547: | cmd( 240):.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.: Sep 21 07:16:08.868549: | cmd( 320):0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Sep 21 07:16:08.868552: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='E: Sep 21 07:16:08.868555: | cmd( 480):SP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Sep 21 07:16:08.868557: | cmd( 560):wan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.li: Sep 21 07:16:08.868560: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' : Sep 21 07:16:08.868563: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Sep 21 07:16:08.868566: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Sep 21 07:16:08.868568: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Sep 21 07:16:08.868571: | cmd( 960):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_: Sep 21 07:16:08.868574: | cmd(1040):TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMIL: Sep 21 07:16:08.868576: | cmd(1120):Y='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEE: Sep 21 07:16:08.868579: | cmd(1200):R_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' : Sep 21 07:16:08.868582: | cmd(1280):PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x7: Sep 21 07:16:08.868584: | cmd(1360):970047c SPI_OUT=0xb3d9ed9f ipsec _updown 2>&1: Sep 21 07:16:08.881948: | route_and_eroute: firewall_notified: true Sep 21 07:16:08.881963: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x561e34b7f280,sr=0x561e34b7f280} to #3 (was #0) (newest_ipsec_sa=#0) Sep 21 07:16:08.882051: | #1 spent 0.67 milliseconds in install_ipsec_sa() Sep 21 07:16:08.882059: | ISAKMP_v2_CREATE_CHILD_SA: instance northnet-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Sep 21 07:16:08.882067: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:08.882071: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:08.882075: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:08.882078: | emitting length of IKEv2 Encryption Payload: 421 Sep 21 07:16:08.882081: | emitting length of ISAKMP Message: 449 Sep 21 07:16:08.882397: "northnet-eastnets/0x2" #3: negotiated new IPsec SA [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Sep 21 07:16:08.882409: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:08.882414: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_OK Sep 21 07:16:08.882417: | IKEv2: transition from state STATE_V2_CREATE_R to state STATE_V2_IPSEC_R Sep 21 07:16:08.882421: | child state #3: V2_CREATE_R(established IKE SA) => V2_IPSEC_R(established CHILD SA) Sep 21 07:16:08.882424: | Message ID: updating counters for #3 to 2 after switching state Sep 21 07:16:08.882430: | Message ID: recv #1.#3 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1->2; child: wip.initiator=-1 wip.responder=2->-1 Sep 21 07:16:08.882436: | Message ID: sent #1.#3 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=2; child: wip.initiator=-1 wip.responder=-1 Sep 21 07:16:08.882439: | pstats #3 ikev2.child established Sep 21 07:16:08.882447: "northnet-eastnets/0x2" #3: negotiated connection [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Sep 21 07:16:08.882451: | NAT-T: encaps is 'auto' Sep 21 07:16:08.882456: "northnet-eastnets/0x2" #3: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x7970047c <0xb3d9ed9f xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Sep 21 07:16:08.882462: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:16:08.882468: | sending 449 bytes for STATE_V2_CREATE_R through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:16:08.882471: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.882473: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Sep 21 07:16:08.882476: | 27 90 05 70 5c d8 9f 95 20 b1 01 05 d9 29 e0 44 Sep 21 07:16:08.882478: | 7f f4 ae b2 21 cf 94 79 a7 66 2a 14 f5 cb 91 62 Sep 21 07:16:08.882481: | fa da 9c e8 3f bb 4d ca 77 13 38 4d d9 02 6c e2 Sep 21 07:16:08.882483: | d0 ff 4f 8a 0a 15 62 c1 cd 27 47 a0 9d ed 7d e2 Sep 21 07:16:08.882486: | 61 66 87 e4 ea 49 d7 c8 68 0e 00 bf 7d e5 ec 59 Sep 21 07:16:08.882488: | 5c da 66 f3 2a 2d 9b 5d 8e 6a 95 c2 d1 a4 d6 30 Sep 21 07:16:08.882490: | 1a 1f 2a 55 78 5a 17 59 26 3d 46 a6 85 78 27 9c Sep 21 07:16:08.882493: | 70 85 bd a8 23 68 d0 9a 5b 08 50 ff d0 14 64 81 Sep 21 07:16:08.882495: | a6 87 f4 be 45 60 24 53 6a f1 ef 59 b7 bd e9 8b Sep 21 07:16:08.882497: | d4 65 2d 6c 9c bc 77 65 84 57 72 13 39 1c 17 c0 Sep 21 07:16:08.882500: | 17 35 1e 52 97 a8 63 c7 44 06 07 fb ac ce d1 d4 Sep 21 07:16:08.882502: | 8f f0 5e 0a 31 04 34 7e b4 f5 87 25 af b8 4e 4a Sep 21 07:16:08.882505: | aa 5e 1e e6 d7 cc e6 af b1 e0 42 57 8c 5c 5c 6a Sep 21 07:16:08.882507: | 0c d2 bb 16 b4 2f 93 7c d2 27 79 e3 b0 83 bd 09 Sep 21 07:16:08.882509: | b4 d8 f3 f1 aa fe 92 53 ab 85 72 1a 16 a2 39 c9 Sep 21 07:16:08.882512: | cc 48 f8 3c 7b 4b 6a 67 98 45 3e 9f b1 94 d7 e4 Sep 21 07:16:08.882514: | ad ab f1 9f f4 9a d9 a9 8d 1d a5 42 b4 69 ce 3a Sep 21 07:16:08.882517: | 89 ba b7 d5 22 85 85 33 ae 74 51 c1 51 1a 4a b9 Sep 21 07:16:08.882519: | d1 96 95 04 33 5d 1a 0b 17 2d 82 a7 28 5f db f2 Sep 21 07:16:08.882522: | 61 57 a7 cc 6a ba a3 e9 19 0b ef c8 99 92 9b 34 Sep 21 07:16:08.882524: | 48 9c 5f d6 49 20 ac a4 a5 12 84 61 7f 15 13 ce Sep 21 07:16:08.882529: | df 03 77 2a ed fc 76 77 7e e5 05 c1 6e 67 c4 8f Sep 21 07:16:08.882532: | 34 19 de 8e d4 1f 3d bb 98 9c e0 1d 19 d2 25 ee Sep 21 07:16:08.882534: | 09 b7 92 e4 c2 dc 6c fa 3c 4b d4 62 61 cd 7d ba Sep 21 07:16:08.882536: | 75 33 a0 ef 32 44 31 0d e4 a9 05 b2 ec b1 aa cc Sep 21 07:16:08.882539: | a7 55 33 58 99 18 2a 69 48 63 da 4a 04 b5 cb ee Sep 21 07:16:08.882540: | e9 Sep 21 07:16:08.882597: | releasing whack for #3 (sock=fd@-1) Sep 21 07:16:08.882601: | releasing whack and unpending for parent #1 Sep 21 07:16:08.882604: | unpending state #1 connection "northnet-eastnets/0x2" Sep 21 07:16:08.882608: | #3 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:16:08.882611: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:08.882616: | libevent_free: release ptr-libevent@0x7f0f84006b90 Sep 21 07:16:08.882620: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f0f8c002b20 Sep 21 07:16:08.882623: | event_schedule: new EVENT_SA_REKEY-pe@0x7f0f88002b20 Sep 21 07:16:08.882627: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #3 Sep 21 07:16:08.882631: | libevent_malloc: new ptr-libevent@0x7f0f84006b90 size 128 Sep 21 07:16:08.882639: | #3 spent 1.5 milliseconds in resume sending helper answer Sep 21 07:16:08.882645: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:16:08.882649: | libevent_free: release ptr-libevent@0x7f0f7c001ef0 Sep 21 07:16:08.882661: | processing signal PLUTO_SIGCHLD Sep 21 07:16:08.882667: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:08.882672: | spent 0.00503 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:11.520499: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:11.520702: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:11.520708: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:11.520833: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:16:11.520839: | FOR_EACH_STATE_... in sort_states Sep 21 07:16:11.520846: | get_sa_info esp.5631025@192.1.2.23 Sep 21 07:16:11.520858: | get_sa_info esp.f71ecbee@192.1.3.33 Sep 21 07:16:11.520875: | get_sa_info esp.b3d9ed9f@192.1.2.23 Sep 21 07:16:11.520885: | get_sa_info esp.7970047c@192.1.3.33 Sep 21 07:16:11.520905: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:11.520913: | spent 0.408 milliseconds in whack Sep 21 07:16:12.648268: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:12.648305: shutting down Sep 21 07:16:12.648316: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:16:12.648321: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:16:12.648329: destroying root certificate cache Sep 21 07:16:12.648352: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:12.648356: forgetting secrets Sep 21 07:16:12.648363: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:12.648380: | unreference key: 0x561e34b80e20 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:12.648387: | unreference key: 0x561e34b80ca0 user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:12.648392: | unreference key: 0x561e34b80750 @east.testing.libreswan.org cnt 1-- Sep 21 07:16:12.648398: | unreference key: 0x561e34b80310 east@testing.libreswan.org cnt 1-- Sep 21 07:16:12.648405: | unreference key: 0x561e34b7b1f0 192.1.2.23 cnt 1-- Sep 21 07:16:12.648418: | unreference key: 0x561e34b7adb0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:12.648425: | unreference key: 0x561e34b77330 user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:12.648436: | unreference key: 0x561e34b76d70 @north.testing.libreswan.org cnt 1-- Sep 21 07:16:12.648444: | start processing: connection "northnet-eastnets/0x2" (in delete_connection() at connections.c:189) Sep 21 07:16:12.648449: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:16:12.648452: | pass 0 Sep 21 07:16:12.648456: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:12.648459: | state #3 Sep 21 07:16:12.648464: | suspend processing: connection "northnet-eastnets/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:16:12.648472: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:16:12.648477: | pstats #3 ikev2.child deleted completed Sep 21 07:16:12.648485: | #3 spent 4.49 milliseconds in total Sep 21 07:16:12.648492: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:16:12.648498: "northnet-eastnets/0x2" #3: deleting state (STATE_V2_IPSEC_R) aged 3.784s and sending notification Sep 21 07:16:12.648503: | child state #3: V2_IPSEC_R(established CHILD SA) => delete Sep 21 07:16:12.648511: | get_sa_info esp.7970047c@192.1.3.33 Sep 21 07:16:12.648525: | get_sa_info esp.b3d9ed9f@192.1.2.23 Sep 21 07:16:12.648534: "northnet-eastnets/0x2" #3: ESP traffic information: in=168B out=168B Sep 21 07:16:12.648538: | #3 send IKEv2 delete notification for STATE_V2_IPSEC_R Sep 21 07:16:12.648542: | Opening output PBS informational exchange delete request Sep 21 07:16:12.648545: | **emit ISAKMP Message: Sep 21 07:16:12.648548: | initiator cookie: Sep 21 07:16:12.648551: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:12.648554: | responder cookie: Sep 21 07:16:12.648556: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.648560: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:12.648564: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:12.648567: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:12.648571: | flags: none (0x0) Sep 21 07:16:12.648574: | Message ID: 0 (0x0) Sep 21 07:16:12.648578: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:12.648582: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:12.648586: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.648589: | flags: none (0x0) Sep 21 07:16:12.648594: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:12.648598: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:16:12.648602: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:12.648611: | ****emit IKEv2 Delete Payload: Sep 21 07:16:12.648614: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.648617: | flags: none (0x0) Sep 21 07:16:12.648621: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:12.648623: | SPI size: 4 (0x4) Sep 21 07:16:12.648626: | number of SPIs: 1 (0x1) Sep 21 07:16:12.648631: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:16:12.648635: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:16:12.648639: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Sep 21 07:16:12.648642: | local spis b3 d9 ed 9f Sep 21 07:16:12.648645: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:16:12.648648: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:12.648653: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:12.648657: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:12.648663: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:16:12.648667: | emitting length of ISAKMP Message: 69 Sep 21 07:16:12.648695: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Sep 21 07:16:12.648700: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.648703: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:16:12.648706: | da e0 3e 25 c2 d6 bc f1 10 24 1b 3d 44 da 53 89 Sep 21 07:16:12.648709: | 2b c0 23 42 e5 15 6a f4 ca d7 61 11 cf b6 ae 9f Sep 21 07:16:12.648712: | 7a 74 86 e8 60 Sep 21 07:16:12.648775: | Message ID: IKE #1 sender #3 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Sep 21 07:16:12.648789: | Message ID: IKE #1 sender #3 in send_delete hacking around record ' send Sep 21 07:16:12.648805: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:12.648814: | state #3 requesting EVENT_SA_REKEY to be deleted Sep 21 07:16:12.648824: | libevent_free: release ptr-libevent@0x7f0f84006b90 Sep 21 07:16:12.648828: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f0f88002b20 Sep 21 07:16:12.649840: | running updown command "ipsec _updown" for verb down Sep 21 07:16:12.649850: | command executing down-client Sep 21 07:16:12.649910: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050168' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' P Sep 21 07:16:12.649915: | popen cmd is 1298 chars long Sep 21 07:16:12.649920: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Sep 21 07:16:12.649924: | cmd( 80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Sep 21 07:16:12.649928: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Sep 21 07:16:12.649931: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Sep 21 07:16:12.649935: | cmd( 320):2.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Sep 21 07:16:12.649939: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE=: Sep 21 07:16:12.649942: | cmd( 480):'ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Sep 21 07:16:12.649946: | cmd( 560):eswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.: Sep 21 07:16:12.649950: | cmd( 640):libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0: Sep 21 07:16:12.649953: | cmd( 720):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Sep 21 07:16:12.649957: | cmd( 800):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050168' PLUTO_CONN: Sep 21 07:16:12.649960: | cmd( 880):_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO: Sep 21 07:16:12.649964: | cmd( 960):' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLU: Sep 21 07:16:12.649967: | cmd(1040):TO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER: Sep 21 07:16:12.649974: | cmd(1120):_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI: Sep 21 07:16:12.649978: | cmd(1200):_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x7970047c SPI_OUT=0xb3d9ed9f : Sep 21 07:16:12.649981: | cmd(1280):ipsec _updown 2>&1: Sep 21 07:16:12.673728: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.22.0/24:0 --0->- 192.0.3.0/24:0 Sep 21 07:16:12.673744: | netlink_shunt_eroute for proto 0, and source 192.0.22.0/24:0 dest 192.0.3.0/24:0 Sep 21 07:16:12.673748: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:12.673752: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:12.673848: | delete esp.7970047c@192.1.3.33 Sep 21 07:16:12.673884: | netlink response for Del SA esp.7970047c@192.1.3.33 included non-error error Sep 21 07:16:12.673888: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:12.673895: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Sep 21 07:16:12.673938: | raw_eroute result=success Sep 21 07:16:12.673942: | delete esp.b3d9ed9f@192.1.2.23 Sep 21 07:16:12.673964: | netlink response for Del SA esp.b3d9ed9f@192.1.2.23 included non-error error Sep 21 07:16:12.673971: | stop processing: connection "northnet-eastnets/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:16:12.673974: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:16:12.673977: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:16:12.673980: | State DB: deleting IKEv2 state #3 in V2_IPSEC_R Sep 21 07:16:12.673985: | child state #3: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:16:12.674005: | stop processing: state #3 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:16:12.674013: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:16:12.674016: | state #2 Sep 21 07:16:12.674021: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:16:12.674024: | pstats #2 ikev2.child deleted completed Sep 21 07:16:12.674029: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:16:12.674033: "northnet-eastnets/0x1" #2: deleting state (STATE_V2_IPSEC_R) aged 3.995s and sending notification Sep 21 07:16:12.674036: | child state #2: V2_IPSEC_R(established CHILD SA) => delete Sep 21 07:16:12.674040: | get_sa_info esp.f71ecbee@192.1.3.33 Sep 21 07:16:12.674048: | get_sa_info esp.5631025@192.1.2.23 Sep 21 07:16:12.674055: "northnet-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Sep 21 07:16:12.674059: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_R Sep 21 07:16:12.674062: | Opening output PBS informational exchange delete request Sep 21 07:16:12.674065: | **emit ISAKMP Message: Sep 21 07:16:12.674068: | initiator cookie: Sep 21 07:16:12.674070: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:12.674073: | responder cookie: Sep 21 07:16:12.674075: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.674078: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:12.674081: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:12.674083: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:12.674086: | flags: none (0x0) Sep 21 07:16:12.674088: | Message ID: 1 (0x1) Sep 21 07:16:12.674091: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:12.674094: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:12.674097: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.674100: | flags: none (0x0) Sep 21 07:16:12.674103: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:12.674109: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:16:12.674112: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:12.674120: | ****emit IKEv2 Delete Payload: Sep 21 07:16:12.674123: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.674125: | flags: none (0x0) Sep 21 07:16:12.674128: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:12.674130: | SPI size: 4 (0x4) Sep 21 07:16:12.674133: | number of SPIs: 1 (0x1) Sep 21 07:16:12.674136: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:16:12.674139: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:16:12.674142: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Sep 21 07:16:12.674144: | local spis 05 63 10 25 Sep 21 07:16:12.674147: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:16:12.674149: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:12.674153: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:12.674156: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:12.674158: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:16:12.674161: | emitting length of ISAKMP Message: 69 Sep 21 07:16:12.674178: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Sep 21 07:16:12.674181: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.674184: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Sep 21 07:16:12.674186: | 15 17 37 43 e2 90 5e 3f 50 99 70 ed d5 82 f8 00 Sep 21 07:16:12.674188: | 6e 4a 2a 48 72 33 98 c6 17 f4 51 65 b0 f0 49 d5 Sep 21 07:16:12.674191: | 61 2f 34 04 96 Sep 21 07:16:12.674245: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Sep 21 07:16:12.674249: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Sep 21 07:16:12.674254: | Message ID: #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=1 wip.responder=-1 Sep 21 07:16:12.674259: | Message ID: sent #1 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=0->1 wip.responder=-1 Sep 21 07:16:12.674261: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:16:12.674266: | libevent_free: release ptr-libevent@0x561e34b8b9d0 Sep 21 07:16:12.674269: | free_event_entry: release EVENT_SA_REKEY-pe@0x561e34b832b0 Sep 21 07:16:12.674337: | running updown command "ipsec _updown" for verb down Sep 21 07:16:12.674341: | command executing down-client Sep 21 07:16:12.674381: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050168' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLU Sep 21 07:16:12.674387: | popen cmd is 1295 chars long Sep 21 07:16:12.674390: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Sep 21 07:16:12.674392: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Sep 21 07:16:12.674395: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Sep 21 07:16:12.674398: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Sep 21 07:16:12.674400: | cmd( 320):2.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Sep 21 07:16:12.674403: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='E: Sep 21 07:16:12.674405: | cmd( 480):SP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Sep 21 07:16:12.674408: | cmd( 560):wan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.li: Sep 21 07:16:12.674410: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' : Sep 21 07:16:12.674413: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Sep 21 07:16:12.674415: | cmd( 800):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050168' PLUTO_CONN_P: Sep 21 07:16:12.674418: | cmd( 880):OLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : Sep 21 07:16:12.674421: | cmd( 960):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO: Sep 21 07:16:12.674423: | cmd(1040):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B: Sep 21 07:16:12.674426: | cmd(1120):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I: Sep 21 07:16:12.674428: | cmd(1200):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xf71ecbee SPI_OUT=0x5631025 ips: Sep 21 07:16:12.674430: | cmd(1280):ec _updown 2>&1: Sep 21 07:16:12.706755: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0 Sep 21 07:16:12.706772: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0 Sep 21 07:16:12.706777: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:12.706781: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:12.707009: | delete esp.f71ecbee@192.1.3.33 Sep 21 07:16:12.707153: | netlink response for Del SA esp.f71ecbee@192.1.3.33 included non-error error Sep 21 07:16:12.707160: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:12.707168: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Sep 21 07:16:12.707252: | raw_eroute result=success Sep 21 07:16:12.707259: | delete esp.5631025@192.1.2.23 Sep 21 07:16:12.707331: | netlink response for Del SA esp.5631025@192.1.2.23 included non-error error Sep 21 07:16:12.707340: | in connection_discard for connection northnet-eastnets/0x1 Sep 21 07:16:12.707344: | State DB: deleting IKEv2 state #2 in V2_IPSEC_R Sep 21 07:16:12.707349: | child state #2: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:16:12.707355: | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:16:12.707363: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:16:12.707366: | state #1 Sep 21 07:16:12.707368: | pass 1 Sep 21 07:16:12.707370: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:12.707373: | state #1 Sep 21 07:16:12.707379: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:16:12.707382: | pstats #1 ikev2.ike deleted completed Sep 21 07:16:12.707388: | #1 spent 26.1 milliseconds in total Sep 21 07:16:12.707397: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:16:12.707402: "northnet-eastnets/0x2" #1: deleting state (STATE_PARENT_R2) aged 4.069s and sending notification Sep 21 07:16:12.707406: | parent state #1: PARENT_R2(established IKE SA) => delete Sep 21 07:16:12.707804: | #1 send IKEv2 delete notification for STATE_PARENT_R2 Sep 21 07:16:12.707814: | Opening output PBS informational exchange delete request Sep 21 07:16:12.707818: | **emit ISAKMP Message: Sep 21 07:16:12.707821: | initiator cookie: Sep 21 07:16:12.707823: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:12.707826: | responder cookie: Sep 21 07:16:12.707828: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.707831: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:12.707834: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:12.707837: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:12.707841: | flags: none (0x0) Sep 21 07:16:12.707843: | Message ID: 2 (0x2) Sep 21 07:16:12.707847: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:12.707850: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:12.707853: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.707856: | flags: none (0x0) Sep 21 07:16:12.707859: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:12.707862: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:16:12.707866: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:12.707877: | ****emit IKEv2 Delete Payload: Sep 21 07:16:12.707880: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.707882: | flags: none (0x0) Sep 21 07:16:12.707885: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:16:12.707888: | SPI size: 0 (0x0) Sep 21 07:16:12.707890: | number of SPIs: 0 (0x0) Sep 21 07:16:12.707894: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:16:12.707896: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:16:12.707899: | emitting length of IKEv2 Delete Payload: 8 Sep 21 07:16:12.707901: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:12.707904: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:12.707907: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:12.707910: | emitting length of IKEv2 Encryption Payload: 37 Sep 21 07:16:12.707912: | emitting length of ISAKMP Message: 65 Sep 21 07:16:12.707933: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:16:12.707937: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.707939: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Sep 21 07:16:12.707941: | 33 0c b4 7a de 34 65 fc f4 65 61 8b 15 b6 54 0a Sep 21 07:16:12.707943: | 08 43 e1 3c 99 f4 32 3b a2 95 f4 d2 e7 7a 26 fa Sep 21 07:16:12.707945: | 1e Sep 21 07:16:12.707997: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=2->3 and sender msgid=1->2 Sep 21 07:16:12.708001: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Sep 21 07:16:12.708006: | Message ID: #1 XXX: expecting sender.wip.initiator 1 == -1 - suspect record'n'send out-of-order?); initiator.sent=2 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=2 wip.responder=-1 Sep 21 07:16:12.708010: | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=1->2 wip.responder=-1 Sep 21 07:16:12.708016: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:16:12.708021: | libevent_free: release ptr-libevent@0x561e34b77150 Sep 21 07:16:12.708023: | free_event_entry: release EVENT_SA_REKEY-pe@0x561e34b7fef0 Sep 21 07:16:12.708026: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:16:12.708030: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:16:12.708033: | State DB: deleting IKEv2 state #1 in PARENT_R2 Sep 21 07:16:12.708036: | parent state #1: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Sep 21 07:16:12.708047: | unreference key: 0x561e34b8a7b0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 2-- Sep 21 07:16:12.708063: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:16:12.708074: | unreference key: 0x561e34b8a7b0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:12.708080: | unreference key: 0x561e34b9bb80 user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:12.708085: | unreference key: 0x561e34b75150 @north.testing.libreswan.org cnt 1-- Sep 21 07:16:12.708101: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:16:12.708109: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.22.0/24:0 --0->- 192.0.3.0/24:0 Sep 21 07:16:12.708115: | netlink_shunt_eroute for proto 0, and source 192.0.22.0/24:0 dest 192.0.3.0/24:0 Sep 21 07:16:12.708118: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:12.708154: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:12.708168: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:12.708175: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:12.708178: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:12.708182: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:12.708185: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:12.708190: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" prospective erouted Sep 21 07:16:12.708195: | flush revival: connection 'northnet-eastnets/0x2' wasn't on the list Sep 21 07:16:12.708199: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:16:12.708211: | start processing: connection "northnet-eastnets/0x1" (in delete_connection() at connections.c:189) Sep 21 07:16:12.708215: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:16:12.708217: | pass 0 Sep 21 07:16:12.708220: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:12.708222: | pass 1 Sep 21 07:16:12.708224: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:12.708230: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0 Sep 21 07:16:12.708235: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0 Sep 21 07:16:12.708238: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:12.708268: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:12.708282: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:12.708288: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:12.708292: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:12.708296: | route owner of "northnet-eastnets/0x1" unrouted: NULL Sep 21 07:16:12.708299: | running updown command "ipsec _updown" for verb unroute Sep 21 07:16:12.708305: | command executing unroute-client Sep 21 07:16:12.708344: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO Sep 21 07:16:12.708351: | popen cmd is 1277 chars long Sep 21 07:16:12.708355: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:16:12.708358: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.2: Sep 21 07:16:12.708361: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:16:12.708363: | cmd( 240):=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT=: Sep 21 07:16:12.708366: | cmd( 320):'192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255: Sep 21 07:16:12.708369: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Sep 21 07:16:12.708371: | cmd( 480):='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Li: Sep 21 07:16:12.708374: | cmd( 560):breswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testin: Sep 21 07:16:12.708377: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3: Sep 21 07:16:12.708379: | cmd( 720):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Sep 21 07:16:12.708382: | cmd( 800):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY: Sep 21 07:16:12.708385: | cmd( 880):='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Sep 21 07:16:12.708387: | cmd( 960):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Sep 21 07:16:12.708390: | cmd(1040):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Sep 21 07:16:12.708393: | cmd(1120):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Sep 21 07:16:12.708396: | cmd(1200):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:16:12.739606: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739625: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739629: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739642: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739656: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739670: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739684: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739695: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739704: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739713: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739722: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739733: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739744: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739753: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739762: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739770: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739780: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739794: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739804: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739812: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739822: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739832: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739841: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739849: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739858: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739867: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739877: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739887: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739895: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739904: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739917: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.739927: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.740118: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.740127: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.740136: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:12.747744: | free hp@0x561e34b7b590 Sep 21 07:16:12.747759: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list Sep 21 07:16:12.747764: | stop processing: connection "northnet-eastnets/0x1" (in discard_connection() at connections.c:249) Sep 21 07:16:12.747804: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:16:12.747811: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:16:12.747822: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:16:12.747827: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:16:12.747830: shutting down interface eth0/eth0 192.0.2.254:4500 Sep 21 07:16:12.747833: shutting down interface eth0/eth0 192.0.2.254:500 Sep 21 07:16:12.747837: shutting down interface eth0/eth0 192.0.22.254:4500 Sep 21 07:16:12.747840: shutting down interface eth0/eth0 192.0.22.254:500 Sep 21 07:16:12.747843: shutting down interface eth1/eth1 192.1.2.23:4500 Sep 21 07:16:12.747846: shutting down interface eth1/eth1 192.1.2.23:500 Sep 21 07:16:12.747851: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:16:12.747861: | libevent_free: release ptr-libevent@0x561e34b74670 Sep 21 07:16:12.747865: | free_event_entry: release EVENT_NULL-pe@0x561e34b74630 Sep 21 07:16:12.747875: | libevent_free: release ptr-libevent@0x561e34b74760 Sep 21 07:16:12.747879: | free_event_entry: release EVENT_NULL-pe@0x561e34b74720 Sep 21 07:16:12.747889: | libevent_free: release ptr-libevent@0x561e34b74850 Sep 21 07:16:12.747893: | free_event_entry: release EVENT_NULL-pe@0x561e34b74810 Sep 21 07:16:12.747899: | libevent_free: release ptr-libevent@0x561e34b74940 Sep 21 07:16:12.747902: | free_event_entry: release EVENT_NULL-pe@0x561e34b74900 Sep 21 07:16:12.747909: | libevent_free: release ptr-libevent@0x561e34b74a30 Sep 21 07:16:12.747911: | free_event_entry: release EVENT_NULL-pe@0x561e34b749f0 Sep 21 07:16:12.747918: | libevent_free: release ptr-libevent@0x561e34b74b20 Sep 21 07:16:12.747921: | free_event_entry: release EVENT_NULL-pe@0x561e34b74ae0 Sep 21 07:16:12.747927: | libevent_free: release ptr-libevent@0x561e34b75240 Sep 21 07:16:12.747931: | free_event_entry: release EVENT_NULL-pe@0x561e34b74bd0 Sep 21 07:16:12.747937: | libevent_free: release ptr-libevent@0x561e34b752d0 Sep 21 07:16:12.747940: | free_event_entry: release EVENT_NULL-pe@0x561e34b74c30 Sep 21 07:16:12.747945: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:16:12.748467: | libevent_free: release ptr-libevent@0x561e34b73d30 Sep 21 07:16:12.748474: | free_event_entry: release EVENT_NULL-pe@0x561e34b5c9c0 Sep 21 07:16:12.748479: | libevent_free: release ptr-libevent@0x561e34b697b0 Sep 21 07:16:12.748481: | free_event_entry: release EVENT_NULL-pe@0x561e34b5cc00 Sep 21 07:16:12.748485: | libevent_free: release ptr-libevent@0x561e34b69720 Sep 21 07:16:12.748488: | free_event_entry: release EVENT_NULL-pe@0x561e34b62750 Sep 21 07:16:12.748492: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:16:12.748494: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:16:12.748497: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:16:12.748499: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:16:12.748502: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:16:12.748504: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:16:12.748506: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:16:12.748509: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:16:12.748511: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:16:12.748516: | libevent_free: release ptr-libevent@0x561e34b73f10 Sep 21 07:16:12.748519: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:16:12.748522: | libevent_free: release ptr-libevent@0x561e34b73ff0 Sep 21 07:16:12.748525: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:16:12.748528: | libevent_free: release ptr-libevent@0x561e34b740b0 Sep 21 07:16:12.748531: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:16:12.748534: | libevent_free: release ptr-libevent@0x561e34b68b20 Sep 21 07:16:12.748537: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:16:12.748539: | releasing event base Sep 21 07:16:12.748552: | libevent_free: release ptr-libevent@0x561e34b74170 Sep 21 07:16:12.748556: | libevent_free: release ptr-libevent@0x561e34b0f580 Sep 21 07:16:12.748560: | libevent_free: release ptr-libevent@0x561e34b57db0 Sep 21 07:16:12.748562: | libevent_free: release ptr-libevent@0x561e34b8c0f0 Sep 21 07:16:12.748565: | libevent_free: release ptr-libevent@0x561e34b57dd0 Sep 21 07:16:12.748567: | libevent_free: release ptr-libevent@0x561e34b73dc0 Sep 21 07:16:12.748570: | libevent_free: release ptr-libevent@0x561e34b73fb0 Sep 21 07:16:12.748572: | libevent_free: release ptr-libevent@0x561e34b57f70 Sep 21 07:16:12.748575: | libevent_free: release ptr-libevent@0x561e34b626b0 Sep 21 07:16:12.748577: | libevent_free: release ptr-libevent@0x561e34b62690 Sep 21 07:16:12.748579: | libevent_free: release ptr-libevent@0x561e34b74c70 Sep 21 07:16:12.748582: | libevent_free: release ptr-libevent@0x561e34b74c10 Sep 21 07:16:12.748584: | libevent_free: release ptr-libevent@0x561e34b74bb0 Sep 21 07:16:12.748587: | libevent_free: release ptr-libevent@0x561e34b74ac0 Sep 21 07:16:12.748589: | libevent_free: release ptr-libevent@0x561e34b749d0 Sep 21 07:16:12.748591: | libevent_free: release ptr-libevent@0x561e34b748e0 Sep 21 07:16:12.748594: | libevent_free: release ptr-libevent@0x561e34b747f0 Sep 21 07:16:12.748599: | libevent_free: release ptr-libevent@0x561e34b74700 Sep 21 07:16:12.748601: | libevent_free: release ptr-libevent@0x561e34b57e60 Sep 21 07:16:12.748604: | libevent_free: release ptr-libevent@0x561e34b74090 Sep 21 07:16:12.748606: | libevent_free: release ptr-libevent@0x561e34b73fd0 Sep 21 07:16:12.748608: | libevent_free: release ptr-libevent@0x561e34b73ef0 Sep 21 07:16:12.748611: | libevent_free: release ptr-libevent@0x561e34b74150 Sep 21 07:16:12.748613: | libevent_free: release ptr-libevent@0x561e34b73de0 Sep 21 07:16:12.748616: | libevent_free: release ptr-libevent@0x561e34b57df0 Sep 21 07:16:12.748619: | libevent_free: release ptr-libevent@0x561e34b57e20 Sep 21 07:16:12.748621: | libevent_free: release ptr-libevent@0x561e34b57b10 Sep 21 07:16:12.748624: | releasing global libevent data Sep 21 07:16:12.748627: | libevent_free: release ptr-libevent@0x561e34b562d0 Sep 21 07:16:12.748629: | libevent_free: release ptr-libevent@0x561e34b56300 Sep 21 07:16:12.748632: | libevent_free: release ptr-libevent@0x561e34b57ae0