Sep 21 07:16:08.049814: FIPS Product: YES Sep 21 07:16:08.049855: FIPS Kernel: NO Sep 21 07:16:08.049858: FIPS Mode: NO Sep 21 07:16:08.049861: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:16:08.050014: Initializing NSS Sep 21 07:16:08.050018: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:16:08.137336: NSS initialized Sep 21 07:16:08.137347: NSS crypto library initialized Sep 21 07:16:08.137350: FIPS HMAC integrity support [enabled] Sep 21 07:16:08.137352: FIPS mode disabled for pluto daemon Sep 21 07:16:08.226017: FIPS HMAC integrity verification self-test FAILED Sep 21 07:16:08.226116: libcap-ng support [enabled] Sep 21 07:16:08.226128: Linux audit support [enabled] Sep 21 07:16:08.226153: Linux audit activated Sep 21 07:16:08.226157: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:25344 Sep 21 07:16:08.226160: core dump dir: /tmp Sep 21 07:16:08.226163: secrets file: /etc/ipsec.secrets Sep 21 07:16:08.226165: leak-detective disabled Sep 21 07:16:08.226167: NSS crypto [enabled] Sep 21 07:16:08.226169: XAUTH PAM support [enabled] Sep 21 07:16:08.226244: | libevent is using pluto's memory allocator Sep 21 07:16:08.226250: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:16:08.226267: | libevent_malloc: new ptr-libevent@0x55d6f60b83d0 size 40 Sep 21 07:16:08.226270: | libevent_malloc: new ptr-libevent@0x55d6f60b8400 size 40 Sep 21 07:16:08.226274: | libevent_malloc: new ptr-libevent@0x55d6f60b9bb0 size 40 Sep 21 07:16:08.226276: | creating event base Sep 21 07:16:08.226280: | libevent_malloc: new ptr-libevent@0x55d6f60b9b70 size 56 Sep 21 07:16:08.226283: | libevent_malloc: new ptr-libevent@0x55d6f60b9be0 size 664 Sep 21 07:16:08.226294: | libevent_malloc: new ptr-libevent@0x55d6f60b9e80 size 24 Sep 21 07:16:08.226298: | libevent_malloc: new ptr-libevent@0x55d6f60733c0 size 384 Sep 21 07:16:08.226309: | libevent_malloc: new ptr-libevent@0x55d6f60b9ea0 size 16 Sep 21 07:16:08.226312: | libevent_malloc: new ptr-libevent@0x55d6f60b9ec0 size 40 Sep 21 07:16:08.226315: | libevent_malloc: new ptr-libevent@0x55d6f60b9ef0 size 48 Sep 21 07:16:08.226322: | libevent_realloc: new ptr-libevent@0x55d6f60b9f30 size 256 Sep 21 07:16:08.226325: | libevent_malloc: new ptr-libevent@0x55d6f60ba040 size 16 Sep 21 07:16:08.226332: | libevent_free: release ptr-libevent@0x55d6f60b9b70 Sep 21 07:16:08.226335: | libevent initialized Sep 21 07:16:08.226340: | libevent_realloc: new ptr-libevent@0x55d6f60ba060 size 64 Sep 21 07:16:08.226344: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:16:08.226363: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:16:08.226365: NAT-Traversal support [enabled] Sep 21 07:16:08.226369: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:16:08.226375: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:16:08.226379: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:16:08.226412: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:16:08.226417: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:16:08.226421: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:16:08.226483: Encryption algorithms: Sep 21 07:16:08.226493: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:16:08.226497: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:16:08.226501: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:16:08.226505: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:16:08.226509: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:16:08.226520: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:16:08.226525: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:16:08.226529: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:16:08.226533: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:16:08.226537: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:16:08.226542: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:16:08.226546: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:16:08.226550: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:16:08.226554: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:16:08.226559: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:16:08.226562: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:16:08.226566: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:16:08.226575: Hash algorithms: Sep 21 07:16:08.226578: MD5 IKEv1: IKE IKEv2: Sep 21 07:16:08.226581: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:16:08.226585: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:16:08.226588: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:16:08.226592: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:16:08.226610: PRF algorithms: Sep 21 07:16:08.226613: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:16:08.226617: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:16:08.226621: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:16:08.226625: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:16:08.226629: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:16:08.226632: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:16:08.226670: Integrity algorithms: Sep 21 07:16:08.226674: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:16:08.226679: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:16:08.226684: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:16:08.226689: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:16:08.226693: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:16:08.226697: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:16:08.226701: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:16:08.226704: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:16:08.226708: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:16:08.226724: DH algorithms: Sep 21 07:16:08.226728: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:16:08.226731: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:16:08.226734: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:16:08.226740: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:16:08.226743: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:16:08.226746: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:16:08.226750: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:16:08.226753: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:16:08.226757: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:16:08.226760: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:16:08.226763: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:16:08.226766: testing CAMELLIA_CBC: Sep 21 07:16:08.226769: Camellia: 16 bytes with 128-bit key Sep 21 07:16:08.226891: Camellia: 16 bytes with 128-bit key Sep 21 07:16:08.226926: Camellia: 16 bytes with 256-bit key Sep 21 07:16:08.226958: Camellia: 16 bytes with 256-bit key Sep 21 07:16:08.226987: testing AES_GCM_16: Sep 21 07:16:08.226990: empty string Sep 21 07:16:08.227016: one block Sep 21 07:16:08.227042: two blocks Sep 21 07:16:08.227067: two blocks with associated data Sep 21 07:16:08.227094: testing AES_CTR: Sep 21 07:16:08.227097: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:16:08.227124: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:16:08.227155: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:16:08.227185: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:16:08.227211: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:16:08.227241: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:16:08.227271: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:16:08.227299: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:16:08.227328: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:16:08.227358: testing AES_CBC: Sep 21 07:16:08.227361: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:16:08.227387: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:16:08.227417: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:16:08.227448: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:16:08.227487: testing AES_XCBC: Sep 21 07:16:08.227490: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:16:08.227602: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:16:08.227724: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:16:08.227848: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:16:08.227972: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:16:08.228093: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:16:08.228216: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:16:08.228487: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:16:08.228609: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:16:08.228738: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:16:08.228966: testing HMAC_MD5: Sep 21 07:16:08.228972: RFC 2104: MD5_HMAC test 1 Sep 21 07:16:08.229132: RFC 2104: MD5_HMAC test 2 Sep 21 07:16:08.229277: RFC 2104: MD5_HMAC test 3 Sep 21 07:16:08.229446: 8 CPU cores online Sep 21 07:16:08.229449: starting up 7 crypto helpers Sep 21 07:16:08.229483: started thread for crypto helper 0 Sep 21 07:16:08.229509: started thread for crypto helper 1 Sep 21 07:16:08.229529: started thread for crypto helper 2 Sep 21 07:16:08.229536: | starting up helper thread 2 Sep 21 07:16:08.229548: started thread for crypto helper 3 Sep 21 07:16:08.229551: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:16:08.229558: | crypto helper 2 waiting (nothing to do) Sep 21 07:16:08.229565: started thread for crypto helper 4 Sep 21 07:16:08.229583: started thread for crypto helper 5 Sep 21 07:16:08.229586: | starting up helper thread 5 Sep 21 07:16:08.229598: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:16:08.229601: | crypto helper 5 waiting (nothing to do) Sep 21 07:16:08.229603: started thread for crypto helper 6 Sep 21 07:16:08.229607: | starting up helper thread 6 Sep 21 07:16:08.229607: | checking IKEv1 state table Sep 21 07:16:08.229616: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:16:08.229624: | crypto helper 6 waiting (nothing to do) Sep 21 07:16:08.229626: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:08.229630: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:16:08.229634: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:08.229637: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:16:08.229640: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:16:08.229642: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:16:08.229645: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:08.229648: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:08.229651: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:16:08.229653: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:16:08.229656: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:08.229659: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:08.229662: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:16:08.229665: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:08.229667: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:08.229670: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:08.229673: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:16:08.229676: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:08.229678: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:08.229681: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:08.229684: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:16:08.229686: | -> UNDEFINED EVENT_NULL Sep 21 07:16:08.229690: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:16:08.229692: | -> UNDEFINED EVENT_NULL Sep 21 07:16:08.229695: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:08.229698: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:16:08.229701: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:08.229704: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:08.229707: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:08.229710: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:16:08.229712: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:08.229715: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:08.229718: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:16:08.229721: | -> UNDEFINED EVENT_NULL Sep 21 07:16:08.229724: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:16:08.229727: | -> UNDEFINED EVENT_NULL Sep 21 07:16:08.229730: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:16:08.229733: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:16:08.229736: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:16:08.229739: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:16:08.229742: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:16:08.229745: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:16:08.229748: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:16:08.229750: | -> UNDEFINED EVENT_NULL Sep 21 07:16:08.229754: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:16:08.229756: | -> UNDEFINED EVENT_NULL Sep 21 07:16:08.229759: | INFO: category: informational flags: 0: Sep 21 07:16:08.229762: | -> UNDEFINED EVENT_NULL Sep 21 07:16:08.229765: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:16:08.229768: | -> UNDEFINED EVENT_NULL Sep 21 07:16:08.229771: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:16:08.229778: | -> XAUTH_R1 EVENT_NULL Sep 21 07:16:08.229782: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:16:08.229791: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:08.229794: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:16:08.229797: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:16:08.229800: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:16:08.229803: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:16:08.229806: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:16:08.229809: | -> UNDEFINED EVENT_NULL Sep 21 07:16:08.229812: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:16:08.229815: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:08.229818: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:16:08.229821: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:16:08.229824: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:16:08.229827: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:16:08.229833: | checking IKEv2 state table Sep 21 07:16:08.229839: | PARENT_I0: category: ignore flags: 0: Sep 21 07:16:08.229843: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:16:08.229846: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:08.229850: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:16:08.229853: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:16:08.229857: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:16:08.229860: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:16:08.229863: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:16:08.229867: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:16:08.229870: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:16:08.229873: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:16:08.229877: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:16:08.229880: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:16:08.229883: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:16:08.229886: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:16:08.229889: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:16:08.229892: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:08.229895: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:16:08.229898: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:16:08.229902: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:16:08.229905: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:16:08.229909: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:16:08.229912: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:16:08.229915: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:16:08.229918: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:16:08.229922: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:16:08.229925: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:16:08.229928: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:16:08.229932: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:16:08.229935: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:16:08.229938: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:16:08.229942: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:08.229947: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:16:08.229951: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:16:08.229954: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:16:08.229957: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:16:08.229961: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:16:08.229965: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:16:08.229968: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:16:08.229971: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:16:08.229975: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:08.229978: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:16:08.229982: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:16:08.229985: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:16:08.229989: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:16:08.229992: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:16:08.229995: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:16:08.230034: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:16:08.230095: | Hard-wiring algorithms Sep 21 07:16:08.230099: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:16:08.230103: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:16:08.230106: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:16:08.230109: | adding 3DES_CBC to kernel algorithm db Sep 21 07:16:08.230111: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:16:08.230114: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:16:08.230117: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:16:08.230120: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:16:08.230123: | adding AES_CTR to kernel algorithm db Sep 21 07:16:08.230125: | adding AES_CBC to kernel algorithm db Sep 21 07:16:08.230128: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:16:08.230131: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:16:08.230134: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:16:08.230137: | adding NULL to kernel algorithm db Sep 21 07:16:08.230140: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:16:08.230143: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:16:08.230145: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:16:08.230148: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:16:08.230151: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:16:08.230154: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:16:08.230157: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:16:08.230160: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:16:08.230162: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:16:08.230165: | adding NONE to kernel algorithm db Sep 21 07:16:08.230186: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:16:08.230192: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:16:08.230195: | setup kernel fd callback Sep 21 07:16:08.230198: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55d6f60c4820 Sep 21 07:16:08.230202: | libevent_malloc: new ptr-libevent@0x55d6f60cb870 size 128 Sep 21 07:16:08.230206: | libevent_malloc: new ptr-libevent@0x55d6f60c4780 size 16 Sep 21 07:16:08.230213: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55d6f60becd0 Sep 21 07:16:08.230216: | libevent_malloc: new ptr-libevent@0x55d6f60cb900 size 128 Sep 21 07:16:08.230220: | libevent_malloc: new ptr-libevent@0x55d6f60c4760 size 16 Sep 21 07:16:08.230644: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:16:08.230655: selinux support is enabled. Sep 21 07:16:08.230734: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:16:08.230917: | unbound context created - setting debug level to 5 Sep 21 07:16:08.230954: | /etc/hosts lookups activated Sep 21 07:16:08.230970: | /etc/resolv.conf usage activated Sep 21 07:16:08.231033: | outgoing-port-avoid set 0-65535 Sep 21 07:16:08.231063: | outgoing-port-permit set 32768-60999 Sep 21 07:16:08.231066: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:16:08.231070: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:16:08.231073: | Setting up events, loop start Sep 21 07:16:08.231077: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55d6f60bea90 Sep 21 07:16:08.231080: | libevent_malloc: new ptr-libevent@0x55d6f60d5e80 size 128 Sep 21 07:16:08.231084: | libevent_malloc: new ptr-libevent@0x55d6f60d5f10 size 16 Sep 21 07:16:08.231090: | libevent_realloc: new ptr-libevent@0x55d6f60d5f30 size 256 Sep 21 07:16:08.231094: | libevent_malloc: new ptr-libevent@0x55d6f60d6040 size 8 Sep 21 07:16:08.231097: | libevent_realloc: new ptr-libevent@0x55d6f60cabf0 size 144 Sep 21 07:16:08.231100: | libevent_malloc: new ptr-libevent@0x55d6f60d6060 size 152 Sep 21 07:16:08.231104: | libevent_malloc: new ptr-libevent@0x55d6f60d6100 size 16 Sep 21 07:16:08.231109: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:16:08.231112: | libevent_malloc: new ptr-libevent@0x55d6f60d6120 size 8 Sep 21 07:16:08.231115: | libevent_malloc: new ptr-libevent@0x55d6f60d6140 size 152 Sep 21 07:16:08.231118: | signal event handler PLUTO_SIGTERM installed Sep 21 07:16:08.231122: | libevent_malloc: new ptr-libevent@0x55d6f60d61e0 size 8 Sep 21 07:16:08.231125: | libevent_malloc: new ptr-libevent@0x55d6f60d6200 size 152 Sep 21 07:16:08.231128: | signal event handler PLUTO_SIGHUP installed Sep 21 07:16:08.231131: | libevent_malloc: new ptr-libevent@0x55d6f60d62a0 size 8 Sep 21 07:16:08.231134: | libevent_realloc: release ptr-libevent@0x55d6f60cabf0 Sep 21 07:16:08.231138: | libevent_realloc: new ptr-libevent@0x55d6f60d62c0 size 256 Sep 21 07:16:08.231141: | libevent_malloc: new ptr-libevent@0x55d6f60cabf0 size 152 Sep 21 07:16:08.231144: | signal event handler PLUTO_SIGSYS installed Sep 21 07:16:08.231505: | created addconn helper (pid:25488) using fork+execve Sep 21 07:16:08.231516: | forked child 25488 Sep 21 07:16:08.231559: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:08.231576: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:08.231582: listening for IKE messages Sep 21 07:16:08.231808: | starting up helper thread 0 Sep 21 07:16:08.231821: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:16:08.231828: | crypto helper 0 waiting (nothing to do) Sep 21 07:16:08.237919: | Inspecting interface lo Sep 21 07:16:08.237942: | found lo with address 127.0.0.1 Sep 21 07:16:08.237948: | Inspecting interface eth0 Sep 21 07:16:08.237954: | found eth0 with address 192.0.3.254 Sep 21 07:16:08.237959: | Inspecting interface eth1 Sep 21 07:16:08.237964: | found eth1 with address 192.1.3.33 Sep 21 07:16:08.238034: Kernel supports NIC esp-hw-offload Sep 21 07:16:08.238051: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Sep 21 07:16:08.238080: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:08.238086: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:08.238091: adding interface eth1/eth1 192.1.3.33:4500 Sep 21 07:16:08.238119: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Sep 21 07:16:08.238128: | starting up helper thread 4 Sep 21 07:16:08.238137: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:16:08.238141: | crypto helper 4 waiting (nothing to do) Sep 21 07:16:08.238119: | starting up helper thread 3 Sep 21 07:16:08.238148: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:08.238157: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:08.238167: adding interface eth0/eth0 192.0.3.254:4500 Sep 21 07:16:08.238194: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:16:08.238216: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:08.238222: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:08.238226: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:16:08.238286: | no interfaces to sort Sep 21 07:16:08.238292: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:16:08.238302: | add_fd_read_event_handler: new ethX-pe@0x55d6f60bfb90 Sep 21 07:16:08.238307: | libevent_malloc: new ptr-libevent@0x55d6f60d66a0 size 128 Sep 21 07:16:08.238312: | libevent_malloc: new ptr-libevent@0x55d6f60d6730 size 16 Sep 21 07:16:08.238320: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:16:08.238324: | add_fd_read_event_handler: new ethX-pe@0x55d6f60d6750 Sep 21 07:16:08.238327: | libevent_malloc: new ptr-libevent@0x55d6f60d6790 size 128 Sep 21 07:16:08.238329: | libevent_malloc: new ptr-libevent@0x55d6f60d6820 size 16 Sep 21 07:16:08.238334: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:16:08.238337: | add_fd_read_event_handler: new ethX-pe@0x55d6f60d6840 Sep 21 07:16:08.238340: | libevent_malloc: new ptr-libevent@0x55d6f60d6880 size 128 Sep 21 07:16:08.238343: | libevent_malloc: new ptr-libevent@0x55d6f60d6910 size 16 Sep 21 07:16:08.238347: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:16:08.238350: | add_fd_read_event_handler: new ethX-pe@0x55d6f60d6930 Sep 21 07:16:08.238353: | libevent_malloc: new ptr-libevent@0x55d6f60d6970 size 128 Sep 21 07:16:08.238356: | libevent_malloc: new ptr-libevent@0x55d6f60d6a00 size 16 Sep 21 07:16:08.238361: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:16:08.238364: | add_fd_read_event_handler: new ethX-pe@0x55d6f60d6a20 Sep 21 07:16:08.238366: | libevent_malloc: new ptr-libevent@0x55d6f60d6a60 size 128 Sep 21 07:16:08.238369: | libevent_malloc: new ptr-libevent@0x55d6f60d6af0 size 16 Sep 21 07:16:08.238374: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:16:08.238376: | add_fd_read_event_handler: new ethX-pe@0x55d6f60d6b10 Sep 21 07:16:08.238378: | libevent_malloc: new ptr-libevent@0x55d6f60d6b50 size 128 Sep 21 07:16:08.238381: | libevent_malloc: new ptr-libevent@0x55d6f60d6be0 size 16 Sep 21 07:16:08.238386: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:16:08.238391: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:08.238393: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:08.238416: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:08.238430: | saving Modulus Sep 21 07:16:08.238433: | saving PublicExponent Sep 21 07:16:08.238436: | ignoring PrivateExponent Sep 21 07:16:08.238438: | ignoring Prime1 Sep 21 07:16:08.238442: | ignoring Prime2 Sep 21 07:16:08.238445: | ignoring Exponent1 Sep 21 07:16:08.238448: | ignoring Exponent2 Sep 21 07:16:08.238451: | ignoring Coefficient Sep 21 07:16:08.238454: | ignoring CKAIDNSS Sep 21 07:16:08.238494: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:08.238498: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:16:08.238502: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:16:08.238507: | certs and keys locked by 'process_secret' Sep 21 07:16:08.238510: | certs and keys unlocked by 'process_secret' Sep 21 07:16:08.238516: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:08.238525: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:08.238533: | spent 0.702 milliseconds in whack Sep 21 07:16:08.242900: | starting up helper thread 1 Sep 21 07:16:08.242922: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:16:08.242927: | crypto helper 1 waiting (nothing to do) Sep 21 07:16:08.238151: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:16:08.244810: | crypto helper 3 waiting (nothing to do) Sep 21 07:16:08.282331: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:08.282351: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:08.282357: listening for IKE messages Sep 21 07:16:08.282395: | Inspecting interface lo Sep 21 07:16:08.282402: | found lo with address 127.0.0.1 Sep 21 07:16:08.282406: | Inspecting interface eth0 Sep 21 07:16:08.282410: | found eth0 with address 192.0.3.254 Sep 21 07:16:08.282413: | Inspecting interface eth1 Sep 21 07:16:08.282417: | found eth1 with address 192.1.3.33 Sep 21 07:16:08.282474: | no interfaces to sort Sep 21 07:16:08.282482: | libevent_free: release ptr-libevent@0x55d6f60d66a0 Sep 21 07:16:08.282486: | free_event_entry: release EVENT_NULL-pe@0x55d6f60bfb90 Sep 21 07:16:08.282489: | add_fd_read_event_handler: new ethX-pe@0x55d6f60bfb90 Sep 21 07:16:08.282492: | libevent_malloc: new ptr-libevent@0x55d6f60d66a0 size 128 Sep 21 07:16:08.282499: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:16:08.282503: | libevent_free: release ptr-libevent@0x55d6f60d6790 Sep 21 07:16:08.282506: | free_event_entry: release EVENT_NULL-pe@0x55d6f60d6750 Sep 21 07:16:08.282508: | add_fd_read_event_handler: new ethX-pe@0x55d6f60d6750 Sep 21 07:16:08.282511: | libevent_malloc: new ptr-libevent@0x55d6f60d6790 size 128 Sep 21 07:16:08.282516: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:16:08.282520: | libevent_free: release ptr-libevent@0x55d6f60d6880 Sep 21 07:16:08.282523: | free_event_entry: release EVENT_NULL-pe@0x55d6f60d6840 Sep 21 07:16:08.282525: | add_fd_read_event_handler: new ethX-pe@0x55d6f60d6840 Sep 21 07:16:08.282528: | libevent_malloc: new ptr-libevent@0x55d6f60d6880 size 128 Sep 21 07:16:08.282533: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:16:08.282536: | libevent_free: release ptr-libevent@0x55d6f60d6970 Sep 21 07:16:08.282539: | free_event_entry: release EVENT_NULL-pe@0x55d6f60d6930 Sep 21 07:16:08.282541: | add_fd_read_event_handler: new ethX-pe@0x55d6f60d6930 Sep 21 07:16:08.282543: | libevent_malloc: new ptr-libevent@0x55d6f60d6970 size 128 Sep 21 07:16:08.282548: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:16:08.282551: | libevent_free: release ptr-libevent@0x55d6f60d6a60 Sep 21 07:16:08.282554: | free_event_entry: release EVENT_NULL-pe@0x55d6f60d6a20 Sep 21 07:16:08.282556: | add_fd_read_event_handler: new ethX-pe@0x55d6f60d6a20 Sep 21 07:16:08.282558: | libevent_malloc: new ptr-libevent@0x55d6f60d6a60 size 128 Sep 21 07:16:08.282563: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:16:08.282567: | libevent_free: release ptr-libevent@0x55d6f60d6b50 Sep 21 07:16:08.282569: | free_event_entry: release EVENT_NULL-pe@0x55d6f60d6b10 Sep 21 07:16:08.282572: | add_fd_read_event_handler: new ethX-pe@0x55d6f60d6b10 Sep 21 07:16:08.282574: | libevent_malloc: new ptr-libevent@0x55d6f60d6b50 size 128 Sep 21 07:16:08.282579: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:16:08.282582: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:08.282584: forgetting secrets Sep 21 07:16:08.282595: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:08.282611: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:08.282627: | saving Modulus Sep 21 07:16:08.282631: | saving PublicExponent Sep 21 07:16:08.282634: | ignoring PrivateExponent Sep 21 07:16:08.282637: | ignoring Prime1 Sep 21 07:16:08.282641: | ignoring Prime2 Sep 21 07:16:08.282644: | ignoring Exponent1 Sep 21 07:16:08.282647: | ignoring Exponent2 Sep 21 07:16:08.282650: | ignoring Coefficient Sep 21 07:16:08.282654: | ignoring CKAIDNSS Sep 21 07:16:08.282675: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:08.282678: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:16:08.282682: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:16:08.282689: | certs and keys locked by 'process_secret' Sep 21 07:16:08.282697: | certs and keys unlocked by 'process_secret' Sep 21 07:16:08.282703: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:08.282712: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:08.282719: | spent 0.396 milliseconds in whack Sep 21 07:16:08.283291: | processing signal PLUTO_SIGCHLD Sep 21 07:16:08.283307: | waitpid returned pid 25488 (exited with status 0) Sep 21 07:16:08.283312: | reaped addconn helper child (status 0) Sep 21 07:16:08.283316: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:08.283321: | spent 0.0176 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:08.344520: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:08.344541: | old debugging base+cpu-usage + none Sep 21 07:16:08.344544: | base debugging = base+cpu-usage Sep 21 07:16:08.344547: | old impairing none + suppress-retransmits Sep 21 07:16:08.344549: | base impairing = suppress-retransmits Sep 21 07:16:08.344557: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:08.344564: | spent 0.0533 milliseconds in whack Sep 21 07:16:08.432028: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:08.432052: | old debugging base+cpu-usage + none Sep 21 07:16:08.432057: | base debugging = base+cpu-usage Sep 21 07:16:08.432060: | old impairing suppress-retransmits + suppress-retransmits Sep 21 07:16:08.432062: | base impairing = suppress-retransmits Sep 21 07:16:08.432072: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:08.432080: | spent 0.0594 milliseconds in whack Sep 21 07:16:08.612011: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:08.612040: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:08.612045: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:08.612047: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:08.612050: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:08.612054: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:08.612062: | Added new connection northnet-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:08.612065: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:16:08.612122: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:16:08.612126: | from whack: got --esp= Sep 21 07:16:08.612164: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:16:08.612723: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:16:08.612737: | loading left certificate 'north' pubkey Sep 21 07:16:08.617215: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60d8fc0 Sep 21 07:16:08.617242: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60d8f00 Sep 21 07:16:08.617246: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60d8ed0 Sep 21 07:16:08.617391: | unreference key: 0x55d6f60d8ba0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:08.617575: | certs and keys locked by 'lsw_add_rsa_secret' Sep 21 07:16:08.617579: | certs and keys unlocked by 'lsw_add_rsa_secret' Sep 21 07:16:08.617590: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Sep 21 07:16:08.618227: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:16:08.618236: | loading right certificate 'east' pubkey Sep 21 07:16:08.618321: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60dd530 Sep 21 07:16:08.618326: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60d8fc0 Sep 21 07:16:08.618329: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60d8f00 Sep 21 07:16:08.618331: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60d8ed0 Sep 21 07:16:08.618334: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60d95e0 Sep 21 07:16:08.618529: | unreference key: 0x55d6f60e0330 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:08.618631: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Sep 21 07:16:08.618643: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Sep 21 07:16:08.618655: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:16:08.618658: | new hp@0x55d6f60e1850 Sep 21 07:16:08.618662: added connection description "northnet-eastnets/0x1" Sep 21 07:16:08.618673: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:08.618695: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.2.0/24 Sep 21 07:16:08.618703: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:08.618711: | spent 2.38 milliseconds in whack Sep 21 07:16:08.618794: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:08.618812: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:08.618816: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:08.618818: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:08.618821: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:08.618824: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:08.618829: | Added new connection northnet-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:08.618832: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:16:08.618885: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:16:08.618888: | from whack: got --esp= Sep 21 07:16:08.618924: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:16:08.619017: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:16:08.619023: | loading left certificate 'north' pubkey Sep 21 07:16:08.619076: | unreference key: 0x55d6f60dd0c0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:08.619093: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60d8fc0 Sep 21 07:16:08.619096: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60d8f00 Sep 21 07:16:08.619098: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60d8ed0 Sep 21 07:16:08.619162: | unreference key: 0x55d6f60dcad0 @north.testing.libreswan.org cnt 1-- Sep 21 07:16:08.619209: | unreference key: 0x55d6f60dcca0 user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:08.619257: | unreference key: 0x55d6f60e0e80 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:08.619300: | secrets entry for north already exists Sep 21 07:16:08.619311: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Sep 21 07:16:08.619392: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:16:08.619397: | loading right certificate 'east' pubkey Sep 21 07:16:08.619447: | unreference key: 0x55d6f60e2a20 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:08.619458: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60d8f00 Sep 21 07:16:08.619461: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60d8ed0 Sep 21 07:16:08.619463: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60da060 Sep 21 07:16:08.619466: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60d95e0 Sep 21 07:16:08.619468: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60dcea0 Sep 21 07:16:08.619512: | unreference key: 0x55d6f60e1690 192.1.2.23 cnt 1-- Sep 21 07:16:08.619555: | unreference key: 0x55d6f60e0990 east@testing.libreswan.org cnt 1-- Sep 21 07:16:08.619597: | unreference key: 0x55d6f60e2230 @east.testing.libreswan.org cnt 1-- Sep 21 07:16:08.619640: | unreference key: 0x55d6f60e2660 user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:08.619688: | unreference key: 0x55d6f60e3e10 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:08.619793: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Sep 21 07:16:08.619807: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Sep 21 07:16:08.619815: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Sep 21 07:16:08.619820: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x55d6f60e1850: northnet-eastnets/0x1 Sep 21 07:16:08.619822: added connection description "northnet-eastnets/0x2" Sep 21 07:16:08.619831: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:08.619868: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.22.0/24 Sep 21 07:16:08.619876: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:08.619882: | spent 1.06 milliseconds in whack Sep 21 07:16:08.634503: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:08.634526: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:16:08.634529: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:08.634533: initiating all conns with alias='northnet-eastnets' Sep 21 07:16:08.634539: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:08.634549: | start processing: connection "northnet-eastnets/0x2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:16:08.634552: | connection 'northnet-eastnets/0x2' +POLICY_UP Sep 21 07:16:08.634555: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:16:08.634558: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:08.634577: | creating state object #1 at 0x55d6f60e46a0 Sep 21 07:16:08.634580: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:16:08.634588: | pstats #1 ikev2.ike started Sep 21 07:16:08.634591: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:16:08.634594: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:16:08.634600: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:08.634607: | suspend processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:08.634613: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:08.634616: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:16:08.634621: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x2" IKE SA #1 "northnet-eastnets/0x2" Sep 21 07:16:08.634625: "northnet-eastnets/0x2" #1: initiating v2 parent SA Sep 21 07:16:08.634632: | constructing local IKE proposals for northnet-eastnets/0x2 (IKE SA initiator selecting KE) Sep 21 07:16:08.634640: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:08.634648: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:08.634652: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:08.634658: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:08.634662: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:08.634667: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:08.634671: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:08.634676: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:08.634687: "northnet-eastnets/0x2": constructed local IKE proposals for northnet-eastnets/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:08.634694: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:16:08.634697: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d6f60e3d80 Sep 21 07:16:08.634701: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:16:08.634707: | libevent_malloc: new ptr-libevent@0x55d6f60d8f30 size 128 Sep 21 07:16:08.634721: | #1 spent 0.171 milliseconds in ikev2_parent_outI1() Sep 21 07:16:08.634725: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:08.634725: | crypto helper 2 resuming Sep 21 07:16:08.634730: | RESET processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:08.634738: | crypto helper 2 starting work-order 1 for state #1 Sep 21 07:16:08.634741: | RESET processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:08.634745: | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:16:08.634745: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:16:08.634755: | start processing: connection "northnet-eastnets/0x1" (in initiate_a_connection() at initiate.c:186) Sep 21 07:16:08.634758: | connection 'northnet-eastnets/0x1' +POLICY_UP Sep 21 07:16:08.634761: | dup_any(fd@23) -> fd@26 (in initiate_a_connection() at initiate.c:342) Sep 21 07:16:08.634764: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:08.634769: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x1" IKE SA #1 "northnet-eastnets/0x2" Sep 21 07:16:08.634773: | stop processing: connection "northnet-eastnets/0x1" (in initiate_a_connection() at initiate.c:349) Sep 21 07:16:08.634776: | close_any(fd@23) (in initiate_connection() at initiate.c:384) Sep 21 07:16:08.634779: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:08.634786: | spent 0.285 milliseconds in whack Sep 21 07:16:08.635767: | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001022 seconds Sep 21 07:16:08.635776: | (#1) spent 1.03 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:16:08.635780: | crypto helper 2 sending results from work-order 1 for state #1 to event queue Sep 21 07:16:08.635786: | scheduling resume sending helper answer for #1 Sep 21 07:16:08.635793: | libevent_malloc: new ptr-libevent@0x7f7c8c006900 size 128 Sep 21 07:16:08.635803: | crypto helper 2 waiting (nothing to do) Sep 21 07:16:08.635809: | processing resume sending helper answer for #1 Sep 21 07:16:08.635817: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:08.635821: | crypto helper 2 replies to request ID 1 Sep 21 07:16:08.635823: | calling continuation function 0x55d6f4139630 Sep 21 07:16:08.635826: | ikev2_parent_outI1_continue for #1 Sep 21 07:16:08.635855: | **emit ISAKMP Message: Sep 21 07:16:08.635858: | initiator cookie: Sep 21 07:16:08.635861: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.635863: | responder cookie: Sep 21 07:16:08.635865: | 00 00 00 00 00 00 00 00 Sep 21 07:16:08.635868: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:08.635871: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.635873: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:08.635876: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:08.635879: | Message ID: 0 (0x0) Sep 21 07:16:08.635881: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:08.635897: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:08.635903: | Emitting ikev2_proposals ... Sep 21 07:16:08.635906: | ***emit IKEv2 Security Association Payload: Sep 21 07:16:08.635909: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.635911: | flags: none (0x0) Sep 21 07:16:08.635914: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:08.635917: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.635920: | discarding INTEG=NONE Sep 21 07:16:08.635922: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.635925: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.635928: | prop #: 1 (0x1) Sep 21 07:16:08.635930: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:08.635932: | spi size: 0 (0x0) Sep 21 07:16:08.635935: | # transforms: 11 (0xb) Sep 21 07:16:08.635938: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:08.635941: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.635943: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.635946: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.635948: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:08.635951: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.635953: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.635956: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.635959: | length/value: 256 (0x100) Sep 21 07:16:08.635962: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:08.635964: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.635967: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.635969: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:08.635971: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:08.635974: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.635977: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.635980: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.635982: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.635985: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.635988: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:08.635990: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:08.635993: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.635996: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.635998: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636000: | discarding INTEG=NONE Sep 21 07:16:08.636003: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636005: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636008: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636010: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.636013: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636016: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636020: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636022: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636025: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636027: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636030: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:08.636032: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636035: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636038: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636040: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636043: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636045: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636047: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:08.636050: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636053: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636056: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636058: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636061: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636063: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636065: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:08.636068: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636071: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636074: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636076: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636078: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636081: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636083: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:08.636086: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636089: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636091: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636094: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636096: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636099: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636101: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:08.636104: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636107: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636109: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636112: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636114: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636117: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636119: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:08.636122: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636128: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636131: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636133: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636135: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.636138: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636140: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:08.636143: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636146: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636149: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636151: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:08.636154: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:08.636156: | discarding INTEG=NONE Sep 21 07:16:08.636159: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.636161: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.636163: | prop #: 2 (0x2) Sep 21 07:16:08.636166: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:08.636168: | spi size: 0 (0x0) Sep 21 07:16:08.636171: | # transforms: 11 (0xb) Sep 21 07:16:08.636174: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.636176: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:08.636179: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636181: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636184: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.636186: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:08.636189: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636192: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.636194: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.636197: | length/value: 128 (0x80) Sep 21 07:16:08.636199: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:08.636202: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636204: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636206: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:08.636209: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:08.636212: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636215: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636217: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636219: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636222: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636224: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:08.636227: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:08.636230: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636232: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636235: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636238: | discarding INTEG=NONE Sep 21 07:16:08.636240: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636243: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636246: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636248: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.636251: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636254: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636256: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636259: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636261: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636263: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636266: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:08.636269: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636272: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636274: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636276: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636279: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636281: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636284: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:08.636287: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636289: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636292: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636294: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636297: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636299: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636301: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:08.636304: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636307: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636310: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636312: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636315: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636317: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636319: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:08.636322: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636325: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636328: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636330: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636332: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636335: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636337: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:08.636340: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636344: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636347: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636349: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636351: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636354: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636356: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:08.636359: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636362: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636364: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636367: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636369: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.636372: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636374: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:08.636377: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636380: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636382: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636385: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:08.636388: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:08.636390: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.636393: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.636395: | prop #: 3 (0x3) Sep 21 07:16:08.636397: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:08.636400: | spi size: 0 (0x0) Sep 21 07:16:08.636402: | # transforms: 13 (0xd) Sep 21 07:16:08.636405: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.636408: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:08.636410: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636413: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636415: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.636418: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:08.636420: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636423: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.636425: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.636428: | length/value: 256 (0x100) Sep 21 07:16:08.636430: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:08.636433: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636435: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636438: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:08.636440: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:08.636443: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636446: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636449: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636451: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636454: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636457: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:08.636459: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:08.636462: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636465: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636468: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636470: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636472: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636475: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.636478: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:08.636480: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636483: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636486: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636488: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636490: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636493: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.636495: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:08.636498: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636501: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636504: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636506: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636509: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636511: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636513: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.636516: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636519: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636522: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636524: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636526: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636529: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636531: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:08.636534: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636537: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636539: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636542: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636544: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636547: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636549: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:08.636552: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636555: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636560: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636562: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636565: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636567: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636570: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:08.636573: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636575: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636578: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636580: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636583: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636585: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636588: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:08.636590: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636593: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636596: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636598: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636601: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636603: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636605: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:08.636608: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636611: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636614: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636616: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636618: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636621: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636623: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:08.636626: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636629: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636632: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636634: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636636: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.636639: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636641: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:08.636644: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636647: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636649: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636652: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:08.636655: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:08.636657: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.636659: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:08.636662: | prop #: 4 (0x4) Sep 21 07:16:08.636665: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:08.636668: | spi size: 0 (0x0) Sep 21 07:16:08.636670: | # transforms: 13 (0xd) Sep 21 07:16:08.636673: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.636676: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:08.636678: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636681: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636683: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.636686: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:08.636688: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636691: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.636693: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.636695: | length/value: 128 (0x80) Sep 21 07:16:08.636698: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:08.636701: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636703: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636705: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:08.636708: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:08.636711: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636714: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636716: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636719: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636721: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636723: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:08.636726: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:08.636729: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636731: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636734: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636736: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636739: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636741: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.636743: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:08.636746: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636749: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636752: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636754: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636756: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636759: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.636761: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:08.636764: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636767: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636770: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636773: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636776: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636778: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636780: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.636787: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636792: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636794: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636797: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636799: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636801: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636804: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:08.636807: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636810: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636812: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636815: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636817: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636819: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636822: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:08.636825: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636828: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636830: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636833: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636835: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636838: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636840: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:08.636843: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636846: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636848: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636851: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636853: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636855: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636858: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:08.636861: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636863: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636866: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636868: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636871: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636873: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636876: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:08.636879: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636881: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636885: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636887: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636890: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636893: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636895: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:08.636898: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636901: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636903: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636906: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.636908: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.636911: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.636913: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:08.636916: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.636919: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.636921: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.636924: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:08.636926: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:08.636929: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:16:08.636932: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:08.636934: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:16:08.636937: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.636939: | flags: none (0x0) Sep 21 07:16:08.636941: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.636945: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:08.636947: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.636951: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:08.636953: | ikev2 g^x 12 b3 75 01 1a c3 8f 30 ae a1 ad 2e f6 a8 cd ca Sep 21 07:16:08.636956: | ikev2 g^x 39 c9 08 35 b2 11 8e c4 d7 5d b5 8c 9c e5 9a 4d Sep 21 07:16:08.636959: | ikev2 g^x 14 6d 4c bd 90 f0 05 ee 2e 5d 84 14 5e cf c2 1c Sep 21 07:16:08.636961: | ikev2 g^x df 5c d6 6c 45 12 54 48 e5 f1 d0 82 4a ba b6 23 Sep 21 07:16:08.636963: | ikev2 g^x a7 85 a7 69 36 44 ce ab f4 bf 3a 33 5c 6d cb 1b Sep 21 07:16:08.636965: | ikev2 g^x 73 5b db 59 bb 4b 6a 28 aa 42 19 45 86 de 01 53 Sep 21 07:16:08.636968: | ikev2 g^x 73 53 b4 8f 7a 14 be 33 6d 66 e3 7a d5 cf f2 b0 Sep 21 07:16:08.636970: | ikev2 g^x 0d 51 29 5d bd a5 d1 a3 61 42 4c 94 51 62 31 53 Sep 21 07:16:08.636973: | ikev2 g^x a8 c6 f2 5b 62 7c dd 48 9c 24 bc b6 5b d2 3c ec Sep 21 07:16:08.636975: | ikev2 g^x bc a0 d4 62 21 5e 7e f6 7d 35 93 ce b3 f7 b9 af Sep 21 07:16:08.636977: | ikev2 g^x a3 00 4a d0 82 d2 70 23 60 12 f8 d3 b9 0f 04 09 Sep 21 07:16:08.636979: | ikev2 g^x c3 13 0a ea 35 2d 2f 42 76 c9 40 a3 c1 d1 c2 46 Sep 21 07:16:08.636982: | ikev2 g^x 19 c0 42 33 4f ba 43 c5 5b 61 03 f1 72 99 f9 2f Sep 21 07:16:08.636984: | ikev2 g^x 13 1a 9f 60 dd 79 d1 10 88 b6 5c 6a 20 7d df e5 Sep 21 07:16:08.636986: | ikev2 g^x 2f 99 74 3c c7 32 ad cd 93 d2 f9 2a 0c 08 86 36 Sep 21 07:16:08.636989: | ikev2 g^x 93 cf 45 b6 87 7e f5 da 7d 24 35 d7 02 e2 e9 c4 Sep 21 07:16:08.636993: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:16:08.636995: | ***emit IKEv2 Nonce Payload: Sep 21 07:16:08.636998: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:08.637000: | flags: none (0x0) Sep 21 07:16:08.637003: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:16:08.637006: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:08.637009: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.637012: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:08.637014: | IKEv2 nonce 49 a0 13 b9 c8 96 e9 c7 66 29 91 4e 0a a1 d3 0b Sep 21 07:16:08.637017: | IKEv2 nonce 85 65 1f 53 b8 9a 0d 23 5b a8 64 64 b5 cd 21 c3 Sep 21 07:16:08.637019: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:08.637021: | Adding a v2N Payload Sep 21 07:16:08.637024: | ***emit IKEv2 Notify Payload: Sep 21 07:16:08.637027: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.637029: | flags: none (0x0) Sep 21 07:16:08.637031: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:08.637034: | SPI size: 0 (0x0) Sep 21 07:16:08.637036: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:08.637039: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:08.637042: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.637045: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:16:08.637048: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:16:08.637050: | natd_hash: rcookie is zero Sep 21 07:16:08.637062: | natd_hash: hasher=0x55d6f420f7a0(20) Sep 21 07:16:08.637065: | natd_hash: icookie= c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.637068: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:08.637070: | natd_hash: ip= c0 01 03 21 Sep 21 07:16:08.637072: | natd_hash: port= 01 f4 Sep 21 07:16:08.637075: | natd_hash: hash= f1 ae f2 53 24 18 a9 4a 8c 30 d7 bf 5b d6 8d 39 Sep 21 07:16:08.637077: | natd_hash: hash= 09 c0 1e de Sep 21 07:16:08.637079: | Adding a v2N Payload Sep 21 07:16:08.637081: | ***emit IKEv2 Notify Payload: Sep 21 07:16:08.637084: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.637086: | flags: none (0x0) Sep 21 07:16:08.637089: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:08.637091: | SPI size: 0 (0x0) Sep 21 07:16:08.637094: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:08.637097: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:08.637099: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.637102: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:08.637105: | Notify data f1 ae f2 53 24 18 a9 4a 8c 30 d7 bf 5b d6 8d 39 Sep 21 07:16:08.637107: | Notify data 09 c0 1e de Sep 21 07:16:08.637109: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:08.637112: | natd_hash: rcookie is zero Sep 21 07:16:08.637117: | natd_hash: hasher=0x55d6f420f7a0(20) Sep 21 07:16:08.637120: | natd_hash: icookie= c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.637122: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:08.637124: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:08.637127: | natd_hash: port= 01 f4 Sep 21 07:16:08.637129: | natd_hash: hash= 0b a4 28 84 b0 e5 96 8e 58 19 4a 83 d3 59 ef a5 Sep 21 07:16:08.637131: | natd_hash: hash= 7f 4a 04 20 Sep 21 07:16:08.637133: | Adding a v2N Payload Sep 21 07:16:08.637136: | ***emit IKEv2 Notify Payload: Sep 21 07:16:08.637138: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.637142: | flags: none (0x0) Sep 21 07:16:08.637145: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:08.637147: | SPI size: 0 (0x0) Sep 21 07:16:08.637150: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:08.637153: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:08.637155: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.637158: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:08.637161: | Notify data 0b a4 28 84 b0 e5 96 8e 58 19 4a 83 d3 59 ef a5 Sep 21 07:16:08.637163: | Notify data 7f 4a 04 20 Sep 21 07:16:08.637165: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:08.637168: | emitting length of ISAKMP Message: 828 Sep 21 07:16:08.637176: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:16:08.637185: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:08.637189: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:16:08.637192: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:16:08.637195: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:16:08.637198: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:16:08.637201: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:16:08.637206: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:08.637209: "northnet-eastnets/0x2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:08.637217: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:16:08.637227: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:08.637229: | c5 12 f2 fa f0 f0 3a 66 00 00 00 00 00 00 00 00 Sep 21 07:16:08.637232: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:16:08.637234: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:16:08.637236: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:16:08.637239: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:16:08.637241: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:16:08.637243: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:16:08.637245: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:16:08.637248: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:16:08.637250: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:16:08.637252: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:16:08.637255: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:16:08.637257: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:16:08.637259: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:16:08.637261: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:16:08.637264: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:16:08.637266: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:16:08.637268: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:16:08.637271: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:16:08.637273: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:16:08.637276: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:16:08.637278: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:16:08.637280: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:16:08.637282: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:16:08.637286: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:16:08.637288: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:16:08.637290: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:16:08.637293: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:16:08.637295: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:16:08.637297: | 28 00 01 08 00 0e 00 00 12 b3 75 01 1a c3 8f 30 Sep 21 07:16:08.637299: | ae a1 ad 2e f6 a8 cd ca 39 c9 08 35 b2 11 8e c4 Sep 21 07:16:08.637302: | d7 5d b5 8c 9c e5 9a 4d 14 6d 4c bd 90 f0 05 ee Sep 21 07:16:08.637304: | 2e 5d 84 14 5e cf c2 1c df 5c d6 6c 45 12 54 48 Sep 21 07:16:08.637306: | e5 f1 d0 82 4a ba b6 23 a7 85 a7 69 36 44 ce ab Sep 21 07:16:08.637309: | f4 bf 3a 33 5c 6d cb 1b 73 5b db 59 bb 4b 6a 28 Sep 21 07:16:08.637311: | aa 42 19 45 86 de 01 53 73 53 b4 8f 7a 14 be 33 Sep 21 07:16:08.637313: | 6d 66 e3 7a d5 cf f2 b0 0d 51 29 5d bd a5 d1 a3 Sep 21 07:16:08.637315: | 61 42 4c 94 51 62 31 53 a8 c6 f2 5b 62 7c dd 48 Sep 21 07:16:08.637318: | 9c 24 bc b6 5b d2 3c ec bc a0 d4 62 21 5e 7e f6 Sep 21 07:16:08.637320: | 7d 35 93 ce b3 f7 b9 af a3 00 4a d0 82 d2 70 23 Sep 21 07:16:08.637322: | 60 12 f8 d3 b9 0f 04 09 c3 13 0a ea 35 2d 2f 42 Sep 21 07:16:08.637324: | 76 c9 40 a3 c1 d1 c2 46 19 c0 42 33 4f ba 43 c5 Sep 21 07:16:08.637327: | 5b 61 03 f1 72 99 f9 2f 13 1a 9f 60 dd 79 d1 10 Sep 21 07:16:08.637329: | 88 b6 5c 6a 20 7d df e5 2f 99 74 3c c7 32 ad cd Sep 21 07:16:08.637331: | 93 d2 f9 2a 0c 08 86 36 93 cf 45 b6 87 7e f5 da Sep 21 07:16:08.637333: | 7d 24 35 d7 02 e2 e9 c4 29 00 00 24 49 a0 13 b9 Sep 21 07:16:08.637336: | c8 96 e9 c7 66 29 91 4e 0a a1 d3 0b 85 65 1f 53 Sep 21 07:16:08.637338: | b8 9a 0d 23 5b a8 64 64 b5 cd 21 c3 29 00 00 08 Sep 21 07:16:08.637340: | 00 00 40 2e 29 00 00 1c 00 00 40 04 f1 ae f2 53 Sep 21 07:16:08.637343: | 24 18 a9 4a 8c 30 d7 bf 5b d6 8d 39 09 c0 1e de Sep 21 07:16:08.637345: | 00 00 00 1c 00 00 40 05 0b a4 28 84 b0 e5 96 8e Sep 21 07:16:08.637347: | 58 19 4a 83 d3 59 ef a5 7f 4a 04 20 Sep 21 07:16:08.637439: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:08.637444: | libevent_free: release ptr-libevent@0x55d6f60d8f30 Sep 21 07:16:08.637447: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d6f60e3d80 Sep 21 07:16:08.637450: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:16:08.637453: "northnet-eastnets/0x2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:16:08.637458: | event_schedule: new EVENT_RETRANSMIT-pe@0x55d6f60e3d80 Sep 21 07:16:08.637462: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Sep 21 07:16:08.637464: | libevent_malloc: new ptr-libevent@0x55d6f60d8f30 size 128 Sep 21 07:16:08.637469: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48815.005722 Sep 21 07:16:08.637473: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:16:08.637478: | #1 spent 1.61 milliseconds in resume sending helper answer Sep 21 07:16:08.637482: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:08.637485: | libevent_free: release ptr-libevent@0x7f7c8c006900 Sep 21 07:16:08.641676: | spent 0.00258 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:08.641699: | *received 457 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:08.641703: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.641705: | 21 20 22 20 00 00 00 00 00 00 01 c9 22 00 00 28 Sep 21 07:16:08.641707: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:16:08.641709: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:16:08.641712: | 04 00 00 0e 28 00 01 08 00 0e 00 00 5d 6d 7e e0 Sep 21 07:16:08.641716: | 13 33 c0 00 4f bf ed 1f fc b4 d6 58 70 31 cd 55 Sep 21 07:16:08.641718: | 2d c8 a7 72 bf 61 bc 3a 57 fe 66 0a bc ab 9e 0c Sep 21 07:16:08.641720: | 54 bb b3 e3 55 dc b1 87 06 a2 9a ef 0a 20 65 fa Sep 21 07:16:08.641722: | 1a 69 5b 22 ac 87 c3 21 89 6b 6f be cd e3 8f c3 Sep 21 07:16:08.641725: | 94 83 f4 64 6b e4 9b 4d d4 ad 45 16 c7 de 64 70 Sep 21 07:16:08.641727: | 39 09 9a 32 c8 98 69 81 b3 dd 3f b5 bf e5 f3 05 Sep 21 07:16:08.641729: | 2c 3c e4 ec 8b 96 41 40 3d fc 4e d9 5b 2a 58 47 Sep 21 07:16:08.641731: | 10 8a df 30 1c 47 94 4c 5d 94 cf 0e af 47 13 2f Sep 21 07:16:08.641733: | 64 cd f3 20 26 f3 a6 78 d7 14 31 3d 5d 6b 5b 1e Sep 21 07:16:08.641736: | 09 c7 54 3a e2 b6 5c 53 b4 7c 9b da b2 90 0c aa Sep 21 07:16:08.641738: | f1 d3 ef 7c 98 35 b1 81 0d 90 ac 66 86 20 1a 3c Sep 21 07:16:08.641740: | 42 88 4e 4d ad 96 d4 81 04 65 a8 61 5d 21 82 35 Sep 21 07:16:08.641742: | d7 03 aa 43 f6 8d 13 0f 23 db 36 16 54 0f aa 2f Sep 21 07:16:08.641744: | f6 de 29 1d 54 ac 43 ac 68 57 82 8a 79 c8 84 29 Sep 21 07:16:08.641746: | 4f 66 2d 32 a9 a2 c3 fb 06 5f 37 d0 85 97 ce e1 Sep 21 07:16:08.641748: | cf 7e 7a aa 62 b4 5b 01 bd 19 95 bf 29 00 00 24 Sep 21 07:16:08.641751: | 99 77 b2 d6 1d 43 27 6b ec b6 68 42 7e 47 9a 54 Sep 21 07:16:08.641753: | b8 07 5a 7f e6 80 ab 30 0b d2 f0 d2 f0 26 5c 59 Sep 21 07:16:08.641755: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:16:08.641757: | a1 fb be d6 78 00 79 14 88 49 60 6e 01 9b 2c b6 Sep 21 07:16:08.641759: | a9 fb 5d cb 26 00 00 1c 00 00 40 05 ab 32 44 bf Sep 21 07:16:08.641760: | 54 c8 98 15 86 56 aa 08 b1 86 94 f0 84 da f4 2e Sep 21 07:16:08.641762: | 00 00 00 19 04 4e cf af 8c 44 87 de 90 be 28 67 Sep 21 07:16:08.641764: | b9 ce 53 17 3f 8e eb 22 c0 Sep 21 07:16:08.641768: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:08.641771: | **parse ISAKMP Message: Sep 21 07:16:08.641773: | initiator cookie: Sep 21 07:16:08.641775: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.641777: | responder cookie: Sep 21 07:16:08.641779: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.641781: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:08.641787: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.641791: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:08.641794: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:08.641796: | Message ID: 0 (0x0) Sep 21 07:16:08.641798: | length: 457 (0x1c9) Sep 21 07:16:08.641801: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:16:08.641804: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:16:08.641807: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:16:08.641813: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:08.641818: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:08.641820: | #1 is idle Sep 21 07:16:08.641822: | #1 idle Sep 21 07:16:08.641824: | unpacking clear payload Sep 21 07:16:08.641827: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:08.641829: | ***parse IKEv2 Security Association Payload: Sep 21 07:16:08.641832: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:16:08.641834: | flags: none (0x0) Sep 21 07:16:08.641836: | length: 40 (0x28) Sep 21 07:16:08.641838: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:16:08.641841: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:16:08.641843: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:16:08.641846: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:16:08.641848: | flags: none (0x0) Sep 21 07:16:08.641850: | length: 264 (0x108) Sep 21 07:16:08.641853: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.641857: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:16:08.641860: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:16:08.641863: | ***parse IKEv2 Nonce Payload: Sep 21 07:16:08.641865: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:08.641868: | flags: none (0x0) Sep 21 07:16:08.641870: | length: 36 (0x24) Sep 21 07:16:08.641873: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:16:08.641875: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:08.641878: | ***parse IKEv2 Notify Payload: Sep 21 07:16:08.641880: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:08.641883: | flags: none (0x0) Sep 21 07:16:08.641885: | length: 8 (0x8) Sep 21 07:16:08.641888: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:08.641890: | SPI size: 0 (0x0) Sep 21 07:16:08.641893: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:08.641896: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:16:08.641898: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:08.641901: | ***parse IKEv2 Notify Payload: Sep 21 07:16:08.641903: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:08.641905: | flags: none (0x0) Sep 21 07:16:08.641907: | length: 28 (0x1c) Sep 21 07:16:08.641910: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:08.641912: | SPI size: 0 (0x0) Sep 21 07:16:08.641915: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:08.641918: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:08.641920: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:08.641922: | ***parse IKEv2 Notify Payload: Sep 21 07:16:08.641924: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Sep 21 07:16:08.641926: | flags: none (0x0) Sep 21 07:16:08.641929: | length: 28 (0x1c) Sep 21 07:16:08.641931: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:08.641933: | SPI size: 0 (0x0) Sep 21 07:16:08.641935: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:08.641937: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:08.641939: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Sep 21 07:16:08.641942: | ***parse IKEv2 Certificate Request Payload: Sep 21 07:16:08.641944: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.641946: | flags: none (0x0) Sep 21 07:16:08.641948: | length: 25 (0x19) Sep 21 07:16:08.641951: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:16:08.641953: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=20) Sep 21 07:16:08.641956: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:16:08.641962: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:08.641965: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:16:08.641968: | Now let's proceed with state specific processing Sep 21 07:16:08.641970: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:16:08.641974: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:16:08.641992: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:08.641996: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:16:08.641999: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:08.642003: | local proposal 1 type PRF has 2 transforms Sep 21 07:16:08.642006: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:08.642008: | local proposal 1 type DH has 8 transforms Sep 21 07:16:08.642010: | local proposal 1 type ESN has 0 transforms Sep 21 07:16:08.642013: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:16:08.642016: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:08.642018: | local proposal 2 type PRF has 2 transforms Sep 21 07:16:08.642020: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:08.642023: | local proposal 2 type DH has 8 transforms Sep 21 07:16:08.642025: | local proposal 2 type ESN has 0 transforms Sep 21 07:16:08.642029: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:16:08.642031: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:08.642033: | local proposal 3 type PRF has 2 transforms Sep 21 07:16:08.642036: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:08.642038: | local proposal 3 type DH has 8 transforms Sep 21 07:16:08.642041: | local proposal 3 type ESN has 0 transforms Sep 21 07:16:08.642043: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:16:08.642046: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:08.642048: | local proposal 4 type PRF has 2 transforms Sep 21 07:16:08.642051: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:08.642053: | local proposal 4 type DH has 8 transforms Sep 21 07:16:08.642056: | local proposal 4 type ESN has 0 transforms Sep 21 07:16:08.642058: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:16:08.642061: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.642064: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:08.642066: | length: 36 (0x24) Sep 21 07:16:08.642069: | prop #: 1 (0x1) Sep 21 07:16:08.642071: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:08.642073: | spi size: 0 (0x0) Sep 21 07:16:08.642076: | # transforms: 3 (0x3) Sep 21 07:16:08.642080: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:16:08.642083: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.642085: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.642087: | length: 12 (0xc) Sep 21 07:16:08.642090: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.642092: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:08.642095: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.642098: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.642100: | length/value: 256 (0x100) Sep 21 07:16:08.642104: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:08.642107: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.642110: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.642112: | length: 8 (0x8) Sep 21 07:16:08.642114: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:08.642117: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:08.642120: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:16:08.642123: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.642125: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.642127: | length: 8 (0x8) Sep 21 07:16:08.642130: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.642132: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.642136: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:16:08.642139: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:16:08.642144: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:16:08.642148: | remote proposal 1 matches local proposal 1 Sep 21 07:16:08.642151: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:16:08.642153: | converting proposal to internal trans attrs Sep 21 07:16:08.642168: | natd_hash: hasher=0x55d6f420f7a0(20) Sep 21 07:16:08.642170: | natd_hash: icookie= c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.642173: | natd_hash: rcookie= f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.642175: | natd_hash: ip= c0 01 03 21 Sep 21 07:16:08.642177: | natd_hash: port= 01 f4 Sep 21 07:16:08.642180: | natd_hash: hash= ab 32 44 bf 54 c8 98 15 86 56 aa 08 b1 86 94 f0 Sep 21 07:16:08.642182: | natd_hash: hash= 84 da f4 2e Sep 21 07:16:08.642188: | natd_hash: hasher=0x55d6f420f7a0(20) Sep 21 07:16:08.642190: | natd_hash: icookie= c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.642193: | natd_hash: rcookie= f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.642195: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:08.642197: | natd_hash: port= 01 f4 Sep 21 07:16:08.642199: | natd_hash: hash= a1 fb be d6 78 00 79 14 88 49 60 6e 01 9b 2c b6 Sep 21 07:16:08.642201: | natd_hash: hash= a9 fb 5d cb Sep 21 07:16:08.642204: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:16:08.642206: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:16:08.642208: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:16:08.642212: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:16:08.642217: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:16:08.642221: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:16:08.642224: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:08.642227: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:16:08.642230: | libevent_free: release ptr-libevent@0x55d6f60d8f30 Sep 21 07:16:08.642233: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55d6f60e3d80 Sep 21 07:16:08.642236: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d6f60e3d80 Sep 21 07:16:08.642240: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:16:08.642243: | libevent_malloc: new ptr-libevent@0x55d6f60d8f30 size 128 Sep 21 07:16:08.642253: | #1 spent 0.278 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:16:08.642258: | crypto helper 5 resuming Sep 21 07:16:08.642259: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:08.642269: | crypto helper 5 starting work-order 2 for state #1 Sep 21 07:16:08.642276: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:16:08.642283: | crypto helper 5 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:16:08.642288: | suspending state #1 and saving MD Sep 21 07:16:08.642296: | #1 is busy; has a suspended MD Sep 21 07:16:08.642301: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:08.642305: | "northnet-eastnets/0x2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:08.642309: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:08.642314: | #1 spent 0.616 milliseconds in ikev2_process_packet() Sep 21 07:16:08.642318: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:08.642321: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:08.642323: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:08.642327: | spent 0.63 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:08.643275: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:16:08.643703: | crypto helper 5 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001419 seconds Sep 21 07:16:08.643714: | (#1) spent 1.4 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:16:08.643718: | crypto helper 5 sending results from work-order 2 for state #1 to event queue Sep 21 07:16:08.643721: | scheduling resume sending helper answer for #1 Sep 21 07:16:08.643725: | libevent_malloc: new ptr-libevent@0x7f7c84006b90 size 128 Sep 21 07:16:08.643733: | crypto helper 5 waiting (nothing to do) Sep 21 07:16:08.644252: | processing resume sending helper answer for #1 Sep 21 07:16:08.644264: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:08.644269: | crypto helper 5 replies to request ID 2 Sep 21 07:16:08.644271: | calling continuation function 0x55d6f4139630 Sep 21 07:16:08.644274: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:16:08.644280: | creating state object #2 at 0x55d6f60e9340 Sep 21 07:16:08.644282: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:16:08.644286: | pstats #2 ikev2.child started Sep 21 07:16:08.644289: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA Sep 21 07:16:08.644294: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:08.644300: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:08.644305: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:16:08.644310: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:08.644313: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:08.644316: | libevent_free: release ptr-libevent@0x55d6f60d8f30 Sep 21 07:16:08.644319: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d6f60e3d80 Sep 21 07:16:08.644322: | event_schedule: new EVENT_SA_REPLACE-pe@0x55d6f60e3d80 Sep 21 07:16:08.644325: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:16:08.644328: | libevent_malloc: new ptr-libevent@0x55d6f60d8f30 size 128 Sep 21 07:16:08.644332: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:16:08.644338: | **emit ISAKMP Message: Sep 21 07:16:08.644341: | initiator cookie: Sep 21 07:16:08.644343: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.644345: | responder cookie: Sep 21 07:16:08.644347: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.644350: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:08.644353: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.644356: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.644359: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:08.644361: | Message ID: 1 (0x1) Sep 21 07:16:08.644364: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:08.644367: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:08.644370: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.644372: | flags: none (0x0) Sep 21 07:16:08.644375: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:08.644378: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.644381: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:08.644389: | IKEv2 CERT: send a certificate? Sep 21 07:16:08.644392: | IKEv2 CERT: OK to send a certificate (always) Sep 21 07:16:08.644395: | IDr payload will be sent Sep 21 07:16:08.644412: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:16:08.644416: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.644420: | flags: none (0x0) Sep 21 07:16:08.644423: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:16:08.644426: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:16:08.644429: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.644432: | emitting 185 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:16:08.644435: | my identity 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:16:08.644437: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:16:08.644440: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:16:08.644442: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:16:08.644444: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:16:08.644446: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:16:08.644449: | my identity 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Sep 21 07:16:08.644451: | my identity 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Sep 21 07:16:08.644453: | my identity 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Sep 21 07:16:08.644456: | my identity 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Sep 21 07:16:08.644458: | my identity 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:16:08.644460: | my identity 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:16:08.644463: | emitting length of IKEv2 Identification - Initiator - Payload: 193 Sep 21 07:16:08.644473: | Sending [CERT] of certificate: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:16:08.644475: | ****emit IKEv2 Certificate Payload: Sep 21 07:16:08.644478: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.644480: | flags: none (0x0) Sep 21 07:16:08.644483: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:16:08.644486: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) Sep 21 07:16:08.644489: | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.644492: | emitting 1227 raw bytes of CERT into IKEv2 Certificate Payload Sep 21 07:16:08.644494: | CERT 30 82 04 c7 30 82 04 30 a0 03 02 01 02 02 01 06 Sep 21 07:16:08.644497: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Sep 21 07:16:08.644499: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Sep 21 07:16:08.644501: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Sep 21 07:16:08.644504: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Sep 21 07:16:08.644506: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Sep 21 07:16:08.644508: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Sep 21 07:16:08.644511: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Sep 21 07:16:08.644513: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Sep 21 07:16:08.644515: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Sep 21 07:16:08.644518: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Sep 21 07:16:08.644520: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Sep 21 07:16:08.644522: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Sep 21 07:16:08.644524: | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 Sep 21 07:16:08.644527: | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 Sep 21 07:16:08.644529: | CERT 39 5a 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 Sep 21 07:16:08.644531: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Sep 21 07:16:08.644533: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Sep 21 07:16:08.644536: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Sep 21 07:16:08.644539: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Sep 21 07:16:08.644542: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Sep 21 07:16:08.644544: | CERT 6d 65 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e Sep 21 07:16:08.644546: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Sep 21 07:16:08.644549: | CERT 72 65 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 Sep 21 07:16:08.644551: | CERT 2a 86 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d Sep 21 07:16:08.644553: | CERT 6e 6f 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 Sep 21 07:16:08.644556: | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 Sep 21 07:16:08.644558: | CERT 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 Sep 21 07:16:08.644560: | CERT 01 8f 00 30 82 01 8a 02 82 01 81 00 ba c2 12 92 Sep 21 07:16:08.644562: | CERT f3 67 1c ca 50 e4 11 97 bd e2 74 f8 2d a7 50 1c Sep 21 07:16:08.644565: | CERT 73 d5 23 89 43 a9 58 74 05 29 97 ee a9 71 9c 8d Sep 21 07:16:08.644567: | CERT 92 44 52 90 56 aa 55 a8 8c 69 5e 32 49 62 fb 18 Sep 21 07:16:08.644569: | CERT 4f f0 e2 24 38 f0 a3 3c 7d 95 a9 03 66 29 11 c0 Sep 21 07:16:08.644572: | CERT f2 0c e3 de a1 62 78 96 0e ff d1 f8 93 ac b7 cf Sep 21 07:16:08.644574: | CERT 52 33 01 71 ef 46 ad ad d4 46 f5 e0 c5 e5 57 42 Sep 21 07:16:08.644576: | CERT 2f 10 0e 27 24 45 5e d0 bd 90 32 70 b9 bb 27 2a Sep 21 07:16:08.644579: | CERT 4c 93 a8 87 8c f0 61 5d d9 74 91 04 d9 e9 5b e5 Sep 21 07:16:08.644581: | CERT 31 9c ca e0 5b 2c 3b 17 be 1a c9 1c 28 62 24 3c Sep 21 07:16:08.644583: | CERT e4 eb d0 1a e4 e3 c4 61 b6 9d 1a a9 39 6a b0 92 Sep 21 07:16:08.644585: | CERT a6 69 2c 19 b1 57 75 2b a8 1b ac 95 2b 35 5a 2f Sep 21 07:16:08.644588: | CERT 1f 33 eb 9a 50 d0 4d fa 7a 05 9b 59 44 7d ba a6 Sep 21 07:16:08.644590: | CERT 91 64 c9 4d 4a 01 39 e3 83 11 04 e9 b5 b3 9d 19 Sep 21 07:16:08.644592: | CERT 1b 35 86 8a e9 e4 8b 28 e9 57 06 58 e2 cb a6 24 Sep 21 07:16:08.644595: | CERT 35 73 37 7c 05 25 07 5f b6 df 3f 8b ab 5f e7 e4 Sep 21 07:16:08.644597: | CERT 38 d2 69 f6 1f 68 e9 7b 4f 2f fd 11 62 0e 47 ee Sep 21 07:16:08.644599: | CERT 67 3b 0e 71 d8 9a 35 1b e4 4f 56 64 fd c1 66 02 Sep 21 07:16:08.644602: | CERT 69 2e 08 ac e7 43 ca 55 47 97 ae 83 19 50 e4 9d Sep 21 07:16:08.644604: | CERT c7 a6 5c 9b 93 22 54 6f 02 4b 75 00 cf 67 e3 e2 Sep 21 07:16:08.644606: | CERT 07 7c d8 47 8f c1 09 83 cc 70 94 fa 6c 74 c8 55 Sep 21 07:16:08.644608: | CERT 7b 96 2c c1 85 f1 02 98 cd 1d be 85 5c 10 80 dd Sep 21 07:16:08.644610: | CERT bb 89 44 4b 94 fa 5e 56 5c 67 0e 2e c6 62 69 d4 Sep 21 07:16:08.644613: | CERT de 0e 97 31 ed 00 10 7b 83 dc 75 e4 12 fb 00 15 Sep 21 07:16:08.644615: | CERT eb 5d e4 85 6b 0d 07 4b e6 db 86 31 02 03 01 00 Sep 21 07:16:08.644617: | CERT 01 a3 81 e4 30 81 e1 30 09 06 03 55 1d 13 04 02 Sep 21 07:16:08.644620: | CERT 30 00 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 6e Sep 21 07:16:08.644622: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Sep 21 07:16:08.644624: | CERT 72 65 73 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d Sep 21 07:16:08.644627: | CERT 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 16 Sep 21 07:16:08.644629: | CERT 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 Sep 21 07:16:08.644631: | CERT 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 07 Sep 21 07:16:08.644633: | CERT 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 Sep 21 07:16:08.644636: | CERT 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 Sep 21 07:16:08.644638: | CERT 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Sep 21 07:16:08.644640: | CERT 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f Sep 21 07:16:08.644642: | CERT 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 Sep 21 07:16:08.644645: | CERT 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c Sep 21 07:16:08.644647: | CERT 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 Sep 21 07:16:08.644649: | CERT 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 Sep 21 07:16:08.644653: | CERT f7 0d 01 01 0b 05 00 03 81 81 00 c0 be 88 d3 94 Sep 21 07:16:08.644655: | CERT e8 3a e9 d3 b3 fd ed 79 1d 46 48 36 a3 2a 00 15 Sep 21 07:16:08.644657: | CERT 9e 62 f1 22 44 4c 58 20 2e de 7d 7f 95 09 d5 bd Sep 21 07:16:08.644660: | CERT 95 29 e4 f8 99 e3 8f c0 67 b4 eb f6 4b a3 4e 69 Sep 21 07:16:08.644662: | CERT 48 de 1c 93 9f 22 c8 b7 ca bb e8 0c af 7e 5a cd Sep 21 07:16:08.644664: | CERT 90 0c b9 e5 4b 4a de cc c3 7c ea e6 3f 96 0c b5 Sep 21 07:16:08.644667: | CERT dc 5f 88 2d e7 e2 cc f5 f3 90 76 dc b3 05 1d 01 Sep 21 07:16:08.644669: | CERT 60 24 b8 8c a2 f7 26 17 04 4f 25 15 bc 7f 1c ff Sep 21 07:16:08.644671: | CERT 4a f7 81 eb 12 63 8b 11 8c 53 ba Sep 21 07:16:08.644674: | emitting length of IKEv2 Certificate Payload: 1232 Sep 21 07:16:08.644676: | IKEv2 CERTREQ: send a cert request? Sep 21 07:16:08.644680: | IKEv2 CERTREQ: OK to send a certificate request Sep 21 07:16:08.644690: | Sending [CERTREQ] of C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org Sep 21 07:16:08.644692: | connection->kind is CK_PERMANENT so send CERTREQ Sep 21 07:16:08.644695: | ****emit IKEv2 Certificate Request Payload: Sep 21 07:16:08.644698: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.644700: | flags: none (0x0) Sep 21 07:16:08.644703: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:16:08.644706: | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ) Sep 21 07:16:08.644708: | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.645353: | located CA cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA for CERTREQ Sep 21 07:16:08.645367: | emitting 20 raw bytes of CA cert public key hash into IKEv2 Certificate Request Payload Sep 21 07:16:08.645370: | CA cert public key hash Sep 21 07:16:08.645373: | 4e cf af 8c 44 87 de 90 be 28 67 b9 ce 53 17 3f Sep 21 07:16:08.645375: | 8e eb 22 c0 Sep 21 07:16:08.645378: | emitting length of IKEv2 Certificate Request Payload: 25 Sep 21 07:16:08.645381: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:16:08.645384: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:16:08.645386: | flags: none (0x0) Sep 21 07:16:08.645389: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:16:08.645392: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:16:08.645395: | next payload chain: setting previous 'IKEv2 Certificate Request Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:16:08.645398: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.645401: | emitting 183 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:16:08.645404: | IDr 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:16:08.645406: | IDr 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:16:08.645408: | IDr 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:16:08.645410: | IDr 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:16:08.645413: | IDr 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:16:08.645415: | IDr 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:16:08.645417: | IDr 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Sep 21 07:16:08.645420: | IDr 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:16:08.645422: | IDr 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Sep 21 07:16:08.645424: | IDr 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Sep 21 07:16:08.645426: | IDr 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:16:08.645431: | IDr 77 61 6e 2e 6f 72 67 Sep 21 07:16:08.645434: | emitting length of IKEv2 Identification - Responder - Payload: 191 Sep 21 07:16:08.645436: | not sending INITIAL_CONTACT Sep 21 07:16:08.645439: | ****emit IKEv2 Authentication Payload: Sep 21 07:16:08.645442: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.645444: | flags: none (0x0) Sep 21 07:16:08.645447: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:16:08.645450: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:16:08.645453: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.645458: | #1 spent 1.18 milliseconds Sep 21 07:16:08.645473: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_RSA Sep 21 07:16:08.645522: | searching for certificate PKK_RSA:AwEAAbrCE vs PKK_RSA:AwEAAbrCE Sep 21 07:16:08.657395: | #1 spent 9.57 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Sep 21 07:16:08.657408: | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload Sep 21 07:16:08.657411: | rsa signature 9d 0d 54 e3 48 96 69 52 d1 88 57 0f 9a fa 7f b8 Sep 21 07:16:08.657414: | rsa signature 6b 41 e2 8e aa 7e 1f 07 6f 8c ab e3 0f 6a 26 f3 Sep 21 07:16:08.657416: | rsa signature 55 c4 1a 73 c8 13 22 5e 18 66 fa 9b 06 c6 72 e3 Sep 21 07:16:08.657419: | rsa signature 5c 31 cb 8c 9f 7b 04 54 ed 18 d8 93 f5 2c 63 50 Sep 21 07:16:08.657421: | rsa signature 00 08 cc ac bc 10 c6 97 e0 85 2f 6d d5 be 5d e0 Sep 21 07:16:08.657423: | rsa signature fc 69 68 d1 a2 b2 9b d6 85 a3 9c 27 af b3 3f c3 Sep 21 07:16:08.657426: | rsa signature 53 9a d6 ff ec 7a 58 24 fe 36 da 08 7d 91 aa 41 Sep 21 07:16:08.657428: | rsa signature be 96 ec d7 c0 54 c0 7a 90 51 1e f6 33 1e bb 66 Sep 21 07:16:08.657431: | rsa signature 9c 8d 23 c9 8b 77 10 0c 1c 9b ec eb 4b 58 74 39 Sep 21 07:16:08.657433: | rsa signature 04 19 11 36 eb e9 9c 4b 70 52 fb 29 65 d4 11 dc Sep 21 07:16:08.657435: | rsa signature 9c cb b7 85 c0 27 06 ed e5 8b 09 c8 b8 0c 1b b6 Sep 21 07:16:08.657438: | rsa signature eb 0a ab e2 21 58 89 b7 b2 aa e1 18 23 eb a0 65 Sep 21 07:16:08.657440: | rsa signature a2 54 49 44 02 96 e3 d0 1e 11 26 42 b5 ce c7 46 Sep 21 07:16:08.657442: | rsa signature 09 0f aa 68 98 91 5b 75 8e 3a d2 0a e3 e1 9a 66 Sep 21 07:16:08.657445: | rsa signature d1 63 0b 6d 4b 70 36 aa 03 74 ca 20 88 be 26 14 Sep 21 07:16:08.657447: | rsa signature d0 e0 c2 8c 49 1f 49 43 06 a4 fd 04 26 f9 7f 40 Sep 21 07:16:08.657450: | rsa signature ca 74 f6 1d a5 4b 78 45 43 e1 1c 7a 57 a0 d9 6f Sep 21 07:16:08.657452: | rsa signature 98 ea bc 98 08 89 2e 97 80 20 8c 39 a3 bb 3a 15 Sep 21 07:16:08.657454: | rsa signature 8e bb 59 f0 55 7f 69 b7 22 53 02 5d 35 75 10 cd Sep 21 07:16:08.657457: | rsa signature 31 08 76 df c2 83 9b e1 6a 40 86 d8 a0 a2 be 05 Sep 21 07:16:08.657459: | rsa signature 29 53 fe 04 df 61 5f b7 60 95 9e 67 db 2c af b2 Sep 21 07:16:08.657461: | rsa signature a2 89 3d dd 9e d2 df 5a 5f b2 99 98 b8 80 06 5a Sep 21 07:16:08.657464: | rsa signature 32 3b 97 28 bb 89 0a 92 00 14 01 22 d1 b5 4c 6f Sep 21 07:16:08.657466: | rsa signature 53 9e 61 98 3e d7 0f 0e a0 56 dc 0b 2e 2f 02 69 Sep 21 07:16:08.657470: | #1 spent 9.73 milliseconds in ikev2_calculate_rsa_hash() Sep 21 07:16:08.657473: | emitting length of IKEv2 Authentication Payload: 392 Sep 21 07:16:08.657476: | getting first pending from state #1 Sep 21 07:16:08.657480: | Switching Child connection for #2 to "northnet-eastnets/0x1" from "northnet-eastnets/0x2" Sep 21 07:16:08.657486: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:16:08.657507: | netlink_get_spi: allocated 0xf71ecbee for esp.0@192.1.3.33 Sep 21 07:16:08.657511: | constructing ESP/AH proposals with all DH removed for northnet-eastnets/0x1 (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:16:08.657517: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:16:08.657524: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:16:08.657526: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:16:08.657530: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:16:08.657534: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:08.657538: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:08.657541: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:08.657545: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:08.657553: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:08.657564: | Emitting ikev2_proposals ... Sep 21 07:16:08.657568: | ****emit IKEv2 Security Association Payload: Sep 21 07:16:08.657571: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.657574: | flags: none (0x0) Sep 21 07:16:08.657578: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:08.657581: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.657584: | discarding INTEG=NONE Sep 21 07:16:08.657586: | discarding DH=NONE Sep 21 07:16:08.657588: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.657591: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.657594: | prop #: 1 (0x1) Sep 21 07:16:08.657596: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.657598: | spi size: 4 (0x4) Sep 21 07:16:08.657601: | # transforms: 2 (0x2) Sep 21 07:16:08.657604: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:08.657607: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:08.657609: | our spi f7 1e cb ee Sep 21 07:16:08.657612: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.657614: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.657617: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.657619: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:08.657622: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.657625: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.657627: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.657630: | length/value: 256 (0x100) Sep 21 07:16:08.657633: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:08.657635: | discarding INTEG=NONE Sep 21 07:16:08.657637: | discarding DH=NONE Sep 21 07:16:08.657640: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.657642: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.657645: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.657647: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.657650: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.657655: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.657657: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.657660: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:16:08.657662: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:08.657665: | discarding INTEG=NONE Sep 21 07:16:08.657667: | discarding DH=NONE Sep 21 07:16:08.657669: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.657672: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.657674: | prop #: 2 (0x2) Sep 21 07:16:08.657676: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.657679: | spi size: 4 (0x4) Sep 21 07:16:08.657681: | # transforms: 2 (0x2) Sep 21 07:16:08.657684: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.657687: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:08.657690: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:08.657692: | our spi f7 1e cb ee Sep 21 07:16:08.657694: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.657696: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.657699: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.657701: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:08.657704: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.657707: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.657709: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.657711: | length/value: 128 (0x80) Sep 21 07:16:08.657714: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:08.657716: | discarding INTEG=NONE Sep 21 07:16:08.657718: | discarding DH=NONE Sep 21 07:16:08.657720: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.657723: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.657725: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.657728: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.657731: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.657733: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.657736: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.657738: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:16:08.657741: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:08.657743: | discarding DH=NONE Sep 21 07:16:08.657746: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.657748: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.657750: | prop #: 3 (0x3) Sep 21 07:16:08.657753: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.657755: | spi size: 4 (0x4) Sep 21 07:16:08.657757: | # transforms: 4 (0x4) Sep 21 07:16:08.657760: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.657763: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:08.657766: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:08.657768: | our spi f7 1e cb ee Sep 21 07:16:08.657770: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.657774: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.657777: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.657779: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:08.657782: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.657822: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.657825: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.657827: | length/value: 256 (0x100) Sep 21 07:16:08.657830: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:08.657833: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.657835: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.657837: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.657840: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:08.657843: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.657846: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.657848: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.657851: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.657853: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.657855: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.657858: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:08.657861: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.657863: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.657866: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.657868: | discarding DH=NONE Sep 21 07:16:08.657870: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.657873: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.657875: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.657878: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.657880: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.657883: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.657886: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.657888: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:16:08.657891: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:08.657893: | discarding DH=NONE Sep 21 07:16:08.657896: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.657898: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:08.657900: | prop #: 4 (0x4) Sep 21 07:16:08.657903: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.657905: | spi size: 4 (0x4) Sep 21 07:16:08.657907: | # transforms: 4 (0x4) Sep 21 07:16:08.657910: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.657913: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:08.657916: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:08.657918: | our spi f7 1e cb ee Sep 21 07:16:08.657920: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.657923: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.657927: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.657929: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:08.657932: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.657934: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.657937: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.657939: | length/value: 128 (0x80) Sep 21 07:16:08.657941: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:08.657944: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.657946: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.657949: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.657951: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:08.657954: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.657957: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.657959: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.657962: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.657964: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.657967: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.657969: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:08.657972: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.657975: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.657977: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.657979: | discarding DH=NONE Sep 21 07:16:08.657981: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.657984: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.657986: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.657989: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.657991: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.657994: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.657997: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.657999: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:16:08.658002: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:08.658004: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:16:08.658007: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:08.658011: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:08.658013: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.658016: | flags: none (0x0) Sep 21 07:16:08.658018: | number of TS: 1 (0x1) Sep 21 07:16:08.658022: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:16:08.658025: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.658027: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:08.658030: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:08.658032: | IP Protocol ID: 0 (0x0) Sep 21 07:16:08.658034: | start port: 0 (0x0) Sep 21 07:16:08.658037: | end port: 65535 (0xffff) Sep 21 07:16:08.658041: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:08.658043: | IP start c0 00 03 00 Sep 21 07:16:08.658046: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:08.658048: | IP end c0 00 03 ff Sep 21 07:16:08.658051: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:08.658053: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:16:08.658056: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:08.658058: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.658060: | flags: none (0x0) Sep 21 07:16:08.658063: | number of TS: 1 (0x1) Sep 21 07:16:08.658066: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:16:08.658068: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.658071: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:08.658073: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:08.658076: | IP Protocol ID: 0 (0x0) Sep 21 07:16:08.658078: | start port: 0 (0x0) Sep 21 07:16:08.658080: | end port: 65535 (0xffff) Sep 21 07:16:08.658083: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:08.658085: | IP start c0 00 02 00 Sep 21 07:16:08.658088: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:08.658090: | IP end c0 00 02 ff Sep 21 07:16:08.658092: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:08.658095: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:16:08.658097: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:16:08.658100: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:16:08.658103: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:08.658106: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:08.658109: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:08.658111: | emitting length of IKEv2 Encryption Payload: 2274 Sep 21 07:16:08.658114: | emitting length of ISAKMP Message: 2302 Sep 21 07:16:08.658118: | **parse ISAKMP Message: Sep 21 07:16:08.658120: | initiator cookie: Sep 21 07:16:08.658122: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.658125: | responder cookie: Sep 21 07:16:08.658127: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.658129: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:08.658132: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.658134: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.658137: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:08.658139: | Message ID: 1 (0x1) Sep 21 07:16:08.658151: | length: 2302 (0x8fe) Sep 21 07:16:08.658154: | **parse IKEv2 Encryption Payload: Sep 21 07:16:08.658157: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:16:08.658159: | flags: none (0x0) Sep 21 07:16:08.658161: | length: 2274 (0x8e2) Sep 21 07:16:08.658164: | **emit ISAKMP Message: Sep 21 07:16:08.658166: | initiator cookie: Sep 21 07:16:08.658168: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.658170: | responder cookie: Sep 21 07:16:08.658172: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.658175: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:08.658177: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.658180: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.658182: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:08.658184: | Message ID: 1 (0x1) Sep 21 07:16:08.658187: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:08.658190: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:16:08.658192: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:16:08.658196: | flags: none (0x0) Sep 21 07:16:08.658198: | fragment number: 1 (0x1) Sep 21 07:16:08.658201: | total fragments: 5 (0x5) Sep 21 07:16:08.658204: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Sep 21 07:16:08.658207: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.658209: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:16:08.658212: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:16:08.658219: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:16:08.658222: | cleartext fragment 25 00 00 c1 09 00 00 00 30 81 b6 31 0b 30 09 06 Sep 21 07:16:08.658224: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Sep 21 07:16:08.658227: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Sep 21 07:16:08.658229: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Sep 21 07:16:08.658231: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Sep 21 07:16:08.658234: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Sep 21 07:16:08.658236: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 24 30 22 06 03 Sep 21 07:16:08.658238: | cleartext fragment 55 04 03 0c 1b 6e 6f 72 74 68 2e 74 65 73 74 69 Sep 21 07:16:08.658241: | cleartext fragment 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:16:08.658243: | cleartext fragment 31 2f 30 2d 06 09 2a 86 48 86 f7 0d 01 09 01 16 Sep 21 07:16:08.658245: | cleartext fragment 20 75 73 65 72 2d 6e 6f 72 74 68 40 74 65 73 74 Sep 21 07:16:08.658248: | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 Sep 21 07:16:08.658250: | cleartext fragment 67 26 00 04 d0 04 30 82 04 c7 30 82 04 30 a0 03 Sep 21 07:16:08.658252: | cleartext fragment 02 01 02 02 01 06 30 0d 06 09 2a 86 48 86 f7 0d Sep 21 07:16:08.658255: | cleartext fragment 01 01 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 Sep 21 07:16:08.658257: | cleartext fragment 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 Sep 21 07:16:08.658259: | cleartext fragment 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 Sep 21 07:16:08.658262: | cleartext fragment 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 Sep 21 07:16:08.658264: | cleartext fragment 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 Sep 21 07:16:08.658266: | cleartext fragment 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 Sep 21 07:16:08.658269: | cleartext fragment 61 72 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 Sep 21 07:16:08.658271: | cleartext fragment 0c 1c 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 Sep 21 07:16:08.658274: | cleartext fragment 20 43 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 Sep 21 07:16:08.658276: | cleartext fragment 30 22 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 Sep 21 07:16:08.658278: | cleartext fragment 65 73 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e Sep 21 07:16:08.658280: | cleartext fragment 2e 6f 72 67 30 22 18 0f 32 30 31 39 30 39 31 35 Sep 21 07:16:08.658283: | cleartext fragment 31 39 34 34 35 39 5a 18 0f 32 30 32 32 30 39 31 Sep 21 07:16:08.658285: | cleartext fragment 34 31 39 34 34 35 39 5a 30 81 b6 31 0b 30 09 06 Sep 21 07:16:08.658288: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Sep 21 07:16:08.658290: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e Sep 21 07:16:08.658292: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:08.658295: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:16:08.658298: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:16:08.658300: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:16:08.658304: | emitting length of ISAKMP Message: 539 Sep 21 07:16:08.658316: | **emit ISAKMP Message: Sep 21 07:16:08.658319: | initiator cookie: Sep 21 07:16:08.658321: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.658323: | responder cookie: Sep 21 07:16:08.658325: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.658328: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:08.658330: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.658333: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.658335: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:08.658338: | Message ID: 1 (0x1) Sep 21 07:16:08.658340: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:08.658343: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:16:08.658345: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.658347: | flags: none (0x0) Sep 21 07:16:08.658350: | fragment number: 2 (0x2) Sep 21 07:16:08.658352: | total fragments: 5 (0x5) Sep 21 07:16:08.658355: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:16:08.658358: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.658360: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:16:08.658363: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:16:08.658366: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:16:08.658369: | cleartext fragment 06 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 Sep 21 07:16:08.658371: | cleartext fragment 30 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 Sep 21 07:16:08.658373: | cleartext fragment 61 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 Sep 21 07:16:08.658376: | cleartext fragment 74 20 44 65 70 61 72 74 6d 65 6e 74 31 24 30 22 Sep 21 07:16:08.658378: | cleartext fragment 06 03 55 04 03 0c 1b 6e 6f 72 74 68 2e 74 65 73 Sep 21 07:16:08.658380: | cleartext fragment 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f Sep 21 07:16:08.658383: | cleartext fragment 72 67 31 2f 30 2d 06 09 2a 86 48 86 f7 0d 01 09 Sep 21 07:16:08.658385: | cleartext fragment 01 16 20 75 73 65 72 2d 6e 6f 72 74 68 40 74 65 Sep 21 07:16:08.658387: | cleartext fragment 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e Sep 21 07:16:08.658390: | cleartext fragment 6f 72 67 30 82 01 a2 30 0d 06 09 2a 86 48 86 f7 Sep 21 07:16:08.658392: | cleartext fragment 0d 01 01 01 05 00 03 82 01 8f 00 30 82 01 8a 02 Sep 21 07:16:08.658394: | cleartext fragment 82 01 81 00 ba c2 12 92 f3 67 1c ca 50 e4 11 97 Sep 21 07:16:08.658397: | cleartext fragment bd e2 74 f8 2d a7 50 1c 73 d5 23 89 43 a9 58 74 Sep 21 07:16:08.658399: | cleartext fragment 05 29 97 ee a9 71 9c 8d 92 44 52 90 56 aa 55 a8 Sep 21 07:16:08.658402: | cleartext fragment 8c 69 5e 32 49 62 fb 18 4f f0 e2 24 38 f0 a3 3c Sep 21 07:16:08.658404: | cleartext fragment 7d 95 a9 03 66 29 11 c0 f2 0c e3 de a1 62 78 96 Sep 21 07:16:08.658406: | cleartext fragment 0e ff d1 f8 93 ac b7 cf 52 33 01 71 ef 46 ad ad Sep 21 07:16:08.658409: | cleartext fragment d4 46 f5 e0 c5 e5 57 42 2f 10 0e 27 24 45 5e d0 Sep 21 07:16:08.658411: | cleartext fragment bd 90 32 70 b9 bb 27 2a 4c 93 a8 87 8c f0 61 5d Sep 21 07:16:08.658413: | cleartext fragment d9 74 91 04 d9 e9 5b e5 31 9c ca e0 5b 2c 3b 17 Sep 21 07:16:08.658416: | cleartext fragment be 1a c9 1c 28 62 24 3c e4 eb d0 1a e4 e3 c4 61 Sep 21 07:16:08.658418: | cleartext fragment b6 9d 1a a9 39 6a b0 92 a6 69 2c 19 b1 57 75 2b Sep 21 07:16:08.658420: | cleartext fragment a8 1b ac 95 2b 35 5a 2f 1f 33 eb 9a 50 d0 4d fa Sep 21 07:16:08.658423: | cleartext fragment 7a 05 9b 59 44 7d ba a6 91 64 c9 4d 4a 01 39 e3 Sep 21 07:16:08.658425: | cleartext fragment 83 11 04 e9 b5 b3 9d 19 1b 35 86 8a e9 e4 8b 28 Sep 21 07:16:08.658429: | cleartext fragment e9 57 06 58 e2 cb a6 24 35 73 37 7c 05 25 07 5f Sep 21 07:16:08.658431: | cleartext fragment b6 df 3f 8b ab 5f e7 e4 38 d2 69 f6 1f 68 e9 7b Sep 21 07:16:08.658434: | cleartext fragment 4f 2f fd 11 62 0e 47 ee 67 3b 0e 71 d8 9a 35 1b Sep 21 07:16:08.658436: | cleartext fragment e4 4f 56 64 fd c1 66 02 69 2e 08 ac e7 43 ca 55 Sep 21 07:16:08.658438: | cleartext fragment 47 97 ae 83 19 50 e4 9d c7 a6 5c 9b 93 22 Sep 21 07:16:08.658441: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:08.658443: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:16:08.658446: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:16:08.658448: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:16:08.658451: | emitting length of ISAKMP Message: 539 Sep 21 07:16:08.658457: | **emit ISAKMP Message: Sep 21 07:16:08.658459: | initiator cookie: Sep 21 07:16:08.658461: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.658464: | responder cookie: Sep 21 07:16:08.658466: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.658468: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:08.658471: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.658473: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.658476: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:08.658478: | Message ID: 1 (0x1) Sep 21 07:16:08.658480: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:08.658483: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:16:08.658485: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.658488: | flags: none (0x0) Sep 21 07:16:08.658490: | fragment number: 3 (0x3) Sep 21 07:16:08.658492: | total fragments: 5 (0x5) Sep 21 07:16:08.658495: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:16:08.658498: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.658500: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:16:08.658503: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:16:08.658506: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:16:08.658509: | cleartext fragment 54 6f 02 4b 75 00 cf 67 e3 e2 07 7c d8 47 8f c1 Sep 21 07:16:08.658511: | cleartext fragment 09 83 cc 70 94 fa 6c 74 c8 55 7b 96 2c c1 85 f1 Sep 21 07:16:08.658513: | cleartext fragment 02 98 cd 1d be 85 5c 10 80 dd bb 89 44 4b 94 fa Sep 21 07:16:08.658516: | cleartext fragment 5e 56 5c 67 0e 2e c6 62 69 d4 de 0e 97 31 ed 00 Sep 21 07:16:08.658518: | cleartext fragment 10 7b 83 dc 75 e4 12 fb 00 15 eb 5d e4 85 6b 0d Sep 21 07:16:08.658521: | cleartext fragment 07 4b e6 db 86 31 02 03 01 00 01 a3 81 e4 30 81 Sep 21 07:16:08.658523: | cleartext fragment e1 30 09 06 03 55 1d 13 04 02 30 00 30 26 06 03 Sep 21 07:16:08.658525: | cleartext fragment 55 1d 11 04 1f 30 1d 82 1b 6e 6f 72 74 68 2e 74 Sep 21 07:16:08.658528: | cleartext fragment 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Sep 21 07:16:08.658530: | cleartext fragment 2e 6f 72 67 30 0b 06 03 55 1d 0f 04 04 03 02 07 Sep 21 07:16:08.658532: | cleartext fragment 80 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 Sep 21 07:16:08.658535: | cleartext fragment 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 Sep 21 07:16:08.658537: | cleartext fragment 30 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 Sep 21 07:16:08.658540: | cleartext fragment 30 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 Sep 21 07:16:08.658542: | cleartext fragment 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 Sep 21 07:16:08.658544: | cleartext fragment 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 Sep 21 07:16:08.658548: | cleartext fragment 35 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 Sep 21 07:16:08.658550: | cleartext fragment a0 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 Sep 21 07:16:08.658552: | cleartext fragment 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 Sep 21 07:16:08.658555: | cleartext fragment 61 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 Sep 21 07:16:08.658557: | cleartext fragment 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 Sep 21 07:16:08.658559: | cleartext fragment 00 03 81 81 00 c0 be 88 d3 94 e8 3a e9 d3 b3 fd Sep 21 07:16:08.658562: | cleartext fragment ed 79 1d 46 48 36 a3 2a 00 15 9e 62 f1 22 44 4c Sep 21 07:16:08.658564: | cleartext fragment 58 20 2e de 7d 7f 95 09 d5 bd 95 29 e4 f8 99 e3 Sep 21 07:16:08.658566: | cleartext fragment 8f c0 67 b4 eb f6 4b a3 4e 69 48 de 1c 93 9f 22 Sep 21 07:16:08.658569: | cleartext fragment c8 b7 ca bb e8 0c af 7e 5a cd 90 0c b9 e5 4b 4a Sep 21 07:16:08.658571: | cleartext fragment de cc c3 7c ea e6 3f 96 0c b5 dc 5f 88 2d e7 e2 Sep 21 07:16:08.658574: | cleartext fragment cc f5 f3 90 76 dc b3 05 1d 01 60 24 b8 8c a2 f7 Sep 21 07:16:08.658576: | cleartext fragment 26 17 04 4f 25 15 bc 7f 1c ff 4a f7 81 eb 12 63 Sep 21 07:16:08.658578: | cleartext fragment 8b 11 8c 53 ba 24 00 00 19 04 4e cf af 8c Sep 21 07:16:08.658581: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:08.658583: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:16:08.658586: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:16:08.658588: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:16:08.658591: | emitting length of ISAKMP Message: 539 Sep 21 07:16:08.658597: | **emit ISAKMP Message: Sep 21 07:16:08.658599: | initiator cookie: Sep 21 07:16:08.658602: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.658604: | responder cookie: Sep 21 07:16:08.658606: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.658608: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:08.658611: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.658613: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.658616: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:08.658618: | Message ID: 1 (0x1) Sep 21 07:16:08.658620: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:08.658623: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:16:08.658625: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.658628: | flags: none (0x0) Sep 21 07:16:08.658630: | fragment number: 4 (0x4) Sep 21 07:16:08.658632: | total fragments: 5 (0x5) Sep 21 07:16:08.658635: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:16:08.658638: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.658640: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:16:08.658643: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:16:08.658649: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:16:08.658651: | cleartext fragment 44 87 de 90 be 28 67 b9 ce 53 17 3f 8e eb 22 c0 Sep 21 07:16:08.658653: | cleartext fragment 27 00 00 bf 09 00 00 00 30 81 b4 31 0b 30 09 06 Sep 21 07:16:08.658656: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Sep 21 07:16:08.658658: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Sep 21 07:16:08.658661: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Sep 21 07:16:08.658663: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Sep 21 07:16:08.658665: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Sep 21 07:16:08.658668: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Sep 21 07:16:08.658671: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Sep 21 07:16:08.658673: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Sep 21 07:16:08.658676: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Sep 21 07:16:08.658678: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Sep 21 07:16:08.658681: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 21 Sep 21 07:16:08.658683: | cleartext fragment 00 01 88 01 00 00 00 9d 0d 54 e3 48 96 69 52 d1 Sep 21 07:16:08.658685: | cleartext fragment 88 57 0f 9a fa 7f b8 6b 41 e2 8e aa 7e 1f 07 6f Sep 21 07:16:08.658688: | cleartext fragment 8c ab e3 0f 6a 26 f3 55 c4 1a 73 c8 13 22 5e 18 Sep 21 07:16:08.658690: | cleartext fragment 66 fa 9b 06 c6 72 e3 5c 31 cb 8c 9f 7b 04 54 ed Sep 21 07:16:08.658692: | cleartext fragment 18 d8 93 f5 2c 63 50 00 08 cc ac bc 10 c6 97 e0 Sep 21 07:16:08.658695: | cleartext fragment 85 2f 6d d5 be 5d e0 fc 69 68 d1 a2 b2 9b d6 85 Sep 21 07:16:08.658697: | cleartext fragment a3 9c 27 af b3 3f c3 53 9a d6 ff ec 7a 58 24 fe Sep 21 07:16:08.658700: | cleartext fragment 36 da 08 7d 91 aa 41 be 96 ec d7 c0 54 c0 7a 90 Sep 21 07:16:08.658702: | cleartext fragment 51 1e f6 33 1e bb 66 9c 8d 23 c9 8b 77 10 0c 1c Sep 21 07:16:08.658704: | cleartext fragment 9b ec eb 4b 58 74 39 04 19 11 36 eb e9 9c 4b 70 Sep 21 07:16:08.658706: | cleartext fragment 52 fb 29 65 d4 11 dc 9c cb b7 85 c0 27 06 ed e5 Sep 21 07:16:08.658709: | cleartext fragment 8b 09 c8 b8 0c 1b b6 eb 0a ab e2 21 58 89 b7 b2 Sep 21 07:16:08.658711: | cleartext fragment aa e1 18 23 eb a0 65 a2 54 49 44 02 96 e3 d0 1e Sep 21 07:16:08.658713: | cleartext fragment 11 26 42 b5 ce c7 46 09 0f aa 68 98 91 5b 75 8e Sep 21 07:16:08.658716: | cleartext fragment 3a d2 0a e3 e1 9a 66 d1 63 0b 6d 4b 70 36 aa 03 Sep 21 07:16:08.658718: | cleartext fragment 74 ca 20 88 be 26 14 d0 e0 c2 8c 49 1f 49 43 06 Sep 21 07:16:08.658720: | cleartext fragment a4 fd 04 26 f9 7f 40 ca 74 f6 1d a5 4b 78 Sep 21 07:16:08.658723: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:08.658726: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:16:08.658729: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:16:08.658731: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:16:08.658733: | emitting length of ISAKMP Message: 539 Sep 21 07:16:08.658739: | **emit ISAKMP Message: Sep 21 07:16:08.658742: | initiator cookie: Sep 21 07:16:08.658744: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.658746: | responder cookie: Sep 21 07:16:08.658748: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.658751: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:08.658753: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.658755: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.658758: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:08.658760: | Message ID: 1 (0x1) Sep 21 07:16:08.658763: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:08.658765: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:16:08.658767: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.658770: | flags: none (0x0) Sep 21 07:16:08.658772: | fragment number: 5 (0x5) Sep 21 07:16:08.658774: | total fragments: 5 (0x5) Sep 21 07:16:08.658777: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:16:08.658780: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.658786: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:16:08.658791: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:16:08.658796: | emitting 333 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:16:08.658799: | cleartext fragment 45 43 e1 1c 7a 57 a0 d9 6f 98 ea bc 98 08 89 2e Sep 21 07:16:08.658801: | cleartext fragment 97 80 20 8c 39 a3 bb 3a 15 8e bb 59 f0 55 7f 69 Sep 21 07:16:08.658803: | cleartext fragment b7 22 53 02 5d 35 75 10 cd 31 08 76 df c2 83 9b Sep 21 07:16:08.658806: | cleartext fragment e1 6a 40 86 d8 a0 a2 be 05 29 53 fe 04 df 61 5f Sep 21 07:16:08.658808: | cleartext fragment b7 60 95 9e 67 db 2c af b2 a2 89 3d dd 9e d2 df Sep 21 07:16:08.658810: | cleartext fragment 5a 5f b2 99 98 b8 80 06 5a 32 3b 97 28 bb 89 0a Sep 21 07:16:08.658812: | cleartext fragment 92 00 14 01 22 d1 b5 4c 6f 53 9e 61 98 3e d7 0f Sep 21 07:16:08.658815: | cleartext fragment 0e a0 56 dc 0b 2e 2f 02 69 2c 00 00 a4 02 00 00 Sep 21 07:16:08.658817: | cleartext fragment 20 01 03 04 02 f7 1e cb ee 03 00 00 0c 01 00 00 Sep 21 07:16:08.658819: | cleartext fragment 14 80 0e 01 00 00 00 00 08 05 00 00 00 02 00 00 Sep 21 07:16:08.658822: | cleartext fragment 20 02 03 04 02 f7 1e cb ee 03 00 00 0c 01 00 00 Sep 21 07:16:08.658824: | cleartext fragment 14 80 0e 00 80 00 00 00 08 05 00 00 00 02 00 00 Sep 21 07:16:08.658826: | cleartext fragment 30 03 03 04 04 f7 1e cb ee 03 00 00 0c 01 00 00 Sep 21 07:16:08.658829: | cleartext fragment 0c 80 0e 01 00 03 00 00 08 03 00 00 0e 03 00 00 Sep 21 07:16:08.658831: | cleartext fragment 08 03 00 00 0c 00 00 00 08 05 00 00 00 00 00 00 Sep 21 07:16:08.658833: | cleartext fragment 30 04 03 04 04 f7 1e cb ee 03 00 00 0c 01 00 00 Sep 21 07:16:08.658836: | cleartext fragment 0c 80 0e 00 80 03 00 00 08 03 00 00 0e 03 00 00 Sep 21 07:16:08.658838: | cleartext fragment 08 03 00 00 0c 00 00 00 08 05 00 00 00 2d 00 00 Sep 21 07:16:08.658840: | cleartext fragment 18 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 03 Sep 21 07:16:08.658843: | cleartext fragment 00 c0 00 03 ff 00 00 00 18 01 00 00 00 07 00 00 Sep 21 07:16:08.658845: | cleartext fragment 10 00 00 ff ff c0 00 02 00 c0 00 02 ff Sep 21 07:16:08.658847: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:08.658850: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:16:08.658853: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:16:08.658855: | emitting length of IKEv2 Encrypted Fragment: 366 Sep 21 07:16:08.658857: | emitting length of ISAKMP Message: 394 Sep 21 07:16:08.658868: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:08.658873: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:08.658877: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:16:08.658880: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:16:08.658884: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:16:08.658887: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:16:08.658892: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:16:08.658897: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:16:08.658902: "northnet-eastnets/0x1" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:16:08.658929: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:16:08.658933: | sending fragments ... Sep 21 07:16:08.658939: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:08.658943: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.658945: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Sep 21 07:16:08.658947: | 00 01 00 05 be c7 6d a3 c2 5d db 93 ed 17 d6 43 Sep 21 07:16:08.658950: | d0 44 1b 68 96 6e 8d c8 e5 e9 cb 96 eb b8 b4 0d Sep 21 07:16:08.658952: | 1d 28 b3 af 1f 86 34 3b 89 c3 53 17 c4 46 4d d5 Sep 21 07:16:08.658954: | 76 a5 18 23 d1 28 80 2a 51 23 16 e1 ca f9 0a d0 Sep 21 07:16:08.658956: | 1a f9 c5 4f a7 57 8f 0e 6a 23 56 cc 3d 57 6c ec Sep 21 07:16:08.658959: | c8 26 d9 63 74 71 fe 72 ec 98 5b ac 06 a0 64 e7 Sep 21 07:16:08.658961: | 07 17 63 95 ff 9c 7f bc 8c 1d 39 dc 9a 9d 7a d9 Sep 21 07:16:08.658963: | e6 34 99 3c 71 a6 e2 61 9b 70 84 89 48 b5 f8 6f Sep 21 07:16:08.658965: | fe a5 1c 62 ac 6c 5d 8a 66 6d 9b 77 dc 63 fd 0c Sep 21 07:16:08.658967: | 47 06 af 4e 89 76 77 09 4a 26 fa 8c 84 7b c2 3c Sep 21 07:16:08.658970: | d0 45 53 b3 a7 85 8c 0f b5 22 da 73 91 61 58 88 Sep 21 07:16:08.658972: | 21 c5 8f ea 19 30 dc ce 07 8e ae c2 6c 80 69 1d Sep 21 07:16:08.658974: | 0f 88 73 e0 91 9d 94 49 99 4e 51 66 df 0b 89 95 Sep 21 07:16:08.658977: | 65 51 3c f8 73 58 a4 80 ff 23 03 0d 01 47 2f cf Sep 21 07:16:08.658979: | 40 8d 8c e2 dd 5c 0c 2c 7e f6 13 87 40 dd 11 96 Sep 21 07:16:08.658981: | 1b 7d 94 35 43 a4 ef 1b c8 cd c2 f6 f3 df 80 49 Sep 21 07:16:08.658983: | b8 fe 63 ef 8a 20 d9 15 af ae 2d 40 c8 a5 1c 53 Sep 21 07:16:08.658986: | 7d ec ef 71 36 c9 59 44 32 03 04 0a 07 11 c4 b1 Sep 21 07:16:08.658988: | f9 09 c2 f5 a8 a2 2e 36 4b b2 45 27 ff b5 53 6b Sep 21 07:16:08.658990: | c4 2c f9 94 68 4c 50 da 1a ac f3 96 d6 60 24 f9 Sep 21 07:16:08.658992: | 0e a2 aa 09 28 a4 c7 39 59 19 22 dc 51 b7 ef 40 Sep 21 07:16:08.658995: | 0e cb 91 89 58 5e b2 f5 28 d6 31 23 4a dc 6b b5 Sep 21 07:16:08.658997: | 22 68 16 dd d1 5a 0f e0 64 b9 ea 61 50 6c 7b 0f Sep 21 07:16:08.658999: | de d4 9e 5f 15 26 48 ed ee 0f ed 18 fc d2 a1 f1 Sep 21 07:16:08.659001: | 1e 67 b2 8b 26 3a 26 d4 5c be 0c c3 63 fd bc 01 Sep 21 07:16:08.659004: | 00 34 81 7b 14 c2 f7 05 6e 1f e1 e9 d9 0d c6 ff Sep 21 07:16:08.659006: | 9f f0 ff 72 94 4c 4c 39 6a d2 a5 f4 79 f1 3b cc Sep 21 07:16:08.659008: | a1 58 58 75 4c a3 c8 b3 93 75 85 a0 33 78 cb 53 Sep 21 07:16:08.659010: | fa 3c 2c 64 2f c4 99 f1 f6 37 e7 ce f2 22 41 ef Sep 21 07:16:08.659013: | 5b 69 17 4b bc 03 81 72 cc ab a8 01 60 c0 70 41 Sep 21 07:16:08.659015: | bc 6b 06 52 b5 23 59 19 cb 9e 0b 01 cc 6b 76 97 Sep 21 07:16:08.659017: | 5d 9e 37 e1 80 b3 53 aa 33 8f b8 Sep 21 07:16:08.659311: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:08.659314: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.659317: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:16:08.659319: | 00 02 00 05 7f 44 eb a6 7d 38 f6 0a 0b 43 49 8c Sep 21 07:16:08.659321: | eb 9e 2a e8 ca 12 a0 fa 5e 04 d9 1e c0 07 ec 91 Sep 21 07:16:08.659323: | 14 68 76 cb 2a 58 18 2d 1f e1 4a 79 64 86 a7 b6 Sep 21 07:16:08.659325: | 44 4f 11 00 65 3c 41 9d 81 a5 84 59 30 95 18 2e Sep 21 07:16:08.659328: | 5c 03 d4 48 23 6b 0d d3 3c c3 7b 42 5f 45 83 3c Sep 21 07:16:08.659330: | ac ca 49 c6 85 27 b9 61 6d fa 2d 9f 9e a8 f7 4f Sep 21 07:16:08.659332: | 6b b9 30 8a dd d1 18 2b ea 03 bb 60 2c 11 10 f4 Sep 21 07:16:08.659335: | e1 8f d0 1a 40 0d ed 82 12 d3 35 d9 2e fb ad aa Sep 21 07:16:08.659337: | b7 d1 e7 95 f1 07 4b 0e 05 f4 f5 6c a6 a5 1d af Sep 21 07:16:08.659339: | 54 e6 ff 25 7f 71 c1 a8 f1 86 3a 81 fb 70 78 6f Sep 21 07:16:08.659341: | 21 d9 8f c2 9f 15 7f 7b 05 78 36 bb ae 26 1a bc Sep 21 07:16:08.659344: | b9 84 7a a5 ba c4 a8 90 9f 80 cf 32 b6 4f 04 7a Sep 21 07:16:08.659346: | 93 45 ff f3 9d b9 fc 0b 02 6a dc 79 bf 77 12 42 Sep 21 07:16:08.659348: | 63 90 b6 99 9b d0 f9 c6 c3 d1 ea 05 6f 43 67 0b Sep 21 07:16:08.659354: | 1c 69 1c ac 71 5f 9a 0b 83 c5 b0 8c a4 04 52 71 Sep 21 07:16:08.659356: | 6c 73 ff 22 24 83 ca ca 36 f5 b0 26 ff 19 dc 85 Sep 21 07:16:08.659359: | e4 1d 69 18 db 0c 82 9c 93 96 48 d8 61 47 b8 aa Sep 21 07:16:08.659361: | 4b d1 25 d0 93 a9 e0 e6 d8 55 c8 e8 25 8f 16 44 Sep 21 07:16:08.659363: | fc a4 d7 ad 59 97 a7 98 54 b5 a7 29 77 75 35 0b Sep 21 07:16:08.659366: | b7 29 e6 f0 dc ef 88 7f 68 88 1a bf a9 f7 e6 bc Sep 21 07:16:08.659368: | 48 e4 7d 0d b6 e8 46 b1 96 11 b7 67 60 0f b9 e6 Sep 21 07:16:08.659370: | b2 03 43 37 dc 2a ca 7b f3 55 08 78 0b 37 bd f8 Sep 21 07:16:08.659372: | 25 b0 5d 71 c3 af 8b cc 3f c4 f0 2f 00 28 7c 79 Sep 21 07:16:08.659375: | 3f e9 15 57 fd e4 56 34 f4 7e 48 e9 43 9e d7 6b Sep 21 07:16:08.659377: | dd e0 4d 67 e6 7a 8c ee ec c3 c3 2c 00 41 5c 82 Sep 21 07:16:08.659379: | 93 ec eb 32 0a 61 f9 65 fb a3 a5 3f 4a b3 c0 dd Sep 21 07:16:08.659381: | 27 cc 6b 5f 1a 69 86 b5 90 49 32 e7 8d 19 02 91 Sep 21 07:16:08.659384: | 54 d1 1f e1 27 86 af 09 8d 49 07 dd c4 bc 8d e7 Sep 21 07:16:08.659386: | a0 6c 24 59 18 e4 f6 42 9e 4f 35 68 0c d7 6c eb Sep 21 07:16:08.659388: | 3f 83 88 e0 68 0b 21 a0 ff b2 0a 38 0f f8 34 27 Sep 21 07:16:08.659390: | f4 ce 35 2e 6e dd 8e 80 41 4c 6a bd bc 0e b9 f6 Sep 21 07:16:08.659393: | b1 75 c0 f9 1a 1d a5 d5 5e 35 e4 Sep 21 07:16:08.659636: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:08.659639: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.659641: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:16:08.659644: | 00 03 00 05 e2 5d fb c1 48 9f 10 0c ff 70 22 d7 Sep 21 07:16:08.659646: | a7 7e 11 8f 4e 20 cd 09 df a1 c5 79 a0 83 c9 64 Sep 21 07:16:08.659648: | 1e d8 05 a0 43 06 a0 8d 0d ec 97 01 1b dd 9a 62 Sep 21 07:16:08.659650: | 1f 0e ac 08 e6 ec 98 47 65 67 c5 22 3f 96 08 65 Sep 21 07:16:08.659653: | 08 8c b8 6f 9a 19 0f df 32 d7 9b f7 94 8f d3 f2 Sep 21 07:16:08.659655: | 32 a2 e5 ec 31 37 27 c2 ae 8d 28 56 9d 16 b6 9b Sep 21 07:16:08.659657: | 5b 6a 95 c2 46 24 99 f6 b6 95 5b fd 86 d1 bd 94 Sep 21 07:16:08.659659: | 5b 83 e9 e6 3c 91 4d d8 98 63 4a bf 6e da 70 fb Sep 21 07:16:08.659662: | 22 1e c6 5c 95 42 fb 3b 75 b1 c5 67 82 76 65 6c Sep 21 07:16:08.659664: | d2 84 bc 49 36 39 5e d5 a7 ad c1 0a e3 f0 a3 8e Sep 21 07:16:08.659666: | e1 f2 34 24 dd 50 62 92 49 55 5f f8 42 d5 f9 45 Sep 21 07:16:08.659668: | 07 99 91 10 de c9 ac a3 f5 86 89 ec b9 a3 17 85 Sep 21 07:16:08.659671: | 97 ed da de 61 fb fc 8b 87 3a 0f ca 63 54 0a 86 Sep 21 07:16:08.659673: | 84 ec d4 14 67 f7 44 1c 8a a2 2f d2 c5 de de 09 Sep 21 07:16:08.659675: | 90 18 c9 e5 94 01 27 9e ba 2d ff df 79 45 18 6e Sep 21 07:16:08.659677: | 60 4d aa 84 3d 34 97 4c bf 4f 00 a1 5f 64 f2 b8 Sep 21 07:16:08.659680: | 24 1c 1d 77 46 37 3f b5 bd 6e 07 3b d5 58 2b 5f Sep 21 07:16:08.659682: | 22 28 87 76 61 47 92 a8 3b ab 27 16 cf 87 62 81 Sep 21 07:16:08.659684: | 74 e6 7b 1a f0 8d 92 fa db 6e ff 6e a5 4a 1e c4 Sep 21 07:16:08.659686: | f0 0a 70 06 dc 4b a4 50 2f 81 df d0 64 02 9a 25 Sep 21 07:16:08.659689: | 27 7e 9c a9 bb f0 ac 71 31 24 6f 5a c8 15 17 75 Sep 21 07:16:08.659691: | 83 41 9f c4 c2 43 d7 b5 88 f5 eb 5f c4 2d 97 6d Sep 21 07:16:08.659693: | 26 19 b4 93 3a b8 6b 0d 54 de 51 85 f4 13 0e 83 Sep 21 07:16:08.659695: | a3 10 d9 df 81 ae 08 62 b3 b1 d8 8f 49 71 10 ad Sep 21 07:16:08.659698: | d8 f4 fb c2 48 ae 29 61 9f 7e e6 5f 00 e8 8c a8 Sep 21 07:16:08.659700: | 41 5e 33 75 26 07 97 54 df 23 fc 59 b2 12 4a 19 Sep 21 07:16:08.659702: | 2d 49 55 d5 39 50 16 ad bd 22 63 6a e2 43 8b 52 Sep 21 07:16:08.659704: | 56 97 bd 72 59 00 84 cd 7c a5 54 0b 7e 1b 11 58 Sep 21 07:16:08.659707: | fd 60 7d 32 17 71 66 67 a2 9a 85 9e aa ab 25 8b Sep 21 07:16:08.659709: | 59 ca e0 d6 81 f2 dc 8a 34 11 cd 93 08 f2 00 e3 Sep 21 07:16:08.659713: | 99 72 08 3b 5d 29 53 0d 20 4f e1 3d 96 9b 30 35 Sep 21 07:16:08.659715: | 55 00 13 1e 4e 18 3f b8 1d 35 75 Sep 21 07:16:08.659953: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:08.659958: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.659960: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:16:08.659963: | 00 04 00 05 e0 d1 b0 cf 6b 6b 9b d4 7f 61 eb b8 Sep 21 07:16:08.659965: | e2 c4 26 5c c3 79 65 66 cb 37 62 6b 92 48 21 e2 Sep 21 07:16:08.659967: | 90 dc 19 f2 52 c3 64 70 b2 b5 f4 3d 7c 99 ab e2 Sep 21 07:16:08.659969: | 24 dd ef 22 c1 64 1b 38 f1 b0 92 69 9d 6f 95 d0 Sep 21 07:16:08.659972: | e4 64 da 74 ab 85 ca b6 8f c8 7a d7 0e a0 2f 55 Sep 21 07:16:08.659974: | 63 e0 9b bb b4 8f e1 ed dd 5d 63 e8 f3 79 d5 02 Sep 21 07:16:08.659976: | ba bd cb ec 12 09 ac dd 70 0a 1d 92 13 50 be a2 Sep 21 07:16:08.659978: | d6 53 0a 00 fa 7e 34 3c 21 82 4f 6e 72 37 a8 c6 Sep 21 07:16:08.659980: | 79 b1 d9 86 b3 cf b1 07 12 58 92 6d 3b c2 99 c0 Sep 21 07:16:08.659983: | 22 15 10 92 a4 fe 98 91 42 69 c2 c0 0e f1 49 2c Sep 21 07:16:08.659985: | f5 6b 06 17 28 5f 90 ff 8f 6f c5 79 b7 4a 3f 32 Sep 21 07:16:08.659987: | ab ff cb 52 f0 9d e4 84 c4 8c 90 c2 cf 0b 7c ea Sep 21 07:16:08.659989: | ac fe 9e 0f 23 1d 19 77 2e f7 77 a5 c1 67 35 32 Sep 21 07:16:08.659992: | 14 83 f4 ee 87 23 da 7d 58 a9 c5 0a 4c 02 90 48 Sep 21 07:16:08.659994: | b9 15 5f 55 4e b3 68 31 9a 9f 10 af 62 a7 11 51 Sep 21 07:16:08.659996: | aa fd 30 90 fd 44 82 4b cc 50 e0 52 d6 a7 24 61 Sep 21 07:16:08.659998: | c0 cd 29 bf 9c 59 1b 95 0e d8 bf bd e1 5e 52 97 Sep 21 07:16:08.660000: | fc 84 4c a6 f9 6a 15 65 5c 16 73 50 84 fc 7c 85 Sep 21 07:16:08.660003: | ec 8a c0 07 86 15 e7 29 61 9e 7f f4 e9 ff cc b1 Sep 21 07:16:08.660005: | 34 25 d2 95 d9 35 28 de 18 2f d1 0f 15 1d 4b 19 Sep 21 07:16:08.660007: | f5 26 9b 61 62 62 f1 e7 e5 79 b1 45 01 f4 29 a6 Sep 21 07:16:08.660009: | d2 d6 88 07 7d a7 35 d9 12 e3 b3 db b7 ae 85 31 Sep 21 07:16:08.660012: | bc 09 80 a4 39 41 80 4b c7 51 38 ad 68 84 e3 ab Sep 21 07:16:08.660014: | 17 6b 7b 11 59 9a d1 8c 61 3a 92 7a e4 34 79 b2 Sep 21 07:16:08.660016: | c8 b2 26 e8 0a 1a cb 7f de 3d e3 6c 02 e3 06 f9 Sep 21 07:16:08.660018: | 85 d5 87 ca e0 d6 23 db 18 11 b9 06 c7 3a 4d 43 Sep 21 07:16:08.660021: | c7 db fd ad ba 3d 7c 46 9b 39 5e 4d a9 41 a5 64 Sep 21 07:16:08.660023: | b8 f2 01 3b bc b5 83 2d 8c 8d ea 66 ed 96 11 6a Sep 21 07:16:08.660025: | 8b 1e f6 6f 14 58 ba 81 be 78 d6 44 21 6f 5f 27 Sep 21 07:16:08.660027: | db 61 8a 8a 67 16 93 2d 61 54 53 af 9c 96 7d 60 Sep 21 07:16:08.660030: | 05 75 46 0d 7a 64 99 be ba 3a 8b 1e 02 74 14 de Sep 21 07:16:08.660032: | fd 40 11 bc 83 d3 46 7b 9f c6 26 Sep 21 07:16:08.660049: | sending 394 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:08.660053: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.660055: | 35 20 23 08 00 00 00 01 00 00 01 8a 00 00 01 6e Sep 21 07:16:08.660057: | 00 05 00 05 49 89 ee d2 54 4b 86 e5 d2 d6 1b 85 Sep 21 07:16:08.660059: | c0 25 1d 51 2a e7 81 c6 73 33 19 af c6 23 93 46 Sep 21 07:16:08.660062: | a8 3f c7 c5 10 58 ea 01 8d 61 e0 e7 84 9f 42 13 Sep 21 07:16:08.660064: | 74 c2 90 92 9b be 88 7f 43 8f cb bb 3d b5 81 d2 Sep 21 07:16:08.660066: | 9c 30 52 ea 34 57 ff 5c 56 f9 59 7a 96 da 94 29 Sep 21 07:16:08.660068: | b3 e0 bf c7 c5 7e cd 43 c2 a3 fb 32 a7 60 8a 23 Sep 21 07:16:08.660071: | 7d 0f 05 ad a7 4b 6b cd f8 af 64 df fd 8e 5d 12 Sep 21 07:16:08.660073: | 4d c8 cb 76 a6 00 96 4a 41 1e 34 7a db da c0 8e Sep 21 07:16:08.660075: | 6e bd f0 0b 21 69 7a e3 e2 27 37 2c d2 a3 81 70 Sep 21 07:16:08.660077: | f0 e6 d2 9b 32 d2 e9 27 60 96 b0 61 94 58 b7 7c Sep 21 07:16:08.660080: | 66 50 23 8b ab 63 8d 81 af 97 8f a0 7a e6 7b c3 Sep 21 07:16:08.660084: | ab ac 56 b7 01 8d b0 92 ca 0d 86 4f e0 f9 d1 7c Sep 21 07:16:08.660086: | 7e 5a ae cf da e8 fc d4 f1 c7 81 51 3b 80 0c 13 Sep 21 07:16:08.660088: | 9c 2f 6f c0 51 14 c7 38 6f f8 4f 7e db 5b a2 08 Sep 21 07:16:08.660091: | ea 3d 13 20 1e 1f e8 32 3d cf 42 af 14 a9 59 4b Sep 21 07:16:08.660093: | 47 ba 77 ac 8c 6d e6 be 28 f1 c6 80 7b 19 ff 71 Sep 21 07:16:08.660095: | 92 a6 24 85 c7 92 16 3b 31 e8 af f4 a2 06 72 07 Sep 21 07:16:08.660098: | 65 16 99 e1 cb 96 f9 02 27 47 20 46 ea 74 0e a2 Sep 21 07:16:08.660100: | b5 b8 d7 e5 75 9f f4 15 13 0b 19 a2 3d c5 c0 66 Sep 21 07:16:08.660102: | 17 31 46 5d 43 4d b3 37 12 0d 42 01 24 9f 85 e8 Sep 21 07:16:08.660104: | af 2f 63 dc 24 9a 83 c5 3f 07 fa 08 e7 45 28 ab Sep 21 07:16:08.660107: | c9 7d 6c 8b 5d 55 04 7e c7 03 b3 83 5a 33 cf c4 Sep 21 07:16:08.660109: | 03 7e 96 f2 c9 45 ab a1 11 b3 Sep 21 07:16:08.660119: | sent 5 fragments Sep 21 07:16:08.660123: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:16:08.660126: "northnet-eastnets/0x1" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:16:08.660150: | event_schedule: new EVENT_RETRANSMIT-pe@0x55d6f60ecc30 Sep 21 07:16:08.660155: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Sep 21 07:16:08.660158: | libevent_malloc: new ptr-libevent@0x7f7c8c006900 size 128 Sep 21 07:16:08.660165: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48815.028414 Sep 21 07:16:08.660169: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:16:08.660174: | #1 spent 1.93 milliseconds Sep 21 07:16:08.660178: | #1 spent 12.8 milliseconds in resume sending helper answer Sep 21 07:16:08.660183: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:08.660186: | libevent_free: release ptr-libevent@0x7f7c84006b90 Sep 21 07:16:08.737964: | spent 0.00275 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:08.737983: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:08.737987: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.737989: | 35 20 23 20 00 00 00 01 00 00 02 1b 24 00 01 ff Sep 21 07:16:08.737992: | 00 01 00 05 23 73 36 51 79 2d e0 ec 9a 67 c0 79 Sep 21 07:16:08.737994: | 29 70 d7 31 3e d1 41 42 06 bb 04 09 c2 4d a7 b1 Sep 21 07:16:08.737997: | e1 56 47 bb d2 00 82 3e 66 64 c6 47 77 4d 4a 5b Sep 21 07:16:08.737999: | 97 e0 b2 54 ab 1a db 24 2d d1 ab a0 4d b7 e3 70 Sep 21 07:16:08.738001: | fd 97 91 d7 a1 01 35 3b 38 96 71 c5 77 de 13 ce Sep 21 07:16:08.738004: | 7e eb d2 7f 69 d5 3b 9f 07 72 7d 10 05 59 44 cd Sep 21 07:16:08.738006: | dd 39 42 08 57 25 ba 02 48 0a c3 26 0b 34 ff 8a Sep 21 07:16:08.738008: | c3 95 8b 90 8e 21 b1 24 61 56 28 d6 65 74 55 51 Sep 21 07:16:08.738011: | b2 f1 aa 5d 3d 25 88 1c e9 71 83 52 b9 0b ec f3 Sep 21 07:16:08.738013: | b1 2a ac 9b d2 0c e0 0f bd d8 9e 56 d7 00 f2 0e Sep 21 07:16:08.738016: | ad a1 61 97 5f 19 f2 2a e3 d5 a0 d3 7e 23 b9 ae Sep 21 07:16:08.738018: | b6 1c 45 8b d1 49 ba b0 5e ff d3 81 82 4c 79 34 Sep 21 07:16:08.738021: | 94 c8 88 37 a4 b9 0c c6 1d 7b f2 87 be ed 0d 25 Sep 21 07:16:08.738023: | 09 1a 85 13 5c 41 3d 6a d5 bb 59 21 c6 e7 2e cb Sep 21 07:16:08.738025: | b1 7b c9 bc 83 a4 9c 5a ca 92 47 17 8f 91 b1 c7 Sep 21 07:16:08.738028: | 41 fe 6e ee 17 e0 9f f2 2d 3a 29 75 94 1f 18 44 Sep 21 07:16:08.738030: | 6b bc 11 a2 2d e8 5b e2 bf 94 f6 6c 3e 6c fd 25 Sep 21 07:16:08.738032: | 37 2b 29 fd c5 f7 2d 89 1c a7 5f 25 40 67 c7 05 Sep 21 07:16:08.738034: | 8d 86 98 4a 5b 56 0b 1b f8 c3 fc f4 37 af 8a b6 Sep 21 07:16:08.738037: | 1a 9e 2d 91 fe e2 87 4f 83 a2 2a bd ca e5 5d 0f Sep 21 07:16:08.738039: | 0a 83 c3 ac 7b a6 1e 42 25 12 75 74 c9 4d ea df Sep 21 07:16:08.738043: | 8d 59 6e 42 2a e6 3b 01 15 a4 32 db 56 04 a3 2a Sep 21 07:16:08.738046: | 47 49 f0 88 a6 e1 85 c9 b2 76 cb 68 37 30 cf bf Sep 21 07:16:08.738048: | 85 11 37 63 cf 7e 91 52 e4 ba b5 ea 3e aa b0 85 Sep 21 07:16:08.738050: | 42 6c 0a 17 00 ea ea 89 5a ab 7e 06 81 d6 6e 90 Sep 21 07:16:08.738053: | 69 51 6a ec 47 0e 31 2c b3 3a 85 8c 0f 34 ef 53 Sep 21 07:16:08.738055: | 1d 55 ec b6 62 d6 97 88 63 51 50 25 c4 c4 ad 4f Sep 21 07:16:08.738058: | 3f d0 d5 e7 42 ea 32 3e c1 08 b2 5e 92 7d a5 47 Sep 21 07:16:08.738060: | 23 f0 d8 3a cb 37 0e 64 99 33 ba bc 46 8d d8 c0 Sep 21 07:16:08.738062: | 4e c8 d0 a8 45 3b f9 fa e2 3d 3b 4d a6 e1 f5 f5 Sep 21 07:16:08.738065: | 99 30 9d 03 7e ff 73 46 4a 21 3c f9 d5 d2 39 16 Sep 21 07:16:08.738067: | 61 4b ed 86 aa 88 3e dc 98 07 a3 Sep 21 07:16:08.738072: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:08.738075: | **parse ISAKMP Message: Sep 21 07:16:08.738078: | initiator cookie: Sep 21 07:16:08.738081: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.738083: | responder cookie: Sep 21 07:16:08.738085: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.738088: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:16:08.738091: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.738094: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.738096: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:08.738099: | Message ID: 1 (0x1) Sep 21 07:16:08.738102: | length: 539 (0x21b) Sep 21 07:16:08.738105: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:08.738108: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:16:08.738112: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:16:08.738119: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:08.738123: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:16:08.738128: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:08.738132: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:08.738135: | #2 is idle Sep 21 07:16:08.738137: | #2 idle Sep 21 07:16:08.738140: | unpacking clear payload Sep 21 07:16:08.738143: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.738146: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:16:08.738148: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:16:08.738151: | flags: none (0x0) Sep 21 07:16:08.738153: | length: 511 (0x1ff) Sep 21 07:16:08.738156: | fragment number: 1 (0x1) Sep 21 07:16:08.738158: | total fragments: 5 (0x5) Sep 21 07:16:08.738161: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:16:08.738164: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:16:08.738167: | received IKE encrypted fragment number '1', total number '5', next payload '36' Sep 21 07:16:08.738170: | updated IKE fragment state to respond using fragments without waiting for re-transmits Sep 21 07:16:08.738176: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:08.738181: | #1 spent 0.206 milliseconds in ikev2_process_packet() Sep 21 07:16:08.738185: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:08.738189: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:08.738191: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:08.738195: | spent 0.221 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:08.738204: | spent 0.00131 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:08.738212: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:08.738216: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.738219: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:16:08.738221: | 00 02 00 05 0a b6 9a 98 63 b5 ab fb 45 68 8f 59 Sep 21 07:16:08.738224: | a4 6d 73 7a 30 ec 69 4f fc f3 08 3d 90 c2 16 3d Sep 21 07:16:08.738226: | cf e8 2c 4f 2a 8c da 0b 0c 48 80 7b 84 0b 7a d0 Sep 21 07:16:08.738229: | c8 01 f5 48 a6 7b b4 2f eb 24 b6 4b b7 80 e2 2d Sep 21 07:16:08.738231: | 9b 4f 6c 50 1c f2 5f 6d f4 07 67 7b 52 fe a4 46 Sep 21 07:16:08.738233: | 3a 2c 81 c2 e2 3f 8c 52 44 26 2c 68 d0 6d 68 34 Sep 21 07:16:08.738235: | c6 8d b9 cd 76 22 4c 18 ec d3 5e 18 62 7a fe ec Sep 21 07:16:08.738238: | 8f 7b 1d ca dc da 8a 10 44 e0 ca 7d 04 9f e6 54 Sep 21 07:16:08.738240: | bf ef 30 a2 7b 2f 44 d5 70 56 dd 4b 82 1b 46 3c Sep 21 07:16:08.738242: | 99 0d a7 28 76 50 65 5d 93 4b 23 cc 42 2d fc a9 Sep 21 07:16:08.738245: | d4 a3 a1 39 95 18 ad cd 80 e4 95 ef 16 50 ff 5a Sep 21 07:16:08.738247: | 3f 1f 69 63 33 58 dd 0d 6e d7 36 5a 92 9f e9 ec Sep 21 07:16:08.738249: | 5f 2e f2 2f 64 47 c4 22 c8 95 2a 88 b0 48 5c 5c Sep 21 07:16:08.738252: | b5 e8 bd a8 7a 24 d4 bf 37 57 00 22 db 9a 9c 6f Sep 21 07:16:08.738254: | 39 f4 b3 5d 96 dc aa 1c b3 17 95 97 7a 0b 00 00 Sep 21 07:16:08.738257: | e0 4e a7 00 56 73 d4 98 a2 17 7e ca ca b7 68 13 Sep 21 07:16:08.738259: | 6f e8 31 dc 33 df 2d 7e 08 89 36 2d f6 93 b2 e9 Sep 21 07:16:08.738261: | ec 12 33 8d f6 92 29 e8 48 b0 f9 60 6a 92 d1 da Sep 21 07:16:08.738264: | 5f 9c 6e 8e c9 a3 01 62 e3 a7 0d fe 57 fa a5 e5 Sep 21 07:16:08.738266: | 0e 1a 7d 4d 33 75 30 38 dd 5a 1a 90 d3 81 e2 27 Sep 21 07:16:08.738268: | 57 fb 7c 04 c8 e9 70 df 28 d7 78 7e 51 f5 b9 ef Sep 21 07:16:08.738271: | 52 d6 70 6a c6 f5 94 0a 04 af 4f 9d 31 8a 5e f0 Sep 21 07:16:08.738273: | cc b6 64 b2 0e d6 75 f8 cf 09 03 40 fa 4e 81 3f Sep 21 07:16:08.738275: | d3 84 29 72 12 59 90 22 69 90 b9 02 76 a9 91 37 Sep 21 07:16:08.738278: | 72 cf 1d ce b0 08 fd 18 59 95 a4 1c 0b c6 ac 41 Sep 21 07:16:08.738280: | 5b 1a 0a 3e d7 bd 64 70 71 47 dc c5 7e de a9 ae Sep 21 07:16:08.738282: | ae 67 bb 4b d8 97 c1 ca 35 de 8a 91 80 44 03 0a Sep 21 07:16:08.738284: | 84 6c b3 20 b2 4e d0 2e 8a ad c6 05 29 14 5f d5 Sep 21 07:16:08.738287: | dd 5b ba d1 ce db 6b f0 fd 40 09 9c b4 c7 85 fc Sep 21 07:16:08.738289: | 35 50 e8 80 27 6e 07 0b 79 03 af 4f c4 98 89 ff Sep 21 07:16:08.738291: | b6 5a 96 f7 66 89 0e 3b 20 60 b8 90 8a 99 28 f2 Sep 21 07:16:08.738293: | 77 6c 08 5d dc bc 59 1c ab 62 a1 Sep 21 07:16:08.738297: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:08.738300: | **parse ISAKMP Message: Sep 21 07:16:08.738303: | initiator cookie: Sep 21 07:16:08.738305: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.738307: | responder cookie: Sep 21 07:16:08.738309: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.738311: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:16:08.738314: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.738317: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.738320: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:08.738322: | Message ID: 1 (0x1) Sep 21 07:16:08.738324: | length: 539 (0x21b) Sep 21 07:16:08.738327: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:08.738330: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:16:08.738333: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:16:08.738339: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:08.738342: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:16:08.738347: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:08.738353: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:08.738355: | #2 is idle Sep 21 07:16:08.738356: | #2 idle Sep 21 07:16:08.738358: | unpacking clear payload Sep 21 07:16:08.738359: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.738361: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:16:08.738363: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.738364: | flags: none (0x0) Sep 21 07:16:08.738366: | length: 511 (0x1ff) Sep 21 07:16:08.738367: | fragment number: 2 (0x2) Sep 21 07:16:08.738369: | total fragments: 5 (0x5) Sep 21 07:16:08.738370: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:16:08.738372: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:16:08.738374: | received IKE encrypted fragment number '2', total number '5', next payload '0' Sep 21 07:16:08.738377: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:08.738380: | #1 spent 0.173 milliseconds in ikev2_process_packet() Sep 21 07:16:08.738382: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:08.738384: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:08.738386: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:08.738388: | spent 0.181 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:08.738393: | spent 0.00115 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:08.738399: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:08.738401: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.738403: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:16:08.738404: | 00 03 00 05 b1 ce b2 54 a2 49 8c 44 23 18 d0 c5 Sep 21 07:16:08.738405: | 29 5d e2 80 08 29 7b 8a fd 70 f4 9d c8 14 c9 58 Sep 21 07:16:08.738407: | 9f d5 46 03 96 75 d4 fe 61 48 47 12 86 ec d1 88 Sep 21 07:16:08.738408: | 01 93 4a 9a 35 25 49 db d7 4e 91 16 bb e3 d6 a0 Sep 21 07:16:08.738410: | d1 e3 9d 4a 3f 6e 0f 26 f0 cc a1 c1 eb cc cd 93 Sep 21 07:16:08.738411: | 50 38 3f 53 92 70 eb 42 82 2e d9 8b 79 09 de a3 Sep 21 07:16:08.738412: | 10 0f fd 63 ac 93 3d 57 c4 75 2d 27 ae 9d 7d f8 Sep 21 07:16:08.738414: | f5 0e 42 4d 30 5c d7 c4 32 f9 de 2f f3 c3 d8 6d Sep 21 07:16:08.738415: | 5a 99 ce 9a c4 34 b0 27 78 c7 94 dc 24 e8 2b 23 Sep 21 07:16:08.738417: | ae c6 a1 44 2b c8 c3 a7 a0 c8 10 c7 81 ed 8e 74 Sep 21 07:16:08.738418: | b6 40 f6 ef 14 a1 19 b5 92 ca 85 2e bc 2d 75 6d Sep 21 07:16:08.738419: | aa ac b7 2f 13 84 e2 07 55 bf fc 3c 60 0a e7 88 Sep 21 07:16:08.738421: | 87 57 48 c3 18 3b ed fd 98 36 35 c1 74 ad 30 b6 Sep 21 07:16:08.738422: | ce d4 31 ea e0 4d 08 a2 30 db fb 2c 0a 3d 87 ca Sep 21 07:16:08.738423: | 53 75 33 7c 94 47 bb 69 c5 ef e4 b6 6f 96 59 bf Sep 21 07:16:08.738425: | 52 f2 41 5f 65 fa d4 ac b3 1d 51 0f 47 db e4 e1 Sep 21 07:16:08.738426: | 52 a4 73 13 96 7a 95 e6 ea 9b 67 4b 24 eb 82 b6 Sep 21 07:16:08.738428: | 20 9c 7f 16 94 26 56 63 6b 67 f3 57 82 47 5a b6 Sep 21 07:16:08.738429: | ba 21 71 aa bc 8c a2 32 45 28 ff 49 a6 f0 d0 de Sep 21 07:16:08.738430: | ac 91 e1 c1 0d ef 61 dd ce 7c fc b9 04 57 fc 2f Sep 21 07:16:08.738432: | 31 79 59 8f aa 1c be 0a 73 db ac a2 3f 90 f4 b8 Sep 21 07:16:08.738433: | 5b d7 0b ee 32 3f 17 f4 fa 0f 9f 1e 6a 78 1f 63 Sep 21 07:16:08.738435: | d7 70 93 a8 a9 a0 3c 7c 27 a7 fd 99 b4 d8 b1 f0 Sep 21 07:16:08.738436: | 64 69 3d 4d bf 69 f6 46 20 95 06 4a 78 69 f5 27 Sep 21 07:16:08.738437: | 46 2c 5d 11 9d 45 c0 bc a6 1e bc 0c f2 53 1a cb Sep 21 07:16:08.738439: | 81 b6 be cf f5 a5 19 f2 aa b8 3f 07 d0 9d 26 f0 Sep 21 07:16:08.738440: | 08 1a c3 8f 86 6f db eb bb f3 6c 2c c0 be cc c7 Sep 21 07:16:08.738443: | fd 26 40 4b e4 0c bc 57 53 10 9e b0 b8 40 4f c2 Sep 21 07:16:08.738444: | db ce 31 ab 0b d2 b3 51 35 de c7 09 fb 41 db 52 Sep 21 07:16:08.738445: | 82 69 8d e8 ac 5a 67 b9 12 3b a7 0c 70 eb 60 38 Sep 21 07:16:08.738447: | c9 0b 59 4d e5 5e 5e c5 72 9c 3e 65 ea 28 11 c4 Sep 21 07:16:08.738448: | b1 a7 97 85 8d 0b 29 ea 60 9d 20 Sep 21 07:16:08.738452: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:08.738455: | **parse ISAKMP Message: Sep 21 07:16:08.738457: | initiator cookie: Sep 21 07:16:08.738459: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.738461: | responder cookie: Sep 21 07:16:08.738463: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.738466: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:16:08.738468: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.738471: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.738473: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:08.738475: | Message ID: 1 (0x1) Sep 21 07:16:08.738476: | length: 539 (0x21b) Sep 21 07:16:08.738478: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:08.738480: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:16:08.738482: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:16:08.738485: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:08.738487: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:16:08.738489: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:08.738492: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:08.738493: | #2 is idle Sep 21 07:16:08.738495: | #2 idle Sep 21 07:16:08.738496: | unpacking clear payload Sep 21 07:16:08.738497: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.738499: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:16:08.738501: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.738502: | flags: none (0x0) Sep 21 07:16:08.738504: | length: 511 (0x1ff) Sep 21 07:16:08.738505: | fragment number: 3 (0x3) Sep 21 07:16:08.738506: | total fragments: 5 (0x5) Sep 21 07:16:08.738508: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:16:08.738510: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:16:08.738511: | received IKE encrypted fragment number '3', total number '5', next payload '0' Sep 21 07:16:08.738514: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:08.738517: | #1 spent 0.121 milliseconds in ikev2_process_packet() Sep 21 07:16:08.738519: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:08.738521: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:08.738523: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:08.738525: | spent 0.129 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:08.738530: | spent 0.00108 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:08.738537: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:08.738540: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.738542: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:16:08.738544: | 00 04 00 05 c0 ab 74 5b 12 67 d1 d4 82 c3 31 f9 Sep 21 07:16:08.738546: | f8 7d c9 65 32 45 d7 31 e9 79 54 bc e2 73 a6 70 Sep 21 07:16:08.738547: | 39 1f 30 02 2f b4 43 b0 48 84 43 d6 54 e9 a2 42 Sep 21 07:16:08.738548: | 35 3b 39 ef 17 22 30 8e 66 00 e4 bc d3 48 0a 97 Sep 21 07:16:08.738550: | 1d c3 d0 98 08 5d 80 f6 32 4a 9d 71 6e e1 cd 92 Sep 21 07:16:08.738553: | b1 a8 fc 60 1a 6f df 45 70 54 9e 46 1d 9a 98 a4 Sep 21 07:16:08.738554: | cf 41 2a b0 cd a7 32 2e 60 98 23 6e 8b 4e 95 d3 Sep 21 07:16:08.738555: | 97 cf eb 3d 66 10 50 e0 18 75 6c fc ef f7 fe 5c Sep 21 07:16:08.738557: | 83 72 0e ea 3a 1b 08 eb 47 c1 31 93 2e 98 57 28 Sep 21 07:16:08.738558: | ca 23 44 c4 49 d1 c5 53 8a 5e bc 7f e1 11 19 7c Sep 21 07:16:08.738560: | 0d f3 d5 51 d5 2c 66 88 c5 0d 1c bd 24 26 32 ae Sep 21 07:16:08.738561: | d0 44 b8 4d 05 3c da 3d 60 65 30 06 ca 1f 52 08 Sep 21 07:16:08.738562: | 4f ef d2 37 d8 74 b9 98 bf 11 db 7c ae 86 3e 96 Sep 21 07:16:08.738564: | b4 79 37 32 7c 8d b8 28 17 ca d9 60 12 30 cd b8 Sep 21 07:16:08.738565: | fa ff ab ac b0 c3 32 be fe f4 82 9c 20 fa 20 a7 Sep 21 07:16:08.738566: | 1f 80 f8 78 09 55 1e d7 bf d7 c5 18 9b 14 b6 4f Sep 21 07:16:08.738568: | c2 f3 a2 5e ee 0b ca 18 a5 aa 6e 62 86 7b 39 ce Sep 21 07:16:08.738569: | 05 a0 e8 8d 11 81 e2 93 c9 c6 6d 97 25 14 ab 47 Sep 21 07:16:08.738571: | 10 ab 2e fb f4 28 75 2f 5e dc 14 d2 40 7f a1 bf Sep 21 07:16:08.738572: | ee 2a b2 d1 e1 4a bc 05 26 58 5d 0b 68 d8 4c 09 Sep 21 07:16:08.738573: | 2b 1d 37 7b cc c1 59 fc 75 08 65 3a 5b 9d c6 73 Sep 21 07:16:08.738575: | 99 8c aa 22 0c df 60 6d 7a 50 a9 82 2c b5 e0 b8 Sep 21 07:16:08.738576: | 2d 46 fa 5b 3e 1b 19 8a 2e 01 0f 8f 7e e3 21 e9 Sep 21 07:16:08.738577: | 8f 4d 0b f8 ac a8 ee 0e f2 a5 dc 6f 94 52 c5 d6 Sep 21 07:16:08.738579: | f1 c4 43 1d 2a ac de 9d 47 c5 df d8 01 3f 91 2b Sep 21 07:16:08.738580: | a1 a3 e8 83 19 84 f1 a4 a8 ad 53 c5 fc 6c 03 c9 Sep 21 07:16:08.738582: | 8d ad f1 b2 b8 64 34 e2 74 9c f4 77 04 81 cd 61 Sep 21 07:16:08.738583: | f0 fd 7a 9c ed ca a6 50 6c 4f db a9 61 51 95 1f Sep 21 07:16:08.738584: | 4c e3 fd be 65 d7 e9 69 bb 83 c1 d7 66 5c 15 2b Sep 21 07:16:08.738586: | d1 6f 13 38 32 92 eb e4 23 70 3e 4b 1f f1 6a 38 Sep 21 07:16:08.738587: | 66 e9 48 4e 0a 4f 70 3f 43 76 33 ee ed b2 db 3a Sep 21 07:16:08.738588: | fb f0 9d ed dd 7f c7 1d fa 39 7b Sep 21 07:16:08.738591: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:08.738593: | **parse ISAKMP Message: Sep 21 07:16:08.738594: | initiator cookie: Sep 21 07:16:08.738595: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.738597: | responder cookie: Sep 21 07:16:08.738598: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.738600: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:16:08.738601: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.738603: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.738604: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:08.738606: | Message ID: 1 (0x1) Sep 21 07:16:08.738607: | length: 539 (0x21b) Sep 21 07:16:08.738609: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:08.738611: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:16:08.738612: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:16:08.738616: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:08.738619: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:16:08.738682: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:08.738690: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:08.738693: | #2 is idle Sep 21 07:16:08.738695: | #2 idle Sep 21 07:16:08.738697: | unpacking clear payload Sep 21 07:16:08.738700: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.738703: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:16:08.738706: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.738709: | flags: none (0x0) Sep 21 07:16:08.738714: | length: 511 (0x1ff) Sep 21 07:16:08.738717: | fragment number: 4 (0x4) Sep 21 07:16:08.738719: | total fragments: 5 (0x5) Sep 21 07:16:08.738722: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:16:08.738724: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:16:08.738726: | received IKE encrypted fragment number '4', total number '5', next payload '0' Sep 21 07:16:08.738730: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:08.738733: | #1 spent 0.15 milliseconds in ikev2_process_packet() Sep 21 07:16:08.738736: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:08.738738: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:08.738739: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:08.738742: | spent 0.159 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:08.738748: | spent 0.00129 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:08.738754: | *received 81 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:08.738756: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.738757: | 35 20 23 20 00 00 00 01 00 00 00 51 00 00 00 35 Sep 21 07:16:08.738759: | 00 05 00 05 76 ed e8 22 59 63 51 6e 6a 19 d0 2f Sep 21 07:16:08.738760: | 07 56 2b b3 c5 0d c5 24 9a 20 b3 da 5a 9d 40 f3 Sep 21 07:16:08.738761: | 8f 25 2f 17 89 24 3a be 05 e9 47 c0 72 08 3b 32 Sep 21 07:16:08.738763: | ed Sep 21 07:16:08.738765: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:08.738767: | **parse ISAKMP Message: Sep 21 07:16:08.738768: | initiator cookie: Sep 21 07:16:08.738770: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.738771: | responder cookie: Sep 21 07:16:08.738773: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.738774: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:16:08.738776: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.738777: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:08.738779: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:08.738781: | Message ID: 1 (0x1) Sep 21 07:16:08.738782: | length: 81 (0x51) Sep 21 07:16:08.738791: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:08.738794: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:16:08.738796: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:16:08.738800: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:08.738802: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:16:08.738804: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:08.738807: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:08.738808: | #2 is idle Sep 21 07:16:08.738810: | #2 idle Sep 21 07:16:08.738811: | unpacking clear payload Sep 21 07:16:08.738813: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:16:08.738814: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:16:08.738816: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.738817: | flags: none (0x0) Sep 21 07:16:08.738819: | length: 53 (0x35) Sep 21 07:16:08.738820: | fragment number: 5 (0x5) Sep 21 07:16:08.738822: | total fragments: 5 (0x5) Sep 21 07:16:08.738823: | processing payload: ISAKMP_NEXT_v2SKF (len=45) Sep 21 07:16:08.738825: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:16:08.738826: | received IKE encrypted fragment number '5', total number '5', next payload '0' Sep 21 07:16:08.738846: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:16:08.738850: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:16:08.738852: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:16:08.738853: | next payload type: ISAKMP_NEXT_v2CERT (0x25) Sep 21 07:16:08.738855: | flags: none (0x0) Sep 21 07:16:08.738856: | length: 191 (0xbf) Sep 21 07:16:08.738858: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:16:08.738859: | processing payload: ISAKMP_NEXT_v2IDr (len=183) Sep 21 07:16:08.738861: | Now let's proceed with payload (ISAKMP_NEXT_v2CERT) Sep 21 07:16:08.738863: | **parse IKEv2 Certificate Payload: Sep 21 07:16:08.738864: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:16:08.738866: | flags: none (0x0) Sep 21 07:16:08.738867: | length: 1265 (0x4f1) Sep 21 07:16:08.738869: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:16:08.738870: | processing payload: ISAKMP_NEXT_v2CERT (len=1260) Sep 21 07:16:08.738872: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:16:08.738874: | **parse IKEv2 Authentication Payload: Sep 21 07:16:08.738875: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:08.738877: | flags: none (0x0) Sep 21 07:16:08.738878: | length: 392 (0x188) Sep 21 07:16:08.738880: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:16:08.738881: | processing payload: ISAKMP_NEXT_v2AUTH (len=384) Sep 21 07:16:08.738882: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:08.738884: | **parse IKEv2 Security Association Payload: Sep 21 07:16:08.738886: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:16:08.738887: | flags: none (0x0) Sep 21 07:16:08.738888: | length: 36 (0x24) Sep 21 07:16:08.738890: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:16:08.738891: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:16:08.738893: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:08.738894: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:16:08.738896: | flags: none (0x0) Sep 21 07:16:08.738897: | length: 24 (0x18) Sep 21 07:16:08.738899: | number of TS: 1 (0x1) Sep 21 07:16:08.738900: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:16:08.738901: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:16:08.738903: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:08.738905: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.738906: | flags: none (0x0) Sep 21 07:16:08.738907: | length: 24 (0x18) Sep 21 07:16:08.738909: | number of TS: 1 (0x1) Sep 21 07:16:08.738910: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:16:08.738912: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:16:08.738914: | Now let's proceed with state specific processing Sep 21 07:16:08.738915: | calling processor Initiator: process IKE_AUTH response Sep 21 07:16:08.738920: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Sep 21 07:16:08.738922: loading root certificate cache Sep 21 07:16:08.741763: | spent 2.71 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Sep 21 07:16:08.741799: | spent 0.0194 milliseconds in get_root_certs() filtering CAs Sep 21 07:16:08.741805: | #1 spent 2.75 milliseconds in find_and_verify_certs() calling get_root_certs() Sep 21 07:16:08.741808: | checking for known CERT payloads Sep 21 07:16:08.741810: | saving certificate of type 'X509_SIGNATURE' Sep 21 07:16:08.741836: | decoded cert: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:16:08.741841: | #1 spent 0.0318 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Sep 21 07:16:08.741844: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:16:08.741876: | #1 spent 0.0317 milliseconds in find_and_verify_certs() calling crl_update_check() Sep 21 07:16:08.741879: | missing or expired CRL Sep 21 07:16:08.741885: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Sep 21 07:16:08.741887: | verify_end_cert trying profile IPsec Sep 21 07:16:08.741976: | certificate is valid (profile IPsec) Sep 21 07:16:08.741982: | #1 spent 0.097 milliseconds in find_and_verify_certs() calling verify_end_cert() Sep 21 07:16:08.741986: "northnet-eastnets/0x1" #2: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:16:08.742050: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60d95e0 Sep 21 07:16:08.742055: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60dcea0 Sep 21 07:16:08.742058: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f6100230 Sep 21 07:16:08.742060: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60d8fc0 Sep 21 07:16:08.742062: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55d6f60e3240 Sep 21 07:16:08.742255: | unreference key: 0x55d6f60e9160 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:08.742263: | #1 spent 0.266 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Sep 21 07:16:08.742266: | #1 spent 3.21 milliseconds in decode_certs() Sep 21 07:16:08.742269: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:16:08.742270: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:16:08.742272: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:16:08.742273: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:16:08.742275: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:16:08.742276: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:16:08.742277: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Sep 21 07:16:08.742279: | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:16:08.742280: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Sep 21 07:16:08.742282: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Sep 21 07:16:08.742283: | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:16:08.742285: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Sep 21 07:16:08.742294: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:16:08.742297: | ID_DER_ASN1_DN 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' matched our ID 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:16:08.742299: | X509: CERT and ID matches current connection Sep 21 07:16:08.742303: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.742308: "northnet-eastnets/0x1" #2: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:16:08.742331: | verifying AUTH payload Sep 21 07:16:08.742344: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.742357: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:16:08.742365: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.742374: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.742382: | RSA key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.742514: | an RSA Sig check passed with *AwEAAbANn [remote certificates] Sep 21 07:16:08.742521: | #1 spent 0.134 milliseconds in try_all_keys() trying a pubkey Sep 21 07:16:08.742523: "northnet-eastnets/0x1" #2: Authenticated using RSA Sep 21 07:16:08.742530: | #1 spent 0.194 milliseconds in ikev2_verify_rsa_hash() Sep 21 07:16:08.742533: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:16:08.742537: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:16:08.742538: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:16:08.742542: | libevent_free: release ptr-libevent@0x55d6f60d8f30 Sep 21 07:16:08.742544: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55d6f60e3d80 Sep 21 07:16:08.742546: | event_schedule: new EVENT_SA_REKEY-pe@0x55d6f60ec0e0 Sep 21 07:16:08.742549: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:16:08.742550: | libevent_malloc: new ptr-libevent@0x55d6f60d8f30 size 128 Sep 21 07:16:08.742710: | pstats #1 ikev2.ike established Sep 21 07:16:08.742718: | TSi: parsing 1 traffic selectors Sep 21 07:16:08.742723: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:08.742726: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:08.742730: | IP Protocol ID: 0 (0x0) Sep 21 07:16:08.742732: | length: 16 (0x10) Sep 21 07:16:08.742735: | start port: 0 (0x0) Sep 21 07:16:08.742738: | end port: 65535 (0xffff) Sep 21 07:16:08.742741: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:08.742744: | TS low c0 00 03 00 Sep 21 07:16:08.742747: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:08.742749: | TS high c0 00 03 ff Sep 21 07:16:08.742752: | TSi: parsed 1 traffic selectors Sep 21 07:16:08.742755: | TSr: parsing 1 traffic selectors Sep 21 07:16:08.742758: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:08.742760: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:08.742763: | IP Protocol ID: 0 (0x0) Sep 21 07:16:08.742766: | length: 16 (0x10) Sep 21 07:16:08.742768: | start port: 0 (0x0) Sep 21 07:16:08.742770: | end port: 65535 (0xffff) Sep 21 07:16:08.742772: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:08.742773: | TS low c0 00 02 00 Sep 21 07:16:08.742775: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:08.742776: | TS high c0 00 02 ff Sep 21 07:16:08.742778: | TSr: parsed 1 traffic selectors Sep 21 07:16:08.742782: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:16:08.742794: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:08.742799: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:16:08.742801: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:16:08.742803: | TSi[0] port match: YES fitness 65536 Sep 21 07:16:08.742804: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:16:08.742806: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:08.742809: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:08.742812: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:16:08.742814: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:16:08.742816: | TSr[0] port match: YES fitness 65536 Sep 21 07:16:08.742817: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:16:08.742822: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:08.742823: | best fit so far: TSi[0] TSr[0] Sep 21 07:16:08.742825: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:16:08.742826: | printing contents struct traffic_selector Sep 21 07:16:08.742828: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:08.742829: | ipprotoid: 0 Sep 21 07:16:08.742830: | port range: 0-65535 Sep 21 07:16:08.742833: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:16:08.742834: | printing contents struct traffic_selector Sep 21 07:16:08.742836: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:08.742837: | ipprotoid: 0 Sep 21 07:16:08.742838: | port range: 0-65535 Sep 21 07:16:08.742840: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:16:08.742849: | using existing local ESP/AH proposals for northnet-eastnets/0x1 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:08.742852: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:16:08.742854: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:08.742856: | local proposal 1 type PRF has 0 transforms Sep 21 07:16:08.742858: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:08.742859: | local proposal 1 type DH has 1 transforms Sep 21 07:16:08.742860: | local proposal 1 type ESN has 1 transforms Sep 21 07:16:08.742863: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:16:08.742864: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:08.742866: | local proposal 2 type PRF has 0 transforms Sep 21 07:16:08.742867: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:08.742869: | local proposal 2 type DH has 1 transforms Sep 21 07:16:08.742870: | local proposal 2 type ESN has 1 transforms Sep 21 07:16:08.742872: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:16:08.742873: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:08.742875: | local proposal 3 type PRF has 0 transforms Sep 21 07:16:08.742876: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:08.742878: | local proposal 3 type DH has 1 transforms Sep 21 07:16:08.742879: | local proposal 3 type ESN has 1 transforms Sep 21 07:16:08.742881: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:16:08.742882: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:08.742884: | local proposal 4 type PRF has 0 transforms Sep 21 07:16:08.742885: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:08.742887: | local proposal 4 type DH has 1 transforms Sep 21 07:16:08.742888: | local proposal 4 type ESN has 1 transforms Sep 21 07:16:08.742890: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:16:08.742892: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.742894: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:08.742896: | length: 32 (0x20) Sep 21 07:16:08.742897: | prop #: 1 (0x1) Sep 21 07:16:08.742899: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.742900: | spi size: 4 (0x4) Sep 21 07:16:08.742902: | # transforms: 2 (0x2) Sep 21 07:16:08.742904: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:16:08.742905: | remote SPI 05 63 10 25 Sep 21 07:16:08.742907: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:16:08.742909: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.742911: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.742912: | length: 12 (0xc) Sep 21 07:16:08.742914: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.742915: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:08.742918: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.742920: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.742921: | length/value: 256 (0x100) Sep 21 07:16:08.742924: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:08.742926: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.742928: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.742929: | length: 8 (0x8) Sep 21 07:16:08.742930: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.742932: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.742934: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:16:08.742936: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:16:08.742939: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:16:08.742941: | remote proposal 1 matches local proposal 1 Sep 21 07:16:08.742943: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:16:08.742946: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=05631025;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:16:08.742948: | converting proposal to internal trans attrs Sep 21 07:16:08.742953: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:16:08.743063: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:16:08.743066: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Sep 21 07:16:08.743068: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:08.743070: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:08.743072: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:08.743074: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:08.743075: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:08.743080: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:16:08.743082: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:08.743085: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:08.743086: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:08.743088: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:08.743091: | setting IPsec SA replay-window to 32 Sep 21 07:16:08.743093: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Sep 21 07:16:08.743095: | netlink: enabling tunnel mode Sep 21 07:16:08.743097: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:08.743099: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:08.743172: | netlink response for Add SA esp.5631025@192.1.2.23 included non-error error Sep 21 07:16:08.743177: | set up outgoing SA, ref=0/0 Sep 21 07:16:08.743180: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:08.743184: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:08.743186: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:08.743189: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:08.743194: | setting IPsec SA replay-window to 32 Sep 21 07:16:08.743197: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Sep 21 07:16:08.743200: | netlink: enabling tunnel mode Sep 21 07:16:08.743203: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:08.743206: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:08.743253: | netlink response for Add SA esp.f71ecbee@192.1.3.33 included non-error error Sep 21 07:16:08.743260: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:08.743273: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:08.743277: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:08.743332: | raw_eroute result=success Sep 21 07:16:08.743338: | set up incoming SA, ref=0/0 Sep 21 07:16:08.743341: | sr for #2: unrouted Sep 21 07:16:08.743344: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:16:08.743347: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:08.743350: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:08.743353: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:08.743357: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:08.743363: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:08.743367: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:16:08.743372: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:16:08.743376: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:08.743386: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:16:08.743390: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:08.743415: | raw_eroute result=success Sep 21 07:16:08.743420: | running updown command "ipsec _updown" for verb up Sep 21 07:16:08.743424: | command executing up-client Sep 21 07:16:08.743461: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.743472: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.743494: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RS Sep 21 07:16:08.743498: | popen cmd is 1405 chars long Sep 21 07:16:08.743501: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Sep 21 07:16:08.743504: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PL: Sep 21 07:16:08.743506: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nort: Sep 21 07:16:08.743508: | cmd( 240):h.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='19: Sep 21 07:16:08.743509: | cmd( 320):2.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Sep 21 07:16:08.743511: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='E: Sep 21 07:16:08.743513: | cmd( 480):SP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Sep 21 07:16:08.743514: | cmd( 560):wan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libr: Sep 21 07:16:08.743516: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Sep 21 07:16:08.743517: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Sep 21 07:16:08.743521: | cmd( 800): PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:16:08.743522: | cmd( 880):=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLU: Sep 21 07:16:08.743524: | cmd( 960):TO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF: Sep 21 07:16:08.743526: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Sep 21 07:16:08.743527: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Sep 21 07:16:08.743529: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Sep 21 07:16:08.743534: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Sep 21 07:16:08.743538: | cmd(1360):5631025 SPI_OUT=0xf71ecbee ipsec _updown 2>&1: Sep 21 07:16:08.759894: | route_and_eroute: firewall_notified: true Sep 21 07:16:08.759912: | running updown command "ipsec _updown" for verb prepare Sep 21 07:16:08.759916: | command executing prepare-client Sep 21 07:16:08.759960: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.759971: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.760002: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_ Sep 21 07:16:08.760005: | popen cmd is 1410 chars long Sep 21 07:16:08.760009: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:16:08.760013: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Sep 21 07:16:08.760017: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:16:08.760020: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Sep 21 07:16:08.760024: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Sep 21 07:16:08.760028: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Sep 21 07:16:08.760031: | cmd( 480):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=L: Sep 21 07:16:08.760035: | cmd( 560):ibreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing: Sep 21 07:16:08.760038: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Sep 21 07:16:08.760042: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Sep 21 07:16:08.760045: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Sep 21 07:16:08.760049: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Sep 21 07:16:08.760052: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+: Sep 21 07:16:08.760061: | cmd(1040):SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADD: Sep 21 07:16:08.760064: | cmd(1120):RFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLU: Sep 21 07:16:08.760068: | cmd(1200):TO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIEN: Sep 21 07:16:08.760071: | cmd(1280):T='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_: Sep 21 07:16:08.760075: | cmd(1360):IN=0x5631025 SPI_OUT=0xf71ecbee ipsec _updown 2>&1: Sep 21 07:16:08.817163: | running updown command "ipsec _updown" for verb route Sep 21 07:16:08.817180: | command executing route-client Sep 21 07:16:08.817219: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.817229: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.817251: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI Sep 21 07:16:08.817254: | popen cmd is 1408 chars long Sep 21 07:16:08.817257: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Sep 21 07:16:08.817260: | cmd( 80):s/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33': Sep 21 07:16:08.817263: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=n: Sep 21 07:16:08.817265: | cmd( 240):orth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=: Sep 21 07:16:08.817268: | cmd( 320):'192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255: Sep 21 07:16:08.817271: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Sep 21 07:16:08.817273: | cmd( 480):='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Sep 21 07:16:08.817276: | cmd( 560):reswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.l: Sep 21 07:16:08.817279: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Sep 21 07:16:08.817281: | cmd( 720): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Sep 21 07:16:08.817284: | cmd( 800):'0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department,: Sep 21 07:16:08.817287: | cmd( 880): CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' : Sep 21 07:16:08.817289: | cmd( 960):PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SA: Sep 21 07:16:08.817292: | cmd(1040):REF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRF: Sep 21 07:16:08.817294: | cmd(1120):AMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO: Sep 21 07:16:08.817297: | cmd(1200):_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=: Sep 21 07:16:08.817304: | cmd(1280):'0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN: Sep 21 07:16:08.817307: | cmd(1360):=0x5631025 SPI_OUT=0xf71ecbee ipsec _updown 2>&1: Sep 21 07:16:08.860094: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x55d6f60d7490,sr=0x55d6f60d7490} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:16:08.860373: | #1 spent 1.14 milliseconds in install_ipsec_sa() Sep 21 07:16:08.860382: | inR2: instance northnet-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:16:08.860385: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:08.860389: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:16:08.860395: | libevent_free: release ptr-libevent@0x7f7c8c006900 Sep 21 07:16:08.860398: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55d6f60ecc30 Sep 21 07:16:08.860403: | #2 spent 5.11 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:16:08.860411: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:08.860415: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:16:08.860418: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:16:08.860422: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:16:08.860425: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:16:08.860431: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:16:08.860436: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:08.860439: | pstats #2 ikev2.child established Sep 21 07:16:08.860447: "northnet-eastnets/0x1" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:16:08.860459: | NAT-T: encaps is 'auto' Sep 21 07:16:08.860464: "northnet-eastnets/0x1" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x05631025 <0xf71ecbee xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:16:08.860469: | releasing whack for #2 (sock=fd@26) Sep 21 07:16:08.860473: | close_any(fd@26) (in release_whack() at state.c:654) Sep 21 07:16:08.860475: | releasing whack and unpending for parent #1 Sep 21 07:16:08.860478: | unpending state #1 connection "northnet-eastnets/0x1" Sep 21 07:16:08.860483: | delete from pending Child SA with 192.1.2.23 "northnet-eastnets/0x1" Sep 21 07:16:08.860486: | removing pending policy for no connection {0x55d6f607f4c0} Sep 21 07:16:08.860490: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:16:08.860495: | creating state object #3 at 0x55d6f60f3200 Sep 21 07:16:08.860498: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:16:08.860505: | pstats #3 ikev2.child started Sep 21 07:16:08.860508: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA Sep 21 07:16:08.860513: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:08.860519: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:08.860525: | suspend processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:08.860529: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:08.860533: | child state #3: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA) Sep 21 07:16:08.860536: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:16:08.860540: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals) Sep 21 07:16:08.860548: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:16:08.860554: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:16:08.860557: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:16:08.860561: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:16:08.860564: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:08.860569: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:08.860572: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:08.860575: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:08.860583: "northnet-eastnets/0x2": constructed local ESP/AH proposals for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:08.860592: | #3 schedule initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=MODP2048 Sep 21 07:16:08.860595: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55d6f60ecc30 Sep 21 07:16:08.860599: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Sep 21 07:16:08.860602: | libevent_malloc: new ptr-libevent@0x7f7c8c006900 size 128 Sep 21 07:16:08.860608: | RESET processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:16:08.860612: | RESET processing: from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:16:08.860616: | delete from pending Child SA with 192.1.2.23 "northnet-eastnets/0x2" Sep 21 07:16:08.860618: | removing pending policy for no connection {0x55d6f607f540} Sep 21 07:16:08.860622: | close_any(fd@24) (in release_whack() at state.c:654) Sep 21 07:16:08.860627: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:16:08.860629: | event_schedule: new EVENT_SA_REKEY-pe@0x55d6f60f0a30 Sep 21 07:16:08.860632: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:16:08.860635: | libevent_malloc: new ptr-libevent@0x55d6f6102390 size 128 Sep 21 07:16:08.860638: | libevent_realloc: release ptr-libevent@0x55d6f60ba060 Sep 21 07:16:08.860641: | libevent_realloc: new ptr-libevent@0x55d6f6105290 size 128 Sep 21 07:16:08.860644: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:08.860649: | #1 spent 5.52 milliseconds in ikev2_process_packet() Sep 21 07:16:08.860652: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:08.860655: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:08.860659: | spent 5.53 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:08.860672: | timer_event_cb: processing event@0x55d6f60ecc30 Sep 21 07:16:08.860675: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Sep 21 07:16:08.860680: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:08.860685: | adding Child Initiator KE and nonce ni work-order 3 for state #3 Sep 21 07:16:08.860687: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d6f60e6cd0 Sep 21 07:16:08.860691: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:16:08.860694: | libevent_malloc: new ptr-libevent@0x55d6f6105200 size 128 Sep 21 07:16:08.860701: | libevent_free: release ptr-libevent@0x7f7c8c006900 Sep 21 07:16:08.860706: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55d6f60ecc30 Sep 21 07:16:08.860708: | crypto helper 6 resuming Sep 21 07:16:08.860721: | crypto helper 6 starting work-order 3 for state #3 Sep 21 07:16:08.860726: | crypto helper 6 doing build KE and nonce (Child Initiator KE and nonce ni); request ID 3 Sep 21 07:16:08.860710: | #3 spent 0.0376 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:16:08.860752: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:16:08.860755: | processing signal PLUTO_SIGCHLD Sep 21 07:16:08.860760: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:08.860764: | spent 0.0047 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:08.860766: | processing signal PLUTO_SIGCHLD Sep 21 07:16:08.860769: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:08.860773: | spent 0.00322 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:08.860775: | processing signal PLUTO_SIGCHLD Sep 21 07:16:08.860778: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:08.860781: | spent 0.00319 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:08.861758: | crypto helper 6 finished build KE and nonce (Child Initiator KE and nonce ni); request ID 3 time elapsed 0.001031 seconds Sep 21 07:16:08.861766: | (#3) spent 1.01 milliseconds in crypto helper computing work-order 3: Child Initiator KE and nonce ni (pcr) Sep 21 07:16:08.861769: | crypto helper 6 sending results from work-order 3 for state #3 to event queue Sep 21 07:16:08.861772: | scheduling resume sending helper answer for #3 Sep 21 07:16:08.861775: | libevent_malloc: new ptr-libevent@0x7f7c88006900 size 128 Sep 21 07:16:08.861785: | crypto helper 6 waiting (nothing to do) Sep 21 07:16:08.861795: | processing resume sending helper answer for #3 Sep 21 07:16:08.861804: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:08.861808: | crypto helper 6 replies to request ID 3 Sep 21 07:16:08.861811: | calling continuation function 0x55d6f4139630 Sep 21 07:16:08.861814: | ikev2_child_outI_continue for #3 STATE_V2_CREATE_I0 Sep 21 07:16:08.861818: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:08.861821: | libevent_free: release ptr-libevent@0x55d6f6105200 Sep 21 07:16:08.861823: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d6f60e6cd0 Sep 21 07:16:08.861826: | event_schedule: new EVENT_SA_REPLACE-pe@0x55d6f60e6cd0 Sep 21 07:16:08.861830: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Sep 21 07:16:08.861833: | libevent_malloc: new ptr-libevent@0x55d6f6105200 size 128 Sep 21 07:16:08.861838: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:08.861841: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:16:08.861843: | libevent_malloc: new ptr-libevent@0x7f7c8c006900 size 128 Sep 21 07:16:08.861849: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:08.861852: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND Sep 21 07:16:08.861855: | suspending state #3 and saving MD Sep 21 07:16:08.861857: | #3 is busy; has a suspended MD Sep 21 07:16:08.861862: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:08.861865: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:08.861868: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Sep 21 07:16:08.861873: | #3 spent 0.0644 milliseconds in resume sending helper answer Sep 21 07:16:08.861878: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:08.861884: | libevent_free: release ptr-libevent@0x7f7c88006900 Sep 21 07:16:08.861888: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:16:08.861893: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:16:08.861898: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:08.861903: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:16:08.861907: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:16:08.861913: | **emit ISAKMP Message: Sep 21 07:16:08.861916: | initiator cookie: Sep 21 07:16:08.861918: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.861921: | responder cookie: Sep 21 07:16:08.861923: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.861926: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:08.861929: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.861931: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:16:08.861934: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:08.861937: | Message ID: 2 (0x2) Sep 21 07:16:08.861939: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:08.861943: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:08.861945: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.861948: | flags: none (0x0) Sep 21 07:16:08.861951: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:08.861954: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.861957: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:08.861980: | netlink_get_spi: allocated 0x7970047c for esp.0@192.1.3.33 Sep 21 07:16:08.861983: | Emitting ikev2_proposals ... Sep 21 07:16:08.861985: | ****emit IKEv2 Security Association Payload: Sep 21 07:16:08.861988: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.861990: | flags: none (0x0) Sep 21 07:16:08.861994: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:08.861997: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.861999: | discarding INTEG=NONE Sep 21 07:16:08.862002: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.862005: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.862007: | prop #: 1 (0x1) Sep 21 07:16:08.862010: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.862012: | spi size: 4 (0x4) Sep 21 07:16:08.862014: | # transforms: 3 (0x3) Sep 21 07:16:08.862017: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:08.862020: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:08.862023: | our spi 79 70 04 7c Sep 21 07:16:08.862025: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.862028: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862031: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.862033: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:08.862036: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.862039: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.862042: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.862044: | length/value: 256 (0x100) Sep 21 07:16:08.862049: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:08.862051: | discarding INTEG=NONE Sep 21 07:16:08.862053: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.862056: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862058: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.862061: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.862064: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862067: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.862069: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.862072: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.862074: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.862077: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.862079: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.862082: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862085: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.862087: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.862090: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:16:08.862663: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:08.862667: | discarding INTEG=NONE Sep 21 07:16:08.862671: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.862674: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.862677: | prop #: 2 (0x2) Sep 21 07:16:08.862679: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.862681: | spi size: 4 (0x4) Sep 21 07:16:08.862684: | # transforms: 3 (0x3) Sep 21 07:16:08.862687: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.862690: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:08.862693: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:08.862696: | our spi 79 70 04 7c Sep 21 07:16:08.862699: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.862701: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862704: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.862706: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:08.862709: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.862711: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.862714: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.862717: | length/value: 128 (0x80) Sep 21 07:16:08.862719: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:08.862721: | discarding INTEG=NONE Sep 21 07:16:08.862724: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.862726: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862728: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.862731: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.862734: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862737: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.862742: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.862745: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.862747: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.862750: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.862753: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.862756: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862758: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.862761: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.862764: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:16:08.862767: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:08.862769: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.862772: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.862774: | prop #: 3 (0x3) Sep 21 07:16:08.862776: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.862779: | spi size: 4 (0x4) Sep 21 07:16:08.862781: | # transforms: 5 (0x5) Sep 21 07:16:08.862788: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.862794: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:08.862797: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:08.862800: | our spi 79 70 04 7c Sep 21 07:16:08.862802: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.862805: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862807: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.862810: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:08.862812: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.862815: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.862817: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.862820: | length/value: 256 (0x100) Sep 21 07:16:08.862823: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:08.862825: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.862827: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862830: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.862832: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:08.862835: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862837: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.862840: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.862842: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.862844: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862846: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.862849: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:08.862852: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862854: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.862857: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.862859: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.862864: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862867: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.862869: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.862872: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862875: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.862877: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.862880: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.862882: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.862884: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.862887: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.862890: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862892: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.862895: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.862897: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:16:08.862900: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:08.862903: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.862905: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:08.862907: | prop #: 4 (0x4) Sep 21 07:16:08.862910: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.862912: | spi size: 4 (0x4) Sep 21 07:16:08.862915: | # transforms: 5 (0x5) Sep 21 07:16:08.862918: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:08.862920: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:08.862924: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:08.862926: | our spi 79 70 04 7c Sep 21 07:16:08.862929: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.862931: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862933: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.862935: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:08.862938: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.862940: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.862943: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.862945: | length/value: 128 (0x80) Sep 21 07:16:08.862948: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:08.862950: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.862952: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862954: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.862956: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:08.862959: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862962: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.862964: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.862966: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.862969: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862971: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:08.862973: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:08.862977: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862980: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.862982: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.862984: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.862986: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862988: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.862990: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.862992: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.862994: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.862996: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.862998: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:08.863000: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.863002: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.863005: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.863007: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.863010: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:08.863012: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:08.863014: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:16:08.863016: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:08.863018: | emitting length of IKEv2 Security Association Payload: 196 Sep 21 07:16:08.863020: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:08.863022: | ****emit IKEv2 Nonce Payload: Sep 21 07:16:08.863024: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.863027: | flags: none (0x0) Sep 21 07:16:08.863029: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:08.863032: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.863035: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:08.863037: | IKEv2 nonce c3 73 e0 82 f0 6c 3e 4e 8f 25 02 cb 51 04 7e bb Sep 21 07:16:08.863040: | IKEv2 nonce ab e4 30 d3 32 9e 33 e5 4f 26 3f 96 4f 14 44 7b Sep 21 07:16:08.863042: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:08.863044: | ****emit IKEv2 Key Exchange Payload: Sep 21 07:16:08.863046: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.863048: | flags: none (0x0) Sep 21 07:16:08.863051: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.863053: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:08.863056: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.863059: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:08.863061: | ikev2 g^x dd b3 cb 17 4b c8 c7 5e 9e 0e 08 84 06 c1 ed 7d Sep 21 07:16:08.863063: | ikev2 g^x ae ed e1 d9 7e c9 13 27 0f 7b cc 8d c5 38 9c 4d Sep 21 07:16:08.863065: | ikev2 g^x b6 36 6d ae 64 2b 41 7c 5a a5 b3 4e 58 66 c1 81 Sep 21 07:16:08.863067: | ikev2 g^x fb 64 30 3c 60 ab 13 62 21 b0 ef b1 30 c1 0f 9f Sep 21 07:16:08.863070: | ikev2 g^x a4 4e 0e f7 9f 46 29 cf cc ab 60 e0 07 a1 c9 54 Sep 21 07:16:08.863072: | ikev2 g^x 8c 47 9a 44 75 da a4 a1 cd 74 14 d9 b0 33 c6 53 Sep 21 07:16:08.863074: | ikev2 g^x bc a8 c1 14 78 6a db 0a 7b 6d 71 7d 80 0e 9c ee Sep 21 07:16:08.863075: | ikev2 g^x 12 99 c9 90 48 b6 eb 6f 1e a6 c0 dd d3 8e 78 bf Sep 21 07:16:08.863077: | ikev2 g^x 42 0a a7 c4 b3 ad 23 92 b4 ba e5 94 dd 82 15 45 Sep 21 07:16:08.863079: | ikev2 g^x c9 5c ce 68 b7 18 ed 3f 59 2f 8d db 19 f5 98 05 Sep 21 07:16:08.863081: | ikev2 g^x ba f4 51 99 9d 9e 04 49 56 97 17 c4 fb ee 14 a6 Sep 21 07:16:08.863083: | ikev2 g^x c5 e1 e4 42 73 1d a9 a7 27 57 a0 8e e0 5b 34 b0 Sep 21 07:16:08.863085: | ikev2 g^x 3a de c0 09 b8 e9 d6 91 6c 00 e9 d4 44 bc ea 13 Sep 21 07:16:08.863087: | ikev2 g^x 2e 7b d2 9f 59 ee 4c 37 84 f2 c1 8e a6 72 42 23 Sep 21 07:16:08.863089: | ikev2 g^x d0 1a e2 b5 e4 df cf 7c 90 0f 44 56 0d d0 b0 1a Sep 21 07:16:08.863091: | ikev2 g^x b6 6d 58 3d 78 46 3f b1 94 17 83 4b b1 db 07 1c Sep 21 07:16:08.863093: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:16:08.863097: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:08.863099: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.863101: | flags: none (0x0) Sep 21 07:16:08.863103: | number of TS: 1 (0x1) Sep 21 07:16:08.863107: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:16:08.863109: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.863111: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:08.863114: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:08.863116: | IP Protocol ID: 0 (0x0) Sep 21 07:16:08.863118: | start port: 0 (0x0) Sep 21 07:16:08.863120: | end port: 65535 (0xffff) Sep 21 07:16:08.863123: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:08.863125: | IP start c0 00 03 00 Sep 21 07:16:08.863127: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:08.863128: | IP end c0 00 03 ff Sep 21 07:16:08.863130: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:08.863132: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:16:08.863134: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:08.863137: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.863139: | flags: none (0x0) Sep 21 07:16:08.863141: | number of TS: 1 (0x1) Sep 21 07:16:08.863144: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:16:08.863146: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:08.863149: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:08.863151: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:08.863153: | IP Protocol ID: 0 (0x0) Sep 21 07:16:08.863155: | start port: 0 (0x0) Sep 21 07:16:08.863158: | end port: 65535 (0xffff) Sep 21 07:16:08.863160: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:08.863162: | IP start c0 00 16 00 Sep 21 07:16:08.863164: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:08.863166: | IP end c0 00 16 ff Sep 21 07:16:08.863168: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:08.863170: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:16:08.863173: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:16:08.863175: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:08.863178: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:08.863182: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:08.863185: | emitting length of IKEv2 Encryption Payload: 573 Sep 21 07:16:08.863187: | emitting length of ISAKMP Message: 601 Sep 21 07:16:08.863210: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:08.863215: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_OK Sep 21 07:16:08.863218: | IKEv2: transition from state STATE_V2_CREATE_I0 to state STATE_V2_CREATE_I Sep 21 07:16:08.863222: | child state #3: V2_CREATE_I0(established IKE SA) => V2_CREATE_I(established IKE SA) Sep 21 07:16:08.863225: | Message ID: updating counters for #3 to 4294967295 after switching state Sep 21 07:16:08.863228: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:16:08.863233: | Message ID: sent #1.#3 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1 Sep 21 07:16:08.863237: "northnet-eastnets/0x2" #3: STATE_V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:16:08.863250: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:16:08.863256: | sending 601 bytes for STATE_V2_CREATE_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:08.863259: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.863262: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Sep 21 07:16:08.863264: | 52 27 bf 61 26 95 a4 63 35 d7 d2 51 a1 7d 83 27 Sep 21 07:16:08.863266: | 63 cc 44 b1 66 a5 ef 48 53 fa 45 c9 c8 73 f7 4d Sep 21 07:16:08.863269: | 20 f5 c0 52 77 28 ef 05 67 3b e3 d4 fc 4c 61 1e Sep 21 07:16:08.863271: | 5a 14 f6 3b d5 4a ff 30 08 11 8f 91 17 82 30 83 Sep 21 07:16:08.863273: | 78 68 da 6b 93 b3 87 97 46 9d f9 d4 29 46 4a 2c Sep 21 07:16:08.863275: | c5 3c ff bf 3b 7a 2c 5c a4 dc db fe ad c0 71 8a Sep 21 07:16:08.863278: | f9 d4 ce f2 14 77 9e 13 fc cf 3e 31 42 72 a8 92 Sep 21 07:16:08.863280: | 96 ac 4d 6a 5b 13 a7 1f ef 63 04 0e 38 9d cc ba Sep 21 07:16:08.863282: | 70 a1 16 34 ee 71 44 d6 86 91 7a 1c ac 6a bf b6 Sep 21 07:16:08.863285: | f7 24 24 f7 3a 12 a6 b3 ce 42 50 a1 06 42 8e 1d Sep 21 07:16:08.863287: | 6e f9 b3 31 86 d1 5d b9 72 77 17 dd 49 78 97 0f Sep 21 07:16:08.863289: | 6c 94 15 6e 57 20 0e 10 94 ac c1 0f e4 95 56 fe Sep 21 07:16:08.863291: | 88 9c c8 32 46 af c3 9c dc 7a e9 e2 83 c1 88 92 Sep 21 07:16:08.863293: | fd c9 bd ca 23 cb 8b c2 8d b2 60 c1 c2 c4 3b 5f Sep 21 07:16:08.863295: | c3 1b 73 96 f9 30 ea 2f 0c 9a c5 91 8c 8e c6 36 Sep 21 07:16:08.863297: | d9 ee e3 d6 bf 63 fd 20 77 e0 7a 0b 5c 90 58 f5 Sep 21 07:16:08.863299: | bc be 83 a0 11 40 22 8d d5 4a c2 f9 91 26 2e e7 Sep 21 07:16:08.863302: | c7 21 6b fe 38 38 dc 18 a8 ad 50 d3 fb cf 01 c2 Sep 21 07:16:08.863304: | 7a b9 a3 fd 2f c0 63 6d b0 6d 92 91 ec 54 bf 0e Sep 21 07:16:08.863306: | f9 30 a8 61 5c 50 7a aa 52 8d 5f 6e 90 31 58 07 Sep 21 07:16:08.863308: | e6 03 9a 84 69 40 63 06 6f 86 3e 70 2f 72 ab 38 Sep 21 07:16:08.863310: | 97 b6 cd 13 b8 ee cf 9b 1c 2a 46 c7 e9 c3 ef 6e Sep 21 07:16:08.863312: | d5 46 df 5b 2d 15 2d 10 fa 70 4c 00 59 c9 07 16 Sep 21 07:16:08.863315: | 68 7e 48 38 c9 f0 4f 2e a1 5b 80 b0 df bf 06 7f Sep 21 07:16:08.863317: | 5c d6 90 1f 0c f1 11 5e de 03 20 14 26 11 81 ea Sep 21 07:16:08.863319: | bb 39 31 c1 95 82 8f 85 e5 a7 be 26 d0 2d cc 20 Sep 21 07:16:08.863322: | 18 e0 71 68 6b fd 7b 49 54 2e 02 b8 49 19 d9 53 Sep 21 07:16:08.863324: | 75 51 1b 7a 1c 27 45 71 db b6 cf 24 6a 69 13 b1 Sep 21 07:16:08.863326: | 07 9c 52 50 9c 68 32 5d 44 2a 41 d1 ac ff b6 0c Sep 21 07:16:08.863328: | 5a 7d 34 bc 53 3e c6 f1 28 ea 01 4f 18 66 9d 22 Sep 21 07:16:08.863330: | 38 d4 55 bb 99 35 11 e1 93 bf 9b f5 0f 3c 29 07 Sep 21 07:16:08.863332: | c5 2f dc db 7d d5 2e 17 8f 65 a3 ba 38 32 4a e8 Sep 21 07:16:08.863336: | a6 f2 a4 f9 e2 0e 32 51 35 46 2f 80 72 bd ad 9d Sep 21 07:16:08.863339: | 49 41 39 a0 63 f7 48 e8 2f 87 6a a7 ee 04 60 77 Sep 21 07:16:08.863341: | 1f 51 11 2d d3 d5 42 8c d3 7b 54 30 2b 69 d2 06 Sep 21 07:16:08.863343: | 0f ec f4 bf 51 8c 8e 40 28 Sep 21 07:16:08.863395: | state #3 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:16:08.863402: | libevent_free: release ptr-libevent@0x55d6f6105200 Sep 21 07:16:08.863404: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55d6f60e6cd0 Sep 21 07:16:08.863407: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:16:08.863410: "northnet-eastnets/0x2" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:16:08.863418: | event_schedule: new EVENT_RETRANSMIT-pe@0x55d6f60e6cd0 Sep 21 07:16:08.863421: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #3 Sep 21 07:16:08.863424: | libevent_malloc: new ptr-libevent@0x55d6f6105200 size 128 Sep 21 07:16:08.863429: | #3 STATE_V2_CREATE_I: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48815.231682 Sep 21 07:16:08.863434: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:16:08.863439: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:16:08.863445: | #1 spent 0.963 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:16:08.863449: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:16:08.863452: | libevent_free: release ptr-libevent@0x7f7c8c006900 Sep 21 07:16:08.882613: | spent 0.00282 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:08.882633: | *received 449 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:08.882637: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.882639: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Sep 21 07:16:08.882642: | 27 90 05 70 5c d8 9f 95 20 b1 01 05 d9 29 e0 44 Sep 21 07:16:08.882644: | 7f f4 ae b2 21 cf 94 79 a7 66 2a 14 f5 cb 91 62 Sep 21 07:16:08.882646: | fa da 9c e8 3f bb 4d ca 77 13 38 4d d9 02 6c e2 Sep 21 07:16:08.882649: | d0 ff 4f 8a 0a 15 62 c1 cd 27 47 a0 9d ed 7d e2 Sep 21 07:16:08.882651: | 61 66 87 e4 ea 49 d7 c8 68 0e 00 bf 7d e5 ec 59 Sep 21 07:16:08.882653: | 5c da 66 f3 2a 2d 9b 5d 8e 6a 95 c2 d1 a4 d6 30 Sep 21 07:16:08.882655: | 1a 1f 2a 55 78 5a 17 59 26 3d 46 a6 85 78 27 9c Sep 21 07:16:08.882658: | 70 85 bd a8 23 68 d0 9a 5b 08 50 ff d0 14 64 81 Sep 21 07:16:08.882660: | a6 87 f4 be 45 60 24 53 6a f1 ef 59 b7 bd e9 8b Sep 21 07:16:08.882662: | d4 65 2d 6c 9c bc 77 65 84 57 72 13 39 1c 17 c0 Sep 21 07:16:08.882665: | 17 35 1e 52 97 a8 63 c7 44 06 07 fb ac ce d1 d4 Sep 21 07:16:08.882667: | 8f f0 5e 0a 31 04 34 7e b4 f5 87 25 af b8 4e 4a Sep 21 07:16:08.882669: | aa 5e 1e e6 d7 cc e6 af b1 e0 42 57 8c 5c 5c 6a Sep 21 07:16:08.882672: | 0c d2 bb 16 b4 2f 93 7c d2 27 79 e3 b0 83 bd 09 Sep 21 07:16:08.882674: | b4 d8 f3 f1 aa fe 92 53 ab 85 72 1a 16 a2 39 c9 Sep 21 07:16:08.882676: | cc 48 f8 3c 7b 4b 6a 67 98 45 3e 9f b1 94 d7 e4 Sep 21 07:16:08.882679: | ad ab f1 9f f4 9a d9 a9 8d 1d a5 42 b4 69 ce 3a Sep 21 07:16:08.882681: | 89 ba b7 d5 22 85 85 33 ae 74 51 c1 51 1a 4a b9 Sep 21 07:16:08.882683: | d1 96 95 04 33 5d 1a 0b 17 2d 82 a7 28 5f db f2 Sep 21 07:16:08.882685: | 61 57 a7 cc 6a ba a3 e9 19 0b ef c8 99 92 9b 34 Sep 21 07:16:08.882688: | 48 9c 5f d6 49 20 ac a4 a5 12 84 61 7f 15 13 ce Sep 21 07:16:08.882690: | df 03 77 2a ed fc 76 77 7e e5 05 c1 6e 67 c4 8f Sep 21 07:16:08.882692: | 34 19 de 8e d4 1f 3d bb 98 9c e0 1d 19 d2 25 ee Sep 21 07:16:08.882694: | 09 b7 92 e4 c2 dc 6c fa 3c 4b d4 62 61 cd 7d ba Sep 21 07:16:08.882697: | 75 33 a0 ef 32 44 31 0d e4 a9 05 b2 ec b1 aa cc Sep 21 07:16:08.882702: | a7 55 33 58 99 18 2a 69 48 63 da 4a 04 b5 cb ee Sep 21 07:16:08.882705: | e9 Sep 21 07:16:08.882709: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:08.882713: | **parse ISAKMP Message: Sep 21 07:16:08.882716: | initiator cookie: Sep 21 07:16:08.882718: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:08.882720: | responder cookie: Sep 21 07:16:08.882722: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:08.882725: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:08.882728: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:08.882731: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:16:08.882734: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:08.882736: | Message ID: 2 (0x2) Sep 21 07:16:08.882739: | length: 449 (0x1c1) Sep 21 07:16:08.882742: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Sep 21 07:16:08.882745: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Sep 21 07:16:08.882749: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:16:08.882756: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:08.882759: | State DB: found IKEv2 state #3 in V2_CREATE_I (find_v2_sa_by_initiator_wip) Sep 21 07:16:08.882764: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:08.882769: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:08.882771: | #3 is idle Sep 21 07:16:08.882773: | #3 idle Sep 21 07:16:08.882776: | unpacking clear payload Sep 21 07:16:08.882778: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:08.882781: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:08.882791: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:08.882794: | flags: none (0x0) Sep 21 07:16:08.882796: | length: 421 (0x1a5) Sep 21 07:16:08.882799: | processing payload: ISAKMP_NEXT_v2SK (len=417) Sep 21 07:16:08.882802: | #3 in state V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:16:08.882820: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Sep 21 07:16:08.882823: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:08.882825: | **parse IKEv2 Security Association Payload: Sep 21 07:16:08.882828: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:16:08.882831: | flags: none (0x0) Sep 21 07:16:08.882833: | length: 44 (0x2c) Sep 21 07:16:08.882836: | processing payload: ISAKMP_NEXT_v2SA (len=40) Sep 21 07:16:08.882838: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:16:08.882840: | **parse IKEv2 Nonce Payload: Sep 21 07:16:08.882843: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:16:08.882845: | flags: none (0x0) Sep 21 07:16:08.882847: | length: 36 (0x24) Sep 21 07:16:08.882850: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:16:08.882852: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:16:08.882855: | **parse IKEv2 Key Exchange Payload: Sep 21 07:16:08.882857: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:16:08.882860: | flags: none (0x0) Sep 21 07:16:08.882862: | length: 264 (0x108) Sep 21 07:16:08.882865: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.882867: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:16:08.882869: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:16:08.882872: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:08.882875: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:16:08.882877: | flags: none (0x0) Sep 21 07:16:08.882879: | length: 24 (0x18) Sep 21 07:16:08.882882: | number of TS: 1 (0x1) Sep 21 07:16:08.882884: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:16:08.882888: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:16:08.882891: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:08.882893: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:08.882896: | flags: none (0x0) Sep 21 07:16:08.882898: | length: 24 (0x18) Sep 21 07:16:08.882900: | number of TS: 1 (0x1) Sep 21 07:16:08.882903: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:16:08.882906: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:16:08.882911: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:16:08.882914: | forcing ST #3 to CHILD #1.#3 in FSM processor Sep 21 07:16:08.882916: | Now let's proceed with state specific processing Sep 21 07:16:08.882919: | calling processor Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:16:08.882933: | using existing local ESP/AH proposals for northnet-eastnets/0x2 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:08.882936: | Comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:16:08.882942: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:08.882944: | local proposal 1 type PRF has 0 transforms Sep 21 07:16:08.882947: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:08.882949: | local proposal 1 type DH has 1 transforms Sep 21 07:16:08.882952: | local proposal 1 type ESN has 1 transforms Sep 21 07:16:08.882955: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Sep 21 07:16:08.882958: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:08.882961: | local proposal 2 type PRF has 0 transforms Sep 21 07:16:08.882963: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:08.882966: | local proposal 2 type DH has 1 transforms Sep 21 07:16:08.882968: | local proposal 2 type ESN has 1 transforms Sep 21 07:16:08.882971: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Sep 21 07:16:08.882973: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:08.882976: | local proposal 3 type PRF has 0 transforms Sep 21 07:16:08.882978: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:08.882981: | local proposal 3 type DH has 1 transforms Sep 21 07:16:08.882983: | local proposal 3 type ESN has 1 transforms Sep 21 07:16:08.882986: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:16:08.882988: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:08.882991: | local proposal 4 type PRF has 0 transforms Sep 21 07:16:08.882993: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:08.882995: | local proposal 4 type DH has 1 transforms Sep 21 07:16:08.882997: | local proposal 4 type ESN has 1 transforms Sep 21 07:16:08.883000: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:16:08.883003: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:08.883005: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:08.883008: | length: 40 (0x28) Sep 21 07:16:08.883010: | prop #: 1 (0x1) Sep 21 07:16:08.883012: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:08.883014: | spi size: 4 (0x4) Sep 21 07:16:08.883016: | # transforms: 3 (0x3) Sep 21 07:16:08.883020: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:16:08.883022: | remote SPI b3 d9 ed 9f Sep 21 07:16:08.883025: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:16:08.883028: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.883030: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.883034: | length: 12 (0xc) Sep 21 07:16:08.883037: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:08.883039: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:08.883042: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:08.883044: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:08.883046: | length/value: 256 (0x100) Sep 21 07:16:08.883050: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:08.883053: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.883055: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:08.883057: | length: 8 (0x8) Sep 21 07:16:08.883060: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:08.883062: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:08.883066: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:16:08.883068: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:08.883071: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:08.883073: | length: 8 (0x8) Sep 21 07:16:08.883075: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:08.883078: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:08.883081: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:16:08.883085: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Sep 21 07:16:08.883089: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Sep 21 07:16:08.883092: | remote proposal 1 matches local proposal 1 Sep 21 07:16:08.883094: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Sep 21 07:16:08.883100: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=b3d9ed9f;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Sep 21 07:16:08.883102: | converting proposal to internal trans attrs Sep 21 07:16:08.883107: | updating #3's .st_oakley with preserved PRF, but why update? Sep 21 07:16:08.883113: | adding ikev2 Child SA initiator pfs=yes work-order 4 for state #3 Sep 21 07:16:08.883116: | state #3 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:08.883119: | #3 STATE_V2_CREATE_I: retransmits: cleared Sep 21 07:16:08.883123: | libevent_free: release ptr-libevent@0x55d6f6105200 Sep 21 07:16:08.883126: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55d6f60e6cd0 Sep 21 07:16:08.883129: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d6f60e6cd0 Sep 21 07:16:08.883133: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:16:08.883135: | libevent_malloc: new ptr-libevent@0x55d6f6105200 size 128 Sep 21 07:16:08.883145: | #3 spent 0.222 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Sep 21 07:16:08.883150: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:08.883153: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_SUSPEND Sep 21 07:16:08.883155: | suspending state #3 and saving MD Sep 21 07:16:08.883157: | #3 is busy; has a suspended MD Sep 21 07:16:08.883161: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:08.883163: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:08.883167: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:08.883170: | #1 spent 0.541 milliseconds in ikev2_process_packet() Sep 21 07:16:08.883173: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:08.883175: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:08.883180: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:08.883183: | spent 0.553 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:08.883415: | crypto helper 0 resuming Sep 21 07:16:08.883425: | crypto helper 0 starting work-order 4 for state #3 Sep 21 07:16:08.883431: | crypto helper 0 doing crypto (ikev2 Child SA initiator pfs=yes); request ID 4 Sep 21 07:16:08.884314: | crypto helper 0 finished crypto (ikev2 Child SA initiator pfs=yes); request ID 4 time elapsed 0.000882 seconds Sep 21 07:16:08.884331: | (#3) spent 0.892 milliseconds in crypto helper computing work-order 4: ikev2 Child SA initiator pfs=yes (dh) Sep 21 07:16:08.884336: | crypto helper 0 sending results from work-order 4 for state #3 to event queue Sep 21 07:16:08.884340: | scheduling resume sending helper answer for #3 Sep 21 07:16:08.884344: | libevent_malloc: new ptr-libevent@0x7f7c7c001ef0 size 128 Sep 21 07:16:08.884354: | crypto helper 0 waiting (nothing to do) Sep 21 07:16:08.884363: | processing resume sending helper answer for #3 Sep 21 07:16:08.884376: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:08.884381: | crypto helper 0 replies to request ID 4 Sep 21 07:16:08.884384: | calling continuation function 0x55d6f413a4f0 Sep 21 07:16:08.884389: | ikev2_child_inR_continue for #3 STATE_V2_CREATE_I Sep 21 07:16:08.884392: | TSi: parsing 1 traffic selectors Sep 21 07:16:08.884396: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:08.884399: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:08.884402: | IP Protocol ID: 0 (0x0) Sep 21 07:16:08.884405: | length: 16 (0x10) Sep 21 07:16:08.884408: | start port: 0 (0x0) Sep 21 07:16:08.884411: | end port: 65535 (0xffff) Sep 21 07:16:08.884414: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:08.884417: | TS low c0 00 03 00 Sep 21 07:16:08.884420: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:08.884423: | TS high c0 00 03 ff Sep 21 07:16:08.884426: | TSi: parsed 1 traffic selectors Sep 21 07:16:08.884429: | TSr: parsing 1 traffic selectors Sep 21 07:16:08.884432: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:08.884435: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:08.884438: | IP Protocol ID: 0 (0x0) Sep 21 07:16:08.884440: | length: 16 (0x10) Sep 21 07:16:08.884443: | start port: 0 (0x0) Sep 21 07:16:08.884446: | end port: 65535 (0xffff) Sep 21 07:16:08.884449: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:08.884452: | TS low c0 00 16 00 Sep 21 07:16:08.884455: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:08.884457: | TS high c0 00 16 ff Sep 21 07:16:08.884460: | TSr: parsed 1 traffic selectors Sep 21 07:16:08.884468: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Sep 21 07:16:08.884474: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:08.884482: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:16:08.884486: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:16:08.884489: | TSi[0] port match: YES fitness 65536 Sep 21 07:16:08.884492: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:16:08.884496: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:08.884502: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:08.884509: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Sep 21 07:16:08.884512: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:16:08.884515: | TSr[0] port match: YES fitness 65536 Sep 21 07:16:08.884519: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:16:08.884522: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:08.884529: | best fit so far: TSi[0] TSr[0] Sep 21 07:16:08.884532: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:16:08.884535: | printing contents struct traffic_selector Sep 21 07:16:08.884537: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:08.884540: | ipprotoid: 0 Sep 21 07:16:08.884543: | port range: 0-65535 Sep 21 07:16:08.884547: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:16:08.884550: | printing contents struct traffic_selector Sep 21 07:16:08.884553: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:08.884555: | ipprotoid: 0 Sep 21 07:16:08.884558: | port range: 0-65535 Sep 21 07:16:08.884563: | ip range: 192.0.22.0-192.0.22.255 Sep 21 07:16:08.884567: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:16:08.884741: | install_ipsec_sa() for #3: inbound and outbound Sep 21 07:16:08.884746: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Sep 21 07:16:08.884749: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:08.884753: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:08.884756: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:08.884760: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:08.884763: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:08.884768: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Sep 21 07:16:08.884772: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:08.884776: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:08.884779: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:08.884787: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:08.884796: | setting IPsec SA replay-window to 32 Sep 21 07:16:08.884800: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Sep 21 07:16:08.884804: | netlink: enabling tunnel mode Sep 21 07:16:08.884807: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:08.884810: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:08.884964: | netlink response for Add SA esp.b3d9ed9f@192.1.2.23 included non-error error Sep 21 07:16:08.884970: | set up outgoing SA, ref=0/0 Sep 21 07:16:08.884974: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:08.884978: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:08.884981: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:08.884984: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:08.884989: | setting IPsec SA replay-window to 32 Sep 21 07:16:08.884993: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Sep 21 07:16:08.884996: | netlink: enabling tunnel mode Sep 21 07:16:08.884999: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:08.885002: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:08.885091: | netlink response for Add SA esp.7970047c@192.1.3.33 included non-error error Sep 21 07:16:08.885098: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:08.885106: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:08.885110: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:08.885232: | raw_eroute result=success Sep 21 07:16:08.885237: | set up incoming SA, ref=0/0 Sep 21 07:16:08.885240: | sr for #3: unrouted Sep 21 07:16:08.885244: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:16:08.885247: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:08.885251: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:08.885254: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:08.885258: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:08.885265: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:08.885269: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Sep 21 07:16:08.885274: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Sep 21 07:16:08.885278: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:08.885287: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:16:08.885290: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:08.885350: | raw_eroute result=success Sep 21 07:16:08.885356: | running updown command "ipsec _updown" for verb up Sep 21 07:16:08.885359: | command executing up-client Sep 21 07:16:08.885401: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.885412: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.885441: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Sep 21 07:16:08.885445: | popen cmd is 1408 chars long Sep 21 07:16:08.885449: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Sep 21 07:16:08.885452: | cmd( 80):x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PL: Sep 21 07:16:08.885456: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nort: Sep 21 07:16:08.885460: | cmd( 240):h.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='19: Sep 21 07:16:08.885463: | cmd( 320):2.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Sep 21 07:16:08.885467: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='E: Sep 21 07:16:08.885470: | cmd( 480):SP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Sep 21 07:16:08.885474: | cmd( 560):wan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libr: Sep 21 07:16:08.885477: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' : Sep 21 07:16:08.885481: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Sep 21 07:16:08.885484: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Sep 21 07:16:08.885488: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Sep 21 07:16:08.885491: | cmd( 960):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAR: Sep 21 07:16:08.885494: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Sep 21 07:16:08.885498: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Sep 21 07:16:08.885502: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Sep 21 07:16:08.885508: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Sep 21 07:16:08.885511: | cmd(1360):0xb3d9ed9f SPI_OUT=0x7970047c ipsec _updown 2>&1: Sep 21 07:16:08.910912: | route_and_eroute: firewall_notified: true Sep 21 07:16:08.910926: | running updown command "ipsec _updown" for verb prepare Sep 21 07:16:08.910930: | command executing prepare-client Sep 21 07:16:08.910970: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.910979: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.911002: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CON Sep 21 07:16:08.911005: | popen cmd is 1413 chars long Sep 21 07:16:08.911008: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:16:08.911011: | cmd( 80):ets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Sep 21 07:16:08.911014: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:16:08.911016: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Sep 21 07:16:08.911019: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Sep 21 07:16:08.911022: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TY: Sep 21 07:16:08.911024: | cmd( 480):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=L: Sep 21 07:16:08.911027: | cmd( 560):ibreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing: Sep 21 07:16:08.911030: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Sep 21 07:16:08.911032: | cmd( 720):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Sep 21 07:16:08.911035: | cmd( 800):COL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departm: Sep 21 07:16:08.911038: | cmd( 880):ent, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netk: Sep 21 07:16:08.911040: | cmd( 960):ey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLO: Sep 21 07:16:08.911043: | cmd(1040):W+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_A: Sep 21 07:16:08.911045: | cmd(1120):DDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' P: Sep 21 07:16:08.911048: | cmd(1200):LUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLI: Sep 21 07:16:08.911050: | cmd(1280):ENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP: Sep 21 07:16:08.911053: | cmd(1360):I_IN=0xb3d9ed9f SPI_OUT=0x7970047c ipsec _updown 2>&1: Sep 21 07:16:08.936802: | running updown command "ipsec _updown" for verb route Sep 21 07:16:08.936822: | command executing route-client Sep 21 07:16:08.936861: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.936868: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:08.936889: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO Sep 21 07:16:08.936892: | popen cmd is 1411 chars long Sep 21 07:16:08.936896: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Sep 21 07:16:08.936898: | cmd( 80):s/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33': Sep 21 07:16:08.936901: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=n: Sep 21 07:16:08.936903: | cmd( 240):orth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=: Sep 21 07:16:08.936906: | cmd( 320):'192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255: Sep 21 07:16:08.936908: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE: Sep 21 07:16:08.936911: | cmd( 480):='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Sep 21 07:16:08.936913: | cmd( 560):reswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.l: Sep 21 07:16:08.936916: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.: Sep 21 07:16:08.936918: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Sep 21 07:16:08.936921: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Sep 21 07:16:08.936923: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Sep 21 07:16:08.936926: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+: Sep 21 07:16:08.936928: | cmd(1040):SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADD: Sep 21 07:16:08.936931: | cmd(1120):RFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLU: Sep 21 07:16:08.936934: | cmd(1200):TO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIEN: Sep 21 07:16:08.936936: | cmd(1280):T='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_: Sep 21 07:16:08.936939: | cmd(1360):IN=0xb3d9ed9f SPI_OUT=0x7970047c ipsec _updown 2>&1: Sep 21 07:16:08.955492: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x55d6f60e1090,sr=0x55d6f60e1090} to #3 (was #0) (newest_ipsec_sa=#0) Sep 21 07:16:08.955672: | #1 spent 1.15 milliseconds in install_ipsec_sa() Sep 21 07:16:08.955681: | inR2: instance northnet-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Sep 21 07:16:08.955685: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:08.955691: | libevent_free: release ptr-libevent@0x55d6f6105200 Sep 21 07:16:08.955698: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d6f60e6cd0 Sep 21 07:16:08.955707: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:08.955712: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_OK Sep 21 07:16:08.955715: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Sep 21 07:16:08.955719: | child state #3: V2_CREATE_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:16:08.955722: | Message ID: updating counters for #3 to 2 after switching state Sep 21 07:16:08.955728: | Message ID: recv #1.#3 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1; child: wip.initiator=2->-1 wip.responder=-1 Sep 21 07:16:08.955734: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:08.955737: | pstats #3 ikev2.child established Sep 21 07:16:08.955746: "northnet-eastnets/0x2" #3: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.22.0-192.0.22.255:0-65535 0] Sep 21 07:16:08.955757: | NAT-T: encaps is 'auto' Sep 21 07:16:08.955763: "northnet-eastnets/0x2" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xb3d9ed9f <0x7970047c xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Sep 21 07:16:08.955948: | releasing whack for #3 (sock=fd@25) Sep 21 07:16:08.955962: | close_any(fd@25) (in release_whack() at state.c:654) Sep 21 07:16:08.955966: | releasing whack and unpending for parent #1 Sep 21 07:16:08.955968: | unpending state #1 connection "northnet-eastnets/0x2" Sep 21 07:16:08.955973: | #3 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Sep 21 07:16:08.955977: | event_schedule: new EVENT_SA_REKEY-pe@0x7f7c88002b20 Sep 21 07:16:08.955980: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #3 Sep 21 07:16:08.955983: | libevent_malloc: new ptr-libevent@0x55d6f6105200 size 128 Sep 21 07:16:08.955991: | #3 spent 1.66 milliseconds in resume sending helper answer Sep 21 07:16:08.955996: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:08.956000: | libevent_free: release ptr-libevent@0x7f7c7c001ef0 Sep 21 07:16:08.956011: | processing signal PLUTO_SIGCHLD Sep 21 07:16:08.956016: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:08.956020: | spent 0.00509 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:08.956023: | processing signal PLUTO_SIGCHLD Sep 21 07:16:08.956026: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:08.956030: | spent 0.00334 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:08.956032: | processing signal PLUTO_SIGCHLD Sep 21 07:16:08.956035: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:08.956038: | spent 0.00329 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:09.040152: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:09.040349: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:09.040355: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:09.040544: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:16:09.040549: | FOR_EACH_STATE_... in sort_states Sep 21 07:16:09.040559: | get_sa_info esp.f71ecbee@192.1.3.33 Sep 21 07:16:09.040578: | get_sa_info esp.5631025@192.1.2.23 Sep 21 07:16:09.040598: | get_sa_info esp.7970047c@192.1.3.33 Sep 21 07:16:09.040607: | get_sa_info esp.b3d9ed9f@192.1.2.23 Sep 21 07:16:09.040627: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:09.040634: | spent 0.491 milliseconds in whack Sep 21 07:16:11.356590: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:11.356619: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:16:11.356625: | FOR_EACH_STATE_... in sort_states Sep 21 07:16:11.356634: | get_sa_info esp.f71ecbee@192.1.3.33 Sep 21 07:16:11.356649: | get_sa_info esp.5631025@192.1.2.23 Sep 21 07:16:11.356672: | get_sa_info esp.7970047c@192.1.3.33 Sep 21 07:16:11.356682: | get_sa_info esp.b3d9ed9f@192.1.2.23 Sep 21 07:16:11.356703: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:11.356711: | spent 0.128 milliseconds in whack Sep 21 07:16:12.265300: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:12.265713: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:12.265719: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:12.265923: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:16:12.265929: | FOR_EACH_STATE_... in sort_states Sep 21 07:16:12.265940: | get_sa_info esp.f71ecbee@192.1.3.33 Sep 21 07:16:12.265959: | get_sa_info esp.5631025@192.1.2.23 Sep 21 07:16:12.265978: | get_sa_info esp.7970047c@192.1.3.33 Sep 21 07:16:12.265987: | get_sa_info esp.b3d9ed9f@192.1.2.23 Sep 21 07:16:12.266008: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:12.266016: | spent 0.539 milliseconds in whack Sep 21 07:16:12.648951: | spent 0.0039 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:12.648982: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:12.648986: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.648990: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:16:12.648993: | da e0 3e 25 c2 d6 bc f1 10 24 1b 3d 44 da 53 89 Sep 21 07:16:12.648996: | 2b c0 23 42 e5 15 6a f4 ca d7 61 11 cf b6 ae 9f Sep 21 07:16:12.649000: | 7a 74 86 e8 60 Sep 21 07:16:12.649007: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:12.649012: | **parse ISAKMP Message: Sep 21 07:16:12.649016: | initiator cookie: Sep 21 07:16:12.649019: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:12.649023: | responder cookie: Sep 21 07:16:12.649026: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.649029: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:12.649033: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:12.649037: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:12.649041: | flags: none (0x0) Sep 21 07:16:12.649044: | Message ID: 0 (0x0) Sep 21 07:16:12.649048: | length: 69 (0x45) Sep 21 07:16:12.649052: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:16:12.649057: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:16:12.649063: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:16:12.649072: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:12.649076: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:16:12.649083: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:16:12.649088: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:16:12.649094: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Sep 21 07:16:12.649097: | unpacking clear payload Sep 21 07:16:12.649101: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:12.649105: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:12.649109: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:16:12.649112: | flags: none (0x0) Sep 21 07:16:12.649116: | length: 41 (0x29) Sep 21 07:16:12.649120: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:16:12.649126: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:16:12.649134: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:16:12.649157: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:16:12.649161: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:16:12.649165: | **parse IKEv2 Delete Payload: Sep 21 07:16:12.649169: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.649172: | flags: none (0x0) Sep 21 07:16:12.649175: | length: 12 (0xc) Sep 21 07:16:12.649179: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:12.649183: | SPI size: 4 (0x4) Sep 21 07:16:12.649186: | number of SPIs: 1 (0x1) Sep 21 07:16:12.649189: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:16:12.649193: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:16:12.649197: | Now let's proceed with state specific processing Sep 21 07:16:12.649200: | calling processor I3: INFORMATIONAL Request Sep 21 07:16:12.649205: | an informational request should send a response Sep 21 07:16:12.649214: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:16:12.649219: | **emit ISAKMP Message: Sep 21 07:16:12.649222: | initiator cookie: Sep 21 07:16:12.649225: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:12.649229: | responder cookie: Sep 21 07:16:12.649232: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.649235: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:12.649239: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:12.649243: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:12.649247: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:16:12.649250: | Message ID: 0 (0x0) Sep 21 07:16:12.649255: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:12.649259: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:12.649262: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.649265: | flags: none (0x0) Sep 21 07:16:12.649270: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:12.649274: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:12.649278: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:12.649287: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:16:12.649291: | SPI b3 d9 ed 9f Sep 21 07:16:12.649295: | delete PROTO_v2_ESP SA(0xb3d9ed9f) Sep 21 07:16:12.649299: | v2 CHILD SA #3 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:16:12.649303: | State DB: found IKEv2 state #3 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:16:12.649307: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xb3d9ed9f) Sep 21 07:16:12.649311: "northnet-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #3 now Sep 21 07:16:12.649316: | state #3 requesting EVENT_SA_REKEY to be deleted Sep 21 07:16:12.649321: | libevent_free: release ptr-libevent@0x55d6f6105200 Sep 21 07:16:12.649325: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f7c88002b20 Sep 21 07:16:12.649330: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f7c88002b20 Sep 21 07:16:12.649335: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3 Sep 21 07:16:12.649339: | libevent_malloc: new ptr-libevent@0x55d6f6105200 size 128 Sep 21 07:16:12.649344: | ****emit IKEv2 Delete Payload: Sep 21 07:16:12.649348: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.649351: | flags: none (0x0) Sep 21 07:16:12.649354: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:12.649358: | SPI size: 4 (0x4) Sep 21 07:16:12.649361: | number of SPIs: 1 (0x1) Sep 21 07:16:12.649366: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:16:12.649370: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:12.649377: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:16:12.649380: | local SPIs 79 70 04 7c Sep 21 07:16:12.649383: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:16:12.649387: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:12.649392: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:12.649396: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:12.649399: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:16:12.649403: | emitting length of ISAKMP Message: 69 Sep 21 07:16:12.649419: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:12.649424: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.649427: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:16:12.649430: | bf 43 5d a3 5c 65 9d 94 3e a1 7b 7c 99 c2 ae d7 Sep 21 07:16:12.649433: | a1 a0 b0 ac 70 48 62 3b ba 74 d3 ba c0 fe 58 e2 Sep 21 07:16:12.649436: | a1 d0 94 15 e9 Sep 21 07:16:12.649477: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:16:12.649484: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:16:12.649493: | #1 spent 0.267 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:16:12.649501: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:12.649506: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:16:12.649510: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:16:12.649517: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:16:12.649523: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:12.649528: "northnet-eastnets/0x2" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:16:12.649535: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:12.649541: | #1 spent 0.555 milliseconds in ikev2_process_packet() Sep 21 07:16:12.649547: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:12.649552: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:12.649556: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:12.649561: | spent 0.575 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:12.649571: | timer_event_cb: processing event@0x7f7c88002b20 Sep 21 07:16:12.649575: | handling event EVENT_SA_REPLACE for child state #3 Sep 21 07:16:12.649582: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:12.649587: | picked newest_ipsec_sa #3 for #3 Sep 21 07:16:12.649590: | replacing stale CHILD SA Sep 21 07:16:12.649596: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:16:12.649600: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:12.649605: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:16:12.649611: | creating state object #4 at 0x55d6f60fde80 Sep 21 07:16:12.649615: | State DB: adding IKEv2 state #4 in UNDEFINED Sep 21 07:16:12.649620: | pstats #4 ikev2.child started Sep 21 07:16:12.649631: | duplicating state object #1 "northnet-eastnets/0x2" as #4 for IPSEC SA Sep 21 07:16:12.649637: | #4 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:12.649646: | Message ID: init_child #1.#4; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:12.649653: | suspend processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:12.649660: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:12.649665: | child state #4: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:16:12.649684: | using existing local ESP/AH proposals for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:12.649693: | #4 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #3 using IKE# 1 pfs=MODP2048 Sep 21 07:16:12.649698: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55d6f60f3d70 Sep 21 07:16:12.649703: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Sep 21 07:16:12.649707: | libevent_malloc: new ptr-libevent@0x7f7c7c001ef0 size 128 Sep 21 07:16:12.649714: | RESET processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:16:12.649718: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55d6f60ecc30 Sep 21 07:16:12.649723: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3 Sep 21 07:16:12.649726: | libevent_malloc: new ptr-libevent@0x7f7c88006900 size 128 Sep 21 07:16:12.649731: | libevent_free: release ptr-libevent@0x55d6f6105200 Sep 21 07:16:12.649735: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f7c88002b20 Sep 21 07:16:12.649741: | #3 spent 0.169 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:16:12.649745: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:16:12.649751: | timer_event_cb: processing event@0x55d6f60f3d70 Sep 21 07:16:12.649755: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Sep 21 07:16:12.649762: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:12.649768: | adding Child Rekey Initiator KE and nonce ni work-order 5 for state #4 Sep 21 07:16:12.649772: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f7c88002b20 Sep 21 07:16:12.649777: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:16:12.649781: | libevent_malloc: new ptr-libevent@0x55d6f6105200 size 128 Sep 21 07:16:12.649795: | libevent_free: release ptr-libevent@0x7f7c7c001ef0 Sep 21 07:16:12.649803: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55d6f60f3d70 Sep 21 07:16:12.649809: | #4 spent 0.054 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:16:12.649816: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:16:12.649815: | crypto helper 4 resuming Sep 21 07:16:12.649837: | crypto helper 4 starting work-order 5 for state #4 Sep 21 07:16:12.649843: | crypto helper 4 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 Sep 21 07:16:12.650813: | crypto helper 4 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 time elapsed 0.00097 seconds Sep 21 07:16:12.650826: | (#4) spent 0.979 milliseconds in crypto helper computing work-order 5: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:16:12.650830: | crypto helper 4 sending results from work-order 5 for state #4 to event queue Sep 21 07:16:12.650835: | scheduling resume sending helper answer for #4 Sep 21 07:16:12.650839: | libevent_malloc: new ptr-libevent@0x7f7c80006900 size 128 Sep 21 07:16:12.650844: | crypto helper 4 waiting (nothing to do) Sep 21 07:16:12.649827: | timer_event_cb: processing event@0x55d6f60ecc30 Sep 21 07:16:12.650853: | handling event EVENT_SA_EXPIRE for child state #3 Sep 21 07:16:12.650860: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:12.650863: | picked newest_ipsec_sa #3 for #3 Sep 21 07:16:12.650866: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:16:12.650869: | pstats #3 ikev2.child re-failed exchange-timeout Sep 21 07:16:12.650872: | pstats #3 ikev2.child deleted completed Sep 21 07:16:12.650875: | #3 spent 4.06 milliseconds in total Sep 21 07:16:12.650880: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:12.650884: "northnet-eastnets/0x2" #3: deleting state (STATE_V2_IPSEC_I) aged 3.790s and NOT sending notification Sep 21 07:16:12.650887: | child state #3: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:16:12.650893: | get_sa_info esp.b3d9ed9f@192.1.2.23 Sep 21 07:16:12.650907: | get_sa_info esp.7970047c@192.1.3.33 Sep 21 07:16:12.650915: "northnet-eastnets/0x2" #3: ESP traffic information: in=168B out=168B Sep 21 07:16:12.650918: | child state #3: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:16:12.651007: | running updown command "ipsec _updown" for verb down Sep 21 07:16:12.651012: | command executing down-client Sep 21 07:16:12.651047: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:12.651055: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:12.651076: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050168' PLUTO_ Sep 21 07:16:12.651079: | popen cmd is 1419 chars long Sep 21 07:16:12.651082: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Sep 21 07:16:12.651084: | cmd( 80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' : Sep 21 07:16:12.651087: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=no: Sep 21 07:16:12.651090: | cmd( 240):rth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=': Sep 21 07:16:12.651092: | cmd( 320):192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Sep 21 07:16:12.651095: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE=: Sep 21 07:16:12.651097: | cmd( 480):'ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Sep 21 07:16:12.651100: | cmd( 560):eswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.li: Sep 21 07:16:12.651104: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0: Sep 21 07:16:12.651107: | cmd( 720):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Sep 21 07:16:12.651109: | cmd( 800):='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department: Sep 21 07:16:12.651112: | cmd( 880):, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey': Sep 21 07:16:12.651114: | cmd( 960): PLUTO_ADDTIME='1569050168' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV: Sep 21 07:16:12.651117: | cmd(1040):2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_: Sep 21 07:16:12.651120: | cmd(1120):CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INF: Sep 21 07:16:12.651122: | cmd(1200):O='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_C: Sep 21 07:16:12.651124: | cmd(1280):FG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=': Sep 21 07:16:12.651127: | cmd(1360):no' SPI_IN=0xb3d9ed9f SPI_OUT=0x7970047c ipsec _updown 2>&1: Sep 21 07:16:12.665493: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0 Sep 21 07:16:12.665509: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0 Sep 21 07:16:12.665513: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:12.665517: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:12.665564: | delete esp.b3d9ed9f@192.1.2.23 Sep 21 07:16:12.665597: | netlink response for Del SA esp.b3d9ed9f@192.1.2.23 included non-error error Sep 21 07:16:12.665601: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:12.665608: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:12.665653: | raw_eroute result=success Sep 21 07:16:12.665658: | delete esp.7970047c@192.1.3.33 Sep 21 07:16:12.665682: | netlink response for Del SA esp.7970047c@192.1.3.33 included non-error error Sep 21 07:16:12.665688: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:16:12.665691: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Sep 21 07:16:12.665695: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:16:12.665715: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:12.665724: | State DB: found IKEv2 state #4 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:16:12.665726: | can't expire unused IKE SA #1; it has the child #4 Sep 21 07:16:12.665731: | libevent_free: release ptr-libevent@0x7f7c88006900 Sep 21 07:16:12.665734: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55d6f60ecc30 Sep 21 07:16:12.665737: | in statetime_stop() and could not find #3 Sep 21 07:16:12.665740: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:16:12.665753: | processing resume sending helper answer for #4 Sep 21 07:16:12.665758: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:12.665762: | crypto helper 4 replies to request ID 5 Sep 21 07:16:12.665764: | calling continuation function 0x55d6f4139630 Sep 21 07:16:12.665769: | ikev2_child_outI_continue for #4 STATE_V2_REKEY_CHILD_I0 Sep 21 07:16:12.665772: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:12.665775: | libevent_free: release ptr-libevent@0x55d6f6105200 Sep 21 07:16:12.665778: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f7c88002b20 Sep 21 07:16:12.665781: | event_schedule: new EVENT_SA_REPLACE-pe@0x55d6f6105320 Sep 21 07:16:12.665789: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #4 Sep 21 07:16:12.665795: | libevent_malloc: new ptr-libevent@0x55d6f6105200 size 128 Sep 21 07:16:12.665800: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:12.665806: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:16:12.665808: | libevent_malloc: new ptr-libevent@0x7f7c88006900 size 128 Sep 21 07:16:12.665814: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:12.665817: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Sep 21 07:16:12.665820: | suspending state #4 and saving MD Sep 21 07:16:12.665822: | #4 is busy; has a suspended MD Sep 21 07:16:12.665827: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:12.665830: | "northnet-eastnets/0x2" #4 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:12.665833: | resume sending helper answer for #4 suppresed complete_v2_state_transition() Sep 21 07:16:12.665840: | #4 spent 0.0714 milliseconds in resume sending helper answer Sep 21 07:16:12.665845: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:12.665848: | libevent_free: release ptr-libevent@0x7f7c80006900 Sep 21 07:16:12.665851: | processing signal PLUTO_SIGCHLD Sep 21 07:16:12.665856: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:12.665860: | spent 0.00504 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:12.665864: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:16:12.665868: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:16:12.665874: | Message ID: #1.#4 resuming SA using IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:12.665878: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:16:12.665882: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:16:12.665888: | **emit ISAKMP Message: Sep 21 07:16:12.665891: | initiator cookie: Sep 21 07:16:12.665893: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:12.665896: | responder cookie: Sep 21 07:16:12.665898: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.665901: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:12.665904: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:12.665906: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:16:12.665909: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:12.665911: | Message ID: 3 (0x3) Sep 21 07:16:12.665914: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:12.665917: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:12.665920: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.665922: | flags: none (0x0) Sep 21 07:16:12.665925: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:12.665928: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:16:12.665931: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:12.665952: | netlink_get_spi: allocated 0x4d56e7cb for esp.0@192.1.3.33 Sep 21 07:16:12.665955: | Emitting ikev2_proposals ... Sep 21 07:16:12.665958: | ****emit IKEv2 Security Association Payload: Sep 21 07:16:12.665960: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.665962: | flags: none (0x0) Sep 21 07:16:12.665966: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:12.665970: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:12.665973: | discarding INTEG=NONE Sep 21 07:16:12.665976: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:12.665979: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:12.665981: | prop #: 1 (0x1) Sep 21 07:16:12.665983: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:12.665986: | spi size: 4 (0x4) Sep 21 07:16:12.665988: | # transforms: 3 (0x3) Sep 21 07:16:12.665991: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:12.665994: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:12.665996: | our spi 4d 56 e7 cb Sep 21 07:16:12.665999: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.666002: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666004: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:12.666007: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:12.666010: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.666013: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:12.666016: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:12.666018: | length/value: 256 (0x100) Sep 21 07:16:12.666021: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:12.666023: | discarding INTEG=NONE Sep 21 07:16:12.666025: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.666028: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666030: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.666033: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:12.666036: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666039: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.666041: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.666043: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.666046: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:12.666048: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:12.666051: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:12.666054: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666056: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.666059: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.666061: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:16:12.666064: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:12.666066: | discarding INTEG=NONE Sep 21 07:16:12.666069: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:12.666071: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:12.666073: | prop #: 2 (0x2) Sep 21 07:16:12.666076: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:12.666078: | spi size: 4 (0x4) Sep 21 07:16:12.666080: | # transforms: 3 (0x3) Sep 21 07:16:12.666083: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:12.666086: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:12.666089: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:12.666092: | our spi 4d 56 e7 cb Sep 21 07:16:12.666095: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.666097: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666099: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:12.666102: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:12.666104: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.666107: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:12.666109: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:12.666112: | length/value: 128 (0x80) Sep 21 07:16:12.666114: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:12.666116: | discarding INTEG=NONE Sep 21 07:16:12.666119: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.666121: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666123: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.666126: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:12.666129: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666132: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.666135: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.666137: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.666139: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:12.666142: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:12.666144: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:12.666147: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666150: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.666152: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.666155: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:16:12.666157: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:12.666160: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:12.666162: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:12.666164: | prop #: 3 (0x3) Sep 21 07:16:12.666167: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:12.666169: | spi size: 4 (0x4) Sep 21 07:16:12.666171: | # transforms: 5 (0x5) Sep 21 07:16:12.666174: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:12.666177: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:12.666180: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:12.666182: | our spi 4d 56 e7 cb Sep 21 07:16:12.666184: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.666187: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666189: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:12.666191: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:12.666194: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.666197: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:12.666199: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:12.666201: | length/value: 256 (0x100) Sep 21 07:16:12.666204: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:12.666206: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.666209: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666212: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:12.666214: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:12.666217: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666220: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.666223: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.666225: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.666227: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666230: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:12.666232: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:12.666235: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666238: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.666240: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.666243: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.666245: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666247: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.666250: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:12.666253: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666255: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.666258: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.666260: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.666263: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:12.666265: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:12.666267: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:12.666270: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666273: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.666275: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.666278: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:16:12.666281: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:12.666283: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:12.666285: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:12.666288: | prop #: 4 (0x4) Sep 21 07:16:12.666290: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:12.666292: | spi size: 4 (0x4) Sep 21 07:16:12.666294: | # transforms: 5 (0x5) Sep 21 07:16:12.666297: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:12.666300: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:12.666303: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:12.666305: | our spi 4d 56 e7 cb Sep 21 07:16:12.666307: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.666310: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666312: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:12.666315: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:12.666318: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.666321: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:12.666323: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:12.666325: | length/value: 128 (0x80) Sep 21 07:16:12.666328: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:12.666330: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.666332: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666335: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:12.666337: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:12.666340: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666343: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.666345: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.666347: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.666350: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666352: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:12.666355: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:12.666357: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666360: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.666363: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.666365: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.666367: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666370: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.666372: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:12.666375: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666378: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.666380: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.666382: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.666385: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:12.666387: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:12.666389: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:12.666392: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.666395: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.666397: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.666400: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:16:12.666402: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:12.666405: | emitting length of IKEv2 Security Association Payload: 196 Sep 21 07:16:12.666407: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:12.666411: "northnet-eastnets/0x2" #4: CHILD SA to rekey #3 vanished abort this exchange Sep 21 07:16:12.666413: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Sep 21 07:16:12.666418: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:12.666423: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Sep 21 07:16:12.667535: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Sep 21 07:16:12.667551: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:16:12.667558: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:16:12.667565: | #1 spent 0.645 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:16:12.667569: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:16:12.667574: | libevent_free: release ptr-libevent@0x7f7c88006900 Sep 21 07:16:12.674262: | spent 0.0031 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:12.674283: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:12.674286: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.674289: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Sep 21 07:16:12.674291: | 15 17 37 43 e2 90 5e 3f 50 99 70 ed d5 82 f8 00 Sep 21 07:16:12.674294: | 6e 4a 2a 48 72 33 98 c6 17 f4 51 65 b0 f0 49 d5 Sep 21 07:16:12.674296: | 61 2f 34 04 96 Sep 21 07:16:12.674301: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:12.674305: | **parse ISAKMP Message: Sep 21 07:16:12.674307: | initiator cookie: Sep 21 07:16:12.674310: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:12.674312: | responder cookie: Sep 21 07:16:12.674315: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.674317: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:12.674320: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:12.674379: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:12.674383: | flags: none (0x0) Sep 21 07:16:12.674385: | Message ID: 1 (0x1) Sep 21 07:16:12.674388: | length: 69 (0x45) Sep 21 07:16:12.674391: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:16:12.674394: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:16:12.674398: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:16:12.674406: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:12.674409: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:16:12.674414: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:16:12.674417: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:16:12.674422: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Sep 21 07:16:12.674424: | unpacking clear payload Sep 21 07:16:12.674427: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:12.674430: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:12.674432: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:16:12.674435: | flags: none (0x0) Sep 21 07:16:12.674437: | length: 41 (0x29) Sep 21 07:16:12.674440: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:16:12.674445: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:16:12.674448: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:16:12.674462: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:16:12.674465: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:16:12.674468: | **parse IKEv2 Delete Payload: Sep 21 07:16:12.674471: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.674476: | flags: none (0x0) Sep 21 07:16:12.674479: | length: 12 (0xc) Sep 21 07:16:12.674481: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:12.674484: | SPI size: 4 (0x4) Sep 21 07:16:12.674486: | number of SPIs: 1 (0x1) Sep 21 07:16:12.674489: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:16:12.674491: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:16:12.674494: | Now let's proceed with state specific processing Sep 21 07:16:12.674496: | calling processor I3: INFORMATIONAL Request Sep 21 07:16:12.674500: | an informational request should send a response Sep 21 07:16:12.674504: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:16:12.674508: | **emit ISAKMP Message: Sep 21 07:16:12.674510: | initiator cookie: Sep 21 07:16:12.674513: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:12.674515: | responder cookie: Sep 21 07:16:12.674517: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.674520: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:12.674522: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:12.674525: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:12.674528: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:16:12.674530: | Message ID: 1 (0x1) Sep 21 07:16:12.674533: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:12.674536: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:12.674539: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.674541: | flags: none (0x0) Sep 21 07:16:12.674545: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:12.674548: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:12.674551: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:12.674556: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:16:12.674559: | SPI 05 63 10 25 Sep 21 07:16:12.674561: | delete PROTO_v2_ESP SA(0x05631025) Sep 21 07:16:12.674564: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:16:12.674567: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:16:12.674570: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x05631025) Sep 21 07:16:12.674573: "northnet-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #2 now Sep 21 07:16:12.674576: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:16:12.674580: | libevent_free: release ptr-libevent@0x55d6f6102390 Sep 21 07:16:12.674583: | free_event_entry: release EVENT_SA_REKEY-pe@0x55d6f60f0a30 Sep 21 07:16:12.674586: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f7c80002b20 Sep 21 07:16:12.674590: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Sep 21 07:16:12.674593: | libevent_malloc: new ptr-libevent@0x55d6f6102390 size 128 Sep 21 07:16:12.674596: | ****emit IKEv2 Delete Payload: Sep 21 07:16:12.674599: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.674601: | flags: none (0x0) Sep 21 07:16:12.674604: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:12.674606: | SPI size: 4 (0x4) Sep 21 07:16:12.674609: | number of SPIs: 1 (0x1) Sep 21 07:16:12.674612: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:16:12.674615: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:12.674618: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:16:12.674620: | local SPIs f7 1e cb ee Sep 21 07:16:12.674623: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:16:12.674625: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:12.674628: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:12.674633: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:12.674636: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:16:12.674638: | emitting length of ISAKMP Message: 69 Sep 21 07:16:12.674650: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:12.674653: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.674655: | 2e 20 25 28 00 00 00 01 00 00 00 45 2a 00 00 29 Sep 21 07:16:12.674658: | da 01 5b 0b 86 c2 2c a9 f7 e0 50 8f e9 2d c9 f8 Sep 21 07:16:12.674660: | e1 48 c5 05 8c 37 63 d3 04 92 35 f0 26 cf 2b 82 Sep 21 07:16:12.674662: | 94 40 5e f4 4d Sep 21 07:16:12.674692: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:16:12.674697: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:16:12.674703: | #1 spent 0.188 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:16:12.674709: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:12.674712: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:16:12.674716: | Message ID: updating counters for #1 to 1 after switching state Sep 21 07:16:12.674720: | Message ID: recv #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=0->1 wip.initiator=-1 wip.responder=1->-1 Sep 21 07:16:12.674724: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:12.674728: "northnet-eastnets/0x2" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:16:12.674733: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:12.674737: | #1 spent 0.4 milliseconds in ikev2_process_packet() Sep 21 07:16:12.674741: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:12.674744: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:12.674747: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:12.674751: | spent 0.414 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:12.674757: | timer_event_cb: processing event@0x7f7c80002b20 Sep 21 07:16:12.674760: | handling event EVENT_SA_REPLACE for child state #2 Sep 21 07:16:12.674765: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:12.674769: | picked newest_ipsec_sa #2 for #2 Sep 21 07:16:12.674771: | replacing stale CHILD SA Sep 21 07:16:12.674775: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:16:12.674778: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:12.674782: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:16:12.674796: | creating state object #5 at 0x55d6f60f3200 Sep 21 07:16:12.674799: | State DB: adding IKEv2 state #5 in UNDEFINED Sep 21 07:16:12.674802: | pstats #5 ikev2.child started Sep 21 07:16:12.674805: | duplicating state object #1 "northnet-eastnets/0x2" as #5 for IPSEC SA Sep 21 07:16:12.674810: | #5 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:12.674816: | Message ID: init_child #1.#5; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:12.674819: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:16:12.674826: | suspend processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:12.674831: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:12.674834: | child state #5: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:16:12.674838: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:16:12.674841: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x1 (ESP/AH initiator emitting proposals) Sep 21 07:16:12.674845: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:16:12.674851: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:16:12.674854: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:16:12.674859: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:16:12.674862: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:12.674866: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:12.674869: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:12.674873: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:12.674882: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:12.674888: | #5 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Sep 21 07:16:12.674891: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55d6f6104ed0 Sep 21 07:16:12.674894: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #5 Sep 21 07:16:12.674897: | libevent_malloc: new ptr-libevent@0x7f7c88006900 size 128 Sep 21 07:16:12.674903: | RESET processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:16:12.674906: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55d6f60f3d70 Sep 21 07:16:12.674909: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Sep 21 07:16:12.674912: | libevent_malloc: new ptr-libevent@0x7f7c80006900 size 128 Sep 21 07:16:12.674915: | libevent_free: release ptr-libevent@0x55d6f6102390 Sep 21 07:16:12.674918: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f7c80002b20 Sep 21 07:16:12.674922: | #2 spent 0.159 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:16:12.674925: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:16:12.674930: | timer_event_cb: processing event@0x55d6f6104ed0 Sep 21 07:16:12.674932: | handling event EVENT_v2_INITIATE_CHILD for child state #5 Sep 21 07:16:12.674937: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:12.674942: | adding Child Rekey Initiator KE and nonce ni work-order 6 for state #5 Sep 21 07:16:12.674945: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f7c80002b20 Sep 21 07:16:12.674948: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Sep 21 07:16:12.674951: | libevent_malloc: new ptr-libevent@0x55d6f6102390 size 128 Sep 21 07:16:12.674957: | libevent_free: release ptr-libevent@0x7f7c88006900 Sep 21 07:16:12.674960: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55d6f6104ed0 Sep 21 07:16:12.674963: | crypto helper 1 resuming Sep 21 07:16:12.674979: | crypto helper 1 starting work-order 6 for state #5 Sep 21 07:16:12.674984: | crypto helper 1 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 Sep 21 07:16:12.675945: | crypto helper 1 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 time elapsed 0.000961 seconds Sep 21 07:16:12.675957: | (#5) spent 0.968 milliseconds in crypto helper computing work-order 6: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:16:12.675960: | crypto helper 1 sending results from work-order 6 for state #5 to event queue Sep 21 07:16:12.675963: | scheduling resume sending helper answer for #5 Sep 21 07:16:12.675966: | libevent_malloc: new ptr-libevent@0x7f7c74006900 size 128 Sep 21 07:16:12.675971: | crypto helper 1 waiting (nothing to do) Sep 21 07:16:12.674964: | #5 spent 0.0338 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:16:12.675983: | stop processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:16:12.675987: | timer_event_cb: processing event@0x55d6f60f3d70 Sep 21 07:16:12.675990: | handling event EVENT_SA_EXPIRE for child state #2 Sep 21 07:16:12.675995: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:12.675998: | picked newest_ipsec_sa #2 for #2 Sep 21 07:16:12.676001: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:16:12.676004: | pstats #2 ikev2.child re-failed exchange-timeout Sep 21 07:16:12.676006: | pstats #2 ikev2.child deleted completed Sep 21 07:16:12.676009: | #2 spent 5.27 milliseconds in total Sep 21 07:16:12.676014: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:12.676018: "northnet-eastnets/0x1" #2: deleting state (STATE_V2_IPSEC_I) aged 4.031s and NOT sending notification Sep 21 07:16:12.676020: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:16:12.676025: | get_sa_info esp.5631025@192.1.2.23 Sep 21 07:16:12.676038: | get_sa_info esp.f71ecbee@192.1.3.33 Sep 21 07:16:12.676046: "northnet-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Sep 21 07:16:12.676049: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:16:12.676113: | running updown command "ipsec _updown" for verb down Sep 21 07:16:12.676117: | command executing down-client Sep 21 07:16:12.676152: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:12.676160: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:12.676180: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050168' PLUTO_CO Sep 21 07:16:12.676183: | popen cmd is 1416 chars long Sep 21 07:16:12.676186: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Sep 21 07:16:12.676191: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' : Sep 21 07:16:12.676194: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=no: Sep 21 07:16:12.676196: | cmd( 240):rth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=': Sep 21 07:16:12.676199: | cmd( 320):192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Sep 21 07:16:12.676201: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=: Sep 21 07:16:12.676204: | cmd( 480):'ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Sep 21 07:16:12.676206: | cmd( 560):eswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.li: Sep 21 07:16:12.676209: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' : Sep 21 07:16:12.676211: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Sep 21 07:16:12.676214: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Sep 21 07:16:12.676216: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Sep 21 07:16:12.676219: | cmd( 960):LUTO_ADDTIME='1569050168' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_: Sep 21 07:16:12.676222: | cmd(1040):ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CO: Sep 21 07:16:12.676224: | cmd(1120):NN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO=: Sep 21 07:16:12.676227: | cmd(1200):'' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG: Sep 21 07:16:12.676229: | cmd(1280):_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no: Sep 21 07:16:12.676232: | cmd(1360):' SPI_IN=0x5631025 SPI_OUT=0xf71ecbee ipsec _updown 2>&1: Sep 21 07:16:12.694654: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:16:12.694669: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:16:12.694673: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:12.694677: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:12.694729: | delete esp.5631025@192.1.2.23 Sep 21 07:16:12.694759: | netlink response for Del SA esp.5631025@192.1.2.23 included non-error error Sep 21 07:16:12.694763: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:12.694770: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:12.694817: | raw_eroute result=success Sep 21 07:16:12.695043: | delete esp.f71ecbee@192.1.3.33 Sep 21 07:16:12.695075: | netlink response for Del SA esp.f71ecbee@192.1.3.33 included non-error error Sep 21 07:16:12.695082: | in connection_discard for connection northnet-eastnets/0x1 Sep 21 07:16:12.695085: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:16:12.695089: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:16:12.695096: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:12.695103: | State DB: found IKEv2 state #5 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:16:12.695106: | can't expire unused IKE SA #1; it has the child #5 Sep 21 07:16:12.695111: | libevent_free: release ptr-libevent@0x7f7c80006900 Sep 21 07:16:12.695115: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55d6f60f3d70 Sep 21 07:16:12.695118: | in statetime_stop() and could not find #2 Sep 21 07:16:12.695121: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:16:12.695134: | processing resume sending helper answer for #5 Sep 21 07:16:12.695140: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:12.695147: | crypto helper 1 replies to request ID 6 Sep 21 07:16:12.695150: | calling continuation function 0x55d6f4139630 Sep 21 07:16:12.695154: | ikev2_child_outI_continue for #5 STATE_V2_REKEY_CHILD_I0 Sep 21 07:16:12.695158: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:12.695160: | libevent_free: release ptr-libevent@0x55d6f6102390 Sep 21 07:16:12.695163: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f7c80002b20 Sep 21 07:16:12.695167: | event_schedule: new EVENT_SA_REPLACE-pe@0x55d6f60e3d80 Sep 21 07:16:12.695219: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #5 Sep 21 07:16:12.695226: | libevent_malloc: new ptr-libevent@0x55d6f6102390 size 128 Sep 21 07:16:12.695232: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:12.695236: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:16:12.695238: | libevent_malloc: new ptr-libevent@0x7f7c80006900 size 128 Sep 21 07:16:12.695245: | [RE]START processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:12.695249: | #5 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Sep 21 07:16:12.695252: | suspending state #5 and saving MD Sep 21 07:16:12.695254: | #5 is busy; has a suspended MD Sep 21 07:16:12.695259: | [RE]START processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:12.695263: | "northnet-eastnets/0x1" #5 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:12.695267: | resume sending helper answer for #5 suppresed complete_v2_state_transition() Sep 21 07:16:12.695273: | #5 spent 0.0782 milliseconds in resume sending helper answer Sep 21 07:16:12.695278: | stop processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:12.695281: | libevent_free: release ptr-libevent@0x7f7c74006900 Sep 21 07:16:12.695284: | processing signal PLUTO_SIGCHLD Sep 21 07:16:12.695289: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:12.695293: | spent 0.00488 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:12.695298: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:16:12.695303: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:16:12.695309: | Message ID: #1.#5 resuming SA using IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:12.695314: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:16:12.695318: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:16:12.695325: | **emit ISAKMP Message: Sep 21 07:16:12.695327: | initiator cookie: Sep 21 07:16:12.695330: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:12.695332: | responder cookie: Sep 21 07:16:12.695335: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.695338: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:12.695341: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:12.695343: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:16:12.695346: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:12.695349: | Message ID: 3 (0x3) Sep 21 07:16:12.695352: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:12.695355: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:12.695358: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.695361: | flags: none (0x0) Sep 21 07:16:12.695364: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:12.695369: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:16:12.695373: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:12.695396: | netlink_get_spi: allocated 0x48cb231c for esp.0@192.1.3.33 Sep 21 07:16:12.695399: | Emitting ikev2_proposals ... Sep 21 07:16:12.695402: | ****emit IKEv2 Security Association Payload: Sep 21 07:16:12.695404: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.695407: | flags: none (0x0) Sep 21 07:16:12.695410: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:12.695413: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:12.695416: | discarding INTEG=NONE Sep 21 07:16:12.695419: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:12.695421: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:12.695424: | prop #: 1 (0x1) Sep 21 07:16:12.695426: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:12.695429: | spi size: 4 (0x4) Sep 21 07:16:12.695431: | # transforms: 3 (0x3) Sep 21 07:16:12.695434: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:12.695438: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:12.695440: | our spi 48 cb 23 1c Sep 21 07:16:12.695443: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.695445: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695448: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:12.695451: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:12.695454: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.695457: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:12.695460: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:12.695462: | length/value: 256 (0x100) Sep 21 07:16:12.695465: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:12.695467: | discarding INTEG=NONE Sep 21 07:16:12.695470: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.695473: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695475: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.695478: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:12.695481: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695484: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.695487: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.695489: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.695492: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:12.695494: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:12.695497: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:12.695500: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695503: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.695506: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.695508: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:16:12.695511: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:12.695514: | discarding INTEG=NONE Sep 21 07:16:12.695518: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:12.695520: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:12.695523: | prop #: 2 (0x2) Sep 21 07:16:12.695525: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:12.695528: | spi size: 4 (0x4) Sep 21 07:16:12.695530: | # transforms: 3 (0x3) Sep 21 07:16:12.695533: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:12.695536: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:12.695539: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:12.695542: | our spi 48 cb 23 1c Sep 21 07:16:12.695544: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.695547: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695549: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:12.695552: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:12.695555: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.695557: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:12.695560: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:12.695562: | length/value: 128 (0x80) Sep 21 07:16:12.695565: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:12.695567: | discarding INTEG=NONE Sep 21 07:16:12.695570: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.695572: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695575: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.695577: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:12.695580: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695583: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.695586: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.695588: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.695590: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:12.695593: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:12.695595: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:12.695598: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695601: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.695604: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.695606: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:16:12.695609: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:12.695612: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:12.695614: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:12.695616: | prop #: 3 (0x3) Sep 21 07:16:12.695619: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:12.695621: | spi size: 4 (0x4) Sep 21 07:16:12.695624: | # transforms: 5 (0x5) Sep 21 07:16:12.695627: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:12.695630: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:12.695633: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:12.695635: | our spi 48 cb 23 1c Sep 21 07:16:12.695638: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.695641: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695643: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:12.695646: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:12.695649: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.695651: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:12.695654: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:12.695656: | length/value: 256 (0x100) Sep 21 07:16:12.695659: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:12.695661: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.695664: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695666: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:12.695669: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:12.695672: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695675: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.695677: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.695680: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.695682: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695685: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:12.695687: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:12.695690: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695693: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.695696: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.695698: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.695700: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695703: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.695705: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:12.695708: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695711: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.695714: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.695716: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.695719: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:12.695721: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:12.695724: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:12.695727: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695729: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.695732: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.695735: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:16:12.695738: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:12.695740: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:12.695743: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:12.695745: | prop #: 4 (0x4) Sep 21 07:16:12.695748: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:12.695751: | spi size: 4 (0x4) Sep 21 07:16:12.695754: | # transforms: 5 (0x5) Sep 21 07:16:12.695757: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:12.695760: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:12.695763: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:12.695765: | our spi 48 cb 23 1c Sep 21 07:16:12.695768: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.695770: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695773: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:12.695775: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:12.695778: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.695781: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:12.695788: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:12.695793: | length/value: 128 (0x80) Sep 21 07:16:12.695796: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:12.695798: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.695801: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695803: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:12.695806: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:12.695809: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695811: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.695814: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.695817: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.695819: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695822: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:12.695824: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:12.695827: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695830: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.695833: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.695835: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.695837: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695840: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.695842: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:12.695845: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695848: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.695851: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.695853: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.695856: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:12.695858: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:12.695861: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:12.695864: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.695866: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.695869: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.695873: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:16:12.695876: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:12.695878: | emitting length of IKEv2 Security Association Payload: 196 Sep 21 07:16:12.695881: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:12.695885: "northnet-eastnets/0x1" #5: CHILD SA to rekey #2 vanished abort this exchange Sep 21 07:16:12.695887: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Sep 21 07:16:12.695893: | [RE]START processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:12.695896: | #5 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Sep 21 07:16:12.695962: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Sep 21 07:16:12.695969: | stop processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:16:12.695974: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:16:12.695979: | #1 spent 0.665 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:16:12.695984: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:16:12.695987: | libevent_free: release ptr-libevent@0x7f7c80006900 Sep 21 07:16:12.708012: | spent 0.00285 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:12.708034: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:12.708037: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.708040: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Sep 21 07:16:12.708042: | 33 0c b4 7a de 34 65 fc f4 65 61 8b 15 b6 54 0a Sep 21 07:16:12.708045: | 08 43 e1 3c 99 f4 32 3b a2 95 f4 d2 e7 7a 26 fa Sep 21 07:16:12.708047: | 1e Sep 21 07:16:12.708051: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:12.708055: | **parse ISAKMP Message: Sep 21 07:16:12.708057: | initiator cookie: Sep 21 07:16:12.708060: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:12.708062: | responder cookie: Sep 21 07:16:12.708064: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.708067: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:12.708069: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:12.708072: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:12.708074: | flags: none (0x0) Sep 21 07:16:12.708077: | Message ID: 2 (0x2) Sep 21 07:16:12.708079: | length: 65 (0x41) Sep 21 07:16:12.708082: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:16:12.708085: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:16:12.708089: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:16:12.708096: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:12.708099: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:16:12.708103: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:16:12.708106: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Sep 21 07:16:12.708110: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 Sep 21 07:16:12.708113: | unpacking clear payload Sep 21 07:16:12.708115: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:12.708118: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:12.708121: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:16:12.708126: | flags: none (0x0) Sep 21 07:16:12.708128: | length: 37 (0x25) Sep 21 07:16:12.708131: | processing payload: ISAKMP_NEXT_v2SK (len=33) Sep 21 07:16:12.708135: | Message ID: start-responder #1 request 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Sep 21 07:16:12.708138: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:16:12.708234: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:16:12.708240: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:16:12.708243: | **parse IKEv2 Delete Payload: Sep 21 07:16:12.708246: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.708249: | flags: none (0x0) Sep 21 07:16:12.708251: | length: 8 (0x8) Sep 21 07:16:12.708254: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:16:12.708256: | SPI size: 0 (0x0) Sep 21 07:16:12.708259: | number of SPIs: 0 (0x0) Sep 21 07:16:12.708326: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:16:12.708332: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:16:12.708334: | Now let's proceed with state specific processing Sep 21 07:16:12.708337: | calling processor I3: INFORMATIONAL Request Sep 21 07:16:12.708341: | an informational request should send a response Sep 21 07:16:12.708346: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:16:12.708349: | **emit ISAKMP Message: Sep 21 07:16:12.708351: | initiator cookie: Sep 21 07:16:12.708354: | c5 12 f2 fa f0 f0 3a 66 Sep 21 07:16:12.708357: | responder cookie: Sep 21 07:16:12.708359: | f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.708362: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:12.708364: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:12.708367: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:12.708370: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:16:12.708372: | Message ID: 2 (0x2) Sep 21 07:16:12.708375: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:12.708378: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:12.708381: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.708384: | flags: none (0x0) Sep 21 07:16:12.708387: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:12.708390: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:12.708393: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:12.708399: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:12.708402: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:12.708405: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:12.708408: | emitting length of IKEv2 Encryption Payload: 29 Sep 21 07:16:12.708410: | emitting length of ISAKMP Message: 57 Sep 21 07:16:12.708423: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:12.708426: | c5 12 f2 fa f0 f0 3a 66 f0 99 3b 55 8a 1b e8 ce Sep 21 07:16:12.708429: | 2e 20 25 28 00 00 00 02 00 00 00 39 00 00 00 1d Sep 21 07:16:12.708431: | f2 18 ea 22 20 60 7d 5d f9 96 91 d8 1e 06 9b 6b Sep 21 07:16:12.708434: | a2 ff 89 dd ed 5e 1d 47 a8 Sep 21 07:16:12.708466: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 Sep 21 07:16:12.708472: | Message ID: sent #1 response 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 Sep 21 07:16:12.708478: | child state #5: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:16:12.708482: | pstats #5 ikev2.child deleted other Sep 21 07:16:12.708485: | #5 spent 1.08 milliseconds in total Sep 21 07:16:12.708490: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:12.708495: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:12.708500: "northnet-eastnets/0x1" #5: deleting other state #5 connection (STATE_CHILDSA_DEL) "northnet-eastnets/0x1" aged 0.033s and NOT sending notification Sep 21 07:16:12.708503: | child state #5: CHILDSA_DEL(informational) => delete Sep 21 07:16:12.708506: | state #5 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:16:12.708510: | libevent_free: release ptr-libevent@0x55d6f6102390 Sep 21 07:16:12.708513: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55d6f60e3d80 Sep 21 07:16:12.708516: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:12.708524: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:12.708542: | raw_eroute result=success Sep 21 07:16:12.708546: | in connection_discard for connection northnet-eastnets/0x1 Sep 21 07:16:12.708548: | State DB: deleting IKEv2 state #5 in CHILDSA_DEL Sep 21 07:16:12.708552: | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:16:12.708564: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:12.708570: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:12.708575: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:16:12.708577: | pstats #4 ikev2.child deleted other Sep 21 07:16:12.708580: | #4 spent 1.1 milliseconds in total Sep 21 07:16:12.708585: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:12.708590: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:12.708593: "northnet-eastnets/0x2" #4: deleting other state #4 (STATE_CHILDSA_DEL) aged 0.058s and NOT sending notification Sep 21 07:16:12.708596: | child state #4: CHILDSA_DEL(informational) => delete Sep 21 07:16:12.708598: | state #4 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:16:12.708601: | libevent_free: release ptr-libevent@0x55d6f6105200 Sep 21 07:16:12.708604: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55d6f6105320 Sep 21 07:16:12.708607: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:12.708614: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:12.708623: | raw_eroute result=success Sep 21 07:16:12.708626: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:16:12.708628: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL Sep 21 07:16:12.708632: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:16:12.708642: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:12.708647: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:12.708650: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:16:12.708653: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:16:12.708656: | pstats #1 ikev2.ike deleted completed Sep 21 07:16:12.708660: | #1 spent 28.8 milliseconds in total Sep 21 07:16:12.708664: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:12.708667: "northnet-eastnets/0x2" #1: deleting state (STATE_IKESA_DEL) aged 4.074s and NOT sending notification Sep 21 07:16:12.708672: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:16:12.709118: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:16:12.709127: | libevent_free: release ptr-libevent@0x55d6f60d8f30 Sep 21 07:16:12.709131: | free_event_entry: release EVENT_SA_REKEY-pe@0x55d6f60ec0e0 Sep 21 07:16:12.709134: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:16:12.709137: | picked newest_isakmp_sa #0 for #1 Sep 21 07:16:12.709140: "northnet-eastnets/0x2" #1: deleting IKE SA for connection 'northnet-eastnets/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:16:12.709143: | add revival: connection 'northnet-eastnets/0x2' added to the list and scheduled for 0 seconds Sep 21 07:16:12.709146: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:16:12.709151: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:16:12.709153: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:16:12.709157: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:16:12.709168: | unreference key: 0x55d6f6104000 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 2-- Sep 21 07:16:12.709181: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:12.709192: | unreference key: 0x55d6f6104000 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:12.709197: | unreference key: 0x55d6f6105540 user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:12.709202: | unreference key: 0x55d6f6105ab0 @east.testing.libreswan.org cnt 1-- Sep 21 07:16:12.709206: | unreference key: 0x55d6f60e8f90 east@testing.libreswan.org cnt 1-- Sep 21 07:16:12.709210: | unreference key: 0x55d6f60eca30 192.1.2.23 cnt 1-- Sep 21 07:16:12.709224: | in statetime_stop() and could not find #1 Sep 21 07:16:12.709228: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:12.709232: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Sep 21 07:16:12.709235: | STF_OK but no state object remains Sep 21 07:16:12.709238: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:12.709240: | in statetime_stop() and could not find #1 Sep 21 07:16:12.709245: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:12.709248: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:12.709251: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:12.709257: | spent 0.691 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:12.709263: | processing global timer EVENT_REVIVE_CONNS Sep 21 07:16:12.709267: Initiating connection northnet-eastnets/0x2 which received a Delete/Notify but must remain up per local policy Sep 21 07:16:12.709270: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:12.709274: | start processing: connection "northnet-eastnets/0x2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:16:12.709276: | connection 'northnet-eastnets/0x2' +POLICY_UP Sep 21 07:16:12.709279: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:16:12.709282: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:12.709289: | creating state object #6 at 0x55d6f60f3200 Sep 21 07:16:12.709292: | State DB: adding IKEv2 state #6 in UNDEFINED Sep 21 07:16:12.709298: | pstats #6 ikev2.ike started Sep 21 07:16:12.709302: | Message ID: init #6: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:16:12.709305: | parent state #6: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:16:12.709310: | Message ID: init_ike #6; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:12.709318: | suspend processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:12.709323: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:12.709326: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:16:12.709330: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x2" IKE SA #6 "northnet-eastnets/0x2" Sep 21 07:16:12.709333: "northnet-eastnets/0x2" #6: initiating v2 parent SA Sep 21 07:16:12.709350: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:12.709354: | adding ikev2_outI1 KE work-order 7 for state #6 Sep 21 07:16:12.709358: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f7c74002b20 Sep 21 07:16:12.709361: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Sep 21 07:16:12.709364: | libevent_malloc: new ptr-libevent@0x55d6f6105200 size 128 Sep 21 07:16:12.709375: | #6 spent 0.101 milliseconds in ikev2_parent_outI1() Sep 21 07:16:12.709378: | crypto helper 3 resuming Sep 21 07:16:12.709380: | RESET processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:12.709392: | RESET processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:12.709395: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:16:12.709399: | spent 0.13 milliseconds in global timer EVENT_REVIVE_CONNS Sep 21 07:16:12.709387: | crypto helper 3 starting work-order 7 for state #6 Sep 21 07:16:12.709408: | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 7 Sep 21 07:16:12.710398: | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 7 time elapsed 0.000988 seconds Sep 21 07:16:12.710409: | (#6) spent 0.992 milliseconds in crypto helper computing work-order 7: ikev2_outI1 KE (pcr) Sep 21 07:16:12.710412: | crypto helper 3 sending results from work-order 7 for state #6 to event queue Sep 21 07:16:12.710415: | scheduling resume sending helper answer for #6 Sep 21 07:16:12.710418: | libevent_malloc: new ptr-libevent@0x7f7c78006900 size 128 Sep 21 07:16:12.710425: | crypto helper 3 waiting (nothing to do) Sep 21 07:16:12.710435: | processing resume sending helper answer for #6 Sep 21 07:16:12.710440: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:12.710443: | crypto helper 3 replies to request ID 7 Sep 21 07:16:12.710446: | calling continuation function 0x55d6f4139630 Sep 21 07:16:12.710448: | ikev2_parent_outI1_continue for #6 Sep 21 07:16:12.710453: | **emit ISAKMP Message: Sep 21 07:16:12.710456: | initiator cookie: Sep 21 07:16:12.710458: | 70 a6 89 2b f0 50 c5 76 Sep 21 07:16:12.710461: | responder cookie: Sep 21 07:16:12.710463: | 00 00 00 00 00 00 00 00 Sep 21 07:16:12.710465: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:12.710468: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:12.710471: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:12.710474: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:12.710476: | Message ID: 0 (0x0) Sep 21 07:16:12.710484: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:12.710500: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:12.710503: | Emitting ikev2_proposals ... Sep 21 07:16:12.710506: | ***emit IKEv2 Security Association Payload: Sep 21 07:16:12.710508: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.710511: | flags: none (0x0) Sep 21 07:16:12.710514: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:12.710517: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:12.710519: | discarding INTEG=NONE Sep 21 07:16:12.710522: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:12.710524: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:12.710527: | prop #: 1 (0x1) Sep 21 07:16:12.710529: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:12.710532: | spi size: 0 (0x0) Sep 21 07:16:12.710534: | # transforms: 11 (0xb) Sep 21 07:16:12.710537: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:12.710540: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710543: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710545: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:12.710548: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:12.710550: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710553: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:12.710556: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:12.710558: | length/value: 256 (0x100) Sep 21 07:16:12.710561: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:12.710563: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710566: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710568: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:12.710571: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:12.710574: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710577: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710579: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710582: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710584: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710586: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:12.710589: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:12.710592: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710594: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710597: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710601: | discarding INTEG=NONE Sep 21 07:16:12.710604: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710606: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710609: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.710611: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:12.710614: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710617: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710619: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710621: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710624: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710626: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.710629: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:12.710631: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710634: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710637: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710639: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710641: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710644: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.710646: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:12.710649: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710652: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710654: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710657: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710659: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710662: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.710664: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:12.710667: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710670: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710672: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710675: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710677: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710679: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.710682: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:12.710685: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710687: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710690: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710692: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710694: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710697: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.710699: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:12.710702: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710708: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710711: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710713: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710715: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710718: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.710720: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:12.710723: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710726: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710729: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710731: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710733: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:12.710736: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.710738: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:12.710741: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710744: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710747: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710749: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:12.710752: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:12.710754: | discarding INTEG=NONE Sep 21 07:16:12.710756: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:12.710759: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:12.710761: | prop #: 2 (0x2) Sep 21 07:16:12.710764: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:12.710766: | spi size: 0 (0x0) Sep 21 07:16:12.710768: | # transforms: 11 (0xb) Sep 21 07:16:12.710771: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:12.710774: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:12.710777: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710779: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710781: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:12.710788: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:12.710791: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710794: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:12.710796: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:12.710799: | length/value: 128 (0x80) Sep 21 07:16:12.710801: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:12.710804: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710806: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710809: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:12.710811: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:12.710814: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710817: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710819: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710823: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710825: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710827: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:12.710830: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:12.710833: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710835: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710838: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710840: | discarding INTEG=NONE Sep 21 07:16:12.710842: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710845: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710847: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.710850: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:12.710852: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710855: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710858: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710860: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710863: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710865: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.710868: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:12.710871: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710873: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710876: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710878: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710880: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710883: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.710885: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:12.710888: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710891: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710893: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710896: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710898: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710902: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.710905: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:12.710908: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710910: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710913: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710915: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710918: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710920: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.710922: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:12.710925: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710929: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710932: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710934: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710937: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710939: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.710942: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:12.710944: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710947: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710950: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710952: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710954: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710957: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.710959: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:12.710962: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710965: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710967: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710970: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.710972: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:12.710974: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.710977: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:12.710980: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.710982: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.710985: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.710987: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:12.710990: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:12.710993: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:12.710995: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:12.710997: | prop #: 3 (0x3) Sep 21 07:16:12.711000: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:12.711002: | spi size: 0 (0x0) Sep 21 07:16:12.711005: | # transforms: 13 (0xd) Sep 21 07:16:12.711007: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:12.711010: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:12.711013: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711015: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711017: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:12.711020: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:12.711023: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711025: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:12.711027: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:12.711030: | length/value: 256 (0x100) Sep 21 07:16:12.711032: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:12.711035: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711038: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711041: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:12.711043: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:12.711046: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711049: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711051: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711054: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711056: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711058: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:12.711061: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:12.711064: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711067: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711069: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711071: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711074: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711076: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:12.711079: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:12.711082: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711084: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711087: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711089: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711092: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711094: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:12.711096: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:12.711099: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711102: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711104: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711107: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711109: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711111: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.711114: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:12.711117: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711119: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711122: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711124: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711127: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711129: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.711132: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:12.711135: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711137: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711141: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711144: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711146: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711148: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.711151: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:12.711154: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711156: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711159: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711161: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711164: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711166: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.711168: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:12.711171: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711174: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711176: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711178: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711181: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711183: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.711186: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:12.711188: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711191: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711194: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711196: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711199: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711201: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.711203: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:12.711206: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711209: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711211: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711214: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711216: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711218: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.711221: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:12.711224: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711226: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711229: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711231: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711234: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:12.711236: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.711238: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:12.711241: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711245: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711247: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711250: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:12.711252: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:12.711255: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:12.711257: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:12.711260: | prop #: 4 (0x4) Sep 21 07:16:12.711262: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:12.711264: | spi size: 0 (0x0) Sep 21 07:16:12.711267: | # transforms: 13 (0xd) Sep 21 07:16:12.711269: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:12.711272: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:12.711275: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711277: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711279: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:12.711282: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:12.711284: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711287: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:12.711289: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:12.711292: | length/value: 128 (0x80) Sep 21 07:16:12.711294: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:12.711297: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711299: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711301: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:12.711304: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:12.711307: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711309: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711312: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711314: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711317: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711319: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:12.711322: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:12.711325: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711327: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711330: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711332: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711334: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711337: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:12.711339: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:12.711342: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711345: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711347: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711349: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711353: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711355: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:12.711357: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:12.711360: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711363: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711366: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711368: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711370: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711373: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.711375: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:12.711378: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711381: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711383: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711385: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711388: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711390: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.711393: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:12.711396: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711398: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711401: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711403: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711405: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711408: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.711410: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:12.711413: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711416: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711418: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711421: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711423: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711425: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.711428: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:12.711431: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711433: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711436: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711438: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711441: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711443: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.711445: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:12.711448: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711451: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711455: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711457: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711460: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711462: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.711464: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:12.711467: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711470: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711473: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711475: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711477: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711480: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.711482: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:12.711485: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711488: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711490: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711492: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:12.711495: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:12.711497: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:12.711500: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:12.711502: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:12.711505: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:12.711508: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:12.711510: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:12.711513: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:12.711515: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:16:12.711518: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:12.711521: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:16:12.711523: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.711526: | flags: none (0x0) Sep 21 07:16:12.711528: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:12.711531: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:12.711534: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:12.711537: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:12.711540: | ikev2 g^x 35 06 59 6e ca ec 21 ae 25 ab 54 f6 75 4b a5 8f Sep 21 07:16:12.711542: | ikev2 g^x 20 fc 95 7a 00 69 3c 8e d0 17 f9 1e 33 19 51 bd Sep 21 07:16:12.711544: | ikev2 g^x 6a fc 48 d2 2d f3 ae c6 3e 53 f8 04 d0 10 6f 10 Sep 21 07:16:12.711547: | ikev2 g^x 53 78 1f a2 8e 05 4f c8 d2 f5 ec 04 a1 d3 57 b9 Sep 21 07:16:12.711549: | ikev2 g^x 99 51 4f cd b3 a3 f8 5b 1a 0b cb 54 d1 ce 5a fe Sep 21 07:16:12.711551: | ikev2 g^x 79 ba c3 91 5a a7 85 8f 7a ec ed 11 1d da 48 b0 Sep 21 07:16:12.711553: | ikev2 g^x 46 3f 07 3f ae 98 d1 ac ac 7c b0 a1 26 c2 94 b0 Sep 21 07:16:12.711556: | ikev2 g^x 72 e7 5c 37 7a 99 0f 78 7c 8d 91 33 75 49 1e bc Sep 21 07:16:12.711559: | ikev2 g^x d7 a1 98 15 9c dd 53 32 bb e7 23 f0 df b9 44 4f Sep 21 07:16:12.711561: | ikev2 g^x 68 a2 f2 d9 e5 c7 e6 af 8d 2f e1 d4 6b c1 70 7b Sep 21 07:16:12.711564: | ikev2 g^x 7f 7f c9 6e e6 50 19 6d 9d 77 ca ef b0 2c 4b a1 Sep 21 07:16:12.711566: | ikev2 g^x 85 73 4c 91 1f e2 e2 ae 7d d4 79 87 26 6e ea e8 Sep 21 07:16:12.711568: | ikev2 g^x 21 6d cd e4 0d 7b 62 83 ca ac cc 0b 55 6a 91 fd Sep 21 07:16:12.711571: | ikev2 g^x 4b 0f 6f b1 98 ea 72 e1 f8 5e f7 fe 86 23 81 27 Sep 21 07:16:12.711573: | ikev2 g^x 6e 14 54 4f b8 98 61 f8 c6 41 8f 12 44 94 8b db Sep 21 07:16:12.711575: | ikev2 g^x 65 e6 dd 14 db 4b 35 dd ba e1 33 86 64 d9 e2 5d Sep 21 07:16:12.711578: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:16:12.711580: | ***emit IKEv2 Nonce Payload: Sep 21 07:16:12.711583: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:12.711585: | flags: none (0x0) Sep 21 07:16:12.711588: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:16:12.711591: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:12.711594: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:12.711597: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:12.711599: | IKEv2 nonce a9 10 d9 da 2e 6e ca 6c 00 e2 94 29 57 fb 3c 18 Sep 21 07:16:12.711601: | IKEv2 nonce 93 e8 56 4d 73 ba 23 8b c5 1c 71 12 65 bf eb cb Sep 21 07:16:12.711604: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:12.711606: | Adding a v2N Payload Sep 21 07:16:12.711608: | ***emit IKEv2 Notify Payload: Sep 21 07:16:12.711611: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.711613: | flags: none (0x0) Sep 21 07:16:12.711616: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:12.711618: | SPI size: 0 (0x0) Sep 21 07:16:12.711621: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:12.711624: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:12.711627: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:12.711629: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:16:12.711632: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:16:12.711635: | natd_hash: rcookie is zero Sep 21 07:16:12.711648: | natd_hash: hasher=0x55d6f420f7a0(20) Sep 21 07:16:12.711651: | natd_hash: icookie= 70 a6 89 2b f0 50 c5 76 Sep 21 07:16:12.711653: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:12.711655: | natd_hash: ip= c0 01 03 21 Sep 21 07:16:12.711658: | natd_hash: port= 01 f4 Sep 21 07:16:12.711660: | natd_hash: hash= 55 ca e0 04 40 0c f2 12 49 74 e6 37 d5 e2 cb b5 Sep 21 07:16:12.711662: | natd_hash: hash= 48 a5 d9 4c Sep 21 07:16:12.711665: | Adding a v2N Payload Sep 21 07:16:12.711667: | ***emit IKEv2 Notify Payload: Sep 21 07:16:12.711669: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.711672: | flags: none (0x0) Sep 21 07:16:12.711674: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:12.711676: | SPI size: 0 (0x0) Sep 21 07:16:12.711679: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:12.711682: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:12.711684: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:12.711687: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:12.711690: | Notify data 55 ca e0 04 40 0c f2 12 49 74 e6 37 d5 e2 cb b5 Sep 21 07:16:12.711692: | Notify data 48 a5 d9 4c Sep 21 07:16:12.711694: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:12.711698: | natd_hash: rcookie is zero Sep 21 07:16:12.711703: | natd_hash: hasher=0x55d6f420f7a0(20) Sep 21 07:16:12.711706: | natd_hash: icookie= 70 a6 89 2b f0 50 c5 76 Sep 21 07:16:12.711708: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:12.711711: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:12.711713: | natd_hash: port= 01 f4 Sep 21 07:16:12.711715: | natd_hash: hash= fe a8 3b e2 d5 1b d9 1d de 81 5e 87 8d 76 28 1f Sep 21 07:16:12.711717: | natd_hash: hash= 6b 7c 56 ff Sep 21 07:16:12.711719: | Adding a v2N Payload Sep 21 07:16:12.711722: | ***emit IKEv2 Notify Payload: Sep 21 07:16:12.711724: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:12.711726: | flags: none (0x0) Sep 21 07:16:12.711729: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:12.711731: | SPI size: 0 (0x0) Sep 21 07:16:12.711734: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:12.711736: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:12.711739: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:12.711742: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:12.711744: | Notify data fe a8 3b e2 d5 1b d9 1d de 81 5e 87 8d 76 28 1f Sep 21 07:16:12.711746: | Notify data 6b 7c 56 ff Sep 21 07:16:12.711749: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:12.711751: | emitting length of ISAKMP Message: 828 Sep 21 07:16:12.711758: | stop processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:16:12.711763: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:12.711767: | #6 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:16:12.711769: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:16:12.711773: | parent state #6: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:16:12.711776: | Message ID: updating counters for #6 to 4294967295 after switching state Sep 21 07:16:12.711779: | Message ID: IKE #6 skipping update_recv as MD is fake Sep 21 07:16:12.711787: | Message ID: sent #6 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:12.711792: "northnet-eastnets/0x2" #6: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:12.711796: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:16:12.711803: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #6) Sep 21 07:16:12.711805: | 70 a6 89 2b f0 50 c5 76 00 00 00 00 00 00 00 00 Sep 21 07:16:12.711807: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:16:12.711810: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:16:12.711812: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:16:12.711814: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:16:12.711817: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:16:12.711819: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:16:12.711821: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:16:12.711823: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:16:12.711826: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:16:12.711828: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:16:12.711830: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:16:12.711833: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:16:12.711835: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:16:12.711837: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:16:12.711841: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:16:12.711843: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:16:12.711846: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:16:12.711848: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:16:12.711850: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:16:12.711852: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:16:12.711855: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:16:12.711857: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:16:12.711859: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:16:12.711862: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:16:12.711864: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:16:12.711866: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:16:12.711869: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:16:12.711871: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:16:12.711873: | 28 00 01 08 00 0e 00 00 35 06 59 6e ca ec 21 ae Sep 21 07:16:12.711876: | 25 ab 54 f6 75 4b a5 8f 20 fc 95 7a 00 69 3c 8e Sep 21 07:16:12.711878: | d0 17 f9 1e 33 19 51 bd 6a fc 48 d2 2d f3 ae c6 Sep 21 07:16:12.711880: | 3e 53 f8 04 d0 10 6f 10 53 78 1f a2 8e 05 4f c8 Sep 21 07:16:12.711882: | d2 f5 ec 04 a1 d3 57 b9 99 51 4f cd b3 a3 f8 5b Sep 21 07:16:12.711885: | 1a 0b cb 54 d1 ce 5a fe 79 ba c3 91 5a a7 85 8f Sep 21 07:16:12.711887: | 7a ec ed 11 1d da 48 b0 46 3f 07 3f ae 98 d1 ac Sep 21 07:16:12.711889: | ac 7c b0 a1 26 c2 94 b0 72 e7 5c 37 7a 99 0f 78 Sep 21 07:16:12.711891: | 7c 8d 91 33 75 49 1e bc d7 a1 98 15 9c dd 53 32 Sep 21 07:16:12.711894: | bb e7 23 f0 df b9 44 4f 68 a2 f2 d9 e5 c7 e6 af Sep 21 07:16:12.711896: | 8d 2f e1 d4 6b c1 70 7b 7f 7f c9 6e e6 50 19 6d Sep 21 07:16:12.711898: | 9d 77 ca ef b0 2c 4b a1 85 73 4c 91 1f e2 e2 ae Sep 21 07:16:12.711900: | 7d d4 79 87 26 6e ea e8 21 6d cd e4 0d 7b 62 83 Sep 21 07:16:12.711903: | ca ac cc 0b 55 6a 91 fd 4b 0f 6f b1 98 ea 72 e1 Sep 21 07:16:12.711905: | f8 5e f7 fe 86 23 81 27 6e 14 54 4f b8 98 61 f8 Sep 21 07:16:12.711907: | c6 41 8f 12 44 94 8b db 65 e6 dd 14 db 4b 35 dd Sep 21 07:16:12.711910: | ba e1 33 86 64 d9 e2 5d 29 00 00 24 a9 10 d9 da Sep 21 07:16:12.711912: | 2e 6e ca 6c 00 e2 94 29 57 fb 3c 18 93 e8 56 4d Sep 21 07:16:12.711914: | 73 ba 23 8b c5 1c 71 12 65 bf eb cb 29 00 00 08 Sep 21 07:16:12.711916: | 00 00 40 2e 29 00 00 1c 00 00 40 04 55 ca e0 04 Sep 21 07:16:12.711919: | 40 0c f2 12 49 74 e6 37 d5 e2 cb b5 48 a5 d9 4c Sep 21 07:16:12.711921: | 00 00 00 1c 00 00 40 05 fe a8 3b e2 d5 1b d9 1d Sep 21 07:16:12.711923: | de 81 5e 87 8d 76 28 1f 6b 7c 56 ff Sep 21 07:16:12.711966: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:12.711971: | libevent_free: release ptr-libevent@0x55d6f6105200 Sep 21 07:16:12.711974: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f7c74002b20 Sep 21 07:16:12.711977: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:16:12.711980: "northnet-eastnets/0x2" #6: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:16:12.711984: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f7c74002b20 Sep 21 07:16:12.711987: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #6 Sep 21 07:16:12.711990: | libevent_malloc: new ptr-libevent@0x55d6f6105200 size 128 Sep 21 07:16:12.711995: | #6 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48819.080248 Sep 21 07:16:12.711999: | resume sending helper answer for #6 suppresed complete_v2_state_transition() and stole MD Sep 21 07:16:12.712005: | #6 spent 1.53 milliseconds in resume sending helper answer Sep 21 07:16:12.712010: | stop processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:12.712014: | libevent_free: release ptr-libevent@0x7f7c78006900 Sep 21 07:16:13.176167: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:13.176188: shutting down Sep 21 07:16:13.176199: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:16:13.176203: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:16:13.176210: destroying root certificate cache Sep 21 07:16:13.176230: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:13.176233: forgetting secrets Sep 21 07:16:13.176238: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:13.176250: | unreference key: 0x55d6f60e2720 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:13.176256: | unreference key: 0x55d6f60e2310 user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:13.176261: | unreference key: 0x55d6f60e3c50 @east.testing.libreswan.org cnt 1-- Sep 21 07:16:13.176265: | unreference key: 0x55d6f60e1750 east@testing.libreswan.org cnt 1-- Sep 21 07:16:13.176269: | unreference key: 0x55d6f60e3b90 192.1.2.23 cnt 1-- Sep 21 07:16:13.176279: | unreference key: 0x55d6f60dcd60 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:13.176284: | unreference key: 0x55d6f60dcb90 user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:13.176289: | unreference key: 0x55d6f60d8ba0 @north.testing.libreswan.org cnt 1-- Sep 21 07:16:13.176294: | start processing: connection "northnet-eastnets/0x2" (in delete_connection() at connections.c:189) Sep 21 07:16:13.176297: | removing pending policy for no connection {0x55d6f60ee920} Sep 21 07:16:13.176300: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:16:13.176303: | pass 0 Sep 21 07:16:13.176305: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:13.176308: | state #6 Sep 21 07:16:13.176312: | suspend processing: connection "northnet-eastnets/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:16:13.176318: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:16:13.176321: | pstats #6 ikev2.ike deleted other Sep 21 07:16:13.176327: | #6 spent 2.63 milliseconds in total Sep 21 07:16:13.176331: | [RE]START processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:13.176336: "northnet-eastnets/0x2" #6: deleting state (STATE_PARENT_I1) aged 0.467s and NOT sending notification Sep 21 07:16:13.176339: | parent state #6: PARENT_I1(half-open IKE SA) => delete Sep 21 07:16:13.176342: | state #6 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:13.176345: | #6 STATE_PARENT_I1: retransmits: cleared Sep 21 07:16:13.176350: | libevent_free: release ptr-libevent@0x55d6f6105200 Sep 21 07:16:13.176353: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f7c74002b20 Sep 21 07:16:13.176356: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:16:13.176359: | picked newest_isakmp_sa #0 for #6 Sep 21 07:16:13.176362: "northnet-eastnets/0x2" #6: deleting IKE SA for connection 'northnet-eastnets/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:16:13.176366: | add revival: connection 'northnet-eastnets/0x2' added to the list and scheduled for 5 seconds Sep 21 07:16:13.176369: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Sep 21 07:16:13.176376: | stop processing: connection "northnet-eastnets/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:16:13.176379: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:16:13.176382: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:16:13.176387: | State DB: deleting IKEv2 state #6 in PARENT_I1 Sep 21 07:16:13.176391: | parent state #6: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:16:13.176409: | stop processing: state #6 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:13.176414: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:16:13.176416: | pass 1 Sep 21 07:16:13.176418: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:13.176425: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0 Sep 21 07:16:13.176429: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0 Sep 21 07:16:13.176432: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:13.176476: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:13.176487: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:13.176491: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:13.176494: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:13.176497: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:13.176499: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:13.176503: | route owner of "northnet-eastnets/0x2" unrouted: NULL Sep 21 07:16:13.176506: | running updown command "ipsec _updown" for verb unroute Sep 21 07:16:13.176509: | command executing unroute-client Sep 21 07:16:13.176548: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' Sep 21 07:16:13.176552: | popen cmd is 1282 chars long Sep 21 07:16:13.176555: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:16:13.176558: | cmd( 80):ets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Sep 21 07:16:13.176561: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:16:13.176563: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Sep 21 07:16:13.176566: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Sep 21 07:16:13.176569: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TY: Sep 21 07:16:13.176572: | cmd( 480):PE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=: Sep 21 07:16:13.176575: | cmd( 560):Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testin: Sep 21 07:16:13.176577: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Sep 21 07:16:13.176580: | cmd( 720):22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROT: Sep 21 07:16:13.176583: | cmd( 800):OCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI: Sep 21 07:16:13.176586: | cmd( 880):CY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : Sep 21 07:16:13.176590: | cmd( 960):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO: Sep 21 07:16:13.176593: | cmd(1040):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B: Sep 21 07:16:13.176596: | cmd(1120):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I: Sep 21 07:16:13.176599: | cmd(1200):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>: Sep 21 07:16:13.176601: | cmd(1280):&1: Sep 21 07:16:13.199510: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.199552: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.199579: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.199606: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.199632: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.199660: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.199689: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.199716: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.199743: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.199770: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.199801: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.199832: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.199861: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.199888: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.199916: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.199943: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.199971: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.199998: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200024: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200050: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200077: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200106: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200133: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200160: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200187: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200213: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200242: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200270: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200297: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200323: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200349: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200378: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200404: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200432: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200459: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200485: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200725: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200753: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.200779: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.218567: | flush revival: connection 'northnet-eastnets/0x2' revival flushed Sep 21 07:16:13.218583: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:16:13.218600: | start processing: connection "northnet-eastnets/0x1" (in delete_connection() at connections.c:189) Sep 21 07:16:13.218604: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:16:13.218606: | pass 0 Sep 21 07:16:13.218609: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:13.218611: | pass 1 Sep 21 07:16:13.218613: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:13.218621: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:16:13.218627: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:16:13.218630: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:13.218671: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:13.218681: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:13.218685: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:13.218687: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:13.218691: | route owner of "northnet-eastnets/0x1" unrouted: NULL Sep 21 07:16:13.218694: | running updown command "ipsec _updown" for verb unroute Sep 21 07:16:13.218697: | command executing unroute-client Sep 21 07:16:13.218739: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL Sep 21 07:16:13.218742: | popen cmd is 1280 chars long Sep 21 07:16:13.218745: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:16:13.218748: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Sep 21 07:16:13.218750: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:16:13.218753: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Sep 21 07:16:13.218756: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Sep 21 07:16:13.218758: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Sep 21 07:16:13.218761: | cmd( 480):PE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=: Sep 21 07:16:13.218763: | cmd( 560):Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testin: Sep 21 07:16:13.218766: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Sep 21 07:16:13.218768: | cmd( 720):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Sep 21 07:16:13.218771: | cmd( 800):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY: Sep 21 07:16:13.218773: | cmd( 880):='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Sep 21 07:16:13.218776: | cmd( 960):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Sep 21 07:16:13.218780: | cmd(1040):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Sep 21 07:16:13.218786: | cmd(1120):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Sep 21 07:16:13.218791: | cmd(1200):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:16:13.234645: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234660: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234664: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234676: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234688: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234699: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234713: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234725: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234736: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234748: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234760: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234774: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234791: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234803: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234815: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234827: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234841: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234853: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234878: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234912: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234939: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.234969: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.235002: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.235013: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.235024: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.235037: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.235050: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.235062: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.235075: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.235087: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.235098: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.235120: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.235149: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.235179: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.235189: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.235200: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.235432: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.235462: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.235490: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:13.267088: | free hp@0x55d6f60e1850 Sep 21 07:16:13.267106: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list Sep 21 07:16:13.267112: | stop processing: connection "northnet-eastnets/0x1" (in discard_connection() at connections.c:249) Sep 21 07:16:13.267137: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:16:13.267140: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:16:13.267153: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:16:13.267157: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:16:13.267161: shutting down interface eth0/eth0 192.0.3.254:4500 Sep 21 07:16:13.267164: shutting down interface eth0/eth0 192.0.3.254:500 Sep 21 07:16:13.267168: shutting down interface eth1/eth1 192.1.3.33:4500 Sep 21 07:16:13.267171: shutting down interface eth1/eth1 192.1.3.33:500 Sep 21 07:16:13.267175: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:16:13.267184: | libevent_free: release ptr-libevent@0x55d6f60d66a0 Sep 21 07:16:13.267188: | free_event_entry: release EVENT_NULL-pe@0x55d6f60bfb90 Sep 21 07:16:13.267198: | libevent_free: release ptr-libevent@0x55d6f60d6790 Sep 21 07:16:13.267201: | free_event_entry: release EVENT_NULL-pe@0x55d6f60d6750 Sep 21 07:16:13.267208: | libevent_free: release ptr-libevent@0x55d6f60d6880 Sep 21 07:16:13.267211: | free_event_entry: release EVENT_NULL-pe@0x55d6f60d6840 Sep 21 07:16:13.267217: | libevent_free: release ptr-libevent@0x55d6f60d6970 Sep 21 07:16:13.267220: | free_event_entry: release EVENT_NULL-pe@0x55d6f60d6930 Sep 21 07:16:13.267227: | libevent_free: release ptr-libevent@0x55d6f60d6a60 Sep 21 07:16:13.267230: | free_event_entry: release EVENT_NULL-pe@0x55d6f60d6a20 Sep 21 07:16:13.267236: | libevent_free: release ptr-libevent@0x55d6f60d6b50 Sep 21 07:16:13.267239: | free_event_entry: release EVENT_NULL-pe@0x55d6f60d6b10 Sep 21 07:16:13.267244: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:16:13.269043: | libevent_free: release ptr-libevent@0x55d6f60d5e80 Sep 21 07:16:13.269052: | free_event_entry: release EVENT_NULL-pe@0x55d6f60bea90 Sep 21 07:16:13.269057: | libevent_free: release ptr-libevent@0x55d6f60cb900 Sep 21 07:16:13.269061: | free_event_entry: release EVENT_NULL-pe@0x55d6f60becd0 Sep 21 07:16:13.269065: | libevent_free: release ptr-libevent@0x55d6f60cb870 Sep 21 07:16:13.269068: | free_event_entry: release EVENT_NULL-pe@0x55d6f60c4820 Sep 21 07:16:13.269071: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:16:13.269075: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:16:13.269078: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:16:13.269081: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:16:13.269084: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:16:13.269087: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:16:13.269090: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:16:13.269093: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:16:13.269096: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:16:13.269101: | libevent_free: release ptr-libevent@0x55d6f60d6060 Sep 21 07:16:13.269104: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:16:13.269107: | libevent_free: release ptr-libevent@0x55d6f60d6140 Sep 21 07:16:13.269110: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:16:13.269114: | libevent_free: release ptr-libevent@0x55d6f60d6200 Sep 21 07:16:13.269121: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:16:13.269124: | libevent_free: release ptr-libevent@0x55d6f60cabf0 Sep 21 07:16:13.269127: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:16:13.269130: | releasing event base Sep 21 07:16:13.269143: | libevent_free: release ptr-libevent@0x55d6f60d62c0 Sep 21 07:16:13.269146: | libevent_free: release ptr-libevent@0x55d6f60733c0 Sep 21 07:16:13.269150: | libevent_free: release ptr-libevent@0x55d6f60b9e80 Sep 21 07:16:13.269153: | libevent_free: release ptr-libevent@0x55d6f6105290 Sep 21 07:16:13.269157: | libevent_free: release ptr-libevent@0x55d6f60b9ea0 Sep 21 07:16:13.269160: | libevent_free: release ptr-libevent@0x55d6f60d5f10 Sep 21 07:16:13.269163: | libevent_free: release ptr-libevent@0x55d6f60d6100 Sep 21 07:16:13.269166: | libevent_free: release ptr-libevent@0x55d6f60ba040 Sep 21 07:16:13.269169: | libevent_free: release ptr-libevent@0x55d6f60c4780 Sep 21 07:16:13.269171: | libevent_free: release ptr-libevent@0x55d6f60c4760 Sep 21 07:16:13.269174: | libevent_free: release ptr-libevent@0x55d6f60d6be0 Sep 21 07:16:13.269177: | libevent_free: release ptr-libevent@0x55d6f60d6af0 Sep 21 07:16:13.269180: | libevent_free: release ptr-libevent@0x55d6f60d6a00 Sep 21 07:16:13.269183: | libevent_free: release ptr-libevent@0x55d6f60d6910 Sep 21 07:16:13.269186: | libevent_free: release ptr-libevent@0x55d6f60d6820 Sep 21 07:16:13.269189: | libevent_free: release ptr-libevent@0x55d6f60d6730 Sep 21 07:16:13.269192: | libevent_free: release ptr-libevent@0x55d6f60b9f30 Sep 21 07:16:13.269194: | libevent_free: release ptr-libevent@0x55d6f60d61e0 Sep 21 07:16:13.269197: | libevent_free: release ptr-libevent@0x55d6f60d6120 Sep 21 07:16:13.269200: | libevent_free: release ptr-libevent@0x55d6f60d6040 Sep 21 07:16:13.269203: | libevent_free: release ptr-libevent@0x55d6f60d62a0 Sep 21 07:16:13.269206: | libevent_free: release ptr-libevent@0x55d6f60d5f30 Sep 21 07:16:13.269209: | libevent_free: release ptr-libevent@0x55d6f60b9ec0 Sep 21 07:16:13.269212: | libevent_free: release ptr-libevent@0x55d6f60b9ef0 Sep 21 07:16:13.269215: | libevent_free: release ptr-libevent@0x55d6f60b9be0 Sep 21 07:16:13.269217: | releasing global libevent data Sep 21 07:16:13.269221: | libevent_free: release ptr-libevent@0x55d6f60b83d0 Sep 21 07:16:13.269224: | libevent_free: release ptr-libevent@0x55d6f60b8400 Sep 21 07:16:13.269227: | libevent_free: release ptr-libevent@0x55d6f60b9bb0