Sep 21 07:16:05.760217: FIPS Product: YES Sep 21 07:16:05.760249: FIPS Kernel: NO Sep 21 07:16:05.760251: FIPS Mode: NO Sep 21 07:16:05.760252: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:16:05.760409: Initializing NSS Sep 21 07:16:05.760412: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:16:05.820618: NSS initialized Sep 21 07:16:05.820632: NSS crypto library initialized Sep 21 07:16:05.820635: FIPS HMAC integrity support [enabled] Sep 21 07:16:05.820637: FIPS mode disabled for pluto daemon Sep 21 07:16:05.966639: FIPS HMAC integrity verification self-test FAILED Sep 21 07:16:05.966749: libcap-ng support [enabled] Sep 21 07:16:05.966761: Linux audit support [enabled] Sep 21 07:16:05.966793: Linux audit activated Sep 21 07:16:05.966801: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:23391 Sep 21 07:16:05.966803: core dump dir: /tmp Sep 21 07:16:05.966806: secrets file: /etc/ipsec.secrets Sep 21 07:16:05.966808: leak-detective disabled Sep 21 07:16:05.966809: NSS crypto [enabled] Sep 21 07:16:05.966811: XAUTH PAM support [enabled] Sep 21 07:16:05.966885: | libevent is using pluto's memory allocator Sep 21 07:16:05.966891: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:16:05.966905: | libevent_malloc: new ptr-libevent@0x5570b1d832f0 size 40 Sep 21 07:16:05.966911: | libevent_malloc: new ptr-libevent@0x5570b1d83320 size 40 Sep 21 07:16:05.966914: | libevent_malloc: new ptr-libevent@0x5570b1d84ad0 size 40 Sep 21 07:16:05.966916: | creating event base Sep 21 07:16:05.966919: | libevent_malloc: new ptr-libevent@0x5570b1d84a90 size 56 Sep 21 07:16:05.966922: | libevent_malloc: new ptr-libevent@0x5570b1d84b00 size 664 Sep 21 07:16:05.966933: | libevent_malloc: new ptr-libevent@0x5570b1d84da0 size 24 Sep 21 07:16:05.966937: | libevent_malloc: new ptr-libevent@0x5570b1d3e330 size 384 Sep 21 07:16:05.966948: | libevent_malloc: new ptr-libevent@0x5570b1d84dc0 size 16 Sep 21 07:16:05.966951: | libevent_malloc: new ptr-libevent@0x5570b1d84de0 size 40 Sep 21 07:16:05.966953: | libevent_malloc: new ptr-libevent@0x5570b1d84e10 size 48 Sep 21 07:16:05.966959: | libevent_realloc: new ptr-libevent@0x5570b1d84e50 size 256 Sep 21 07:16:05.966962: | libevent_malloc: new ptr-libevent@0x5570b1d84f60 size 16 Sep 21 07:16:05.966968: | libevent_free: release ptr-libevent@0x5570b1d84a90 Sep 21 07:16:05.966972: | libevent initialized Sep 21 07:16:05.966976: | libevent_realloc: new ptr-libevent@0x5570b1d84f80 size 64 Sep 21 07:16:05.966979: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:16:05.966994: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:16:05.966997: NAT-Traversal support [enabled] Sep 21 07:16:05.967000: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:16:05.967006: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:16:05.967013: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:16:05.967049: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:16:05.967054: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:16:05.967057: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:16:05.967107: Encryption algorithms: Sep 21 07:16:05.967114: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:16:05.967118: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:16:05.967122: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:16:05.967125: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:16:05.967129: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:16:05.967139: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:16:05.967143: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:16:05.967147: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:16:05.967150: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:16:05.967154: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:16:05.967158: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:16:05.967161: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:16:05.967165: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:16:05.967169: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:16:05.967172: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:16:05.967175: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:16:05.967178: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:16:05.967189: Hash algorithms: Sep 21 07:16:05.967192: MD5 IKEv1: IKE IKEv2: Sep 21 07:16:05.967195: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:16:05.967198: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:16:05.967201: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:16:05.967204: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:16:05.967217: PRF algorithms: Sep 21 07:16:05.967221: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:16:05.967224: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:16:05.967228: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:16:05.967231: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:16:05.967234: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:16:05.967237: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:16:05.967263: Integrity algorithms: Sep 21 07:16:05.967268: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:16:05.967272: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:16:05.967276: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:16:05.967280: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:16:05.967284: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:16:05.967287: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:16:05.967290: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:16:05.967293: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:16:05.967296: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:16:05.967309: DH algorithms: Sep 21 07:16:05.967313: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:16:05.967315: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:16:05.967318: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:16:05.967324: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:16:05.967327: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:16:05.967330: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:16:05.967332: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:16:05.967335: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:16:05.967338: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:16:05.967341: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:16:05.967344: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:16:05.967347: testing CAMELLIA_CBC: Sep 21 07:16:05.967349: Camellia: 16 bytes with 128-bit key Sep 21 07:16:05.967481: Camellia: 16 bytes with 128-bit key Sep 21 07:16:05.967517: Camellia: 16 bytes with 256-bit key Sep 21 07:16:05.967547: Camellia: 16 bytes with 256-bit key Sep 21 07:16:05.967576: testing AES_GCM_16: Sep 21 07:16:05.967580: empty string Sep 21 07:16:05.967608: one block Sep 21 07:16:05.967634: two blocks Sep 21 07:16:05.967662: two blocks with associated data Sep 21 07:16:05.967692: testing AES_CTR: Sep 21 07:16:05.967695: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:16:05.967726: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:16:05.967757: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:16:05.967792: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:16:05.967823: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:16:05.967852: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:16:05.967880: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:16:05.967906: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:16:05.967934: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:16:05.967964: testing AES_CBC: Sep 21 07:16:05.967968: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:16:05.967996: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:16:05.968027: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:16:05.968060: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:16:05.968096: testing AES_XCBC: Sep 21 07:16:05.968100: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:16:05.968225: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:16:05.968362: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:16:05.968492: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:16:05.968634: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:16:05.968769: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:16:05.968925: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:16:05.969231: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:16:05.969356: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:16:05.969493: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:16:05.969718: testing HMAC_MD5: Sep 21 07:16:05.969722: RFC 2104: MD5_HMAC test 1 Sep 21 07:16:05.973936: RFC 2104: MD5_HMAC test 2 Sep 21 07:16:05.974107: RFC 2104: MD5_HMAC test 3 Sep 21 07:16:05.974298: 8 CPU cores online Sep 21 07:16:05.974303: starting up 7 crypto helpers Sep 21 07:16:05.974338: started thread for crypto helper 0 Sep 21 07:16:05.974365: started thread for crypto helper 1 Sep 21 07:16:05.974390: started thread for crypto helper 2 Sep 21 07:16:05.974412: started thread for crypto helper 3 Sep 21 07:16:05.974436: started thread for crypto helper 4 Sep 21 07:16:05.974457: started thread for crypto helper 5 Sep 21 07:16:05.974484: started thread for crypto helper 6 Sep 21 07:16:05.974489: | checking IKEv1 state table Sep 21 07:16:05.974497: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:05.974499: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:16:05.974502: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:05.974504: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:16:05.974507: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:16:05.974509: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:16:05.974511: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:05.974514: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:05.974516: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:16:05.974518: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:16:05.974521: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:05.974523: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:05.974525: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:16:05.974528: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:05.974530: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:05.974532: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:05.974534: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:16:05.974537: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:05.974539: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:05.974541: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:05.974544: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:16:05.974546: | -> UNDEFINED EVENT_NULL Sep 21 07:16:05.974549: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:16:05.974552: | -> UNDEFINED EVENT_NULL Sep 21 07:16:05.974554: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:05.974557: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:16:05.974559: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:05.974562: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:05.974564: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:05.974567: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:16:05.974569: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:05.974571: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:05.974574: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:16:05.974576: | -> UNDEFINED EVENT_NULL Sep 21 07:16:05.974578: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:16:05.974581: | -> UNDEFINED EVENT_NULL Sep 21 07:16:05.974583: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:16:05.974586: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:16:05.974588: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:16:05.974590: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:16:05.974593: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:16:05.974595: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:16:05.974598: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:16:05.974600: | -> UNDEFINED EVENT_NULL Sep 21 07:16:05.974603: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:16:05.974605: | -> UNDEFINED EVENT_NULL Sep 21 07:16:05.974608: | INFO: category: informational flags: 0: Sep 21 07:16:05.974610: | -> UNDEFINED EVENT_NULL Sep 21 07:16:05.974612: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:16:05.974614: | -> UNDEFINED EVENT_NULL Sep 21 07:16:05.974617: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:16:05.974620: | -> XAUTH_R1 EVENT_NULL Sep 21 07:16:05.974622: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:16:05.974625: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:05.974627: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:16:05.974629: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:16:05.974632: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:16:05.974634: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:16:05.974637: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:16:05.974639: | -> UNDEFINED EVENT_NULL Sep 21 07:16:05.974641: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:16:05.974646: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:05.974649: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:16:05.974652: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:16:05.974654: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:16:05.974656: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:16:05.974663: | checking IKEv2 state table Sep 21 07:16:05.974669: | PARENT_I0: category: ignore flags: 0: Sep 21 07:16:05.974672: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:16:05.974675: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:05.974678: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:16:05.974681: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:16:05.974683: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:16:05.974686: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:16:05.974688: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:16:05.974691: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:16:05.974693: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:16:05.974696: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:16:05.974698: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:16:05.974701: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:16:05.974703: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:16:05.974705: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:16:05.974708: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:16:05.974710: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:05.974713: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:16:05.974716: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:16:05.974718: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:16:05.974721: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:16:05.974724: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:16:05.974726: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:16:05.974728: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:16:05.974731: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:16:05.974733: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:16:05.974736: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:16:05.974738: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:16:05.974740: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:16:05.974743: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:16:05.974745: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:16:05.974748: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:05.974750: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:16:05.974753: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:16:05.974755: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:16:05.974758: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:16:05.974761: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:16:05.974763: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:16:05.974766: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:16:05.974771: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:16:05.974774: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:05.974777: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:16:05.974780: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:16:05.974787: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:16:05.974792: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:16:05.974794: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:16:05.974797: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:16:05.974839: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:16:05.974900: | Hard-wiring algorithms Sep 21 07:16:05.974905: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:16:05.974909: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:16:05.974912: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:16:05.974914: | adding 3DES_CBC to kernel algorithm db Sep 21 07:16:05.974916: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:16:05.974918: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:16:05.974920: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:16:05.974923: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:16:05.974925: | adding AES_CTR to kernel algorithm db Sep 21 07:16:05.974927: | adding AES_CBC to kernel algorithm db Sep 21 07:16:05.974929: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:16:05.974931: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:16:05.974933: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:16:05.974936: | adding NULL to kernel algorithm db Sep 21 07:16:05.974938: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:16:05.974940: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:16:05.974943: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:16:05.974945: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:16:05.974947: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:16:05.974950: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:16:05.974952: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:16:05.974954: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:16:05.974957: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:16:05.974959: | adding NONE to kernel algorithm db Sep 21 07:16:05.974980: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:16:05.974987: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:16:05.974989: | setup kernel fd callback Sep 21 07:16:05.974993: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x5570b1d8f740 Sep 21 07:16:05.974996: | libevent_malloc: new ptr-libevent@0x5570b1d96810 size 128 Sep 21 07:16:05.975000: | libevent_malloc: new ptr-libevent@0x5570b1d8f6a0 size 16 Sep 21 07:16:05.975006: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x5570b1d89bf0 Sep 21 07:16:05.975008: | libevent_malloc: new ptr-libevent@0x5570b1d968a0 size 128 Sep 21 07:16:05.975011: | libevent_malloc: new ptr-libevent@0x5570b1d8f680 size 16 Sep 21 07:16:05.975240: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:16:05.975249: selinux support is enabled. Sep 21 07:16:05.975329: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:16:05.975505: | unbound context created - setting debug level to 5 Sep 21 07:16:05.975540: | /etc/hosts lookups activated Sep 21 07:16:05.975558: | /etc/resolv.conf usage activated Sep 21 07:16:05.975612: | outgoing-port-avoid set 0-65535 Sep 21 07:16:05.975639: | outgoing-port-permit set 32768-60999 Sep 21 07:16:05.975643: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:16:05.975646: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:16:05.975649: | Setting up events, loop start Sep 21 07:16:05.975653: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x5570b1d899b0 Sep 21 07:16:05.975659: | libevent_malloc: new ptr-libevent@0x5570b1da0e20 size 128 Sep 21 07:16:05.975663: | libevent_malloc: new ptr-libevent@0x5570b1da0eb0 size 16 Sep 21 07:16:05.975669: | libevent_realloc: new ptr-libevent@0x5570b1da0ed0 size 256 Sep 21 07:16:05.975673: | libevent_malloc: new ptr-libevent@0x5570b1da0fe0 size 8 Sep 21 07:16:05.975676: | libevent_realloc: new ptr-libevent@0x5570b1d95b10 size 144 Sep 21 07:16:05.975678: | libevent_malloc: new ptr-libevent@0x5570b1da1000 size 152 Sep 21 07:16:05.975682: | libevent_malloc: new ptr-libevent@0x5570b1da10a0 size 16 Sep 21 07:16:05.975686: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:16:05.975689: | libevent_malloc: new ptr-libevent@0x5570b1da10c0 size 8 Sep 21 07:16:05.975692: | libevent_malloc: new ptr-libevent@0x5570b1da10e0 size 152 Sep 21 07:16:05.975695: | signal event handler PLUTO_SIGTERM installed Sep 21 07:16:05.975698: | libevent_malloc: new ptr-libevent@0x5570b1da1180 size 8 Sep 21 07:16:05.975701: | libevent_malloc: new ptr-libevent@0x5570b1da11a0 size 152 Sep 21 07:16:05.975704: | signal event handler PLUTO_SIGHUP installed Sep 21 07:16:05.975706: | libevent_malloc: new ptr-libevent@0x5570b1da1240 size 8 Sep 21 07:16:05.975709: | libevent_realloc: release ptr-libevent@0x5570b1d95b10 Sep 21 07:16:05.975712: | libevent_realloc: new ptr-libevent@0x5570b1da1260 size 256 Sep 21 07:16:05.975715: | libevent_malloc: new ptr-libevent@0x5570b1d95b10 size 152 Sep 21 07:16:05.975717: | signal event handler PLUTO_SIGSYS installed Sep 21 07:16:05.976130: | created addconn helper (pid:23584) using fork+execve Sep 21 07:16:05.976147: | forked child 23584 Sep 21 07:16:05.976190: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:05.976207: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:05.976214: listening for IKE messages Sep 21 07:16:05.976350: | starting up helper thread 6 Sep 21 07:16:05.976358: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:16:05.976364: | crypto helper 6 waiting (nothing to do) Sep 21 07:16:05.976378: | starting up helper thread 2 Sep 21 07:16:05.976383: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:16:05.976385: | crypto helper 2 waiting (nothing to do) Sep 21 07:16:05.977801: | starting up helper thread 3 Sep 21 07:16:05.977815: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:16:05.977819: | crypto helper 3 waiting (nothing to do) Sep 21 07:16:05.980074: | starting up helper thread 1 Sep 21 07:16:05.980493: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:16:05.980498: | crypto helper 1 waiting (nothing to do) Sep 21 07:16:05.983335: | starting up helper thread 4 Sep 21 07:16:05.983354: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:16:05.983358: | crypto helper 4 waiting (nothing to do) Sep 21 07:16:05.983369: | starting up helper thread 5 Sep 21 07:16:05.983375: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:16:05.983377: | crypto helper 5 waiting (nothing to do) Sep 21 07:16:05.987005: | starting up helper thread 0 Sep 21 07:16:05.987024: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:16:05.987027: | crypto helper 0 waiting (nothing to do) Sep 21 07:16:06.025112: | Inspecting interface lo Sep 21 07:16:06.025135: | found lo with address 127.0.0.1 Sep 21 07:16:06.025142: | Inspecting interface eth0 Sep 21 07:16:06.025150: | found eth0 with address 192.0.3.254 Sep 21 07:16:06.025155: | Inspecting interface eth1 Sep 21 07:16:06.025161: | found eth1 with address 192.1.3.33 Sep 21 07:16:06.106148: Kernel supports NIC esp-hw-offload Sep 21 07:16:06.106179: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Sep 21 07:16:06.106215: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:06.106226: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:06.106231: adding interface eth1/eth1 192.1.3.33:4500 Sep 21 07:16:06.106257: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Sep 21 07:16:06.106278: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:06.106282: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:06.106286: adding interface eth0/eth0 192.0.3.254:4500 Sep 21 07:16:06.106310: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:16:06.106330: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:06.106333: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:06.106337: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:16:06.106389: | no interfaces to sort Sep 21 07:16:06.106393: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:16:06.106402: | add_fd_read_event_handler: new ethX-pe@0x5570b1d8aab0 Sep 21 07:16:06.106405: | libevent_malloc: new ptr-libevent@0x5570b1da1640 size 128 Sep 21 07:16:06.106410: | libevent_malloc: new ptr-libevent@0x5570b1da16d0 size 16 Sep 21 07:16:06.106417: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:16:06.106420: | add_fd_read_event_handler: new ethX-pe@0x5570b1da16f0 Sep 21 07:16:06.106423: | libevent_malloc: new ptr-libevent@0x5570b1da1730 size 128 Sep 21 07:16:06.106426: | libevent_malloc: new ptr-libevent@0x5570b1da17c0 size 16 Sep 21 07:16:06.106430: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:16:06.106432: | add_fd_read_event_handler: new ethX-pe@0x5570b1da17e0 Sep 21 07:16:06.106435: | libevent_malloc: new ptr-libevent@0x5570b1da1820 size 128 Sep 21 07:16:06.106438: | libevent_malloc: new ptr-libevent@0x5570b1da18b0 size 16 Sep 21 07:16:06.106442: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:16:06.106445: | add_fd_read_event_handler: new ethX-pe@0x5570b1da18d0 Sep 21 07:16:06.106447: | libevent_malloc: new ptr-libevent@0x5570b1da1910 size 128 Sep 21 07:16:06.106450: | libevent_malloc: new ptr-libevent@0x5570b1da19a0 size 16 Sep 21 07:16:06.106454: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:16:06.106456: | add_fd_read_event_handler: new ethX-pe@0x5570b1da19c0 Sep 21 07:16:06.106459: | libevent_malloc: new ptr-libevent@0x5570b1da1a00 size 128 Sep 21 07:16:06.106462: | libevent_malloc: new ptr-libevent@0x5570b1da1a90 size 16 Sep 21 07:16:06.106466: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:16:06.106469: | add_fd_read_event_handler: new ethX-pe@0x5570b1da1ab0 Sep 21 07:16:06.106471: | libevent_malloc: new ptr-libevent@0x5570b1da1af0 size 128 Sep 21 07:16:06.106474: | libevent_malloc: new ptr-libevent@0x5570b1da1b80 size 16 Sep 21 07:16:06.106479: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:16:06.106483: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:06.106485: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:06.106511: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:06.106527: | saving Modulus Sep 21 07:16:06.106532: | saving PublicExponent Sep 21 07:16:06.106535: | ignoring PrivateExponent Sep 21 07:16:06.106538: | ignoring Prime1 Sep 21 07:16:06.106542: | ignoring Prime2 Sep 21 07:16:06.106545: | ignoring Exponent1 Sep 21 07:16:06.106548: | ignoring Exponent2 Sep 21 07:16:06.106551: | ignoring Coefficient Sep 21 07:16:06.106554: | ignoring CKAIDNSS Sep 21 07:16:06.106592: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:06.106595: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:16:06.106599: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:16:06.106604: | certs and keys locked by 'process_secret' Sep 21 07:16:06.106606: | certs and keys unlocked by 'process_secret' Sep 21 07:16:06.106612: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:06.106620: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:06.106631: | spent 0.778 milliseconds in whack Sep 21 07:16:06.106646: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:06.106657: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:06.106660: listening for IKE messages Sep 21 07:16:06.106682: | Inspecting interface lo Sep 21 07:16:06.106687: | found lo with address 127.0.0.1 Sep 21 07:16:06.106689: | Inspecting interface eth0 Sep 21 07:16:06.106693: | found eth0 with address 192.0.3.254 Sep 21 07:16:06.106696: | Inspecting interface eth1 Sep 21 07:16:06.106699: | found eth1 with address 192.1.3.33 Sep 21 07:16:06.106724: | no interfaces to sort Sep 21 07:16:06.106730: | libevent_free: release ptr-libevent@0x5570b1da1640 Sep 21 07:16:06.106733: | free_event_entry: release EVENT_NULL-pe@0x5570b1d8aab0 Sep 21 07:16:06.106736: | add_fd_read_event_handler: new ethX-pe@0x5570b1d8aab0 Sep 21 07:16:06.106739: | libevent_malloc: new ptr-libevent@0x5570b1da1640 size 128 Sep 21 07:16:06.106744: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:16:06.106748: | libevent_free: release ptr-libevent@0x5570b1da1730 Sep 21 07:16:06.106751: | free_event_entry: release EVENT_NULL-pe@0x5570b1da16f0 Sep 21 07:16:06.106753: | add_fd_read_event_handler: new ethX-pe@0x5570b1da16f0 Sep 21 07:16:06.106756: | libevent_malloc: new ptr-libevent@0x5570b1da1730 size 128 Sep 21 07:16:06.106760: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:16:06.106763: | libevent_free: release ptr-libevent@0x5570b1da1820 Sep 21 07:16:06.106766: | free_event_entry: release EVENT_NULL-pe@0x5570b1da17e0 Sep 21 07:16:06.106768: | add_fd_read_event_handler: new ethX-pe@0x5570b1da17e0 Sep 21 07:16:06.106771: | libevent_malloc: new ptr-libevent@0x5570b1da1820 size 128 Sep 21 07:16:06.106775: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:16:06.106778: | libevent_free: release ptr-libevent@0x5570b1da1910 Sep 21 07:16:06.106781: | free_event_entry: release EVENT_NULL-pe@0x5570b1da18d0 Sep 21 07:16:06.106787: | add_fd_read_event_handler: new ethX-pe@0x5570b1da18d0 Sep 21 07:16:06.106792: | libevent_malloc: new ptr-libevent@0x5570b1da1910 size 128 Sep 21 07:16:06.106797: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:16:06.106800: | libevent_free: release ptr-libevent@0x5570b1da1a00 Sep 21 07:16:06.106803: | free_event_entry: release EVENT_NULL-pe@0x5570b1da19c0 Sep 21 07:16:06.106805: | add_fd_read_event_handler: new ethX-pe@0x5570b1da19c0 Sep 21 07:16:06.106808: | libevent_malloc: new ptr-libevent@0x5570b1da1a00 size 128 Sep 21 07:16:06.106812: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:16:06.106816: | libevent_free: release ptr-libevent@0x5570b1da1af0 Sep 21 07:16:06.106818: | free_event_entry: release EVENT_NULL-pe@0x5570b1da1ab0 Sep 21 07:16:06.106820: | add_fd_read_event_handler: new ethX-pe@0x5570b1da1ab0 Sep 21 07:16:06.106823: | libevent_malloc: new ptr-libevent@0x5570b1da1af0 size 128 Sep 21 07:16:06.106827: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:16:06.106830: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:06.106832: forgetting secrets Sep 21 07:16:06.106837: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:06.106848: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:06.106861: | saving Modulus Sep 21 07:16:06.106863: | saving PublicExponent Sep 21 07:16:06.106867: | ignoring PrivateExponent Sep 21 07:16:06.106870: | ignoring Prime1 Sep 21 07:16:06.106873: | ignoring Prime2 Sep 21 07:16:06.106876: | ignoring Exponent1 Sep 21 07:16:06.106879: | ignoring Exponent2 Sep 21 07:16:06.106882: | ignoring Coefficient Sep 21 07:16:06.106885: | ignoring CKAIDNSS Sep 21 07:16:06.106897: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:06.106899: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:16:06.106902: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:16:06.106906: | certs and keys locked by 'process_secret' Sep 21 07:16:06.106911: | certs and keys unlocked by 'process_secret' Sep 21 07:16:06.106916: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:06.106921: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:06.106926: | spent 0.281 milliseconds in whack Sep 21 07:16:06.109848: | processing signal PLUTO_SIGCHLD Sep 21 07:16:06.109871: | waitpid returned pid 23584 (exited with status 0) Sep 21 07:16:06.109875: | reaped addconn helper child (status 0) Sep 21 07:16:06.109880: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:06.109886: | spent 0.0214 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:06.185373: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:06.185395: | old debugging base+cpu-usage + none Sep 21 07:16:06.185398: | base debugging = base+cpu-usage Sep 21 07:16:06.185401: | old impairing none + suppress-retransmits Sep 21 07:16:06.185403: | base impairing = suppress-retransmits Sep 21 07:16:06.185410: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:06.185417: | spent 0.0539 milliseconds in whack Sep 21 07:16:06.266698: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:06.266718: | old debugging base+cpu-usage + none Sep 21 07:16:06.266722: | base debugging = base+cpu-usage Sep 21 07:16:06.266725: | old impairing suppress-retransmits + suppress-retransmits Sep 21 07:16:06.266727: | base impairing = suppress-retransmits Sep 21 07:16:06.266733: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:06.266740: | spent 0.0497 milliseconds in whack Sep 21 07:16:06.513571: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:06.513949: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:06.513958: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:06.513961: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:06.513963: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:06.513967: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:06.513975: | Added new connection northnet-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:06.513978: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:16:06.514032: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:16:06.514035: | from whack: got --esp= Sep 21 07:16:06.514071: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:16:06.514621: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:16:06.514633: | loading left certificate 'north' pubkey Sep 21 07:16:06.514733: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1da3f60 Sep 21 07:16:06.514738: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1da3ea0 Sep 21 07:16:06.514740: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1da3e70 Sep 21 07:16:06.514869: | unreference key: 0x5570b1da3b40 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:06.515034: | certs and keys locked by 'lsw_add_rsa_secret' Sep 21 07:16:06.515039: | certs and keys unlocked by 'lsw_add_rsa_secret' Sep 21 07:16:06.515049: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Sep 21 07:16:06.515624: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:16:06.515631: | loading right certificate 'east' pubkey Sep 21 07:16:06.515707: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1da84d0 Sep 21 07:16:06.515712: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1da3f60 Sep 21 07:16:06.515714: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1da3ea0 Sep 21 07:16:06.515717: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1da3e70 Sep 21 07:16:06.515719: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1da4580 Sep 21 07:16:06.515920: | unreference key: 0x5570b1dab2d0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:06.516024: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Sep 21 07:16:06.516035: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Sep 21 07:16:06.516046: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:16:06.516049: | new hp@0x5570b1dac7f0 Sep 21 07:16:06.516054: added connection description "northnet-eastnets/0x1" Sep 21 07:16:06.516062: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:06.516084: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.2.0/24 Sep 21 07:16:06.516091: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:06.516098: | spent 2.18 milliseconds in whack Sep 21 07:16:06.516156: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:06.516170: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:06.516173: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:06.516176: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:06.516178: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:06.516181: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:06.516185: | Added new connection northnet-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:06.516188: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:16:06.516235: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:16:06.516238: | from whack: got --esp= Sep 21 07:16:06.516273: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:16:06.516362: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:16:06.516367: | loading left certificate 'north' pubkey Sep 21 07:16:06.516420: | unreference key: 0x5570b1da8060 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:06.516435: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1da3f60 Sep 21 07:16:06.516438: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1da3ea0 Sep 21 07:16:06.516440: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1da3e70 Sep 21 07:16:06.516486: | unreference key: 0x5570b1da7a70 @north.testing.libreswan.org cnt 1-- Sep 21 07:16:06.516530: | unreference key: 0x5570b1da7c40 user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:06.516579: | unreference key: 0x5570b1dabe20 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:06.516623: | secrets entry for north already exists Sep 21 07:16:06.516634: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Sep 21 07:16:06.516713: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:16:06.516718: | loading right certificate 'east' pubkey Sep 21 07:16:06.516768: | unreference key: 0x5570b1dad9c0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:06.516779: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1da3ea0 Sep 21 07:16:06.516782: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1da3e70 Sep 21 07:16:06.516794: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1da5000 Sep 21 07:16:06.516796: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1da4580 Sep 21 07:16:06.516799: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1da7e40 Sep 21 07:16:06.516845: | unreference key: 0x5570b1dac630 192.1.2.23 cnt 1-- Sep 21 07:16:06.516888: | unreference key: 0x5570b1dab930 east@testing.libreswan.org cnt 1-- Sep 21 07:16:06.516931: | unreference key: 0x5570b1dad1d0 @east.testing.libreswan.org cnt 1-- Sep 21 07:16:06.516975: | unreference key: 0x5570b1dad600 user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:06.517024: | unreference key: 0x5570b1daedb0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:06.517125: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Sep 21 07:16:06.517137: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Sep 21 07:16:06.517143: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Sep 21 07:16:06.517148: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x5570b1dac7f0: northnet-eastnets/0x1 Sep 21 07:16:06.517151: added connection description "northnet-eastnets/0x2" Sep 21 07:16:06.517158: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:06.517178: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.22.0/24 Sep 21 07:16:06.517184: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:06.517189: | spent 1.03 milliseconds in whack Sep 21 07:16:06.524285: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:06.524310: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:16:06.524314: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:06.524317: initiating all conns with alias='northnet-eastnets' Sep 21 07:16:06.524323: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:06.524334: | start processing: connection "northnet-eastnets/0x2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:16:06.524337: | connection 'northnet-eastnets/0x2' +POLICY_UP Sep 21 07:16:06.524341: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:16:06.524343: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:06.524358: | creating state object #1 at 0x5570b1daf640 Sep 21 07:16:06.524362: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:16:06.524369: | pstats #1 ikev2.ike started Sep 21 07:16:06.524372: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:16:06.524375: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:16:06.524380: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:06.524387: | suspend processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:06.524392: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:06.524395: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:16:06.524398: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x2" IKE SA #1 "northnet-eastnets/0x2" Sep 21 07:16:06.524402: "northnet-eastnets/0x2" #1: initiating v2 parent SA Sep 21 07:16:06.524411: | constructing local IKE proposals for northnet-eastnets/0x2 (IKE SA initiator selecting KE) Sep 21 07:16:06.524420: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:06.524428: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:06.524432: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:06.524436: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:06.524439: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:06.524444: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:06.524447: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:06.524452: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:06.524460: "northnet-eastnets/0x2": constructed local IKE proposals for northnet-eastnets/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:06.524468: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:16:06.524471: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5570b1daed20 Sep 21 07:16:06.524475: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:16:06.524481: | libevent_malloc: new ptr-libevent@0x5570b1da3ed0 size 128 Sep 21 07:16:06.524494: | #1 spent 0.159 milliseconds in ikev2_parent_outI1() Sep 21 07:16:06.524497: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:06.524501: | RESET processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:06.524503: | RESET processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:06.524505: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:16:06.524509: | start processing: connection "northnet-eastnets/0x1" (in initiate_a_connection() at initiate.c:186) Sep 21 07:16:06.524511: | connection 'northnet-eastnets/0x1' +POLICY_UP Sep 21 07:16:06.524514: | dup_any(fd@23) -> fd@26 (in initiate_a_connection() at initiate.c:342) Sep 21 07:16:06.524516: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:06.524520: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x1" IKE SA #1 "northnet-eastnets/0x2" Sep 21 07:16:06.524523: | stop processing: connection "northnet-eastnets/0x1" (in initiate_a_connection() at initiate.c:349) Sep 21 07:16:06.524526: | close_any(fd@23) (in initiate_connection() at initiate.c:384) Sep 21 07:16:06.524529: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:06.524532: | spent 0.257 milliseconds in whack Sep 21 07:16:06.524540: | crypto helper 6 resuming Sep 21 07:16:06.524544: | crypto helper 6 starting work-order 1 for state #1 Sep 21 07:16:06.524547: | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:16:06.525424: | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000875 seconds Sep 21 07:16:06.525436: | (#1) spent 0.884 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:16:06.525440: | crypto helper 6 sending results from work-order 1 for state #1 to event queue Sep 21 07:16:06.525442: | scheduling resume sending helper answer for #1 Sep 21 07:16:06.525445: | libevent_malloc: new ptr-libevent@0x7efd88006900 size 128 Sep 21 07:16:06.525453: | crypto helper 6 waiting (nothing to do) Sep 21 07:16:06.525463: | processing resume sending helper answer for #1 Sep 21 07:16:06.525469: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:06.525473: | crypto helper 6 replies to request ID 1 Sep 21 07:16:06.525475: | calling continuation function 0x5570b193b630 Sep 21 07:16:06.525478: | ikev2_parent_outI1_continue for #1 Sep 21 07:16:06.525507: | **emit ISAKMP Message: Sep 21 07:16:06.525510: | initiator cookie: Sep 21 07:16:06.525512: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.525514: | responder cookie: Sep 21 07:16:06.525516: | 00 00 00 00 00 00 00 00 Sep 21 07:16:06.525519: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:06.525522: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:06.525525: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:06.525528: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:06.525531: | Message ID: 0 (0x0) Sep 21 07:16:06.525534: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:06.525550: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:06.525557: | Emitting ikev2_proposals ... Sep 21 07:16:06.525560: | ***emit IKEv2 Security Association Payload: Sep 21 07:16:06.525563: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.525565: | flags: none (0x0) Sep 21 07:16:06.525569: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:06.525571: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.525575: | discarding INTEG=NONE Sep 21 07:16:06.525577: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:06.525580: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:06.525583: | prop #: 1 (0x1) Sep 21 07:16:06.525585: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:06.525587: | spi size: 0 (0x0) Sep 21 07:16:06.525590: | # transforms: 11 (0xb) Sep 21 07:16:06.525593: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:06.525596: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525599: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525601: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:06.525604: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:06.525607: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.525609: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:06.525613: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:06.525615: | length/value: 256 (0x100) Sep 21 07:16:06.525618: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:06.525621: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525623: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525626: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:06.525628: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:06.525632: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525634: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.525637: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.525640: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525643: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525645: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:06.525647: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:06.525651: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525654: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.525657: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.525659: | discarding INTEG=NONE Sep 21 07:16:06.525661: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525664: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525666: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.525669: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:06.525672: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525675: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.525680: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.525683: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525685: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525688: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.525690: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:06.525693: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525696: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.525699: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.525701: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525704: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525706: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.525709: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:06.525712: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525715: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.525718: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.525720: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525722: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525725: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.525727: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:06.525731: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525734: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.525736: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.525739: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525742: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525744: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.525747: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:06.525749: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525752: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.525755: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.525757: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525760: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525762: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.525764: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:06.525767: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525769: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.525772: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.525774: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525776: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525778: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.525781: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:06.525787: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525796: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.525800: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.525802: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525805: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:06.525807: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.525810: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:06.525813: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525816: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.525818: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.525820: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:06.525823: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:06.525825: | discarding INTEG=NONE Sep 21 07:16:06.525828: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:06.525830: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:06.525833: | prop #: 2 (0x2) Sep 21 07:16:06.525835: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:06.525837: | spi size: 0 (0x0) Sep 21 07:16:06.525839: | # transforms: 11 (0xb) Sep 21 07:16:06.525842: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:06.525845: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:06.525848: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525850: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525853: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:06.525856: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:06.525858: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.525861: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:06.525864: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:06.525866: | length/value: 128 (0x80) Sep 21 07:16:06.525868: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:06.525871: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525873: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525876: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:06.525878: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:06.525881: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525884: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.525886: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.525888: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525890: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525893: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:06.525895: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:06.525898: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525901: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.525903: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.525907: | discarding INTEG=NONE Sep 21 07:16:06.525909: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525912: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525914: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.525916: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:06.525919: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525922: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.525924: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.525927: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525929: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525931: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.525933: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:06.525936: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525939: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.525941: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.525944: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525946: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525948: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.525951: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:06.525954: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525956: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.525959: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.525962: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525964: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525966: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.525969: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:06.525971: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525974: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.525977: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.525979: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525981: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525983: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.525985: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:06.525988: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.525991: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.525993: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.525995: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.525997: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526000: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.526002: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:06.526004: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526009: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526011: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526013: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526016: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526018: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.526020: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:06.526023: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526025: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526028: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526030: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526032: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:06.526034: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.526037: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:06.526040: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526042: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526045: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526048: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:06.526050: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:06.526053: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:06.526055: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:06.526058: | prop #: 3 (0x3) Sep 21 07:16:06.526060: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:06.526062: | spi size: 0 (0x0) Sep 21 07:16:06.526065: | # transforms: 13 (0xd) Sep 21 07:16:06.526068: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:06.526071: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:06.526073: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526076: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526078: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:06.526081: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:06.526083: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526086: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:06.526089: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:06.526091: | length/value: 256 (0x100) Sep 21 07:16:06.526094: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:06.526096: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526099: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526101: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:06.526104: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:06.526106: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526109: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526112: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526115: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526119: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526121: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:06.526123: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:06.526127: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526129: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526132: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526134: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526137: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526139: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:06.526142: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:06.526145: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526148: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526150: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526152: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526155: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526158: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:06.526160: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:06.526163: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526166: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526168: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526171: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526173: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526176: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.526179: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:06.526182: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526184: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526187: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526189: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526192: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526194: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.526197: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:06.526199: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526202: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526205: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526207: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526210: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526212: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.526215: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:06.526217: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526220: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526226: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526228: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526230: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526233: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.526235: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:06.526238: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526241: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526243: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526246: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526248: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526250: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.526253: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:06.526256: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526258: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526261: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526264: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526266: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526268: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.526270: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:06.526273: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526276: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526279: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526281: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526283: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526286: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.526288: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:06.526291: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526294: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526296: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526298: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526301: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:06.526303: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.526306: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:06.526309: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526312: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526315: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526317: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:06.526320: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:06.526323: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:06.526325: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:06.526328: | prop #: 4 (0x4) Sep 21 07:16:06.526331: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:06.526334: | spi size: 0 (0x0) Sep 21 07:16:06.526336: | # transforms: 13 (0xd) Sep 21 07:16:06.526339: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:06.526342: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:06.526344: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526347: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526349: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:06.526351: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:06.526354: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526357: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:06.526359: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:06.526361: | length/value: 128 (0x80) Sep 21 07:16:06.526364: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:06.526366: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526369: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526371: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:06.526373: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:06.526376: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526379: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526381: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526384: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526386: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526388: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:06.526391: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:06.526394: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526396: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526398: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526400: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526403: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526405: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:06.526408: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:06.526410: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526413: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526416: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526418: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526420: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526423: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:06.526425: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:06.526428: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526431: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526433: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526437: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526440: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526442: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.526444: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:06.526447: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526450: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526452: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526455: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526457: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526459: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.526461: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:06.526464: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526467: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526469: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526471: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526473: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526476: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.526478: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:06.526481: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526484: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526487: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526489: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526491: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526494: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.526496: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:06.526499: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526502: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526504: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526507: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526509: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526512: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.526514: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:06.526517: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526520: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526522: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526525: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526527: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526530: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.526532: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:06.526535: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526538: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526542: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526545: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526548: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526550: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.526552: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:06.526555: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526558: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526561: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526563: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.526566: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:06.526568: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.526571: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:06.526574: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.526577: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.526580: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.526582: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:06.526585: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:06.526587: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:16:06.526590: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:06.526593: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:16:06.526596: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.526598: | flags: none (0x0) Sep 21 07:16:06.526601: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:06.526604: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:06.526607: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.526611: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:06.526614: | ikev2 g^x 04 17 57 6d 56 61 1e bd 07 15 de a9 30 f7 93 3a Sep 21 07:16:06.526616: | ikev2 g^x 4b 84 75 eb bf 66 c5 91 5a fc b1 9c 9f c0 ef 66 Sep 21 07:16:06.526619: | ikev2 g^x 4b 06 5b 5d a7 d2 e7 df 22 62 10 1e 7a 7f b0 82 Sep 21 07:16:06.526621: | ikev2 g^x ab 9d 58 4c 08 50 b9 c2 cb b2 22 7a 01 5b fa 33 Sep 21 07:16:06.526623: | ikev2 g^x 62 c5 63 eb 93 ab 51 41 fb 34 33 8f d3 ae a2 a9 Sep 21 07:16:06.526626: | ikev2 g^x b0 46 78 e3 f9 39 73 ad 40 d7 4f 49 d0 0b e8 e4 Sep 21 07:16:06.526628: | ikev2 g^x 3c 71 db 15 c9 ab a9 ae 2b d6 12 35 49 fa 42 c4 Sep 21 07:16:06.526631: | ikev2 g^x cb 30 b3 b5 c7 ed 56 75 bc 51 1f a9 58 7e f7 fe Sep 21 07:16:06.526633: | ikev2 g^x 5e af 24 aa 76 b8 97 22 31 fd 76 8d fa 8b d7 27 Sep 21 07:16:06.526636: | ikev2 g^x ad cf 90 f1 13 b4 53 02 55 83 6e ca ea fe 32 6f Sep 21 07:16:06.526638: | ikev2 g^x f4 8d 53 3f d3 7e b6 7b dc 40 ee a9 68 96 c8 da Sep 21 07:16:06.526640: | ikev2 g^x 00 47 37 0e e0 94 52 99 aa 63 4b e1 a1 7e bc 4d Sep 21 07:16:06.526643: | ikev2 g^x 2e 1a 37 14 c2 ed 4d f4 4e 3d 5c 81 56 d9 bf b0 Sep 21 07:16:06.526645: | ikev2 g^x 4e 88 17 66 ea 21 1e 1b 9d e7 b4 90 e7 3c 74 64 Sep 21 07:16:06.526648: | ikev2 g^x cd e4 09 81 23 05 68 af bc 21 f6 0a 79 8e be 3b Sep 21 07:16:06.526650: | ikev2 g^x b5 c6 9a d9 00 8a 46 9b 6f 21 b6 60 1b 84 58 cc Sep 21 07:16:06.526654: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:16:06.526657: | ***emit IKEv2 Nonce Payload: Sep 21 07:16:06.526659: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:06.526662: | flags: none (0x0) Sep 21 07:16:06.526665: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:16:06.526668: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:06.526671: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.526674: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:06.526676: | IKEv2 nonce df 16 ac 8f b5 c6 75 20 06 62 e4 67 d3 2b 98 13 Sep 21 07:16:06.526679: | IKEv2 nonce 0e fb 3a ee b9 b0 64 c5 9a 85 0f c8 af a3 71 30 Sep 21 07:16:06.526682: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:06.526684: | Adding a v2N Payload Sep 21 07:16:06.526687: | ***emit IKEv2 Notify Payload: Sep 21 07:16:06.526689: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.526692: | flags: none (0x0) Sep 21 07:16:06.526695: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:06.526697: | SPI size: 0 (0x0) Sep 21 07:16:06.526700: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:06.526703: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:06.526706: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.526709: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:16:06.526712: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:16:06.526714: | natd_hash: rcookie is zero Sep 21 07:16:06.526725: | natd_hash: hasher=0x5570b1a117a0(20) Sep 21 07:16:06.526728: | natd_hash: icookie= 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.526730: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:06.526732: | natd_hash: ip= c0 01 03 21 Sep 21 07:16:06.526734: | natd_hash: port= 01 f4 Sep 21 07:16:06.526737: | natd_hash: hash= 9d c7 0b b1 62 75 7d f8 63 7a 91 ff dd 00 0b 2f Sep 21 07:16:06.526739: | natd_hash: hash= 19 64 2a ed Sep 21 07:16:06.526742: | Adding a v2N Payload Sep 21 07:16:06.526745: | ***emit IKEv2 Notify Payload: Sep 21 07:16:06.526747: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.526750: | flags: none (0x0) Sep 21 07:16:06.526752: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:06.526755: | SPI size: 0 (0x0) Sep 21 07:16:06.526757: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:06.526760: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:06.526763: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.526766: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:06.526768: | Notify data 9d c7 0b b1 62 75 7d f8 63 7a 91 ff dd 00 0b 2f Sep 21 07:16:06.526770: | Notify data 19 64 2a ed Sep 21 07:16:06.526773: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:06.526774: | natd_hash: rcookie is zero Sep 21 07:16:06.526781: | natd_hash: hasher=0x5570b1a117a0(20) Sep 21 07:16:06.526790: | natd_hash: icookie= 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.526793: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:06.526795: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:06.526797: | natd_hash: port= 01 f4 Sep 21 07:16:06.526800: | natd_hash: hash= 7c 81 4d 2c 6b 34 8e 9c 46 ef 5a 09 59 21 64 5d Sep 21 07:16:06.526802: | natd_hash: hash= 5f 12 b7 25 Sep 21 07:16:06.526804: | Adding a v2N Payload Sep 21 07:16:06.526806: | ***emit IKEv2 Notify Payload: Sep 21 07:16:06.526809: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.526813: | flags: none (0x0) Sep 21 07:16:06.526816: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:06.526818: | SPI size: 0 (0x0) Sep 21 07:16:06.526821: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:06.526824: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:06.526826: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.526829: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:06.526831: | Notify data 7c 81 4d 2c 6b 34 8e 9c 46 ef 5a 09 59 21 64 5d Sep 21 07:16:06.526834: | Notify data 5f 12 b7 25 Sep 21 07:16:06.526836: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:06.526838: | emitting length of ISAKMP Message: 828 Sep 21 07:16:06.526847: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:16:06.526857: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:06.526860: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:16:06.526863: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:16:06.526867: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:16:06.526869: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:16:06.526872: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:16:06.526877: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:06.526880: "northnet-eastnets/0x2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:06.526892: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:16:06.526902: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:06.526905: | 14 26 af c6 81 2a 4f 05 00 00 00 00 00 00 00 00 Sep 21 07:16:06.526907: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:16:06.526910: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:16:06.526912: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:16:06.526914: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:16:06.526916: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:16:06.526918: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:16:06.526921: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:16:06.526923: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:16:06.526925: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:16:06.526927: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:16:06.526930: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:16:06.526932: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:16:06.526934: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:16:06.526936: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:16:06.526939: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:16:06.526941: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:16:06.526943: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:16:06.526945: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:16:06.526947: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:16:06.526950: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:16:06.526952: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:16:06.526954: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:16:06.526956: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:16:06.526960: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:16:06.526962: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:16:06.526965: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:16:06.526967: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:16:06.526969: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:16:06.526971: | 28 00 01 08 00 0e 00 00 04 17 57 6d 56 61 1e bd Sep 21 07:16:06.526974: | 07 15 de a9 30 f7 93 3a 4b 84 75 eb bf 66 c5 91 Sep 21 07:16:06.526976: | 5a fc b1 9c 9f c0 ef 66 4b 06 5b 5d a7 d2 e7 df Sep 21 07:16:06.526978: | 22 62 10 1e 7a 7f b0 82 ab 9d 58 4c 08 50 b9 c2 Sep 21 07:16:06.526980: | cb b2 22 7a 01 5b fa 33 62 c5 63 eb 93 ab 51 41 Sep 21 07:16:06.526983: | fb 34 33 8f d3 ae a2 a9 b0 46 78 e3 f9 39 73 ad Sep 21 07:16:06.526985: | 40 d7 4f 49 d0 0b e8 e4 3c 71 db 15 c9 ab a9 ae Sep 21 07:16:06.526987: | 2b d6 12 35 49 fa 42 c4 cb 30 b3 b5 c7 ed 56 75 Sep 21 07:16:06.526989: | bc 51 1f a9 58 7e f7 fe 5e af 24 aa 76 b8 97 22 Sep 21 07:16:06.526991: | 31 fd 76 8d fa 8b d7 27 ad cf 90 f1 13 b4 53 02 Sep 21 07:16:06.526994: | 55 83 6e ca ea fe 32 6f f4 8d 53 3f d3 7e b6 7b Sep 21 07:16:06.526996: | dc 40 ee a9 68 96 c8 da 00 47 37 0e e0 94 52 99 Sep 21 07:16:06.526998: | aa 63 4b e1 a1 7e bc 4d 2e 1a 37 14 c2 ed 4d f4 Sep 21 07:16:06.527000: | 4e 3d 5c 81 56 d9 bf b0 4e 88 17 66 ea 21 1e 1b Sep 21 07:16:06.527002: | 9d e7 b4 90 e7 3c 74 64 cd e4 09 81 23 05 68 af Sep 21 07:16:06.527005: | bc 21 f6 0a 79 8e be 3b b5 c6 9a d9 00 8a 46 9b Sep 21 07:16:06.527007: | 6f 21 b6 60 1b 84 58 cc 29 00 00 24 df 16 ac 8f Sep 21 07:16:06.527009: | b5 c6 75 20 06 62 e4 67 d3 2b 98 13 0e fb 3a ee Sep 21 07:16:06.527011: | b9 b0 64 c5 9a 85 0f c8 af a3 71 30 29 00 00 08 Sep 21 07:16:06.527014: | 00 00 40 2e 29 00 00 1c 00 00 40 04 9d c7 0b b1 Sep 21 07:16:06.527016: | 62 75 7d f8 63 7a 91 ff dd 00 0b 2f 19 64 2a ed Sep 21 07:16:06.527018: | 00 00 00 1c 00 00 40 05 7c 81 4d 2c 6b 34 8e 9c Sep 21 07:16:06.527020: | 46 ef 5a 09 59 21 64 5d 5f 12 b7 25 Sep 21 07:16:06.527107: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:06.527112: | libevent_free: release ptr-libevent@0x5570b1da3ed0 Sep 21 07:16:06.527115: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5570b1daed20 Sep 21 07:16:06.527118: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:16:06.527121: "northnet-eastnets/0x2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:16:06.527127: | event_schedule: new EVENT_RETRANSMIT-pe@0x5570b1daed20 Sep 21 07:16:06.527130: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Sep 21 07:16:06.527133: | libevent_malloc: new ptr-libevent@0x5570b1da3ed0 size 128 Sep 21 07:16:06.527138: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48812.895391 Sep 21 07:16:06.527141: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:16:06.527146: | #1 spent 1.61 milliseconds in resume sending helper answer Sep 21 07:16:06.527151: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:06.527154: | libevent_free: release ptr-libevent@0x7efd88006900 Sep 21 07:16:06.538940: | spent 0.00257 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:06.538961: | *received 457 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:06.538964: | 14 26 af c6 81 2a 4f 05 e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.538966: | 21 20 22 20 00 00 00 00 00 00 01 c9 22 00 00 28 Sep 21 07:16:06.538969: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:16:06.538971: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:16:06.538973: | 04 00 00 0e 28 00 01 08 00 0e 00 00 dd 73 a5 d7 Sep 21 07:16:06.538977: | fc 08 a7 90 fd 8c 45 84 73 8a 6d b4 d1 70 bf db Sep 21 07:16:06.538979: | 88 e7 1d 07 eb 33 ff 93 20 36 76 b6 aa e8 e4 20 Sep 21 07:16:06.538981: | a8 9c c5 f3 35 6d 9a a4 ec 6e e5 2d 73 4e 6e 4a Sep 21 07:16:06.538984: | 8e 47 1c ce 30 40 57 84 2d 48 96 36 7f 3e 35 b7 Sep 21 07:16:06.538986: | 95 0d 07 7b f3 32 a9 0d cf 03 34 c9 91 0a d9 31 Sep 21 07:16:06.538988: | 99 78 39 e2 0b 2b b8 70 10 8e d8 bd 03 9c 0d 7d Sep 21 07:16:06.538990: | 69 78 d1 cb de 92 c9 7f f5 ec 4a 78 62 15 a6 b3 Sep 21 07:16:06.538992: | 3f d5 43 1f b2 b9 29 20 f2 1b 3d d3 1c 76 a2 f1 Sep 21 07:16:06.538994: | 80 27 22 94 67 30 7e af 40 60 49 78 f2 0a bc 11 Sep 21 07:16:06.538997: | 86 d0 36 51 bb 91 26 1b c3 12 f3 7c 62 bb 74 58 Sep 21 07:16:06.538999: | e6 ba 96 f7 e1 06 19 79 a4 67 ca de df e9 be 7c Sep 21 07:16:06.539001: | 90 3c cd 99 93 67 d0 a9 5f 21 2f 6a 1a f9 68 97 Sep 21 07:16:06.539003: | 0e e9 67 fd 73 3a f8 53 bd 8b 32 07 c8 37 ac a2 Sep 21 07:16:06.539005: | c4 74 b0 c9 8c a5 29 fb 7c 79 83 59 ae ee d0 5b Sep 21 07:16:06.539008: | 6c 4d 58 c5 0c df ad e3 fc 23 e7 54 ba de 05 09 Sep 21 07:16:06.539010: | 53 c9 72 d2 d1 7d eb 92 33 cf b2 e9 29 00 00 24 Sep 21 07:16:06.539012: | 8a b3 9a ab 0b 43 be 38 87 29 ba 61 ac 6f 8b cf Sep 21 07:16:06.539014: | 63 a6 f8 c1 89 c2 e2 8f bb e2 3a f1 05 6e 00 69 Sep 21 07:16:06.539016: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:16:06.539018: | 14 f8 04 6c 2b f0 2b 2c ba 7a c1 37 16 d5 ee 11 Sep 21 07:16:06.539021: | 6d b8 91 73 26 00 00 1c 00 00 40 05 10 84 93 c8 Sep 21 07:16:06.539023: | 4c c7 84 26 4b e1 87 48 71 17 56 2e 55 3f d9 6d Sep 21 07:16:06.539025: | 00 00 00 19 04 4e cf af 8c 44 87 de 90 be 28 67 Sep 21 07:16:06.539027: | b9 ce 53 17 3f 8e eb 22 c0 Sep 21 07:16:06.539032: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:06.539035: | **parse ISAKMP Message: Sep 21 07:16:06.539038: | initiator cookie: Sep 21 07:16:06.539040: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.539042: | responder cookie: Sep 21 07:16:06.539044: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.539047: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:06.539050: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:06.539052: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:06.539055: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:06.539057: | Message ID: 0 (0x0) Sep 21 07:16:06.539060: | length: 457 (0x1c9) Sep 21 07:16:06.539062: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:16:06.539066: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:16:06.539070: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:16:06.539075: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:06.539080: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:06.539082: | #1 is idle Sep 21 07:16:06.539085: | #1 idle Sep 21 07:16:06.539087: | unpacking clear payload Sep 21 07:16:06.539094: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:06.539097: | ***parse IKEv2 Security Association Payload: Sep 21 07:16:06.539100: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:16:06.539102: | flags: none (0x0) Sep 21 07:16:06.539104: | length: 40 (0x28) Sep 21 07:16:06.539107: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:16:06.539109: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:16:06.539112: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:16:06.539114: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:16:06.539116: | flags: none (0x0) Sep 21 07:16:06.539119: | length: 264 (0x108) Sep 21 07:16:06.539121: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:06.539125: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:16:06.539127: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:16:06.539129: | ***parse IKEv2 Nonce Payload: Sep 21 07:16:06.539132: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:06.539134: | flags: none (0x0) Sep 21 07:16:06.539136: | length: 36 (0x24) Sep 21 07:16:06.539138: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:16:06.539141: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:06.539143: | ***parse IKEv2 Notify Payload: Sep 21 07:16:06.539145: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:06.539148: | flags: none (0x0) Sep 21 07:16:06.539150: | length: 8 (0x8) Sep 21 07:16:06.539152: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:06.539154: | SPI size: 0 (0x0) Sep 21 07:16:06.539157: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:06.539159: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:16:06.539162: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:06.539164: | ***parse IKEv2 Notify Payload: Sep 21 07:16:06.539166: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:06.539168: | flags: none (0x0) Sep 21 07:16:06.539171: | length: 28 (0x1c) Sep 21 07:16:06.539173: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:06.539175: | SPI size: 0 (0x0) Sep 21 07:16:06.539177: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:06.539180: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:06.539182: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:06.539184: | ***parse IKEv2 Notify Payload: Sep 21 07:16:06.539186: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Sep 21 07:16:06.539189: | flags: none (0x0) Sep 21 07:16:06.539191: | length: 28 (0x1c) Sep 21 07:16:06.539193: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:06.539195: | SPI size: 0 (0x0) Sep 21 07:16:06.539198: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:06.539200: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:06.539202: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Sep 21 07:16:06.539205: | ***parse IKEv2 Certificate Request Payload: Sep 21 07:16:06.539207: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.539209: | flags: none (0x0) Sep 21 07:16:06.539212: | length: 25 (0x19) Sep 21 07:16:06.539214: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:16:06.539216: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=20) Sep 21 07:16:06.539219: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:16:06.539225: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:06.539228: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:16:06.539231: | Now let's proceed with state specific processing Sep 21 07:16:06.539233: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:16:06.539236: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:16:06.539254: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:06.539258: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:16:06.539261: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:06.539265: | local proposal 1 type PRF has 2 transforms Sep 21 07:16:06.539268: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:06.539270: | local proposal 1 type DH has 8 transforms Sep 21 07:16:06.539273: | local proposal 1 type ESN has 0 transforms Sep 21 07:16:06.539276: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:16:06.539278: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:06.539281: | local proposal 2 type PRF has 2 transforms Sep 21 07:16:06.539283: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:06.539285: | local proposal 2 type DH has 8 transforms Sep 21 07:16:06.539288: | local proposal 2 type ESN has 0 transforms Sep 21 07:16:06.539291: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:16:06.539293: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:06.539295: | local proposal 3 type PRF has 2 transforms Sep 21 07:16:06.539297: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:06.539300: | local proposal 3 type DH has 8 transforms Sep 21 07:16:06.539302: | local proposal 3 type ESN has 0 transforms Sep 21 07:16:06.539305: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:16:06.539307: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:06.539310: | local proposal 4 type PRF has 2 transforms Sep 21 07:16:06.539312: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:06.539314: | local proposal 4 type DH has 8 transforms Sep 21 07:16:06.539317: | local proposal 4 type ESN has 0 transforms Sep 21 07:16:06.539319: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:16:06.539322: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:06.539324: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:06.539327: | length: 36 (0x24) Sep 21 07:16:06.539329: | prop #: 1 (0x1) Sep 21 07:16:06.539331: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:06.539334: | spi size: 0 (0x0) Sep 21 07:16:06.539336: | # transforms: 3 (0x3) Sep 21 07:16:06.539339: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:16:06.539342: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:06.539345: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.539347: | length: 12 (0xc) Sep 21 07:16:06.539349: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:06.539352: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:06.539354: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:06.539357: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:06.539359: | length/value: 256 (0x100) Sep 21 07:16:06.539363: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:06.539366: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:06.539368: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.539370: | length: 8 (0x8) Sep 21 07:16:06.539373: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:06.539375: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:06.539378: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:16:06.539381: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:06.539383: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:06.539385: | length: 8 (0x8) Sep 21 07:16:06.539388: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.539390: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:06.539393: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:16:06.539397: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:16:06.539401: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:16:06.539404: | remote proposal 1 matches local proposal 1 Sep 21 07:16:06.539407: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:16:06.539409: | converting proposal to internal trans attrs Sep 21 07:16:06.539427: | natd_hash: hasher=0x5570b1a117a0(20) Sep 21 07:16:06.539430: | natd_hash: icookie= 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.539432: | natd_hash: rcookie= e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.539435: | natd_hash: ip= c0 01 03 21 Sep 21 07:16:06.539437: | natd_hash: port= 01 f4 Sep 21 07:16:06.539439: | natd_hash: hash= 10 84 93 c8 4c c7 84 26 4b e1 87 48 71 17 56 2e Sep 21 07:16:06.539442: | natd_hash: hash= 55 3f d9 6d Sep 21 07:16:06.539447: | natd_hash: hasher=0x5570b1a117a0(20) Sep 21 07:16:06.539450: | natd_hash: icookie= 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.539452: | natd_hash: rcookie= e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.539454: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:06.539456: | natd_hash: port= 01 f4 Sep 21 07:16:06.539459: | natd_hash: hash= 14 f8 04 6c 2b f0 2b 2c ba 7a c1 37 16 d5 ee 11 Sep 21 07:16:06.539461: | natd_hash: hash= 6d b8 91 73 Sep 21 07:16:06.539464: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:16:06.539466: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:16:06.539468: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:16:06.539471: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:16:06.539477: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:16:06.539480: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:16:06.539483: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:06.539486: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:16:06.539489: | libevent_free: release ptr-libevent@0x5570b1da3ed0 Sep 21 07:16:06.539492: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5570b1daed20 Sep 21 07:16:06.539495: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5570b1daed20 Sep 21 07:16:06.539499: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:16:06.539502: | libevent_malloc: new ptr-libevent@0x5570b1da3ed0 size 128 Sep 21 07:16:06.539513: | #1 spent 0.275 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:16:06.539519: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:06.539522: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:16:06.539525: | suspending state #1 and saving MD Sep 21 07:16:06.539527: | #1 is busy; has a suspended MD Sep 21 07:16:06.539531: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:06.539535: | "northnet-eastnets/0x2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:06.539539: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:06.539543: | #1 spent 0.594 milliseconds in ikev2_process_packet() Sep 21 07:16:06.539548: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:06.539551: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:06.539553: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:06.539557: | spent 0.608 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:06.539821: | crypto helper 2 resuming Sep 21 07:16:06.539833: | crypto helper 2 starting work-order 2 for state #1 Sep 21 07:16:06.539838: | crypto helper 2 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:16:06.540660: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:16:06.541174: | crypto helper 2 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001335 seconds Sep 21 07:16:06.541191: | (#1) spent 1.32 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:16:06.541195: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Sep 21 07:16:06.541198: | scheduling resume sending helper answer for #1 Sep 21 07:16:06.541203: | libevent_malloc: new ptr-libevent@0x7efd80006b90 size 128 Sep 21 07:16:06.541213: | crypto helper 2 waiting (nothing to do) Sep 21 07:16:06.541226: | processing resume sending helper answer for #1 Sep 21 07:16:06.541235: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:06.541239: | crypto helper 2 replies to request ID 2 Sep 21 07:16:06.541242: | calling continuation function 0x5570b193b630 Sep 21 07:16:06.541245: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:16:06.541250: | creating state object #2 at 0x5570b1db42e0 Sep 21 07:16:06.541254: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:16:06.541258: | pstats #2 ikev2.child started Sep 21 07:16:06.541261: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA Sep 21 07:16:06.541266: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:06.541273: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:06.541279: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:16:06.541283: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:06.541287: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:06.541291: | libevent_free: release ptr-libevent@0x5570b1da3ed0 Sep 21 07:16:06.541294: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5570b1daed20 Sep 21 07:16:06.541297: | event_schedule: new EVENT_SA_REPLACE-pe@0x5570b1daed20 Sep 21 07:16:06.541300: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:16:06.541303: | libevent_malloc: new ptr-libevent@0x5570b1da3ed0 size 128 Sep 21 07:16:06.541307: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:16:06.541314: | **emit ISAKMP Message: Sep 21 07:16:06.541317: | initiator cookie: Sep 21 07:16:06.541319: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.541322: | responder cookie: Sep 21 07:16:06.541324: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.541327: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:06.541330: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:06.541332: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:06.541335: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:06.541338: | Message ID: 1 (0x1) Sep 21 07:16:06.541341: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:06.541344: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:06.541347: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.541350: | flags: none (0x0) Sep 21 07:16:06.541353: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:06.541356: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.541360: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:06.541370: | IKEv2 CERT: send a certificate? Sep 21 07:16:06.541373: | IKEv2 CERT: OK to send a certificate (always) Sep 21 07:16:06.541375: | IDr payload will be sent Sep 21 07:16:06.541389: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:16:06.541393: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.541400: | flags: none (0x0) Sep 21 07:16:06.541403: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:16:06.541407: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:16:06.541410: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.541413: | emitting 185 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:16:06.541416: | my identity 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:16:06.541418: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:16:06.541421: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:16:06.541423: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:16:06.541425: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:16:06.541428: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:16:06.541430: | my identity 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Sep 21 07:16:06.541432: | my identity 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Sep 21 07:16:06.541435: | my identity 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Sep 21 07:16:06.541437: | my identity 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Sep 21 07:16:06.541439: | my identity 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:16:06.541442: | my identity 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:16:06.541444: | emitting length of IKEv2 Identification - Initiator - Payload: 193 Sep 21 07:16:06.541455: | Sending [CERT] of certificate: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:16:06.541458: | ****emit IKEv2 Certificate Payload: Sep 21 07:16:06.541460: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.541463: | flags: none (0x0) Sep 21 07:16:06.541466: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:16:06.541469: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) Sep 21 07:16:06.541472: | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.541475: | emitting 1227 raw bytes of CERT into IKEv2 Certificate Payload Sep 21 07:16:06.541478: | CERT 30 82 04 c7 30 82 04 30 a0 03 02 01 02 02 01 06 Sep 21 07:16:06.541480: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Sep 21 07:16:06.541482: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Sep 21 07:16:06.541485: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Sep 21 07:16:06.541487: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Sep 21 07:16:06.541489: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Sep 21 07:16:06.541492: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Sep 21 07:16:06.541494: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Sep 21 07:16:06.541496: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Sep 21 07:16:06.541498: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Sep 21 07:16:06.541501: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Sep 21 07:16:06.541503: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Sep 21 07:16:06.541505: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Sep 21 07:16:06.541508: | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 Sep 21 07:16:06.541510: | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 Sep 21 07:16:06.541512: | CERT 39 5a 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 Sep 21 07:16:06.541515: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Sep 21 07:16:06.541517: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Sep 21 07:16:06.541519: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Sep 21 07:16:06.541524: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Sep 21 07:16:06.541526: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Sep 21 07:16:06.541528: | CERT 6d 65 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e Sep 21 07:16:06.541531: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Sep 21 07:16:06.541533: | CERT 72 65 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 Sep 21 07:16:06.541535: | CERT 2a 86 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d Sep 21 07:16:06.541537: | CERT 6e 6f 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 Sep 21 07:16:06.541540: | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 Sep 21 07:16:06.541542: | CERT 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 Sep 21 07:16:06.541545: | CERT 01 8f 00 30 82 01 8a 02 82 01 81 00 ba c2 12 92 Sep 21 07:16:06.541547: | CERT f3 67 1c ca 50 e4 11 97 bd e2 74 f8 2d a7 50 1c Sep 21 07:16:06.541549: | CERT 73 d5 23 89 43 a9 58 74 05 29 97 ee a9 71 9c 8d Sep 21 07:16:06.541551: | CERT 92 44 52 90 56 aa 55 a8 8c 69 5e 32 49 62 fb 18 Sep 21 07:16:06.541554: | CERT 4f f0 e2 24 38 f0 a3 3c 7d 95 a9 03 66 29 11 c0 Sep 21 07:16:06.541556: | CERT f2 0c e3 de a1 62 78 96 0e ff d1 f8 93 ac b7 cf Sep 21 07:16:06.541558: | CERT 52 33 01 71 ef 46 ad ad d4 46 f5 e0 c5 e5 57 42 Sep 21 07:16:06.541561: | CERT 2f 10 0e 27 24 45 5e d0 bd 90 32 70 b9 bb 27 2a Sep 21 07:16:06.541563: | CERT 4c 93 a8 87 8c f0 61 5d d9 74 91 04 d9 e9 5b e5 Sep 21 07:16:06.541565: | CERT 31 9c ca e0 5b 2c 3b 17 be 1a c9 1c 28 62 24 3c Sep 21 07:16:06.541567: | CERT e4 eb d0 1a e4 e3 c4 61 b6 9d 1a a9 39 6a b0 92 Sep 21 07:16:06.541570: | CERT a6 69 2c 19 b1 57 75 2b a8 1b ac 95 2b 35 5a 2f Sep 21 07:16:06.541572: | CERT 1f 33 eb 9a 50 d0 4d fa 7a 05 9b 59 44 7d ba a6 Sep 21 07:16:06.541574: | CERT 91 64 c9 4d 4a 01 39 e3 83 11 04 e9 b5 b3 9d 19 Sep 21 07:16:06.541576: | CERT 1b 35 86 8a e9 e4 8b 28 e9 57 06 58 e2 cb a6 24 Sep 21 07:16:06.541579: | CERT 35 73 37 7c 05 25 07 5f b6 df 3f 8b ab 5f e7 e4 Sep 21 07:16:06.541581: | CERT 38 d2 69 f6 1f 68 e9 7b 4f 2f fd 11 62 0e 47 ee Sep 21 07:16:06.541583: | CERT 67 3b 0e 71 d8 9a 35 1b e4 4f 56 64 fd c1 66 02 Sep 21 07:16:06.541586: | CERT 69 2e 08 ac e7 43 ca 55 47 97 ae 83 19 50 e4 9d Sep 21 07:16:06.541588: | CERT c7 a6 5c 9b 93 22 54 6f 02 4b 75 00 cf 67 e3 e2 Sep 21 07:16:06.541590: | CERT 07 7c d8 47 8f c1 09 83 cc 70 94 fa 6c 74 c8 55 Sep 21 07:16:06.541593: | CERT 7b 96 2c c1 85 f1 02 98 cd 1d be 85 5c 10 80 dd Sep 21 07:16:06.541595: | CERT bb 89 44 4b 94 fa 5e 56 5c 67 0e 2e c6 62 69 d4 Sep 21 07:16:06.541597: | CERT de 0e 97 31 ed 00 10 7b 83 dc 75 e4 12 fb 00 15 Sep 21 07:16:06.541600: | CERT eb 5d e4 85 6b 0d 07 4b e6 db 86 31 02 03 01 00 Sep 21 07:16:06.541602: | CERT 01 a3 81 e4 30 81 e1 30 09 06 03 55 1d 13 04 02 Sep 21 07:16:06.541604: | CERT 30 00 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 6e Sep 21 07:16:06.541606: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Sep 21 07:16:06.541609: | CERT 72 65 73 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d Sep 21 07:16:06.541611: | CERT 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 16 Sep 21 07:16:06.541613: | CERT 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 Sep 21 07:16:06.541615: | CERT 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 07 Sep 21 07:16:06.541618: | CERT 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 Sep 21 07:16:06.541620: | CERT 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 Sep 21 07:16:06.541622: | CERT 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Sep 21 07:16:06.541625: | CERT 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f Sep 21 07:16:06.541627: | CERT 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 Sep 21 07:16:06.541629: | CERT 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c Sep 21 07:16:06.541631: | CERT 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 Sep 21 07:16:06.541634: | CERT 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 Sep 21 07:16:06.541638: | CERT f7 0d 01 01 0b 05 00 03 81 81 00 c0 be 88 d3 94 Sep 21 07:16:06.541640: | CERT e8 3a e9 d3 b3 fd ed 79 1d 46 48 36 a3 2a 00 15 Sep 21 07:16:06.541643: | CERT 9e 62 f1 22 44 4c 58 20 2e de 7d 7f 95 09 d5 bd Sep 21 07:16:06.541645: | CERT 95 29 e4 f8 99 e3 8f c0 67 b4 eb f6 4b a3 4e 69 Sep 21 07:16:06.541647: | CERT 48 de 1c 93 9f 22 c8 b7 ca bb e8 0c af 7e 5a cd Sep 21 07:16:06.541649: | CERT 90 0c b9 e5 4b 4a de cc c3 7c ea e6 3f 96 0c b5 Sep 21 07:16:06.541652: | CERT dc 5f 88 2d e7 e2 cc f5 f3 90 76 dc b3 05 1d 01 Sep 21 07:16:06.541654: | CERT 60 24 b8 8c a2 f7 26 17 04 4f 25 15 bc 7f 1c ff Sep 21 07:16:06.541656: | CERT 4a f7 81 eb 12 63 8b 11 8c 53 ba Sep 21 07:16:06.541659: | emitting length of IKEv2 Certificate Payload: 1232 Sep 21 07:16:06.541662: | IKEv2 CERTREQ: send a cert request? Sep 21 07:16:06.541666: | IKEv2 CERTREQ: OK to send a certificate request Sep 21 07:16:06.541676: | Sending [CERTREQ] of C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org Sep 21 07:16:06.541678: | connection->kind is CK_PERMANENT so send CERTREQ Sep 21 07:16:06.541682: | ****emit IKEv2 Certificate Request Payload: Sep 21 07:16:06.541684: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.541687: | flags: none (0x0) Sep 21 07:16:06.541689: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:16:06.541693: | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ) Sep 21 07:16:06.541696: | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.542475: | located CA cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA for CERTREQ Sep 21 07:16:06.542492: | emitting 20 raw bytes of CA cert public key hash into IKEv2 Certificate Request Payload Sep 21 07:16:06.542496: | CA cert public key hash Sep 21 07:16:06.542499: | 4e cf af 8c 44 87 de 90 be 28 67 b9 ce 53 17 3f Sep 21 07:16:06.542501: | 8e eb 22 c0 Sep 21 07:16:06.542504: | emitting length of IKEv2 Certificate Request Payload: 25 Sep 21 07:16:06.542508: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:16:06.542511: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:16:06.542514: | flags: none (0x0) Sep 21 07:16:06.542516: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:16:06.542520: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:16:06.542523: | next payload chain: setting previous 'IKEv2 Certificate Request Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:16:06.542526: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.542530: | emitting 183 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:16:06.542532: | IDr 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:16:06.542535: | IDr 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:16:06.542537: | IDr 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:16:06.542539: | IDr 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:16:06.542542: | IDr 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:16:06.542544: | IDr 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:16:06.542546: | IDr 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Sep 21 07:16:06.542549: | IDr 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:16:06.542551: | IDr 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Sep 21 07:16:06.542553: | IDr 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Sep 21 07:16:06.542556: | IDr 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:16:06.542560: | IDr 77 61 6e 2e 6f 72 67 Sep 21 07:16:06.542563: | emitting length of IKEv2 Identification - Responder - Payload: 191 Sep 21 07:16:06.542566: | not sending INITIAL_CONTACT Sep 21 07:16:06.542569: | ****emit IKEv2 Authentication Payload: Sep 21 07:16:06.542572: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.542574: | flags: none (0x0) Sep 21 07:16:06.542577: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:16:06.542580: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:16:06.542583: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.542590: | #1 spent 1.35 milliseconds Sep 21 07:16:06.542606: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_RSA Sep 21 07:16:06.542666: | searching for certificate PKK_RSA:AwEAAbrCE vs PKK_RSA:AwEAAbrCE Sep 21 07:16:06.551940: | #1 spent 9.21 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Sep 21 07:16:06.551953: | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload Sep 21 07:16:06.551956: | rsa signature 3f 29 52 4a f7 34 30 22 88 2c 47 57 5d 85 02 e3 Sep 21 07:16:06.551959: | rsa signature 90 59 a4 88 1b 8a 2c 4f 89 be 09 5d d1 e8 30 19 Sep 21 07:16:06.551961: | rsa signature c4 68 fd 3c 10 0c 13 65 c3 45 05 62 d0 e1 e6 f5 Sep 21 07:16:06.551963: | rsa signature b3 21 0a de f7 5d a7 3d b3 63 91 ee e3 b9 9c 97 Sep 21 07:16:06.551966: | rsa signature 25 89 39 9a aa 2b 1f 0a 6b 46 fe 27 57 8e a3 bd Sep 21 07:16:06.551968: | rsa signature de 80 7f f2 16 00 93 17 b1 cf 7e aa 89 31 13 56 Sep 21 07:16:06.551970: | rsa signature ac f4 9f 40 03 8f 7e 44 8b 9c 85 de a4 b4 d6 38 Sep 21 07:16:06.551972: | rsa signature 96 ff 6d 3e 93 b8 d8 31 f8 94 04 eb c9 26 94 30 Sep 21 07:16:06.551975: | rsa signature 12 72 eb ff 06 8d 4a 5d cc 65 b3 cd aa 2f c8 24 Sep 21 07:16:06.551977: | rsa signature 97 61 fe 96 c4 54 5b 04 80 31 b6 5f 39 24 84 7a Sep 21 07:16:06.551979: | rsa signature a8 b6 9c df b5 8e ab 21 e5 05 7c 77 75 fa b5 ec Sep 21 07:16:06.551982: | rsa signature d9 6e ae c4 be fa 74 34 40 62 41 d7 75 81 47 f3 Sep 21 07:16:06.551984: | rsa signature 5d 92 ca 19 b4 c9 5b a2 2a 3c 0e dd 66 d3 cc b7 Sep 21 07:16:06.551986: | rsa signature 31 76 89 d7 cd 67 d3 9d 12 0e e4 77 34 b2 85 27 Sep 21 07:16:06.551989: | rsa signature 57 53 91 06 5d e2 b9 75 62 05 cc 20 df f9 52 81 Sep 21 07:16:06.551991: | rsa signature fb 2d 07 5d cb da 52 a9 a3 33 d8 3b ed 19 22 5a Sep 21 07:16:06.551993: | rsa signature 18 26 d9 89 7e 83 62 03 d4 94 8f 3f 2f 44 47 b9 Sep 21 07:16:06.551996: | rsa signature af 41 1a 10 74 ff da ed 7e 19 47 02 7e d1 eb c5 Sep 21 07:16:06.551998: | rsa signature b7 5b 9e 68 25 0e 7f f5 c5 31 b5 6a c6 a3 d6 62 Sep 21 07:16:06.552000: | rsa signature d7 44 73 f4 9d 7a 29 bb cf 2f 59 9f e2 c8 b9 74 Sep 21 07:16:06.552002: | rsa signature c4 13 8e 16 ce f4 28 5d ce 4f 43 3c cc 21 71 ca Sep 21 07:16:06.552005: | rsa signature 42 59 fa f5 e1 39 cd 64 a8 3a 7a 7f 2d d4 43 de Sep 21 07:16:06.552007: | rsa signature 2f e6 cf 9e be 59 79 a6 63 05 68 f8 4d 95 1c cd Sep 21 07:16:06.552009: | rsa signature 75 7b 1d e6 9c ef 3b 3d 7e 0d 58 25 6b 40 26 48 Sep 21 07:16:06.552013: | #1 spent 9.39 milliseconds in ikev2_calculate_rsa_hash() Sep 21 07:16:06.552017: | emitting length of IKEv2 Authentication Payload: 392 Sep 21 07:16:06.552019: | getting first pending from state #1 Sep 21 07:16:06.552023: | Switching Child connection for #2 to "northnet-eastnets/0x1" from "northnet-eastnets/0x2" Sep 21 07:16:06.552027: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:16:06.552049: | netlink_get_spi: allocated 0x44b898c2 for esp.0@192.1.3.33 Sep 21 07:16:06.552053: | constructing ESP/AH proposals with all DH removed for northnet-eastnets/0x1 (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:16:06.552058: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:16:06.552065: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:16:06.552068: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:16:06.552071: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:16:06.552075: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:06.552079: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:06.552083: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:06.552087: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:06.552095: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:06.552105: | Emitting ikev2_proposals ... Sep 21 07:16:06.552108: | ****emit IKEv2 Security Association Payload: Sep 21 07:16:06.552112: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.552114: | flags: none (0x0) Sep 21 07:16:06.552117: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:06.552120: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.552123: | discarding INTEG=NONE Sep 21 07:16:06.552125: | discarding DH=NONE Sep 21 07:16:06.552128: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:06.552131: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:06.552133: | prop #: 1 (0x1) Sep 21 07:16:06.552135: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:06.552138: | spi size: 4 (0x4) Sep 21 07:16:06.552140: | # transforms: 2 (0x2) Sep 21 07:16:06.552143: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:06.552146: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:06.552148: | our spi 44 b8 98 c2 Sep 21 07:16:06.552151: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.552153: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.552156: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:06.552158: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:06.552161: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.552164: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:06.552167: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:06.552169: | length/value: 256 (0x100) Sep 21 07:16:06.552172: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:06.552174: | discarding INTEG=NONE Sep 21 07:16:06.552176: | discarding DH=NONE Sep 21 07:16:06.552179: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.552181: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:06.552183: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:06.552186: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:06.552189: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.552194: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.552196: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.552199: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:16:06.552201: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:06.552204: | discarding INTEG=NONE Sep 21 07:16:06.552206: | discarding DH=NONE Sep 21 07:16:06.552208: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:06.552211: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:06.552213: | prop #: 2 (0x2) Sep 21 07:16:06.552215: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:06.552218: | spi size: 4 (0x4) Sep 21 07:16:06.552220: | # transforms: 2 (0x2) Sep 21 07:16:06.552223: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:06.552225: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:06.552228: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:06.552230: | our spi 44 b8 98 c2 Sep 21 07:16:06.552233: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.552235: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.552238: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:06.552240: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:06.552243: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.552245: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:06.552248: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:06.552250: | length/value: 128 (0x80) Sep 21 07:16:06.552252: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:06.552255: | discarding INTEG=NONE Sep 21 07:16:06.552257: | discarding DH=NONE Sep 21 07:16:06.552259: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.552261: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:06.552264: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:06.552266: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:06.552269: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.552272: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.552274: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.552277: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:16:06.552279: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:06.552282: | discarding DH=NONE Sep 21 07:16:06.552284: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:06.552286: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:06.552288: | prop #: 3 (0x3) Sep 21 07:16:06.552291: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:06.552293: | spi size: 4 (0x4) Sep 21 07:16:06.552295: | # transforms: 4 (0x4) Sep 21 07:16:06.552298: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:06.552301: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:06.552304: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:06.552306: | our spi 44 b8 98 c2 Sep 21 07:16:06.552308: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.552312: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.552314: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:06.552317: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:06.552319: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.552322: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:06.552324: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:06.552327: | length/value: 256 (0x100) Sep 21 07:16:06.552329: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:06.552331: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.552334: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.552336: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:06.552339: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:06.552341: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.552344: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.552347: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.552349: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.552351: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.552354: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:06.552356: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:06.552359: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.552362: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.552364: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.552367: | discarding DH=NONE Sep 21 07:16:06.552369: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.552371: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:06.552374: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:06.552376: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:06.552379: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.552382: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.552384: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.552386: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:16:06.552389: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:06.552391: | discarding DH=NONE Sep 21 07:16:06.552394: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:06.552396: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:06.552398: | prop #: 4 (0x4) Sep 21 07:16:06.552400: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:06.552403: | spi size: 4 (0x4) Sep 21 07:16:06.552405: | # transforms: 4 (0x4) Sep 21 07:16:06.552408: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:06.552410: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:06.552413: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:06.552415: | our spi 44 b8 98 c2 Sep 21 07:16:06.552418: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.552420: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.552424: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:06.552426: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:06.552429: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.552431: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:06.552434: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:06.552436: | length/value: 128 (0x80) Sep 21 07:16:06.552438: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:06.552441: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.552443: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.552445: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:06.552448: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:06.552451: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.552453: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.552456: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.552458: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.552460: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.552463: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:06.552465: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:06.552468: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.552471: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.552473: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.552475: | discarding DH=NONE Sep 21 07:16:06.552478: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.552480: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:06.552482: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:06.552485: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:06.552488: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.552490: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.552493: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.552495: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:16:06.552498: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:06.552500: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:16:06.552503: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:06.552507: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:06.552510: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.552512: | flags: none (0x0) Sep 21 07:16:06.552514: | number of TS: 1 (0x1) Sep 21 07:16:06.552517: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:16:06.552520: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.552523: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:06.552525: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:06.552528: | IP Protocol ID: 0 (0x0) Sep 21 07:16:06.552530: | start port: 0 (0x0) Sep 21 07:16:06.552532: | end port: 65535 (0xffff) Sep 21 07:16:06.552537: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:06.552539: | IP start c0 00 03 00 Sep 21 07:16:06.552541: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:06.552544: | IP end c0 00 03 ff Sep 21 07:16:06.552546: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:06.552548: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:16:06.552551: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:06.552553: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.552556: | flags: none (0x0) Sep 21 07:16:06.552558: | number of TS: 1 (0x1) Sep 21 07:16:06.552561: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:16:06.552564: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.552566: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:06.552568: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:06.552571: | IP Protocol ID: 0 (0x0) Sep 21 07:16:06.552573: | start port: 0 (0x0) Sep 21 07:16:06.552575: | end port: 65535 (0xffff) Sep 21 07:16:06.552578: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:06.552580: | IP start c0 00 02 00 Sep 21 07:16:06.552582: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:06.552585: | IP end c0 00 02 ff Sep 21 07:16:06.552587: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:06.552589: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:16:06.552592: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:16:06.552594: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:16:06.552597: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:06.552600: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:06.552603: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:06.552606: | emitting length of IKEv2 Encryption Payload: 2274 Sep 21 07:16:06.552608: | emitting length of ISAKMP Message: 2302 Sep 21 07:16:06.552612: | **parse ISAKMP Message: Sep 21 07:16:06.552615: | initiator cookie: Sep 21 07:16:06.552617: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.552619: | responder cookie: Sep 21 07:16:06.552621: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.552623: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:06.552626: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:06.552629: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:06.552631: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:06.552633: | Message ID: 1 (0x1) Sep 21 07:16:06.552636: | length: 2302 (0x8fe) Sep 21 07:16:06.552638: | **parse IKEv2 Encryption Payload: Sep 21 07:16:06.552641: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:16:06.552643: | flags: none (0x0) Sep 21 07:16:06.552645: | length: 2274 (0x8e2) Sep 21 07:16:06.552647: | **emit ISAKMP Message: Sep 21 07:16:06.552650: | initiator cookie: Sep 21 07:16:06.552652: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.552654: | responder cookie: Sep 21 07:16:06.552656: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.552658: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:06.552660: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:06.552663: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:06.552665: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:06.552667: | Message ID: 1 (0x1) Sep 21 07:16:06.552670: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:06.552672: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:16:06.552675: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:16:06.552678: | flags: none (0x0) Sep 21 07:16:06.552681: | fragment number: 1 (0x1) Sep 21 07:16:06.552683: | total fragments: 5 (0x5) Sep 21 07:16:06.552686: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Sep 21 07:16:06.552689: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:16:06.552692: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:16:06.552695: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:16:06.552702: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:16:06.552704: | cleartext fragment 25 00 00 c1 09 00 00 00 30 81 b6 31 0b 30 09 06 Sep 21 07:16:06.552707: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Sep 21 07:16:06.552709: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Sep 21 07:16:06.552711: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Sep 21 07:16:06.552714: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Sep 21 07:16:06.552716: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Sep 21 07:16:06.552718: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 24 30 22 06 03 Sep 21 07:16:06.552721: | cleartext fragment 55 04 03 0c 1b 6e 6f 72 74 68 2e 74 65 73 74 69 Sep 21 07:16:06.552723: | cleartext fragment 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:16:06.552725: | cleartext fragment 31 2f 30 2d 06 09 2a 86 48 86 f7 0d 01 09 01 16 Sep 21 07:16:06.552728: | cleartext fragment 20 75 73 65 72 2d 6e 6f 72 74 68 40 74 65 73 74 Sep 21 07:16:06.552730: | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 Sep 21 07:16:06.552732: | cleartext fragment 67 26 00 04 d0 04 30 82 04 c7 30 82 04 30 a0 03 Sep 21 07:16:06.552734: | cleartext fragment 02 01 02 02 01 06 30 0d 06 09 2a 86 48 86 f7 0d Sep 21 07:16:06.552737: | cleartext fragment 01 01 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 Sep 21 07:16:06.552739: | cleartext fragment 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 Sep 21 07:16:06.552741: | cleartext fragment 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 Sep 21 07:16:06.552744: | cleartext fragment 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 Sep 21 07:16:06.552746: | cleartext fragment 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 Sep 21 07:16:06.552748: | cleartext fragment 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 Sep 21 07:16:06.552750: | cleartext fragment 61 72 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 Sep 21 07:16:06.552753: | cleartext fragment 0c 1c 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 Sep 21 07:16:06.552755: | cleartext fragment 20 43 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 Sep 21 07:16:06.552757: | cleartext fragment 30 22 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 Sep 21 07:16:06.552760: | cleartext fragment 65 73 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e Sep 21 07:16:06.552762: | cleartext fragment 2e 6f 72 67 30 22 18 0f 32 30 31 39 30 39 31 35 Sep 21 07:16:06.552764: | cleartext fragment 31 39 34 34 35 39 5a 18 0f 32 30 32 32 30 39 31 Sep 21 07:16:06.552766: | cleartext fragment 34 31 39 34 34 35 39 5a 30 81 b6 31 0b 30 09 06 Sep 21 07:16:06.552769: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Sep 21 07:16:06.552771: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e Sep 21 07:16:06.552773: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:06.552776: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:16:06.552779: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:16:06.552781: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:16:06.552792: | emitting length of ISAKMP Message: 539 Sep 21 07:16:06.552805: | **emit ISAKMP Message: Sep 21 07:16:06.552808: | initiator cookie: Sep 21 07:16:06.552810: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.552813: | responder cookie: Sep 21 07:16:06.552815: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.552817: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:06.552820: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:06.552822: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:06.552825: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:06.552827: | Message ID: 1 (0x1) Sep 21 07:16:06.552830: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:06.552832: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:16:06.552835: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.552837: | flags: none (0x0) Sep 21 07:16:06.552839: | fragment number: 2 (0x2) Sep 21 07:16:06.552841: | total fragments: 5 (0x5) Sep 21 07:16:06.552844: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:16:06.552847: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:16:06.552850: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:16:06.552852: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:16:06.552856: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:16:06.552858: | cleartext fragment 06 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 Sep 21 07:16:06.552861: | cleartext fragment 30 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 Sep 21 07:16:06.552863: | cleartext fragment 61 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 Sep 21 07:16:06.552865: | cleartext fragment 74 20 44 65 70 61 72 74 6d 65 6e 74 31 24 30 22 Sep 21 07:16:06.552868: | cleartext fragment 06 03 55 04 03 0c 1b 6e 6f 72 74 68 2e 74 65 73 Sep 21 07:16:06.552870: | cleartext fragment 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f Sep 21 07:16:06.552872: | cleartext fragment 72 67 31 2f 30 2d 06 09 2a 86 48 86 f7 0d 01 09 Sep 21 07:16:06.552874: | cleartext fragment 01 16 20 75 73 65 72 2d 6e 6f 72 74 68 40 74 65 Sep 21 07:16:06.552877: | cleartext fragment 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e Sep 21 07:16:06.552879: | cleartext fragment 6f 72 67 30 82 01 a2 30 0d 06 09 2a 86 48 86 f7 Sep 21 07:16:06.552881: | cleartext fragment 0d 01 01 01 05 00 03 82 01 8f 00 30 82 01 8a 02 Sep 21 07:16:06.552884: | cleartext fragment 82 01 81 00 ba c2 12 92 f3 67 1c ca 50 e4 11 97 Sep 21 07:16:06.552886: | cleartext fragment bd e2 74 f8 2d a7 50 1c 73 d5 23 89 43 a9 58 74 Sep 21 07:16:06.552888: | cleartext fragment 05 29 97 ee a9 71 9c 8d 92 44 52 90 56 aa 55 a8 Sep 21 07:16:06.552891: | cleartext fragment 8c 69 5e 32 49 62 fb 18 4f f0 e2 24 38 f0 a3 3c Sep 21 07:16:06.552893: | cleartext fragment 7d 95 a9 03 66 29 11 c0 f2 0c e3 de a1 62 78 96 Sep 21 07:16:06.552895: | cleartext fragment 0e ff d1 f8 93 ac b7 cf 52 33 01 71 ef 46 ad ad Sep 21 07:16:06.552897: | cleartext fragment d4 46 f5 e0 c5 e5 57 42 2f 10 0e 27 24 45 5e d0 Sep 21 07:16:06.552900: | cleartext fragment bd 90 32 70 b9 bb 27 2a 4c 93 a8 87 8c f0 61 5d Sep 21 07:16:06.552902: | cleartext fragment d9 74 91 04 d9 e9 5b e5 31 9c ca e0 5b 2c 3b 17 Sep 21 07:16:06.552904: | cleartext fragment be 1a c9 1c 28 62 24 3c e4 eb d0 1a e4 e3 c4 61 Sep 21 07:16:06.552907: | cleartext fragment b6 9d 1a a9 39 6a b0 92 a6 69 2c 19 b1 57 75 2b Sep 21 07:16:06.552909: | cleartext fragment a8 1b ac 95 2b 35 5a 2f 1f 33 eb 9a 50 d0 4d fa Sep 21 07:16:06.552911: | cleartext fragment 7a 05 9b 59 44 7d ba a6 91 64 c9 4d 4a 01 39 e3 Sep 21 07:16:06.552914: | cleartext fragment 83 11 04 e9 b5 b3 9d 19 1b 35 86 8a e9 e4 8b 28 Sep 21 07:16:06.552917: | cleartext fragment e9 57 06 58 e2 cb a6 24 35 73 37 7c 05 25 07 5f Sep 21 07:16:06.552920: | cleartext fragment b6 df 3f 8b ab 5f e7 e4 38 d2 69 f6 1f 68 e9 7b Sep 21 07:16:06.552922: | cleartext fragment 4f 2f fd 11 62 0e 47 ee 67 3b 0e 71 d8 9a 35 1b Sep 21 07:16:06.552924: | cleartext fragment e4 4f 56 64 fd c1 66 02 69 2e 08 ac e7 43 ca 55 Sep 21 07:16:06.552926: | cleartext fragment 47 97 ae 83 19 50 e4 9d c7 a6 5c 9b 93 22 Sep 21 07:16:06.552929: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:06.552932: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:16:06.552934: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:16:06.552937: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:16:06.552939: | emitting length of ISAKMP Message: 539 Sep 21 07:16:06.552945: | **emit ISAKMP Message: Sep 21 07:16:06.552948: | initiator cookie: Sep 21 07:16:06.552950: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.552952: | responder cookie: Sep 21 07:16:06.552955: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.552957: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:06.552959: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:06.552962: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:06.552964: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:06.552967: | Message ID: 1 (0x1) Sep 21 07:16:06.552969: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:06.552972: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:16:06.552974: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.552976: | flags: none (0x0) Sep 21 07:16:06.552978: | fragment number: 3 (0x3) Sep 21 07:16:06.552981: | total fragments: 5 (0x5) Sep 21 07:16:06.552984: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:16:06.552986: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:16:06.552989: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:16:06.552992: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:16:06.552995: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:16:06.552997: | cleartext fragment 54 6f 02 4b 75 00 cf 67 e3 e2 07 7c d8 47 8f c1 Sep 21 07:16:06.552999: | cleartext fragment 09 83 cc 70 94 fa 6c 74 c8 55 7b 96 2c c1 85 f1 Sep 21 07:16:06.553002: | cleartext fragment 02 98 cd 1d be 85 5c 10 80 dd bb 89 44 4b 94 fa Sep 21 07:16:06.553004: | cleartext fragment 5e 56 5c 67 0e 2e c6 62 69 d4 de 0e 97 31 ed 00 Sep 21 07:16:06.553006: | cleartext fragment 10 7b 83 dc 75 e4 12 fb 00 15 eb 5d e4 85 6b 0d Sep 21 07:16:06.553009: | cleartext fragment 07 4b e6 db 86 31 02 03 01 00 01 a3 81 e4 30 81 Sep 21 07:16:06.553011: | cleartext fragment e1 30 09 06 03 55 1d 13 04 02 30 00 30 26 06 03 Sep 21 07:16:06.553013: | cleartext fragment 55 1d 11 04 1f 30 1d 82 1b 6e 6f 72 74 68 2e 74 Sep 21 07:16:06.553015: | cleartext fragment 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Sep 21 07:16:06.553018: | cleartext fragment 2e 6f 72 67 30 0b 06 03 55 1d 0f 04 04 03 02 07 Sep 21 07:16:06.553020: | cleartext fragment 80 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 Sep 21 07:16:06.553022: | cleartext fragment 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 Sep 21 07:16:06.553025: | cleartext fragment 30 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 Sep 21 07:16:06.553027: | cleartext fragment 30 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 Sep 21 07:16:06.553029: | cleartext fragment 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 Sep 21 07:16:06.553032: | cleartext fragment 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 Sep 21 07:16:06.553036: | cleartext fragment 35 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 Sep 21 07:16:06.553038: | cleartext fragment a0 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 Sep 21 07:16:06.553040: | cleartext fragment 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 Sep 21 07:16:06.553043: | cleartext fragment 61 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 Sep 21 07:16:06.553045: | cleartext fragment 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 Sep 21 07:16:06.553047: | cleartext fragment 00 03 81 81 00 c0 be 88 d3 94 e8 3a e9 d3 b3 fd Sep 21 07:16:06.553049: | cleartext fragment ed 79 1d 46 48 36 a3 2a 00 15 9e 62 f1 22 44 4c Sep 21 07:16:06.553052: | cleartext fragment 58 20 2e de 7d 7f 95 09 d5 bd 95 29 e4 f8 99 e3 Sep 21 07:16:06.553054: | cleartext fragment 8f c0 67 b4 eb f6 4b a3 4e 69 48 de 1c 93 9f 22 Sep 21 07:16:06.553056: | cleartext fragment c8 b7 ca bb e8 0c af 7e 5a cd 90 0c b9 e5 4b 4a Sep 21 07:16:06.553059: | cleartext fragment de cc c3 7c ea e6 3f 96 0c b5 dc 5f 88 2d e7 e2 Sep 21 07:16:06.553061: | cleartext fragment cc f5 f3 90 76 dc b3 05 1d 01 60 24 b8 8c a2 f7 Sep 21 07:16:06.553063: | cleartext fragment 26 17 04 4f 25 15 bc 7f 1c ff 4a f7 81 eb 12 63 Sep 21 07:16:06.553066: | cleartext fragment 8b 11 8c 53 ba 24 00 00 19 04 4e cf af 8c Sep 21 07:16:06.553068: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:06.553071: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:16:06.553073: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:16:06.553076: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:16:06.553078: | emitting length of ISAKMP Message: 539 Sep 21 07:16:06.553084: | **emit ISAKMP Message: Sep 21 07:16:06.553087: | initiator cookie: Sep 21 07:16:06.553089: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.553091: | responder cookie: Sep 21 07:16:06.553093: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.553095: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:06.553098: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:06.553100: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:06.553103: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:06.553105: | Message ID: 1 (0x1) Sep 21 07:16:06.553107: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:06.553110: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:16:06.553112: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.553114: | flags: none (0x0) Sep 21 07:16:06.553117: | fragment number: 4 (0x4) Sep 21 07:16:06.553119: | total fragments: 5 (0x5) Sep 21 07:16:06.553122: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:16:06.553125: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:16:06.553127: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:16:06.553130: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:16:06.553136: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:16:06.553138: | cleartext fragment 44 87 de 90 be 28 67 b9 ce 53 17 3f 8e eb 22 c0 Sep 21 07:16:06.553141: | cleartext fragment 27 00 00 bf 09 00 00 00 30 81 b4 31 0b 30 09 06 Sep 21 07:16:06.553143: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Sep 21 07:16:06.553145: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Sep 21 07:16:06.553148: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Sep 21 07:16:06.553150: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Sep 21 07:16:06.553152: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Sep 21 07:16:06.553154: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Sep 21 07:16:06.553158: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Sep 21 07:16:06.553160: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Sep 21 07:16:06.553163: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Sep 21 07:16:06.553165: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Sep 21 07:16:06.553167: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 21 Sep 21 07:16:06.553169: | cleartext fragment 00 01 88 01 00 00 00 3f 29 52 4a f7 34 30 22 88 Sep 21 07:16:06.553171: | cleartext fragment 2c 47 57 5d 85 02 e3 90 59 a4 88 1b 8a 2c 4f 89 Sep 21 07:16:06.553174: | cleartext fragment be 09 5d d1 e8 30 19 c4 68 fd 3c 10 0c 13 65 c3 Sep 21 07:16:06.553176: | cleartext fragment 45 05 62 d0 e1 e6 f5 b3 21 0a de f7 5d a7 3d b3 Sep 21 07:16:06.553178: | cleartext fragment 63 91 ee e3 b9 9c 97 25 89 39 9a aa 2b 1f 0a 6b Sep 21 07:16:06.553180: | cleartext fragment 46 fe 27 57 8e a3 bd de 80 7f f2 16 00 93 17 b1 Sep 21 07:16:06.553183: | cleartext fragment cf 7e aa 89 31 13 56 ac f4 9f 40 03 8f 7e 44 8b Sep 21 07:16:06.553185: | cleartext fragment 9c 85 de a4 b4 d6 38 96 ff 6d 3e 93 b8 d8 31 f8 Sep 21 07:16:06.553187: | cleartext fragment 94 04 eb c9 26 94 30 12 72 eb ff 06 8d 4a 5d cc Sep 21 07:16:06.553189: | cleartext fragment 65 b3 cd aa 2f c8 24 97 61 fe 96 c4 54 5b 04 80 Sep 21 07:16:06.553192: | cleartext fragment 31 b6 5f 39 24 84 7a a8 b6 9c df b5 8e ab 21 e5 Sep 21 07:16:06.553194: | cleartext fragment 05 7c 77 75 fa b5 ec d9 6e ae c4 be fa 74 34 40 Sep 21 07:16:06.553196: | cleartext fragment 62 41 d7 75 81 47 f3 5d 92 ca 19 b4 c9 5b a2 2a Sep 21 07:16:06.553198: | cleartext fragment 3c 0e dd 66 d3 cc b7 31 76 89 d7 cd 67 d3 9d 12 Sep 21 07:16:06.553201: | cleartext fragment 0e e4 77 34 b2 85 27 57 53 91 06 5d e2 b9 75 62 Sep 21 07:16:06.553203: | cleartext fragment 05 cc 20 df f9 52 81 fb 2d 07 5d cb da 52 a9 a3 Sep 21 07:16:06.553205: | cleartext fragment 33 d8 3b ed 19 22 5a 18 26 d9 89 7e 83 62 Sep 21 07:16:06.553208: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:06.553210: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:16:06.553213: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:16:06.553216: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:16:06.553218: | emitting length of ISAKMP Message: 539 Sep 21 07:16:06.553224: | **emit ISAKMP Message: Sep 21 07:16:06.553226: | initiator cookie: Sep 21 07:16:06.553228: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.553230: | responder cookie: Sep 21 07:16:06.553232: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.553235: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:06.553237: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:06.553239: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:06.553242: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:06.553244: | Message ID: 1 (0x1) Sep 21 07:16:06.553246: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:06.553249: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:16:06.553251: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.553254: | flags: none (0x0) Sep 21 07:16:06.553256: | fragment number: 5 (0x5) Sep 21 07:16:06.553258: | total fragments: 5 (0x5) Sep 21 07:16:06.553261: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:16:06.553264: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:16:06.553267: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:16:06.553269: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:16:06.553274: | emitting 333 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:16:06.553276: | cleartext fragment 03 d4 94 8f 3f 2f 44 47 b9 af 41 1a 10 74 ff da Sep 21 07:16:06.553279: | cleartext fragment ed 7e 19 47 02 7e d1 eb c5 b7 5b 9e 68 25 0e 7f Sep 21 07:16:06.553281: | cleartext fragment f5 c5 31 b5 6a c6 a3 d6 62 d7 44 73 f4 9d 7a 29 Sep 21 07:16:06.553283: | cleartext fragment bb cf 2f 59 9f e2 c8 b9 74 c4 13 8e 16 ce f4 28 Sep 21 07:16:06.553285: | cleartext fragment 5d ce 4f 43 3c cc 21 71 ca 42 59 fa f5 e1 39 cd Sep 21 07:16:06.553288: | cleartext fragment 64 a8 3a 7a 7f 2d d4 43 de 2f e6 cf 9e be 59 79 Sep 21 07:16:06.553290: | cleartext fragment a6 63 05 68 f8 4d 95 1c cd 75 7b 1d e6 9c ef 3b Sep 21 07:16:06.553292: | cleartext fragment 3d 7e 0d 58 25 6b 40 26 48 2c 00 00 a4 02 00 00 Sep 21 07:16:06.553294: | cleartext fragment 20 01 03 04 02 44 b8 98 c2 03 00 00 0c 01 00 00 Sep 21 07:16:06.553297: | cleartext fragment 14 80 0e 01 00 00 00 00 08 05 00 00 00 02 00 00 Sep 21 07:16:06.553299: | cleartext fragment 20 02 03 04 02 44 b8 98 c2 03 00 00 0c 01 00 00 Sep 21 07:16:06.553301: | cleartext fragment 14 80 0e 00 80 00 00 00 08 05 00 00 00 02 00 00 Sep 21 07:16:06.553303: | cleartext fragment 30 03 03 04 04 44 b8 98 c2 03 00 00 0c 01 00 00 Sep 21 07:16:06.553306: | cleartext fragment 0c 80 0e 01 00 03 00 00 08 03 00 00 0e 03 00 00 Sep 21 07:16:06.553308: | cleartext fragment 08 03 00 00 0c 00 00 00 08 05 00 00 00 00 00 00 Sep 21 07:16:06.553310: | cleartext fragment 30 04 03 04 04 44 b8 98 c2 03 00 00 0c 01 00 00 Sep 21 07:16:06.553312: | cleartext fragment 0c 80 0e 00 80 03 00 00 08 03 00 00 0e 03 00 00 Sep 21 07:16:06.553315: | cleartext fragment 08 03 00 00 0c 00 00 00 08 05 00 00 00 2d 00 00 Sep 21 07:16:06.553317: | cleartext fragment 18 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 03 Sep 21 07:16:06.553319: | cleartext fragment 00 c0 00 03 ff 00 00 00 18 01 00 00 00 07 00 00 Sep 21 07:16:06.553321: | cleartext fragment 10 00 00 ff ff c0 00 02 00 c0 00 02 ff Sep 21 07:16:06.553324: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:06.553327: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:16:06.553329: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:16:06.553332: | emitting length of IKEv2 Encrypted Fragment: 366 Sep 21 07:16:06.553334: | emitting length of ISAKMP Message: 394 Sep 21 07:16:06.553344: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:06.553349: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:06.553354: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:16:06.553357: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:16:06.553360: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:16:06.553363: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:16:06.553369: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:16:06.553374: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:16:06.553378: "northnet-eastnets/0x1" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:16:06.553388: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:16:06.553391: | sending fragments ... Sep 21 07:16:06.553397: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:06.553401: | 14 26 af c6 81 2a 4f 05 e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.553404: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Sep 21 07:16:06.553406: | 00 01 00 05 47 de 23 9f b2 73 20 05 e7 1f a4 93 Sep 21 07:16:06.553408: | 0d 86 cd 8b 80 ab 2c 20 6f 05 96 39 c2 73 bf c1 Sep 21 07:16:06.553410: | 87 56 95 41 4d b5 31 88 1e 24 ea b4 5d f5 af 73 Sep 21 07:16:06.553412: | 64 2b f7 a1 a7 62 32 fd d4 39 52 92 93 70 86 e7 Sep 21 07:16:06.553414: | 01 eb e0 c0 e2 e4 6a 8e a8 b1 f3 93 98 6e 82 fd Sep 21 07:16:06.553417: | 4e 36 ae 98 99 8d 37 1c 23 86 18 06 7a bc 50 ef Sep 21 07:16:06.553419: | 0b 7a ad b4 3e fe 68 17 b1 b4 68 ec 71 b7 04 68 Sep 21 07:16:06.553421: | 70 a6 40 40 63 77 d3 aa a0 48 61 dc 07 c2 99 e1 Sep 21 07:16:06.553423: | 81 ff 75 74 65 78 be aa 5c 12 a0 21 0e aa 28 2a Sep 21 07:16:06.553425: | 33 32 06 c9 c6 24 0c 8b e3 6e 8c 04 f7 0e 2e c2 Sep 21 07:16:06.553427: | 60 af e8 06 59 6c 42 b3 e0 a0 7a a3 e9 62 cd 91 Sep 21 07:16:06.553429: | d3 c9 53 a0 42 cd f3 60 e0 78 67 06 bd a5 a1 40 Sep 21 07:16:06.553431: | 57 cf ac a3 de e3 1b 69 6a 7e 4f 2e 2c 55 4d 18 Sep 21 07:16:06.553433: | 94 a1 9a 02 fd 8e 0b f6 54 d8 17 27 dd fa 03 c5 Sep 21 07:16:06.553436: | c6 69 9f c8 57 2c 7c d0 ac 2f c1 7f 51 b4 de aa Sep 21 07:16:06.553438: | 8d 4f af f1 38 9d 17 87 9e 51 bc ef 89 47 27 cf Sep 21 07:16:06.553440: | 18 34 ff b1 67 af 0a 99 8e 4b 95 02 27 2f 21 db Sep 21 07:16:06.553442: | b6 82 b1 f5 17 3f 02 40 27 ff aa a6 a5 82 a7 3d Sep 21 07:16:06.553444: | c0 ef a7 12 2d 9b 5b 83 99 19 97 68 5e b3 df 41 Sep 21 07:16:06.553446: | e1 d0 17 c6 5d e1 ef cb ac 20 c2 26 7d ba f2 b5 Sep 21 07:16:06.553448: | 67 d6 79 a9 6f 37 5f 40 90 dd fa bc 1a a0 fa 35 Sep 21 07:16:06.553451: | 94 0c 27 a2 83 d6 8a 50 94 e0 1c 09 63 25 83 2c Sep 21 07:16:06.553453: | 14 84 82 05 0d eb 8c 0f 92 20 85 cd 44 3f f7 3c Sep 21 07:16:06.553455: | 2c 4e 23 a7 a9 a9 a9 ea f7 b5 53 a3 86 66 8d e1 Sep 21 07:16:06.553457: | 04 ab 55 b6 e2 6b 76 e8 d4 61 59 ce 61 cc d2 02 Sep 21 07:16:06.553460: | fa e0 3c ed 68 bb 7a 45 07 b9 7b 64 78 d3 1f 65 Sep 21 07:16:06.553462: | 4b df 29 fd a4 2f c5 04 39 0d 00 34 30 a1 79 3c Sep 21 07:16:06.553464: | bf 21 cb a5 2e d0 ea 08 fd ec 68 09 3f 58 51 f1 Sep 21 07:16:06.553466: | 59 b3 12 f0 ec 57 46 ee 26 d2 8c d6 ca 03 f3 38 Sep 21 07:16:06.553468: | 47 79 e6 7e ac 91 7a 4b 4c 30 bf d9 82 c3 d6 79 Sep 21 07:16:06.553471: | d5 39 3a 59 52 fd 67 9e 4b 5a f3 12 fe 98 db 47 Sep 21 07:16:06.553473: | c2 d3 00 1f be f1 65 51 bb c6 13 Sep 21 07:16:06.553524: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:06.553527: | 14 26 af c6 81 2a 4f 05 e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.553530: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:16:06.553532: | 00 02 00 05 68 e5 be d0 ad 50 e2 8f 62 42 44 06 Sep 21 07:16:06.553534: | c3 88 b5 ae 8f ce 0b d8 64 13 8a f8 1d d8 a6 5b Sep 21 07:16:06.553536: | 8b 72 67 15 38 76 f4 9f e3 e3 ea d6 cc 10 07 24 Sep 21 07:16:06.553539: | e9 b9 ff 57 28 c9 a7 fe 85 90 52 46 46 0b 70 7c Sep 21 07:16:06.553541: | ea 90 30 84 85 d5 09 f7 57 90 8c a8 39 9c 9d b9 Sep 21 07:16:06.553543: | 5a f0 5a 3c b9 b7 d9 cb 37 6d 87 95 d7 91 71 6b Sep 21 07:16:06.553545: | dd b4 3c f0 9d d1 b9 4a da b6 41 67 02 c3 36 ac Sep 21 07:16:06.553547: | 33 bf 1e c4 d3 f9 37 e8 26 e9 34 0b 6f 74 df 12 Sep 21 07:16:06.553549: | 86 86 07 62 42 39 be f6 c4 9e 94 2d ab d4 fc dc Sep 21 07:16:06.553551: | 1c ff 84 6d b4 5d 9b 61 f4 c9 15 41 b1 a9 59 06 Sep 21 07:16:06.553553: | be 3e e9 dc 4d 04 e9 59 ea 5a 77 06 6e 77 d0 bc Sep 21 07:16:06.553555: | f9 80 d8 2a f6 e8 95 3c 24 57 3b b0 82 e5 6e 23 Sep 21 07:16:06.553557: | 61 97 46 9b e4 70 36 09 6a d0 aa 29 3c 7b a5 e8 Sep 21 07:16:06.553560: | e7 bb 8e d7 af 3f 19 27 43 58 76 19 17 bf b8 7d Sep 21 07:16:06.553568: | bd 65 df 4c 9b e1 48 bf b1 76 25 ea 37 26 ab 6b Sep 21 07:16:06.553570: | ee db 4e b3 b0 69 4a 1e 32 81 a5 41 f0 b0 11 9f Sep 21 07:16:06.553572: | 8e 57 e5 a7 58 6b d0 83 b4 c8 1e 83 9f b1 c2 17 Sep 21 07:16:06.553574: | 18 62 88 c3 d5 2a 1f 49 66 23 15 d0 15 70 75 5b Sep 21 07:16:06.553577: | f6 0e 7f fb 3d f6 9f 87 9f b4 a0 25 08 6f 3c 32 Sep 21 07:16:06.553579: | 71 6b e4 13 ce b5 ab 0b 8f 4e 04 5e 64 fe 93 e8 Sep 21 07:16:06.553581: | 2d 2a af b5 31 1b d7 06 e0 ae a3 5f 8b 7e cd 77 Sep 21 07:16:06.553584: | f1 fd 10 06 2f 91 d1 ce 57 a8 16 7f 12 92 e6 c2 Sep 21 07:16:06.553586: | bd a1 51 99 98 7f 0a 15 01 ed 41 f8 57 d9 c2 02 Sep 21 07:16:06.553588: | d2 84 9d 9a 4a 47 09 2e c3 62 c6 a3 fb 03 8a b8 Sep 21 07:16:06.553590: | 07 24 02 d7 41 d3 b0 c5 a4 ea 0e e4 85 e5 fc f1 Sep 21 07:16:06.553592: | 6b ee 90 de 68 05 86 dc 69 7e c0 47 df 92 7f a0 Sep 21 07:16:06.553594: | 6b 73 7b 6c fb d2 f6 71 5c ae 03 6c 1e e3 5f b2 Sep 21 07:16:06.553597: | 7e 6f ab a4 9c 8b 61 dc bc 42 ad 9a 8a 4f 91 f3 Sep 21 07:16:06.553599: | dc ff 9c 41 42 5b 92 c9 89 b7 0b d4 55 cc 1e 5d Sep 21 07:16:06.553601: | 1b 59 38 e3 fe 4f a5 d7 5c 6a 21 89 93 fc 99 98 Sep 21 07:16:06.553603: | b5 31 38 4e b3 d4 9c 81 67 e3 7f 1a 8c 41 e4 ac Sep 21 07:16:06.553605: | f3 21 10 76 ce 72 57 c6 f1 c7 57 Sep 21 07:16:06.553624: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:06.553628: | 14 26 af c6 81 2a 4f 05 e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.553630: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:16:06.553632: | 00 03 00 05 cf 5d ab a8 02 e9 15 50 5e 78 1c 34 Sep 21 07:16:06.553634: | 0d a2 c4 d9 7f 46 9b 53 83 56 0c ed e8 c6 84 bd Sep 21 07:16:06.553637: | d4 56 3e 62 83 fa c1 57 78 69 d2 8c 95 80 f7 9d Sep 21 07:16:06.553639: | 22 5b af 1a 4e b7 7e 46 c2 33 47 8a 1a 91 43 70 Sep 21 07:16:06.553641: | e6 5d 3e bb 95 9d 02 43 cf d9 fd 20 18 bb 93 8e Sep 21 07:16:06.553643: | 7c 77 b2 95 78 7e c9 1f df 96 74 7b b8 33 94 74 Sep 21 07:16:06.553646: | ae 8e d2 a6 4d 6d 82 10 9a d3 5a a3 42 71 2d 4a Sep 21 07:16:06.553648: | c1 9f 0f 34 8f 17 c4 f1 2a 42 6d 1c e2 07 ca 10 Sep 21 07:16:06.553650: | 10 d3 b4 6a 0e b0 12 39 52 bc 65 ce 67 6c b5 f5 Sep 21 07:16:06.553652: | da 8c dc a1 87 f4 5a 8b c3 13 d1 31 89 64 2a 87 Sep 21 07:16:06.553655: | f8 69 bc 1a ed 60 ee 8b d5 57 16 e9 57 56 17 bc Sep 21 07:16:06.553657: | 8a d8 52 35 90 1e d1 cd 08 1a 30 70 84 2b 18 3a Sep 21 07:16:06.553659: | 32 4f 5f a3 8d 7e 1d a8 79 75 43 8a 31 b4 42 c7 Sep 21 07:16:06.553662: | 99 6d c6 e7 20 9b 42 f7 3b 30 f2 a7 0c ef 0c 9e Sep 21 07:16:06.553664: | d4 12 b5 97 06 de 54 e8 c2 9c 11 c2 a7 2e 13 86 Sep 21 07:16:06.553666: | a2 70 a1 5c 80 15 8b 63 92 00 0a e9 3d c4 01 c3 Sep 21 07:16:06.553668: | c8 1d 1f ec 13 18 8a b6 7b 8b 98 46 1b 78 a4 cc Sep 21 07:16:06.553671: | ec ce 88 28 7b 90 ac 9e 1a 75 88 9b a7 47 25 e3 Sep 21 07:16:06.553673: | 48 0b 8d ff 92 8e e2 9d bf f3 9d 6c ae 47 5a cd Sep 21 07:16:06.553675: | 9c 82 e0 64 f2 e8 4e 9e 1b 3c 71 8b 5e 16 c6 07 Sep 21 07:16:06.553677: | eb 95 07 6d 58 7b 4d 5c e1 ef a3 9e a3 33 1a 43 Sep 21 07:16:06.553680: | 5f 3c 30 d9 dd 0d be 5d 0b 92 ee 95 f3 91 6e 5e Sep 21 07:16:06.553682: | 0d e5 a6 5f 7a ed f7 03 17 8e 81 7f 26 c5 7b 97 Sep 21 07:16:06.553684: | 4e ad 8a 49 0b ac 04 7e ee da dd cd 83 f0 d3 38 Sep 21 07:16:06.553687: | da 68 a9 7f a0 26 c9 4c 53 08 1d a7 a7 83 9b b7 Sep 21 07:16:06.553689: | b4 a0 7e 7b 0f 2b d6 cb 93 94 0c 93 23 ec f4 28 Sep 21 07:16:06.553691: | 58 07 98 8a 41 bc 01 86 65 a5 8a d9 b7 e8 62 c2 Sep 21 07:16:06.553693: | 50 2d 49 96 55 5c 35 c2 1c b5 f6 20 9a 68 3d 81 Sep 21 07:16:06.553696: | 9f 89 28 57 e6 a2 36 e3 37 b5 23 8b 62 e5 ee fc Sep 21 07:16:06.553698: | f5 f0 15 c5 73 16 f6 15 65 d1 75 20 3f 60 84 21 Sep 21 07:16:06.553702: | 5f 16 a5 5a 34 14 4a b3 bf 59 1e 13 77 2f 84 ac Sep 21 07:16:06.553704: | a9 2d 54 cd 7a 8e b0 f2 f0 f6 bb Sep 21 07:16:06.553717: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:06.553720: | 14 26 af c6 81 2a 4f 05 e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.553722: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:16:06.553725: | 00 04 00 05 86 47 94 5d bc 9b aa 3d 52 e3 fe 2f Sep 21 07:16:06.553727: | c1 52 03 04 4e 6c c5 1e 5e 83 97 b9 87 ef 36 a6 Sep 21 07:16:06.553729: | 4d 3e 42 ab 58 75 bb 49 cc 95 ca 6f a3 fe c8 ca Sep 21 07:16:06.553731: | bb 39 93 33 5e 0c bc e9 5b 41 a8 58 4d c7 e8 c4 Sep 21 07:16:06.553733: | c2 49 69 f1 eb 71 a7 ed e6 56 2e 76 be e5 e0 28 Sep 21 07:16:06.553735: | 5b 8a 95 2e b7 88 54 ff 86 25 09 9c 61 11 2d 1a Sep 21 07:16:06.553737: | dc 01 c1 9f 02 9e 23 6f 5f eb 32 6e 11 35 c6 89 Sep 21 07:16:06.553739: | f5 34 fc 55 d0 15 7e f1 e5 cb af a5 7b f9 1b 94 Sep 21 07:16:06.553742: | 03 bd db 7d 1d aa ec a7 2f 7d 6a 94 be 17 c0 6b Sep 21 07:16:06.553744: | 47 86 88 cc b2 7c 05 0a 34 6b e3 4f ab 51 ba 7e Sep 21 07:16:06.553746: | 72 2f e9 6b ec d0 8f 9e c2 24 5d b0 75 49 ce 20 Sep 21 07:16:06.553748: | f2 03 12 5f 70 9d 47 02 1d c0 a3 10 c2 45 4b 1f Sep 21 07:16:06.553751: | 1d 33 f8 26 84 4f f3 4f df fe f4 e3 ee a8 8c 28 Sep 21 07:16:06.553753: | 12 0a f1 96 8b 14 5d e8 c5 ae ba a9 0c c0 cb b5 Sep 21 07:16:06.553755: | 82 52 99 c7 25 aa 28 33 e8 df 71 a3 ca d9 c4 bd Sep 21 07:16:06.553757: | 0a 7f b8 92 e9 5e 17 8a 44 4b 5f 15 7f f7 56 9c Sep 21 07:16:06.553759: | d4 98 7b b9 22 02 9c 28 0a da 06 bc ba 52 e8 a2 Sep 21 07:16:06.553761: | c1 4e 04 22 8e 6c 62 e5 79 d6 82 2c 0b 37 a2 66 Sep 21 07:16:06.553764: | 85 12 ec 54 e6 e0 2c b8 f8 72 b9 29 d2 9f ef 64 Sep 21 07:16:06.553766: | ef 87 4d 25 c0 62 d3 3a c8 07 d7 fb ea c0 fb 79 Sep 21 07:16:06.553768: | 39 55 d0 8a eb 68 c5 9f 10 c9 06 c2 9a ec 10 10 Sep 21 07:16:06.553770: | 4a 09 60 58 f0 57 78 25 8c f4 2d 12 a3 50 0f e3 Sep 21 07:16:06.553772: | 7d 3a 87 cd 22 ae 75 ba f8 21 4e cb 12 fa 10 95 Sep 21 07:16:06.553774: | 1b 53 2b 42 6d 6d 52 0a 1b 03 d7 d4 26 1b 2b 1f Sep 21 07:16:06.553776: | c0 44 58 3f ce ec 5d 27 0e bd bb 6c 1b bb de 44 Sep 21 07:16:06.553778: | 2f 0c 23 52 d7 ff 15 92 f0 54 7a 20 e6 14 17 69 Sep 21 07:16:06.553781: | d6 cc 9c a9 db 60 ce 78 b6 dd 38 9a a4 8c 16 49 Sep 21 07:16:06.553787: | 22 94 63 1a 81 41 77 16 75 62 af a3 d5 a3 fd a0 Sep 21 07:16:06.553792: | f0 cc ae 94 33 71 03 e6 cc 4d 21 e3 9e d3 e0 40 Sep 21 07:16:06.553794: | 4d 46 af 75 ad 56 67 f7 75 6e 93 9b dc 95 c5 eb Sep 21 07:16:06.553796: | 1a 06 a1 65 00 aa 43 ca c0 d4 2b 42 f5 06 97 47 Sep 21 07:16:06.553798: | 66 25 2c bc ca a5 7c e3 88 77 e1 Sep 21 07:16:06.553813: | sending 394 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:06.553816: | 14 26 af c6 81 2a 4f 05 e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.553818: | 35 20 23 08 00 00 00 01 00 00 01 8a 00 00 01 6e Sep 21 07:16:06.553820: | 00 05 00 05 3c 45 44 75 01 67 b2 01 de 0f 93 44 Sep 21 07:16:06.553823: | 68 b9 17 79 79 10 cc 6d 3f 86 9e 55 7d 76 75 08 Sep 21 07:16:06.553825: | 18 83 dc 85 68 8d b9 d0 4b a7 ae a2 fe d3 0b 63 Sep 21 07:16:06.553827: | c6 32 44 53 b3 d1 c7 39 23 1e 8c c8 a9 34 0e 04 Sep 21 07:16:06.553829: | f7 ff 0c ed 8f 21 7e 49 41 50 de ad 02 dd d0 ae Sep 21 07:16:06.553832: | e9 07 e5 eb 43 01 86 67 ad 28 f1 45 f6 dd b3 22 Sep 21 07:16:06.553834: | 95 0a 58 89 26 43 58 07 90 d6 18 ed bc d7 67 83 Sep 21 07:16:06.553836: | 9a dc e1 3a 54 a5 a5 91 2b ac 5a 3b 26 e4 55 82 Sep 21 07:16:06.553838: | 3a b3 2b b3 70 99 f6 16 c6 4a 49 d7 e1 1b b7 55 Sep 21 07:16:06.553841: | 92 de 85 14 87 e5 ff 3d 58 93 26 d7 e6 62 ab 69 Sep 21 07:16:06.553843: | 27 0b ca 43 70 ab 60 5e 09 1b de d9 b6 c9 27 49 Sep 21 07:16:06.553847: | 93 47 4a c7 60 46 e0 ec 9b f9 7b bc 3a 85 f6 65 Sep 21 07:16:06.553849: | 96 74 34 30 44 f2 1d 67 cf bc 6b ff 3c 98 2a 28 Sep 21 07:16:06.553851: | e7 2e 4b f8 02 53 65 32 3a 1f 91 5a 2b 92 c8 b3 Sep 21 07:16:06.553854: | 0b b4 df a1 a9 3e f3 1f 4c 8d b1 65 54 ff 9e 65 Sep 21 07:16:06.553856: | 3e 6e dc d5 60 18 a6 7a 89 39 47 49 b6 ed b9 de Sep 21 07:16:06.553858: | e3 ef 69 5c 7c f9 92 6d 69 66 2a 54 26 0c 96 51 Sep 21 07:16:06.553860: | 5e a6 52 7c 4c ef 8a 38 75 03 61 5c 25 38 5a 0f Sep 21 07:16:06.553862: | a8 59 20 1a 29 95 1d 97 2e 7f 26 a8 95 3c d2 53 Sep 21 07:16:06.553865: | de 57 3a 05 e1 c9 5d f0 71 7a 9e 6f 90 db 48 37 Sep 21 07:16:06.553867: | 5d f1 97 c4 2f 61 96 cf 77 e1 8f 03 5e 62 39 57 Sep 21 07:16:06.553869: | 4f fc 7b ae 1a ef ee ee 3d 96 54 50 98 04 50 65 Sep 21 07:16:06.553871: | 63 89 08 48 cf 14 2e 27 88 be Sep 21 07:16:06.553881: | sent 5 fragments Sep 21 07:16:06.553884: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:16:06.553887: "northnet-eastnets/0x1" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:16:06.553896: | event_schedule: new EVENT_RETRANSMIT-pe@0x5570b1db7bd0 Sep 21 07:16:06.553900: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Sep 21 07:16:06.553904: | libevent_malloc: new ptr-libevent@0x7efd88006900 size 128 Sep 21 07:16:06.553910: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48812.92216 Sep 21 07:16:06.553914: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:16:06.553919: | #1 spent 1.85 milliseconds Sep 21 07:16:06.553922: | #1 spent 12.6 milliseconds in resume sending helper answer Sep 21 07:16:06.553927: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:06.553931: | libevent_free: release ptr-libevent@0x7efd80006b90 Sep 21 07:16:06.717508: | spent 0.00323 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:06.717535: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:06.717539: | 14 26 af c6 81 2a 4f 05 e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.717542: | 35 20 23 20 00 00 00 01 00 00 02 1b 24 00 01 ff Sep 21 07:16:06.717545: | 00 01 00 05 c2 70 74 8d bd 3e 02 43 f9 10 b0 e6 Sep 21 07:16:06.717548: | f1 d4 1a e8 18 a6 98 00 a4 12 d9 4d 62 3e 3e cf Sep 21 07:16:06.717551: | 65 94 a1 4d 74 67 19 14 09 ce 9f 64 89 09 93 d4 Sep 21 07:16:06.717553: | c2 51 de 59 10 53 a3 65 fd 97 4b d0 22 67 11 09 Sep 21 07:16:06.717555: | bc da 0a 29 57 cd 39 1e 6e 26 b4 48 d7 5e 5f 91 Sep 21 07:16:06.717557: | 54 6c b9 d2 c3 45 b2 ac f9 c4 68 16 8a b4 92 20 Sep 21 07:16:06.717560: | 3d 1a c0 0d 31 0d 01 c8 cd 41 ec b0 9f 14 08 bd Sep 21 07:16:06.717562: | 88 1f f6 a0 04 14 96 ba 9f c1 63 3d e6 68 3c a7 Sep 21 07:16:06.717564: | 2c e3 49 c1 59 6b 9b e2 57 c3 34 20 d3 31 df 50 Sep 21 07:16:06.717566: | ba ce 82 fc 22 95 26 ac 5c 38 e3 42 4d 03 62 8c Sep 21 07:16:06.717569: | 0e ad 10 f2 04 cc 9d f8 57 d4 ae 85 a8 5d b5 66 Sep 21 07:16:06.717571: | b6 8b 77 24 fc f6 e8 8a ad 30 06 af 5e fa 9a 5e Sep 21 07:16:06.717573: | 48 fc 97 bd 31 2a 9f c0 e9 bf 7c df 97 57 02 d3 Sep 21 07:16:06.717576: | e5 d1 26 95 8c 9c 45 da 8d 1b c7 4a 20 d9 fc 9c Sep 21 07:16:06.717578: | 93 7b 11 38 c6 d6 18 b3 75 90 3b f1 b7 5f d0 1a Sep 21 07:16:06.717580: | 3f c6 03 7c ca 10 30 9e ff 74 eb 87 8c 00 50 99 Sep 21 07:16:06.717582: | 6e 9e a8 3e a5 cb 68 3c 91 25 0b 8c 6f cf 1c 18 Sep 21 07:16:06.717585: | 7d aa fb 14 26 0c 5e 5b 8c d9 a2 0d b7 d5 3e 8e Sep 21 07:16:06.717587: | 0f ec 07 ea f1 22 53 f7 19 6b 35 f9 d3 78 de 3d Sep 21 07:16:06.717589: | 0e 9e 22 69 b2 32 81 52 3e 21 80 1b 30 f4 da 4a Sep 21 07:16:06.717591: | f8 09 6c 5e 31 8d 3b f1 76 2c e4 0c f9 c1 4e 5f Sep 21 07:16:06.717596: | bf f1 36 fa 2a 51 51 fd 95 d0 11 ae c5 03 e4 fd Sep 21 07:16:06.717599: | b5 94 5a 3f 5c 70 09 97 da 36 a4 55 25 25 d7 91 Sep 21 07:16:06.717601: | 12 5f 2e 96 6c 1d be 4a 80 22 5b b7 7f 45 18 b8 Sep 21 07:16:06.717603: | 97 ad 37 17 04 bd f8 bc c0 f9 c4 d2 2d 55 39 ec Sep 21 07:16:06.717606: | 7a a0 61 e6 b0 cb 5c b1 a2 c5 12 95 b0 d9 c9 4b Sep 21 07:16:06.717608: | f0 0c f0 04 9d 78 d8 b7 11 60 eb 7b 78 a8 e1 26 Sep 21 07:16:06.717611: | a0 f7 05 3a 02 91 c0 a7 89 70 71 c0 1c f6 73 2d Sep 21 07:16:06.717614: | 7f d4 36 d8 30 00 1a 3e dd 16 41 78 18 4d 72 d9 Sep 21 07:16:06.717616: | 35 1d b1 13 d3 5c bd 45 f8 66 b0 da 18 91 ae 8e Sep 21 07:16:06.717619: | ed 01 02 51 91 77 e5 df 80 89 57 30 fc 90 3a a6 Sep 21 07:16:06.717622: | d5 2e 8f 0c 9c 50 82 d7 a0 fe 6d Sep 21 07:16:06.717628: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:06.717632: | **parse ISAKMP Message: Sep 21 07:16:06.717635: | initiator cookie: Sep 21 07:16:06.717638: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.717641: | responder cookie: Sep 21 07:16:06.717644: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.717647: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:16:06.717650: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:06.717653: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:06.717656: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:06.717659: | Message ID: 1 (0x1) Sep 21 07:16:06.717661: | length: 539 (0x21b) Sep 21 07:16:06.717664: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:06.717668: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:16:06.717672: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:16:06.717678: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:06.717681: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:16:06.717686: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:06.717691: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:06.717694: | #2 is idle Sep 21 07:16:06.717696: | #2 idle Sep 21 07:16:06.717698: | unpacking clear payload Sep 21 07:16:06.717701: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:16:06.717705: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:16:06.717708: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:16:06.717711: | flags: none (0x0) Sep 21 07:16:06.717714: | length: 511 (0x1ff) Sep 21 07:16:06.717717: | fragment number: 1 (0x1) Sep 21 07:16:06.717719: | total fragments: 5 (0x5) Sep 21 07:16:06.717723: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:16:06.717726: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:16:06.717731: | received IKE encrypted fragment number '1', total number '5', next payload '36' Sep 21 07:16:06.717734: | updated IKE fragment state to respond using fragments without waiting for re-transmits Sep 21 07:16:06.717741: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:06.717747: | #1 spent 0.224 milliseconds in ikev2_process_packet() Sep 21 07:16:06.717752: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:06.717756: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:06.717759: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:06.717762: | spent 0.241 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:06.717772: | spent 0.00146 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:06.717780: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:06.717794: | 14 26 af c6 81 2a 4f 05 e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.717798: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:16:06.717801: | 00 02 00 05 e2 a8 5b 30 70 a7 f1 96 6e 7f 83 bc Sep 21 07:16:06.717804: | e0 32 7d cb ef ad 4a 9f 39 71 f7 9d 5e 49 4b 6e Sep 21 07:16:06.717807: | d9 68 1c a9 ed bc c2 36 e2 83 d6 bd b0 b6 eb 99 Sep 21 07:16:06.717809: | 17 fd 2a de e5 39 0a bd ba 53 e4 bd 95 14 8b cf Sep 21 07:16:06.717812: | e6 80 a4 13 62 d4 e1 bb 94 20 19 96 17 93 33 ec Sep 21 07:16:06.717815: | 5a 85 94 07 24 8e 39 be 30 bc c2 8f 5f d6 64 56 Sep 21 07:16:06.717818: | b2 80 c5 0b 65 da 9a 94 65 41 ad c3 68 99 b7 5a Sep 21 07:16:06.717820: | bb 35 4c f9 da 7e 84 ad b4 8a 04 b9 b0 9b 66 3a Sep 21 07:16:06.717823: | 08 6a 83 e0 ef 18 95 83 8b 6c ba 44 6b 3c d2 a4 Sep 21 07:16:06.717826: | 9c 68 5c a0 ac 2f 4d 80 92 64 f3 9e 73 f4 6d 2c Sep 21 07:16:06.717829: | 49 3c 9c 00 25 cf f5 ad 7c b2 f7 81 8c 31 9f 55 Sep 21 07:16:06.717831: | 04 58 98 43 5c 9f a8 61 21 f0 a2 18 bd 43 82 b5 Sep 21 07:16:06.717834: | 8d 08 31 3b 97 dd 99 80 84 34 5a 8e 4e e5 88 b4 Sep 21 07:16:06.717837: | 1f 63 59 ec 7d c6 c8 5e 44 78 09 9e 74 0c a2 fc Sep 21 07:16:06.717839: | 65 1e bd f8 2e 8f 81 9c d6 0c 02 b7 a6 d9 5f f8 Sep 21 07:16:06.717842: | be 5c 21 6f 78 83 60 b8 83 15 05 0e 23 9b 74 8c Sep 21 07:16:06.717845: | 74 23 68 ac 9f 2f 58 2f 72 cd 48 ca e7 d9 11 61 Sep 21 07:16:06.717848: | 48 6a 33 b5 7f f2 5f a6 42 45 c8 ab ee 4d 13 7d Sep 21 07:16:06.717850: | a6 4e 4b 8d c3 57 01 1c 66 23 fa 6d b1 dc 4e cc Sep 21 07:16:06.717852: | a7 00 c0 24 35 d6 00 a5 79 f8 bd ab 3b 55 46 b5 Sep 21 07:16:06.717854: | b5 d5 fb 2f 59 05 37 e1 89 25 62 7a dc 0e a7 77 Sep 21 07:16:06.717857: | 00 43 2d e1 7a 8d 8e 86 ed c5 02 9a d6 43 39 b6 Sep 21 07:16:06.717859: | de 14 94 5d 7d d4 42 a9 6a 44 3b 4a f8 0c d1 9b Sep 21 07:16:06.717861: | ec b3 8e e2 a6 1a 7e 67 49 11 df 00 25 bc 0b 54 Sep 21 07:16:06.717863: | 9b e3 2c 89 89 d0 27 b3 5c 6c 1e 43 5f 89 c6 ef Sep 21 07:16:06.717866: | 45 a3 03 a9 09 77 15 56 c2 2c f2 13 48 84 13 7c Sep 21 07:16:06.717868: | ac 8a 4b 12 f0 48 92 7a 1c 8a af 04 b7 fe 46 b4 Sep 21 07:16:06.717870: | 72 14 27 c8 d6 ef 39 db 36 d1 2a 90 7c 4e 77 e9 Sep 21 07:16:06.717872: | 38 ea 50 07 6b 24 a6 87 fb 03 25 2d ef de cb 3f Sep 21 07:16:06.717875: | 79 69 7c 43 f2 7a ba 22 08 9a 21 e4 05 92 5c 42 Sep 21 07:16:06.717877: | f6 bc 7e 45 c8 78 5a b1 b4 0e 19 72 bf 24 67 ba Sep 21 07:16:06.717879: | 6e 8a 71 ef 6f 29 97 72 c2 38 29 Sep 21 07:16:06.717883: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:06.717886: | **parse ISAKMP Message: Sep 21 07:16:06.717889: | initiator cookie: Sep 21 07:16:06.717891: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.717893: | responder cookie: Sep 21 07:16:06.717896: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.717898: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:16:06.717901: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:06.717904: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:06.717908: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:06.717911: | Message ID: 1 (0x1) Sep 21 07:16:06.717913: | length: 539 (0x21b) Sep 21 07:16:06.717917: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:06.717920: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:16:06.717924: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:16:06.717931: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:06.717935: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:16:06.717940: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:06.717948: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:06.717950: | #2 is idle Sep 21 07:16:06.717953: | #2 idle Sep 21 07:16:06.717955: | unpacking clear payload Sep 21 07:16:06.717957: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:16:06.717960: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:16:06.717962: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.717965: | flags: none (0x0) Sep 21 07:16:06.717967: | length: 511 (0x1ff) Sep 21 07:16:06.717970: | fragment number: 2 (0x2) Sep 21 07:16:06.717972: | total fragments: 5 (0x5) Sep 21 07:16:06.717974: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:16:06.717977: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:16:06.717980: | received IKE encrypted fragment number '2', total number '5', next payload '0' Sep 21 07:16:06.717985: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:06.717990: | #1 spent 0.206 milliseconds in ikev2_process_packet() Sep 21 07:16:06.717994: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:06.717998: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:06.718001: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:06.718006: | spent 0.223 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:06.718015: | spent 0.00175 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:06.718025: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:06.718028: | 14 26 af c6 81 2a 4f 05 e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.718031: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:16:06.718033: | 00 03 00 05 23 0c 02 ce 4c c3 0e a1 93 ff 3a ae Sep 21 07:16:06.718036: | 5e 78 64 d5 72 91 10 8c 30 fb 1c 07 52 e8 3b 02 Sep 21 07:16:06.718039: | 26 3c 6c 70 be f7 65 ca f0 a0 17 5e 44 5a 0d cb Sep 21 07:16:06.718042: | d2 1f b6 27 53 df b5 48 4b c0 08 94 a6 00 b6 b4 Sep 21 07:16:06.718044: | 6c 70 b5 26 14 3d 87 23 f5 3b c5 28 de fe 4e 3f Sep 21 07:16:06.718046: | f6 4c 42 d7 df d2 43 b4 a0 54 20 a8 a9 eb 4c 0a Sep 21 07:16:06.718049: | 72 25 78 b5 5c fd 44 e1 b2 65 05 81 89 bc 25 bf Sep 21 07:16:06.718051: | 4a e2 a2 ea 95 d6 5f 0f a5 9b 89 7d 18 6e e5 3a Sep 21 07:16:06.718053: | a7 9a 0a ca 4a fa 76 d3 e1 38 d8 a1 3b 24 2f 6e Sep 21 07:16:06.718055: | e4 10 45 7e 49 af 9b 2c bd 7f 86 b0 18 41 6b 6b Sep 21 07:16:06.718057: | b4 e8 63 2e 99 bd 71 21 eb 7c 54 e4 46 c1 8d a9 Sep 21 07:16:06.718060: | c7 e4 72 5e f3 b9 f3 c9 f0 ce 3f 94 85 f4 1b 9b Sep 21 07:16:06.718062: | 74 71 16 99 7d da fb 61 a2 2c 22 fb b5 6a e5 56 Sep 21 07:16:06.718064: | 51 f1 8b b9 a6 62 43 a2 db 78 14 a4 52 11 c2 89 Sep 21 07:16:06.718067: | 1d 06 b2 21 8c a3 a6 ae 89 09 74 3c 44 89 2c be Sep 21 07:16:06.718069: | 91 b2 b2 68 e3 96 fb 62 66 32 31 c7 1e 7f e1 8c Sep 21 07:16:06.718071: | 35 ef 4c c7 ed 5b 6f b6 72 a2 9d bd 63 7b 4b 36 Sep 21 07:16:06.718073: | 74 c0 1d db e3 1b f6 eb 93 e2 7d 36 55 8c d0 51 Sep 21 07:16:06.718075: | 5b 84 2a ed f2 f6 59 3b c5 e2 bc 37 96 bb 99 e4 Sep 21 07:16:06.718078: | 5b e9 33 0d 26 51 2d 50 43 97 a8 26 ec bf 1b 4d Sep 21 07:16:06.718080: | 16 82 db 1d 0b a2 07 13 75 9e ca d9 06 fb 5c f9 Sep 21 07:16:06.718083: | 9d 1c 42 e7 5d 56 d5 f1 90 ba 09 de 09 01 35 7e Sep 21 07:16:06.718085: | 6a 27 0d 1b df 24 8a 0d 75 ce 60 2e d3 99 a9 f0 Sep 21 07:16:06.718087: | d1 c2 1d 46 10 b8 7b 81 e1 cf 31 b6 1e a6 1a 91 Sep 21 07:16:06.718089: | 9c 6b 4a 9a 8c d0 03 ec 9b 94 b8 cd e5 5b 2d 94 Sep 21 07:16:06.718092: | e5 cf af 5e 23 63 38 04 6a 02 b5 e2 53 ae a0 33 Sep 21 07:16:06.718094: | f4 f4 4d 47 b5 bc b0 50 c7 db 27 60 e0 11 f0 4f Sep 21 07:16:06.718099: | 3c ef 1b fb cf 6c f1 05 58 df e2 11 d8 49 d8 cf Sep 21 07:16:06.718102: | e5 7b 96 d1 5a 3a 87 3d ed 32 03 9b bc d1 b2 00 Sep 21 07:16:06.718105: | 8a 9c cc f0 e3 6b 6c ed af c2 ce 7d 5b ca 5a 0c Sep 21 07:16:06.718107: | 52 5c 7f cf b7 f2 d9 19 73 bc f4 9f 94 51 44 ad Sep 21 07:16:06.718110: | b4 41 6e 32 1b 9b 84 0d 8d 72 89 Sep 21 07:16:06.718115: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:06.718119: | **parse ISAKMP Message: Sep 21 07:16:06.718121: | initiator cookie: Sep 21 07:16:06.718124: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.718127: | responder cookie: Sep 21 07:16:06.718129: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.718132: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:16:06.718135: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:06.718138: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:06.718141: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:06.718144: | Message ID: 1 (0x1) Sep 21 07:16:06.718146: | length: 539 (0x21b) Sep 21 07:16:06.718149: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:06.718151: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:16:06.718154: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:16:06.718160: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:06.718163: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:16:06.718167: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:06.718171: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:06.718174: | #2 is idle Sep 21 07:16:06.718176: | #2 idle Sep 21 07:16:06.718178: | unpacking clear payload Sep 21 07:16:06.718181: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:16:06.718183: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:16:06.718186: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.718189: | flags: none (0x0) Sep 21 07:16:06.718192: | length: 511 (0x1ff) Sep 21 07:16:06.718194: | fragment number: 3 (0x3) Sep 21 07:16:06.718197: | total fragments: 5 (0x5) Sep 21 07:16:06.718200: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:16:06.718203: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:16:06.718206: | received IKE encrypted fragment number '3', total number '5', next payload '0' Sep 21 07:16:06.718212: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:06.718218: | #1 spent 0.198 milliseconds in ikev2_process_packet() Sep 21 07:16:06.718222: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:06.718226: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:06.718229: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:06.718233: | spent 0.214 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:06.718240: | spent 0.00125 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:06.718248: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:06.718251: | 14 26 af c6 81 2a 4f 05 e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.718253: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Sep 21 07:16:06.718255: | 00 04 00 05 a4 d6 ad f2 e1 67 a9 67 51 b7 39 ff Sep 21 07:16:06.718258: | b0 0e 82 61 aa 6f 5a 1e d5 10 18 74 f2 96 fb 8c Sep 21 07:16:06.718260: | 52 03 5b 38 6d ca 20 e1 cc 5f 7a f9 55 d5 4e 0e Sep 21 07:16:06.718262: | e1 ac 63 e6 d3 73 37 40 e0 e0 38 c0 33 11 20 93 Sep 21 07:16:06.718264: | c2 a8 09 73 6b 8a ed 57 31 da 8f 9b 4e 01 ee b5 Sep 21 07:16:06.718268: | ae 79 da 3a 9c 6e 3b c1 21 64 b9 ed 90 0e c3 12 Sep 21 07:16:06.718271: | 9f 12 d0 bc fc 53 8e b9 cc 0b f5 aa 72 81 29 84 Sep 21 07:16:06.718273: | c0 3d 35 be c0 35 4f ee 44 ff e6 4a 38 e7 70 61 Sep 21 07:16:06.718275: | 45 e6 89 f4 33 c5 cb d0 22 e2 df 81 52 f3 0b 4f Sep 21 07:16:06.718277: | 2f bc 73 be 67 ab 58 4d 2e ab 9e fc 79 a4 be c9 Sep 21 07:16:06.718279: | a2 c7 00 e8 fd 15 09 27 88 4e 7e 0d 98 a9 42 3d Sep 21 07:16:06.718282: | 22 e5 ac c9 9a 09 32 e0 82 df 5f 94 f2 f7 ed 8b Sep 21 07:16:06.718284: | 03 04 b2 1c 8d 2d d3 14 cc 2b d1 a3 28 eb 0f d0 Sep 21 07:16:06.718286: | 39 e4 4e a3 9d bf 65 62 42 c2 5c 75 ad f6 dc 14 Sep 21 07:16:06.718289: | c8 78 29 5d ad 26 98 7f 82 e7 bf 72 52 a1 b4 e0 Sep 21 07:16:06.718291: | de e5 e8 c5 53 85 f9 33 79 b1 9a 39 51 67 07 a0 Sep 21 07:16:06.718293: | ff a5 05 a8 58 63 94 3d 9c be d6 ad 90 d4 90 eb Sep 21 07:16:06.718296: | 5b 24 6c d5 e5 99 68 2a a1 2c a0 cf 08 8e cf 54 Sep 21 07:16:06.718299: | a1 c9 3a 1b 30 23 21 4e 3a 4f 02 12 69 7f b1 d1 Sep 21 07:16:06.718301: | ed e8 55 f9 be 14 56 43 4c 2c c8 19 a1 56 25 c6 Sep 21 07:16:06.718304: | bd 11 d5 14 e7 b9 fb 11 dd 4e 8b 6b ff ff e7 ab Sep 21 07:16:06.718307: | c7 9f 8a 33 42 45 64 23 7a 24 bf f9 f6 27 55 1a Sep 21 07:16:06.718309: | 52 9e 0c a2 fc 5d 61 c3 b6 4f 4d 86 a4 91 bc 35 Sep 21 07:16:06.718312: | 99 ab 0f b0 84 bb 62 71 b1 bf e7 8d 3d 84 41 72 Sep 21 07:16:06.718314: | 25 ff c4 11 e4 39 8f 4b 92 f0 8b 0b 7b fa 9c a3 Sep 21 07:16:06.718317: | 83 70 e8 b4 61 80 c9 5e cc 5b 5e 9b 26 73 2d f0 Sep 21 07:16:06.718320: | 15 e8 e7 2a f5 ce 1d ec 98 7c e0 69 b9 94 01 6a Sep 21 07:16:06.718323: | 66 7e e6 4d 53 0e 98 76 45 17 91 fe 74 ab 43 a3 Sep 21 07:16:06.718325: | fb e5 03 2b d8 85 f6 64 71 8b 9f 48 da 74 c0 f2 Sep 21 07:16:06.718328: | 25 cb 8c e9 0c 49 85 04 5f c9 a2 5c 65 8e 0c c8 Sep 21 07:16:06.718331: | 67 59 3d 56 25 ba 84 f5 3e b6 86 52 87 8e cb ee Sep 21 07:16:06.718333: | d7 11 a1 0c 21 d4 f6 f9 07 b2 99 Sep 21 07:16:06.718338: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:06.718342: | **parse ISAKMP Message: Sep 21 07:16:06.718344: | initiator cookie: Sep 21 07:16:06.718346: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.718349: | responder cookie: Sep 21 07:16:06.718351: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.718353: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:16:06.718356: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:06.718358: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:06.718361: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:06.718363: | Message ID: 1 (0x1) Sep 21 07:16:06.718366: | length: 539 (0x21b) Sep 21 07:16:06.718368: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:06.718371: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:16:06.718374: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:16:06.718380: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:06.718382: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:16:06.718387: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:06.718392: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:06.718395: | #2 is idle Sep 21 07:16:06.718398: | #2 idle Sep 21 07:16:06.718400: | unpacking clear payload Sep 21 07:16:06.718403: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:16:06.718406: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:16:06.718409: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.718412: | flags: none (0x0) Sep 21 07:16:06.718417: | length: 511 (0x1ff) Sep 21 07:16:06.718420: | fragment number: 4 (0x4) Sep 21 07:16:06.718423: | total fragments: 5 (0x5) Sep 21 07:16:06.718426: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:16:06.718429: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:16:06.718432: | received IKE encrypted fragment number '4', total number '5', next payload '0' Sep 21 07:16:06.718437: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:06.718441: | #1 spent 0.197 milliseconds in ikev2_process_packet() Sep 21 07:16:06.718445: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:06.718448: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:06.718451: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:06.718454: | spent 0.21 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:06.718461: | spent 0.00126 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:06.718469: | *received 81 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:06.718472: | 14 26 af c6 81 2a 4f 05 e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.718474: | 35 20 23 20 00 00 00 01 00 00 00 51 00 00 00 35 Sep 21 07:16:06.718477: | 00 05 00 05 14 b6 9d 07 69 35 24 70 c5 ef 17 82 Sep 21 07:16:06.718479: | c7 56 9a 4c d0 1c c8 3d f9 98 7f a0 ee 30 7a 61 Sep 21 07:16:06.718481: | ca 75 11 2a e0 9f 57 43 bf a5 af a0 22 42 53 f3 Sep 21 07:16:06.718483: | 83 Sep 21 07:16:06.718487: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:06.718490: | **parse ISAKMP Message: Sep 21 07:16:06.718492: | initiator cookie: Sep 21 07:16:06.718494: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.718496: | responder cookie: Sep 21 07:16:06.718498: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.718501: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:16:06.718503: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:06.718505: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:06.718508: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:06.718510: | Message ID: 1 (0x1) Sep 21 07:16:06.718512: | length: 81 (0x51) Sep 21 07:16:06.718515: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:06.718518: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:16:06.718521: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:16:06.718526: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:06.718529: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:16:06.718533: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:06.718537: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:06.718540: | #2 is idle Sep 21 07:16:06.718542: | #2 idle Sep 21 07:16:06.718544: | unpacking clear payload Sep 21 07:16:06.718546: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:16:06.718549: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:16:06.718552: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.718555: | flags: none (0x0) Sep 21 07:16:06.718558: | length: 53 (0x35) Sep 21 07:16:06.718560: | fragment number: 5 (0x5) Sep 21 07:16:06.718563: | total fragments: 5 (0x5) Sep 21 07:16:06.718566: | processing payload: ISAKMP_NEXT_v2SKF (len=45) Sep 21 07:16:06.718569: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:16:06.718573: | received IKE encrypted fragment number '5', total number '5', next payload '0' Sep 21 07:16:06.718605: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:16:06.718610: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:16:06.718614: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:16:06.718616: | next payload type: ISAKMP_NEXT_v2CERT (0x25) Sep 21 07:16:06.718619: | flags: none (0x0) Sep 21 07:16:06.718621: | length: 191 (0xbf) Sep 21 07:16:06.718623: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:16:06.718626: | processing payload: ISAKMP_NEXT_v2IDr (len=183) Sep 21 07:16:06.718628: | Now let's proceed with payload (ISAKMP_NEXT_v2CERT) Sep 21 07:16:06.718631: | **parse IKEv2 Certificate Payload: Sep 21 07:16:06.718633: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:16:06.718636: | flags: none (0x0) Sep 21 07:16:06.718638: | length: 1265 (0x4f1) Sep 21 07:16:06.718641: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:16:06.718643: | processing payload: ISAKMP_NEXT_v2CERT (len=1260) Sep 21 07:16:06.718646: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:16:06.718649: | **parse IKEv2 Authentication Payload: Sep 21 07:16:06.718652: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:06.718655: | flags: none (0x0) Sep 21 07:16:06.718657: | length: 392 (0x188) Sep 21 07:16:06.718660: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:16:06.718663: | processing payload: ISAKMP_NEXT_v2AUTH (len=384) Sep 21 07:16:06.718666: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:06.718669: | **parse IKEv2 Security Association Payload: Sep 21 07:16:06.718672: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:16:06.718674: | flags: none (0x0) Sep 21 07:16:06.718677: | length: 36 (0x24) Sep 21 07:16:06.718680: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:16:06.718683: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:16:06.718686: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:06.718689: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:16:06.718691: | flags: none (0x0) Sep 21 07:16:06.718694: | length: 24 (0x18) Sep 21 07:16:06.718697: | number of TS: 1 (0x1) Sep 21 07:16:06.718699: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:16:06.718702: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:16:06.718704: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:06.718706: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.718709: | flags: none (0x0) Sep 21 07:16:06.718711: | length: 24 (0x18) Sep 21 07:16:06.718713: | number of TS: 1 (0x1) Sep 21 07:16:06.718716: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:16:06.718718: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:16:06.718721: | Now let's proceed with state specific processing Sep 21 07:16:06.718723: | calling processor Initiator: process IKE_AUTH response Sep 21 07:16:06.718730: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Sep 21 07:16:06.718734: loading root certificate cache Sep 21 07:16:06.723720: | spent 3.95 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Sep 21 07:16:06.723763: | spent 0.0274 milliseconds in get_root_certs() filtering CAs Sep 21 07:16:06.723772: | #1 spent 4.02 milliseconds in find_and_verify_certs() calling get_root_certs() Sep 21 07:16:06.723775: | checking for known CERT payloads Sep 21 07:16:06.723778: | saving certificate of type 'X509_SIGNATURE' Sep 21 07:16:06.723837: | decoded cert: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:16:06.723847: | #1 spent 0.0564 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Sep 21 07:16:06.723852: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:16:06.723901: | #1 spent 0.0469 milliseconds in find_and_verify_certs() calling crl_update_check() Sep 21 07:16:06.723905: | missing or expired CRL Sep 21 07:16:06.723912: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Sep 21 07:16:06.723915: | verify_end_cert trying profile IPsec Sep 21 07:16:06.724044: | certificate is valid (profile IPsec) Sep 21 07:16:06.724052: | #1 spent 0.139 milliseconds in find_and_verify_certs() calling verify_end_cert() Sep 21 07:16:06.724058: "northnet-eastnets/0x1" #2: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:16:06.724136: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1da4580 Sep 21 07:16:06.724141: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1da7e40 Sep 21 07:16:06.724144: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1dcb1d0 Sep 21 07:16:06.724146: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1da3f60 Sep 21 07:16:06.724148: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5570b1dae1e0 Sep 21 07:16:06.724360: | unreference key: 0x5570b1db4100 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:06.724370: | #1 spent 0.298 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Sep 21 07:16:06.724375: | #1 spent 4.61 milliseconds in decode_certs() Sep 21 07:16:06.724379: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:16:06.724381: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:16:06.724383: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:16:06.724385: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:16:06.724388: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:16:06.724390: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:16:06.724392: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Sep 21 07:16:06.724394: | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:16:06.724396: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Sep 21 07:16:06.724398: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Sep 21 07:16:06.724401: | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:16:06.724403: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Sep 21 07:16:06.724419: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:16:06.724424: | ID_DER_ASN1_DN 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' matched our ID 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:16:06.724427: | X509: CERT and ID matches current connection Sep 21 07:16:06.724435: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:06.724444: "northnet-eastnets/0x1" #2: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:16:06.724478: | verifying AUTH payload Sep 21 07:16:06.724496: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:06.724511: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:16:06.724519: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:06.724530: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:06.724538: | RSA key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:06.724700: | an RSA Sig check passed with *AwEAAbANn [remote certificates] Sep 21 07:16:06.724708: | #1 spent 0.164 milliseconds in try_all_keys() trying a pubkey Sep 21 07:16:06.724711: "northnet-eastnets/0x1" #2: Authenticated using RSA Sep 21 07:16:06.724721: | #1 spent 0.237 milliseconds in ikev2_verify_rsa_hash() Sep 21 07:16:06.724726: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:16:06.724732: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:16:06.724735: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:16:06.724740: | libevent_free: release ptr-libevent@0x5570b1da3ed0 Sep 21 07:16:06.724742: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5570b1daed20 Sep 21 07:16:06.724745: | event_schedule: new EVENT_SA_REKEY-pe@0x5570b1db7080 Sep 21 07:16:06.724749: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:16:06.724752: | libevent_malloc: new ptr-libevent@0x5570b1da3ed0 size 128 Sep 21 07:16:06.724857: | pstats #1 ikev2.ike established Sep 21 07:16:06.724866: | TSi: parsing 1 traffic selectors Sep 21 07:16:06.724870: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:06.724872: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:06.724875: | IP Protocol ID: 0 (0x0) Sep 21 07:16:06.724877: | length: 16 (0x10) Sep 21 07:16:06.724880: | start port: 0 (0x0) Sep 21 07:16:06.724882: | end port: 65535 (0xffff) Sep 21 07:16:06.724885: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:06.724887: | TS low c0 00 03 00 Sep 21 07:16:06.724890: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:06.724892: | TS high c0 00 03 ff Sep 21 07:16:06.724895: | TSi: parsed 1 traffic selectors Sep 21 07:16:06.724897: | TSr: parsing 1 traffic selectors Sep 21 07:16:06.724899: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:06.724902: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:06.724904: | IP Protocol ID: 0 (0x0) Sep 21 07:16:06.724906: | length: 16 (0x10) Sep 21 07:16:06.724909: | start port: 0 (0x0) Sep 21 07:16:06.724911: | end port: 65535 (0xffff) Sep 21 07:16:06.724913: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:06.724916: | TS low c0 00 02 00 Sep 21 07:16:06.724918: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:06.724920: | TS high c0 00 02 ff Sep 21 07:16:06.724923: | TSr: parsed 1 traffic selectors Sep 21 07:16:06.724930: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:16:06.724935: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:06.724942: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:16:06.724945: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:16:06.724948: | TSi[0] port match: YES fitness 65536 Sep 21 07:16:06.724950: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:16:06.724953: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:06.724958: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:06.724964: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:16:06.724966: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:16:06.724969: | TSr[0] port match: YES fitness 65536 Sep 21 07:16:06.724972: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:16:06.724977: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:06.724979: | best fit so far: TSi[0] TSr[0] Sep 21 07:16:06.724982: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:16:06.724984: | printing contents struct traffic_selector Sep 21 07:16:06.724986: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:06.724988: | ipprotoid: 0 Sep 21 07:16:06.724991: | port range: 0-65535 Sep 21 07:16:06.724994: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:16:06.724996: | printing contents struct traffic_selector Sep 21 07:16:06.724999: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:06.725001: | ipprotoid: 0 Sep 21 07:16:06.725003: | port range: 0-65535 Sep 21 07:16:06.725006: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:16:06.725020: | using existing local ESP/AH proposals for northnet-eastnets/0x1 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:06.725024: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:16:06.725027: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:06.725030: | local proposal 1 type PRF has 0 transforms Sep 21 07:16:06.725032: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:06.725035: | local proposal 1 type DH has 1 transforms Sep 21 07:16:06.725037: | local proposal 1 type ESN has 1 transforms Sep 21 07:16:06.725041: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:16:06.725043: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:06.725046: | local proposal 2 type PRF has 0 transforms Sep 21 07:16:06.725048: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:06.725051: | local proposal 2 type DH has 1 transforms Sep 21 07:16:06.725053: | local proposal 2 type ESN has 1 transforms Sep 21 07:16:06.725056: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:16:06.725058: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:06.725060: | local proposal 3 type PRF has 0 transforms Sep 21 07:16:06.725062: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:06.725065: | local proposal 3 type DH has 1 transforms Sep 21 07:16:06.725067: | local proposal 3 type ESN has 1 transforms Sep 21 07:16:06.725070: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:16:06.725072: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:06.725075: | local proposal 4 type PRF has 0 transforms Sep 21 07:16:06.725077: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:06.725079: | local proposal 4 type DH has 1 transforms Sep 21 07:16:06.725082: | local proposal 4 type ESN has 1 transforms Sep 21 07:16:06.725084: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:16:06.725088: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:06.725091: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:06.725093: | length: 32 (0x20) Sep 21 07:16:06.725096: | prop #: 1 (0x1) Sep 21 07:16:06.725098: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:06.725101: | spi size: 4 (0x4) Sep 21 07:16:06.725103: | # transforms: 2 (0x2) Sep 21 07:16:06.725107: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:16:06.725109: | remote SPI fe ac 99 40 Sep 21 07:16:06.725112: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:16:06.725115: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:06.725118: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.725120: | length: 12 (0xc) Sep 21 07:16:06.725122: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:06.725125: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:06.725129: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:06.725132: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:06.725135: | length/value: 256 (0x100) Sep 21 07:16:06.725139: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:06.725142: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:06.725145: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:06.725147: | length: 8 (0x8) Sep 21 07:16:06.725149: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:06.725152: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:06.725155: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:16:06.725158: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:16:06.725162: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:16:06.725165: | remote proposal 1 matches local proposal 1 Sep 21 07:16:06.725168: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:16:06.725173: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=feac9940;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:16:06.725176: | converting proposal to internal trans attrs Sep 21 07:16:06.725181: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:16:06.725345: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:16:06.725350: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Sep 21 07:16:06.725353: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:06.725356: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:06.725359: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:06.725362: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:06.725364: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:06.725369: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:16:06.725373: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:06.725376: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:06.725379: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:06.725381: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:06.725385: | setting IPsec SA replay-window to 32 Sep 21 07:16:06.725388: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Sep 21 07:16:06.725391: | netlink: enabling tunnel mode Sep 21 07:16:06.725394: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:06.725397: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:06.725473: | netlink response for Add SA esp.feac9940@192.1.2.23 included non-error error Sep 21 07:16:06.725477: | set up outgoing SA, ref=0/0 Sep 21 07:16:06.725480: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:06.725483: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:06.725485: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:06.725488: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:06.725491: | setting IPsec SA replay-window to 32 Sep 21 07:16:06.725494: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Sep 21 07:16:06.725497: | netlink: enabling tunnel mode Sep 21 07:16:06.725499: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:06.725502: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:06.725545: | netlink response for Add SA esp.44b898c2@192.1.3.33 included non-error error Sep 21 07:16:06.725549: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:06.725559: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:06.725562: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:06.725605: | raw_eroute result=success Sep 21 07:16:06.725608: | set up incoming SA, ref=0/0 Sep 21 07:16:06.725610: | sr for #2: unrouted Sep 21 07:16:06.725613: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:16:06.725615: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:06.725618: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:06.725621: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:06.725623: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:06.725626: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:06.725629: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:16:06.725633: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:16:06.725636: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:06.725643: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:16:06.725646: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:06.725666: | raw_eroute result=success Sep 21 07:16:06.725670: | running updown command "ipsec _updown" for verb up Sep 21 07:16:06.725672: | command executing up-client Sep 21 07:16:06.725706: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:06.725715: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:06.725736: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RS Sep 21 07:16:06.725739: | popen cmd is 1406 chars long Sep 21 07:16:06.725741: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Sep 21 07:16:06.725744: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PL: Sep 21 07:16:06.725747: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nort: Sep 21 07:16:06.725749: | cmd( 240):h.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='19: Sep 21 07:16:06.725751: | cmd( 320):2.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Sep 21 07:16:06.725754: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='E: Sep 21 07:16:06.725756: | cmd( 480):SP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Sep 21 07:16:06.725759: | cmd( 560):wan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libr: Sep 21 07:16:06.725761: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Sep 21 07:16:06.725764: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Sep 21 07:16:06.725768: | cmd( 800): PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:16:06.725770: | cmd( 880):=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLU: Sep 21 07:16:06.725773: | cmd( 960):TO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF: Sep 21 07:16:06.725775: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Sep 21 07:16:06.725778: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Sep 21 07:16:06.725780: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Sep 21 07:16:06.725786: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Sep 21 07:16:06.725792: | cmd(1360):feac9940 SPI_OUT=0x44b898c2 ipsec _updown 2>&1: Sep 21 07:16:06.755336: | route_and_eroute: firewall_notified: true Sep 21 07:16:06.755354: | running updown command "ipsec _updown" for verb prepare Sep 21 07:16:06.755358: | command executing prepare-client Sep 21 07:16:06.755397: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:06.755406: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:06.755427: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_ Sep 21 07:16:06.755431: | popen cmd is 1411 chars long Sep 21 07:16:06.755434: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:16:06.755436: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Sep 21 07:16:06.755439: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:16:06.755442: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Sep 21 07:16:06.755444: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Sep 21 07:16:06.755447: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Sep 21 07:16:06.755449: | cmd( 480):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=L: Sep 21 07:16:06.755452: | cmd( 560):ibreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing: Sep 21 07:16:06.755454: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Sep 21 07:16:06.755457: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Sep 21 07:16:06.755459: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Sep 21 07:16:06.755462: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Sep 21 07:16:06.755464: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+: Sep 21 07:16:06.755471: | cmd(1040):SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADD: Sep 21 07:16:06.755474: | cmd(1120):RFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLU: Sep 21 07:16:06.755476: | cmd(1200):TO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIEN: Sep 21 07:16:06.755479: | cmd(1280):T='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_: Sep 21 07:16:06.755481: | cmd(1360):IN=0xfeac9940 SPI_OUT=0x44b898c2 ipsec _updown 2>&1: Sep 21 07:16:06.841562: | running updown command "ipsec _updown" for verb route Sep 21 07:16:06.841574: | command executing route-client Sep 21 07:16:06.841612: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:06.841620: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:06.841643: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI Sep 21 07:16:06.841646: | popen cmd is 1409 chars long Sep 21 07:16:06.841649: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Sep 21 07:16:06.841652: | cmd( 80):s/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33': Sep 21 07:16:06.841654: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=n: Sep 21 07:16:06.841657: | cmd( 240):orth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=: Sep 21 07:16:06.841659: | cmd( 320):'192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255: Sep 21 07:16:06.841662: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Sep 21 07:16:06.841664: | cmd( 480):='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Sep 21 07:16:06.841667: | cmd( 560):reswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.l: Sep 21 07:16:06.841669: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Sep 21 07:16:06.841672: | cmd( 720): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Sep 21 07:16:06.841674: | cmd( 800):'0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department,: Sep 21 07:16:06.841677: | cmd( 880): CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' : Sep 21 07:16:06.841679: | cmd( 960):PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SA: Sep 21 07:16:06.841682: | cmd(1040):REF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRF: Sep 21 07:16:06.841685: | cmd(1120):AMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO: Sep 21 07:16:06.841687: | cmd(1200):_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=: Sep 21 07:16:06.841692: | cmd(1280):'0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN: Sep 21 07:16:06.841695: | cmd(1360):=0xfeac9940 SPI_OUT=0x44b898c2 ipsec _updown 2>&1: Sep 21 07:16:06.921331: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x5570b1da2430,sr=0x5570b1da2430} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:16:06.921415: | #1 spent 1.03 milliseconds in install_ipsec_sa() Sep 21 07:16:06.921422: | inR2: instance northnet-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:16:06.921425: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:06.921428: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:16:06.921433: | libevent_free: release ptr-libevent@0x7efd88006900 Sep 21 07:16:06.921436: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5570b1db7bd0 Sep 21 07:16:06.921441: | #2 spent 6.63 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:16:06.921448: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:06.921451: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:16:06.921454: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:16:06.921457: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:16:06.921460: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:16:06.921466: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:16:06.921470: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:06.921473: | pstats #2 ikev2.child established Sep 21 07:16:06.921481: "northnet-eastnets/0x1" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:16:06.921491: | NAT-T: encaps is 'auto' Sep 21 07:16:06.921496: "northnet-eastnets/0x1" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xfeac9940 <0x44b898c2 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:16:06.921500: | releasing whack for #2 (sock=fd@26) Sep 21 07:16:06.921504: | close_any(fd@26) (in release_whack() at state.c:654) Sep 21 07:16:06.921506: | releasing whack and unpending for parent #1 Sep 21 07:16:06.921508: | unpending state #1 connection "northnet-eastnets/0x1" Sep 21 07:16:06.921513: | delete from pending Child SA with 192.1.2.23 "northnet-eastnets/0x1" Sep 21 07:16:06.921515: | removing pending policy for no connection {0x5570b1d4a430} Sep 21 07:16:06.921519: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:16:06.921523: | creating state object #3 at 0x5570b1dbe1a0 Sep 21 07:16:06.921526: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:16:06.921532: | pstats #3 ikev2.child started Sep 21 07:16:06.921535: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA Sep 21 07:16:06.921540: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:06.921546: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:06.921551: | suspend processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:06.921555: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:06.921558: | child state #3: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA) Sep 21 07:16:06.921561: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:16:06.921564: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals) Sep 21 07:16:06.921572: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:16:06.921579: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:16:06.921581: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:16:06.921586: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:16:06.921589: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:06.921593: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:06.921596: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:06.921600: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:06.921607: "northnet-eastnets/0x2": constructed local ESP/AH proposals for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:06.921615: | #3 schedule initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=MODP2048 Sep 21 07:16:06.921618: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x5570b1db7bd0 Sep 21 07:16:06.921622: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Sep 21 07:16:06.921625: | libevent_malloc: new ptr-libevent@0x7efd88006900 size 128 Sep 21 07:16:06.921631: | RESET processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:16:06.921635: | RESET processing: from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:16:06.921638: | delete from pending Child SA with 192.1.2.23 "northnet-eastnets/0x2" Sep 21 07:16:06.921640: | removing pending policy for no connection {0x5570b1d4a4b0} Sep 21 07:16:06.921643: | close_any(fd@24) (in release_whack() at state.c:654) Sep 21 07:16:06.921647: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:16:06.921650: | event_schedule: new EVENT_SA_REKEY-pe@0x5570b1dbb9d0 Sep 21 07:16:06.921653: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:16:06.921655: | libevent_malloc: new ptr-libevent@0x5570b1dc1750 size 128 Sep 21 07:16:06.921658: | libevent_realloc: release ptr-libevent@0x5570b1d84f80 Sep 21 07:16:06.921661: | libevent_realloc: new ptr-libevent@0x5570b1dbec60 size 128 Sep 21 07:16:06.921664: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:06.921668: | #1 spent 7.12 milliseconds in ikev2_process_packet() Sep 21 07:16:06.921672: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:06.921674: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:06.921678: | spent 7.13 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:06.921690: | timer_event_cb: processing event@0x5570b1db7bd0 Sep 21 07:16:06.921693: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Sep 21 07:16:06.921697: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:06.921702: | adding Child Initiator KE and nonce ni work-order 3 for state #3 Sep 21 07:16:06.921705: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5570b1db1c70 Sep 21 07:16:06.921708: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:16:06.921710: | libevent_malloc: new ptr-libevent@0x5570b1dc17e0 size 128 Sep 21 07:16:06.921718: | libevent_free: release ptr-libevent@0x7efd88006900 Sep 21 07:16:06.921723: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x5570b1db7bd0 Sep 21 07:16:06.921727: | #3 spent 0.036 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:16:06.921731: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:16:06.921734: | processing signal PLUTO_SIGCHLD Sep 21 07:16:06.921738: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:06.921742: | spent 0.00452 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:06.921744: | processing signal PLUTO_SIGCHLD Sep 21 07:16:06.921747: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:06.921751: | spent 0.00311 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:06.921753: | processing signal PLUTO_SIGCHLD Sep 21 07:16:06.921756: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:06.921759: | spent 0.00313 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:06.922016: | crypto helper 3 resuming Sep 21 07:16:06.922027: | crypto helper 3 starting work-order 3 for state #3 Sep 21 07:16:06.922032: | crypto helper 3 doing build KE and nonce (Child Initiator KE and nonce ni); request ID 3 Sep 21 07:16:06.923983: | crypto helper 3 finished build KE and nonce (Child Initiator KE and nonce ni); request ID 3 time elapsed 0.001949 seconds Sep 21 07:16:06.924001: | (#3) spent 1.03 milliseconds in crypto helper computing work-order 3: Child Initiator KE and nonce ni (pcr) Sep 21 07:16:06.924005: | crypto helper 3 sending results from work-order 3 for state #3 to event queue Sep 21 07:16:06.924008: | scheduling resume sending helper answer for #3 Sep 21 07:16:06.924012: | libevent_malloc: new ptr-libevent@0x7efd84006900 size 128 Sep 21 07:16:06.924022: | crypto helper 3 waiting (nothing to do) Sep 21 07:16:06.924034: | processing resume sending helper answer for #3 Sep 21 07:16:06.924043: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:06.924046: | crypto helper 3 replies to request ID 3 Sep 21 07:16:06.924049: | calling continuation function 0x5570b193b630 Sep 21 07:16:06.924053: | ikev2_child_outI_continue for #3 STATE_V2_CREATE_I0 Sep 21 07:16:06.924057: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:06.924061: | libevent_free: release ptr-libevent@0x5570b1dc17e0 Sep 21 07:16:06.924064: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5570b1db1c70 Sep 21 07:16:06.924067: | event_schedule: new EVENT_SA_REPLACE-pe@0x5570b1db1c70 Sep 21 07:16:06.924070: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Sep 21 07:16:06.924073: | libevent_malloc: new ptr-libevent@0x5570b1dc17e0 size 128 Sep 21 07:16:06.924078: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:06.924081: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:16:06.924084: | libevent_malloc: new ptr-libevent@0x7efd88006900 size 128 Sep 21 07:16:06.924090: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:06.924093: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND Sep 21 07:16:06.924096: | suspending state #3 and saving MD Sep 21 07:16:06.924098: | #3 is busy; has a suspended MD Sep 21 07:16:06.924103: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:06.924106: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:06.924109: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Sep 21 07:16:06.924114: | #3 spent 0.0665 milliseconds in resume sending helper answer Sep 21 07:16:06.924119: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:06.924127: | libevent_free: release ptr-libevent@0x7efd84006900 Sep 21 07:16:06.924132: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:16:06.924137: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:16:06.924142: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:06.924147: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:16:06.924151: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:16:06.924157: | **emit ISAKMP Message: Sep 21 07:16:06.924160: | initiator cookie: Sep 21 07:16:06.924162: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.924164: | responder cookie: Sep 21 07:16:06.924167: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.924170: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:06.924172: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:06.924175: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:16:06.924178: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:06.924180: | Message ID: 2 (0x2) Sep 21 07:16:06.924183: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:06.924187: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:06.924190: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.924193: | flags: none (0x0) Sep 21 07:16:06.924196: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:06.924199: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.924202: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:06.924225: | netlink_get_spi: allocated 0x7996ec21 for esp.0@192.1.3.33 Sep 21 07:16:06.924228: | Emitting ikev2_proposals ... Sep 21 07:16:06.924230: | ****emit IKEv2 Security Association Payload: Sep 21 07:16:06.924233: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.924235: | flags: none (0x0) Sep 21 07:16:06.924238: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:06.924241: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.924244: | discarding INTEG=NONE Sep 21 07:16:06.924246: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:06.924249: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:06.924251: | prop #: 1 (0x1) Sep 21 07:16:06.924254: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:06.924256: | spi size: 4 (0x4) Sep 21 07:16:06.924259: | # transforms: 3 (0x3) Sep 21 07:16:06.924261: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:06.924264: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:06.924267: | our spi 79 96 ec 21 Sep 21 07:16:06.924269: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.924272: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924274: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:06.924277: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:06.924280: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.924283: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:06.924285: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:06.924288: | length/value: 256 (0x100) Sep 21 07:16:06.924292: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:06.924565: | discarding INTEG=NONE Sep 21 07:16:06.924571: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.924574: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924576: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.924579: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:06.924582: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924585: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.924588: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.924590: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.924593: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:06.924595: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:06.924597: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:06.924600: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924603: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.924606: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.924608: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:16:06.924611: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:06.924613: | discarding INTEG=NONE Sep 21 07:16:06.924616: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:06.924618: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:06.924620: | prop #: 2 (0x2) Sep 21 07:16:06.924623: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:06.924625: | spi size: 4 (0x4) Sep 21 07:16:06.924627: | # transforms: 3 (0x3) Sep 21 07:16:06.924630: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:06.924633: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:06.924636: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:06.924639: | our spi 79 96 ec 21 Sep 21 07:16:06.924641: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.924644: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924646: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:06.924649: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:06.924651: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.924654: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:06.924657: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:06.924659: | length/value: 128 (0x80) Sep 21 07:16:06.924662: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:06.924664: | discarding INTEG=NONE Sep 21 07:16:06.924666: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.924668: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924671: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.924673: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:06.924676: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924679: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.924686: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.924689: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.924691: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:06.924693: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:06.924696: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:06.924699: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924701: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.924704: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.924706: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:16:06.924709: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:06.924711: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:06.924714: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:06.924716: | prop #: 3 (0x3) Sep 21 07:16:06.924718: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:06.924721: | spi size: 4 (0x4) Sep 21 07:16:06.924723: | # transforms: 5 (0x5) Sep 21 07:16:06.924726: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:06.924729: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:06.924731: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:06.924734: | our spi 79 96 ec 21 Sep 21 07:16:06.924736: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.924739: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924741: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:06.924743: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:06.924746: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.924749: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:06.924751: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:06.924753: | length/value: 256 (0x100) Sep 21 07:16:06.924756: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:06.924758: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.924761: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924763: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:06.924766: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:06.924768: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924771: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.924774: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.924776: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.924778: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924781: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:06.924787: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:06.924793: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924796: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.924798: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.924801: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.924805: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924807: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.924809: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:06.924812: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924815: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.924818: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.924820: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.924822: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:06.924825: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:06.924827: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:06.924830: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924833: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.924835: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.924837: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:16:06.924840: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:06.924842: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:06.924845: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:06.924847: | prop #: 4 (0x4) Sep 21 07:16:06.924849: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:06.924852: | spi size: 4 (0x4) Sep 21 07:16:06.924854: | # transforms: 5 (0x5) Sep 21 07:16:06.924857: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:06.924859: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:06.924862: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:06.924865: | our spi 79 96 ec 21 Sep 21 07:16:06.924867: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.924869: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924872: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:06.924874: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:06.924877: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.924879: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:06.924882: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:06.924884: | length/value: 128 (0x80) Sep 21 07:16:06.924886: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:06.924889: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.924891: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924894: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:06.924896: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:06.924899: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924902: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.924904: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.924907: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.924909: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924911: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:06.924914: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:06.924918: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924920: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.924923: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.924925: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.924928: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924930: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.924933: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:06.924935: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924938: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.924941: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.924943: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:06.924945: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:06.924948: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:06.924950: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:06.924953: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.924956: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:06.924958: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:06.924961: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:16:06.924963: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:06.924966: | emitting length of IKEv2 Security Association Payload: 196 Sep 21 07:16:06.924969: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:06.924971: | ****emit IKEv2 Nonce Payload: Sep 21 07:16:06.924974: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.924976: | flags: none (0x0) Sep 21 07:16:06.924979: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:06.924982: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.924985: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:06.924988: | IKEv2 nonce 69 5a 11 b3 ad d8 40 5e 97 b5 71 c6 83 92 f1 dd Sep 21 07:16:06.924990: | IKEv2 nonce e4 4c 8d 5f 0d ba f7 a5 30 9f 17 77 a0 02 07 b1 Sep 21 07:16:06.924993: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:06.924995: | ****emit IKEv2 Key Exchange Payload: Sep 21 07:16:06.924998: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.925000: | flags: none (0x0) Sep 21 07:16:06.925002: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:06.925005: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:06.925008: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.925011: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:06.925013: | ikev2 g^x 9d 50 aa d1 c2 d1 e3 92 55 56 01 57 69 32 70 29 Sep 21 07:16:06.925016: | ikev2 g^x 2b c7 7a 9d 52 eb b4 11 0b 7c ac 82 34 e0 16 7b Sep 21 07:16:06.925018: | ikev2 g^x ae 04 98 d4 a6 1e a0 8a 26 66 ed dd 7e d7 dc 61 Sep 21 07:16:06.925021: | ikev2 g^x ce 26 7c aa 60 ae 06 d2 b2 38 7f c6 54 0e 69 4a Sep 21 07:16:06.925024: | ikev2 g^x eb 4e 6a 8d 9c a4 fe 97 bc b1 27 d8 f2 68 2c b9 Sep 21 07:16:06.925026: | ikev2 g^x 8b 93 0d 62 15 14 56 57 16 cb dd 1a f2 ae e0 48 Sep 21 07:16:06.925029: | ikev2 g^x 5e 62 74 c5 a3 4c dd 8e 7d c1 05 2d 4b b5 02 95 Sep 21 07:16:06.925031: | ikev2 g^x da ae 05 52 5d 65 d3 34 98 aa f3 91 55 83 24 54 Sep 21 07:16:06.925033: | ikev2 g^x 0c ea 63 9a f9 ed 2e f3 be 2c b5 12 d4 34 22 42 Sep 21 07:16:06.925036: | ikev2 g^x f6 5f 68 13 6b 8a 5d 34 1f 14 05 ff db 7b b3 90 Sep 21 07:16:06.925038: | ikev2 g^x d6 ae 77 bd 06 60 21 02 3e c7 d3 52 0b b0 4e 9a Sep 21 07:16:06.925040: | ikev2 g^x e8 99 86 35 8d 9b c5 51 fe 30 32 db 35 0e da 91 Sep 21 07:16:06.925042: | ikev2 g^x 3d 2c 26 d7 87 0e 19 c1 8f c9 66 03 aa 72 b8 08 Sep 21 07:16:06.925045: | ikev2 g^x 3d 91 87 bb 9a 07 a0 7c e6 e0 47 1c b1 12 07 29 Sep 21 07:16:06.925047: | ikev2 g^x 9a e5 82 d9 c8 56 6a 63 ed ed d4 e2 d1 07 03 db Sep 21 07:16:06.925049: | ikev2 g^x 30 42 ef c6 3a c1 2e 9c 0c 0e dd 38 cf 89 b8 62 Sep 21 07:16:06.925051: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:16:06.925055: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:06.925057: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.925060: | flags: none (0x0) Sep 21 07:16:06.925062: | number of TS: 1 (0x1) Sep 21 07:16:06.925065: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:16:06.925068: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.925070: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:06.925073: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:06.925075: | IP Protocol ID: 0 (0x0) Sep 21 07:16:06.925077: | start port: 0 (0x0) Sep 21 07:16:06.925080: | end port: 65535 (0xffff) Sep 21 07:16:06.925083: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:06.925085: | IP start c0 00 03 00 Sep 21 07:16:06.925088: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:06.925090: | IP end c0 00 03 ff Sep 21 07:16:06.925092: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:06.925095: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:16:06.925097: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:06.925099: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.925102: | flags: none (0x0) Sep 21 07:16:06.925104: | number of TS: 1 (0x1) Sep 21 07:16:06.925107: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:16:06.925110: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:06.925112: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:06.925114: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:06.925117: | IP Protocol ID: 0 (0x0) Sep 21 07:16:06.925119: | start port: 0 (0x0) Sep 21 07:16:06.925121: | end port: 65535 (0xffff) Sep 21 07:16:06.925124: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:06.925126: | IP start c0 00 16 00 Sep 21 07:16:06.925129: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:06.925131: | IP end c0 00 16 ff Sep 21 07:16:06.925133: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:06.925136: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:16:06.925138: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:16:06.925141: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:06.925144: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:06.925149: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:06.925151: | emitting length of IKEv2 Encryption Payload: 573 Sep 21 07:16:06.925153: | emitting length of ISAKMP Message: 601 Sep 21 07:16:06.925175: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:06.925179: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_OK Sep 21 07:16:06.925182: | IKEv2: transition from state STATE_V2_CREATE_I0 to state STATE_V2_CREATE_I Sep 21 07:16:06.925185: | child state #3: V2_CREATE_I0(established IKE SA) => V2_CREATE_I(established IKE SA) Sep 21 07:16:06.925188: | Message ID: updating counters for #3 to 4294967295 after switching state Sep 21 07:16:06.925191: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:16:06.925196: | Message ID: sent #1.#3 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1 Sep 21 07:16:06.925200: "northnet-eastnets/0x2" #3: STATE_V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:16:06.925211: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:16:06.925217: | sending 601 bytes for STATE_V2_CREATE_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:06.925220: | 14 26 af c6 81 2a 4f 05 e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.925222: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Sep 21 07:16:06.925224: | 9a f5 2b af fa 0e 6e 16 8f 1a 72 a5 c7 ae 8a f3 Sep 21 07:16:06.925227: | 77 3d 81 71 d3 e3 5b 91 8b aa b2 f2 d2 c2 38 a3 Sep 21 07:16:06.925229: | 2d 63 12 4b af 21 df 9a fe da eb 2d 15 b2 79 21 Sep 21 07:16:06.925231: | ed 76 18 a2 85 34 08 2a ce fd 2d d3 2b bb 4d 99 Sep 21 07:16:06.925233: | 92 a1 82 4b 5a 6a 65 03 da cd 55 1a de 1f 8e d9 Sep 21 07:16:06.925235: | 03 f7 64 42 a2 3a ff 10 cc 49 67 e2 df 22 75 b5 Sep 21 07:16:06.925238: | c8 54 f2 0f 2d 1f a1 5a c7 1d e0 80 9f 3e 2a 94 Sep 21 07:16:06.925240: | ca f2 24 a5 af bf 84 8c d0 33 b4 c0 27 ae 69 8b Sep 21 07:16:06.925242: | 8b 88 17 3d fd 49 ac 43 2c d4 02 6b ab 92 26 c5 Sep 21 07:16:06.925244: | 2c e9 0d dd 43 75 68 8d 72 20 53 91 e6 0f ae 1d Sep 21 07:16:06.925246: | 62 07 cf c8 bd b4 68 93 54 a6 58 73 cc 8c 94 22 Sep 21 07:16:06.925249: | eb 98 82 1a 0f 1c aa 73 b0 fe 18 10 ff 4e 2b cd Sep 21 07:16:06.925251: | 62 bd 3d 0a 1b 69 be 72 c0 93 08 19 6a 73 99 b5 Sep 21 07:16:06.925253: | 23 a7 57 11 7b ee ca 09 e9 a5 27 26 99 5e fd ca Sep 21 07:16:06.925255: | 71 ec d4 ea 9c 62 0e bb a6 1c b1 fe 3a 4d 56 bc Sep 21 07:16:06.925258: | 54 a5 83 56 6a b6 38 48 ba c5 31 86 56 0d 34 a1 Sep 21 07:16:06.925260: | 54 04 7a 74 b7 f7 37 4a 17 b3 7b 7f 2a 53 c1 1c Sep 21 07:16:06.925262: | cd d4 2c cb 17 f8 d8 00 29 e2 53 30 fe 28 c0 98 Sep 21 07:16:06.925264: | 29 fd fd af b2 57 33 97 92 df 60 8d 0d 99 3f 1c Sep 21 07:16:06.925267: | fa 1b 38 02 4f 01 da 3a d9 9f c4 a8 7f 66 fc 97 Sep 21 07:16:06.925269: | 0a 86 1f 2e 52 1b 2d 13 32 9a 19 c8 c9 0b 85 c5 Sep 21 07:16:06.925271: | 2a 73 b3 1f 00 c7 4a b0 21 1f 32 e6 72 08 d4 92 Sep 21 07:16:06.925274: | 6d a4 15 dc d9 c5 7f e3 65 92 6d 63 5b 30 c4 ea Sep 21 07:16:06.925276: | bf 0f 91 f5 22 3d 9c 73 f8 f7 e2 75 76 bc 05 6f Sep 21 07:16:06.925278: | 74 91 96 b0 51 a5 0e 7f 2c 1a c6 cf 6a b2 6d 04 Sep 21 07:16:06.925280: | d8 ab 2a a8 54 48 34 cc ed 32 75 c7 37 c6 3b 97 Sep 21 07:16:06.925282: | b0 bf a8 88 ac 3c 4c 29 31 d1 a6 39 4c 71 d1 5c Sep 21 07:16:06.925285: | f5 a6 69 a1 4b dd 94 54 48 d2 34 da 5f 73 a5 5f Sep 21 07:16:06.925287: | 96 6f 2f d0 92 95 14 36 c7 24 17 d4 d7 62 f7 28 Sep 21 07:16:06.925289: | 8b de 15 65 76 32 04 a0 fe 5a 68 25 68 1a 17 34 Sep 21 07:16:06.925291: | 48 c2 58 27 3a 95 22 bc 94 33 c5 4e 5b de 10 95 Sep 21 07:16:06.925294: | 31 8e 4c 64 ed 5f 94 77 4c f3 c0 61 9b a8 04 f9 Sep 21 07:16:06.925298: | b8 5d c9 ec 07 3f ed 73 1c 24 44 31 6e 01 b4 c8 Sep 21 07:16:06.925300: | f2 d9 bd 16 b2 73 93 68 2c 1e eb 33 85 27 8f 24 Sep 21 07:16:06.925302: | 25 3f b8 b5 b4 b3 b2 55 fb f5 0d 24 58 45 1f fb Sep 21 07:16:06.925304: | 6d 17 0c 86 ea 74 11 e2 75 Sep 21 07:16:06.925863: | state #3 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:16:06.925873: | libevent_free: release ptr-libevent@0x5570b1dc17e0 Sep 21 07:16:06.925876: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5570b1db1c70 Sep 21 07:16:06.925879: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:16:06.925882: "northnet-eastnets/0x2" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:16:06.925890: | event_schedule: new EVENT_RETRANSMIT-pe@0x5570b1db1c70 Sep 21 07:16:06.925893: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #3 Sep 21 07:16:06.925896: | libevent_malloc: new ptr-libevent@0x5570b1dc17e0 size 128 Sep 21 07:16:06.925902: | #3 STATE_V2_CREATE_I: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48813.294154 Sep 21 07:16:06.925908: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:16:06.925913: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:16:06.925917: | #1 spent 1.26 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:16:06.925922: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:16:06.925925: | libevent_free: release ptr-libevent@0x7efd88006900 Sep 21 07:16:06.984661: | spent 0.00257 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:06.984681: | *received 449 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:06.984684: | 14 26 af c6 81 2a 4f 05 e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.984687: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Sep 21 07:16:06.984689: | 48 ca 17 d2 42 3a a7 16 93 da 1e 58 cf 3f cd 83 Sep 21 07:16:06.984691: | 50 dd 37 5a 12 ff b0 a8 fc d5 38 e0 17 e8 2a ab Sep 21 07:16:06.984693: | 19 93 a3 ec 10 a9 18 3c 25 ed 25 a3 34 9e ef 2b Sep 21 07:16:06.984696: | 91 88 56 a9 a1 27 1c 91 cc 15 2c ea d8 3a f9 8b Sep 21 07:16:06.984698: | 1e c3 9d fb 48 b0 33 b9 9e 27 f4 e5 27 d6 9d 55 Sep 21 07:16:06.984700: | a1 9a 73 6b 4f f4 39 c7 df 44 86 6d 64 04 b3 73 Sep 21 07:16:06.984702: | c6 2a 73 38 df 31 da 98 b5 88 ff 4b a0 e0 fc 2c Sep 21 07:16:06.984705: | a7 c2 d6 eb 56 06 09 77 0a af 3a 02 98 dc 8a 5c Sep 21 07:16:06.984707: | fa 01 28 13 9e 1a 7d 75 7f 42 98 c6 0c f5 61 6a Sep 21 07:16:06.984709: | ec 52 93 0e 09 02 c0 c7 6a 61 77 f0 7c ca 3c 37 Sep 21 07:16:06.984712: | 80 eb 07 e8 03 4c 5d 44 1a c0 86 eb 59 1c 7d 32 Sep 21 07:16:06.984714: | a6 0a 1f 73 43 bb 7c 2e 82 ad 61 a1 45 ed 2f 7d Sep 21 07:16:06.984716: | d5 05 30 df bc 04 91 da cd 5e 7a 2c 3b db 3f 96 Sep 21 07:16:06.984718: | ba c2 a7 a9 79 c3 e5 fa 69 e0 67 fe 8e e7 f9 ba Sep 21 07:16:06.984721: | 25 ed cf c6 03 c4 75 b6 91 c9 40 7a 11 fd ab 56 Sep 21 07:16:06.984723: | 55 c5 48 38 30 db 54 fe 79 6a fe b7 7e de 2d 1e Sep 21 07:16:06.984725: | 02 8e 51 6c 63 43 0b 65 cc 2d 1d fa ed 64 56 01 Sep 21 07:16:06.984728: | 34 4b 4a a3 50 d5 e9 1a 6a 3b 2f 5d 33 4d 04 29 Sep 21 07:16:06.984730: | 1f 20 c0 2e 18 1e 63 47 be bc e6 1e 0d 2d 69 5d Sep 21 07:16:06.984732: | cc 8f 0a 1b 21 23 9b 84 76 86 22 1e 16 14 6b e9 Sep 21 07:16:06.984735: | 3e 30 05 f1 bc 89 59 7a 83 b5 cb 8f 31 fb d0 e6 Sep 21 07:16:06.984737: | a5 c1 45 26 38 cc e2 a4 0d 7c b9 b4 68 86 dc 33 Sep 21 07:16:06.984739: | bb 48 a8 c8 10 fb 58 9d de 31 4d f8 08 7c 8f 57 Sep 21 07:16:06.984741: | cb a7 37 05 da c0 8c f8 c1 9d 5b 7e b0 43 56 c8 Sep 21 07:16:06.984746: | 07 37 ae 1a 59 c0 82 ba 67 cf a2 c6 ab 5c e8 af Sep 21 07:16:06.984749: | 80 7b 02 84 a8 93 41 15 82 54 5e 53 56 a5 de 3e Sep 21 07:16:06.984751: | 63 Sep 21 07:16:06.984756: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:06.984759: | **parse ISAKMP Message: Sep 21 07:16:06.984762: | initiator cookie: Sep 21 07:16:06.984764: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:06.984767: | responder cookie: Sep 21 07:16:06.984769: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:06.984772: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:06.984774: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:06.984777: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:16:06.984780: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:06.984782: | Message ID: 2 (0x2) Sep 21 07:16:06.984805: | length: 449 (0x1c1) Sep 21 07:16:06.984809: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Sep 21 07:16:06.984812: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Sep 21 07:16:06.984816: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:16:06.984823: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:06.984826: | State DB: found IKEv2 state #3 in V2_CREATE_I (find_v2_sa_by_initiator_wip) Sep 21 07:16:06.984830: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:06.984835: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:06.984837: | #3 is idle Sep 21 07:16:06.984840: | #3 idle Sep 21 07:16:06.984842: | unpacking clear payload Sep 21 07:16:06.984844: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:06.984847: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:06.984850: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:06.984852: | flags: none (0x0) Sep 21 07:16:06.984855: | length: 421 (0x1a5) Sep 21 07:16:06.984857: | processing payload: ISAKMP_NEXT_v2SK (len=417) Sep 21 07:16:06.984860: | #3 in state V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:16:06.984875: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Sep 21 07:16:06.984878: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:06.984881: | **parse IKEv2 Security Association Payload: Sep 21 07:16:06.984883: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:16:06.984885: | flags: none (0x0) Sep 21 07:16:06.984888: | length: 44 (0x2c) Sep 21 07:16:06.984890: | processing payload: ISAKMP_NEXT_v2SA (len=40) Sep 21 07:16:06.984893: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:16:06.984895: | **parse IKEv2 Nonce Payload: Sep 21 07:16:06.984897: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:16:06.984899: | flags: none (0x0) Sep 21 07:16:06.984902: | length: 36 (0x24) Sep 21 07:16:06.984904: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:16:06.984906: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:16:06.984909: | **parse IKEv2 Key Exchange Payload: Sep 21 07:16:06.984912: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:16:06.984914: | flags: none (0x0) Sep 21 07:16:06.984916: | length: 264 (0x108) Sep 21 07:16:06.984919: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:06.984921: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:16:06.984923: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:16:06.984926: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:06.984928: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:16:06.984931: | flags: none (0x0) Sep 21 07:16:06.984933: | length: 24 (0x18) Sep 21 07:16:06.984935: | number of TS: 1 (0x1) Sep 21 07:16:06.984938: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:16:06.984942: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:16:06.984944: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:06.984947: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:06.984949: | flags: none (0x0) Sep 21 07:16:06.984951: | length: 24 (0x18) Sep 21 07:16:06.984954: | number of TS: 1 (0x1) Sep 21 07:16:06.984956: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:16:06.984959: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:16:06.984964: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:16:06.984967: | forcing ST #3 to CHILD #1.#3 in FSM processor Sep 21 07:16:06.984969: | Now let's proceed with state specific processing Sep 21 07:16:06.984972: | calling processor Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:16:06.984986: | using existing local ESP/AH proposals for northnet-eastnets/0x2 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:06.984989: | Comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:16:06.984992: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:06.984995: | local proposal 1 type PRF has 0 transforms Sep 21 07:16:06.984998: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:06.985000: | local proposal 1 type DH has 1 transforms Sep 21 07:16:06.985002: | local proposal 1 type ESN has 1 transforms Sep 21 07:16:06.985006: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Sep 21 07:16:06.985008: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:06.985010: | local proposal 2 type PRF has 0 transforms Sep 21 07:16:06.985013: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:06.985015: | local proposal 2 type DH has 1 transforms Sep 21 07:16:06.985018: | local proposal 2 type ESN has 1 transforms Sep 21 07:16:06.985021: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Sep 21 07:16:06.985023: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:06.985025: | local proposal 3 type PRF has 0 transforms Sep 21 07:16:06.985028: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:06.985030: | local proposal 3 type DH has 1 transforms Sep 21 07:16:06.985032: | local proposal 3 type ESN has 1 transforms Sep 21 07:16:06.985035: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:16:06.985038: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:06.985040: | local proposal 4 type PRF has 0 transforms Sep 21 07:16:06.985043: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:06.985045: | local proposal 4 type DH has 1 transforms Sep 21 07:16:06.985047: | local proposal 4 type ESN has 1 transforms Sep 21 07:16:06.985050: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:16:06.985053: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:06.985056: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:06.985058: | length: 40 (0x28) Sep 21 07:16:06.985061: | prop #: 1 (0x1) Sep 21 07:16:06.985063: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:06.985065: | spi size: 4 (0x4) Sep 21 07:16:06.985068: | # transforms: 3 (0x3) Sep 21 07:16:06.985071: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:16:06.985073: | remote SPI 77 0d 65 34 Sep 21 07:16:06.985076: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:16:06.985079: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:06.985082: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.985085: | length: 12 (0xc) Sep 21 07:16:06.985088: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:06.985090: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:06.985093: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:06.985095: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:06.985098: | length/value: 256 (0x100) Sep 21 07:16:06.985102: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:06.985105: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:06.985107: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:06.985110: | length: 8 (0x8) Sep 21 07:16:06.985112: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:06.985114: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:06.985118: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:16:06.985120: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:06.985123: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:06.985125: | length: 8 (0x8) Sep 21 07:16:06.985127: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:06.985130: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:06.985133: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:16:06.985136: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Sep 21 07:16:06.985141: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Sep 21 07:16:06.985143: | remote proposal 1 matches local proposal 1 Sep 21 07:16:06.985146: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Sep 21 07:16:06.985151: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=770d6534;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Sep 21 07:16:06.985154: | converting proposal to internal trans attrs Sep 21 07:16:06.985158: | updating #3's .st_oakley with preserved PRF, but why update? Sep 21 07:16:06.985162: | adding ikev2 Child SA initiator pfs=yes work-order 4 for state #3 Sep 21 07:16:06.985165: | state #3 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:06.985168: | #3 STATE_V2_CREATE_I: retransmits: cleared Sep 21 07:16:06.985172: | libevent_free: release ptr-libevent@0x5570b1dc17e0 Sep 21 07:16:06.985175: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5570b1db1c70 Sep 21 07:16:06.985178: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5570b1db1c70 Sep 21 07:16:06.985181: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:16:06.985184: | libevent_malloc: new ptr-libevent@0x5570b1dc17e0 size 128 Sep 21 07:16:06.985194: | #3 spent 0.217 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Sep 21 07:16:06.985199: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:06.985203: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_SUSPEND Sep 21 07:16:06.985205: | suspending state #3 and saving MD Sep 21 07:16:06.985208: | #3 is busy; has a suspended MD Sep 21 07:16:06.985212: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:06.985215: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:06.985220: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:06.985224: | #1 spent 0.535 milliseconds in ikev2_process_packet() Sep 21 07:16:06.985228: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:06.985231: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:06.985235: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:06.985239: | spent 0.55 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:06.988014: | crypto helper 1 resuming Sep 21 07:16:06.988027: | crypto helper 1 starting work-order 4 for state #3 Sep 21 07:16:06.988033: | crypto helper 1 doing crypto (ikev2 Child SA initiator pfs=yes); request ID 4 Sep 21 07:16:06.988973: | crypto helper 1 finished crypto (ikev2 Child SA initiator pfs=yes); request ID 4 time elapsed 0.000941 seconds Sep 21 07:16:06.988986: | (#3) spent 0.945 milliseconds in crypto helper computing work-order 4: ikev2 Child SA initiator pfs=yes (dh) Sep 21 07:16:06.988990: | crypto helper 1 sending results from work-order 4 for state #3 to event queue Sep 21 07:16:06.988992: | scheduling resume sending helper answer for #3 Sep 21 07:16:06.988997: | libevent_malloc: new ptr-libevent@0x7efd78001ef0 size 128 Sep 21 07:16:06.989005: | crypto helper 1 waiting (nothing to do) Sep 21 07:16:06.989015: | processing resume sending helper answer for #3 Sep 21 07:16:06.989027: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:06.989031: | crypto helper 1 replies to request ID 4 Sep 21 07:16:06.989034: | calling continuation function 0x5570b193c4f0 Sep 21 07:16:06.989038: | ikev2_child_inR_continue for #3 STATE_V2_CREATE_I Sep 21 07:16:06.989042: | TSi: parsing 1 traffic selectors Sep 21 07:16:06.989046: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:06.989048: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:06.989051: | IP Protocol ID: 0 (0x0) Sep 21 07:16:06.989053: | length: 16 (0x10) Sep 21 07:16:06.989055: | start port: 0 (0x0) Sep 21 07:16:06.989057: | end port: 65535 (0xffff) Sep 21 07:16:06.989060: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:06.989062: | TS low c0 00 03 00 Sep 21 07:16:06.989064: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:06.989066: | TS high c0 00 03 ff Sep 21 07:16:06.989067: | TSi: parsed 1 traffic selectors Sep 21 07:16:06.989069: | TSr: parsing 1 traffic selectors Sep 21 07:16:06.989072: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:06.989074: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:06.989076: | IP Protocol ID: 0 (0x0) Sep 21 07:16:06.989078: | length: 16 (0x10) Sep 21 07:16:06.989080: | start port: 0 (0x0) Sep 21 07:16:06.989082: | end port: 65535 (0xffff) Sep 21 07:16:06.989084: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:06.989086: | TS low c0 00 16 00 Sep 21 07:16:06.989089: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:06.989091: | TS high c0 00 16 ff Sep 21 07:16:06.989093: | TSr: parsed 1 traffic selectors Sep 21 07:16:06.989100: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Sep 21 07:16:06.989105: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:06.989112: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:16:06.989115: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:16:06.989118: | TSi[0] port match: YES fitness 65536 Sep 21 07:16:06.989120: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:16:06.989123: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:06.989128: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:06.989133: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Sep 21 07:16:06.989136: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:16:06.989139: | TSr[0] port match: YES fitness 65536 Sep 21 07:16:06.989141: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:16:06.989144: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:06.989149: | best fit so far: TSi[0] TSr[0] Sep 21 07:16:06.989151: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:16:06.989155: | printing contents struct traffic_selector Sep 21 07:16:06.989157: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:06.989159: | ipprotoid: 0 Sep 21 07:16:06.989161: | port range: 0-65535 Sep 21 07:16:06.989165: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:16:06.989168: | printing contents struct traffic_selector Sep 21 07:16:06.989170: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:06.989172: | ipprotoid: 0 Sep 21 07:16:06.989174: | port range: 0-65535 Sep 21 07:16:06.989178: | ip range: 192.0.22.0-192.0.22.255 Sep 21 07:16:06.989182: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:16:06.989353: | install_ipsec_sa() for #3: inbound and outbound Sep 21 07:16:06.989357: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Sep 21 07:16:06.989360: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:06.989363: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:06.989366: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:06.989369: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:06.989371: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:06.989375: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Sep 21 07:16:06.989379: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:06.989383: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:06.989385: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:06.989388: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:06.989392: | setting IPsec SA replay-window to 32 Sep 21 07:16:06.989395: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Sep 21 07:16:06.989398: | netlink: enabling tunnel mode Sep 21 07:16:06.989401: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:06.989403: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:06.989484: | netlink response for Add SA esp.770d6534@192.1.2.23 included non-error error Sep 21 07:16:06.989488: | set up outgoing SA, ref=0/0 Sep 21 07:16:06.989491: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:06.989493: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:06.989496: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:06.989498: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:06.989502: | setting IPsec SA replay-window to 32 Sep 21 07:16:06.989504: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Sep 21 07:16:06.989507: | netlink: enabling tunnel mode Sep 21 07:16:06.989509: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:06.989511: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:06.989565: | netlink response for Add SA esp.7996ec21@192.1.3.33 included non-error error Sep 21 07:16:06.989569: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:06.989576: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:06.989580: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:06.989638: | raw_eroute result=success Sep 21 07:16:06.989641: | set up incoming SA, ref=0/0 Sep 21 07:16:06.989643: | sr for #3: unrouted Sep 21 07:16:06.989646: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:16:06.989648: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:06.989651: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:06.989654: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:06.989657: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:06.989662: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:06.989666: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Sep 21 07:16:06.989669: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Sep 21 07:16:06.989672: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:06.989680: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:16:06.989682: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:06.989709: | raw_eroute result=success Sep 21 07:16:06.989712: | running updown command "ipsec _updown" for verb up Sep 21 07:16:06.989715: | command executing up-client Sep 21 07:16:06.989748: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:06.989757: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:06.989778: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Sep 21 07:16:06.989781: | popen cmd is 1408 chars long Sep 21 07:16:06.989791: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Sep 21 07:16:06.989794: | cmd( 80):x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PL: Sep 21 07:16:06.989796: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nort: Sep 21 07:16:06.989799: | cmd( 240):h.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='19: Sep 21 07:16:06.989801: | cmd( 320):2.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Sep 21 07:16:06.989804: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='E: Sep 21 07:16:06.989806: | cmd( 480):SP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Sep 21 07:16:06.989809: | cmd( 560):wan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libr: Sep 21 07:16:06.989811: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' : Sep 21 07:16:06.989814: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Sep 21 07:16:06.989816: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Sep 21 07:16:06.989819: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Sep 21 07:16:06.989821: | cmd( 960):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAR: Sep 21 07:16:06.989824: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Sep 21 07:16:06.989826: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Sep 21 07:16:06.989829: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Sep 21 07:16:06.989833: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Sep 21 07:16:06.989836: | cmd(1360):0x770d6534 SPI_OUT=0x7996ec21 ipsec _updown 2>&1: Sep 21 07:16:07.088744: | route_and_eroute: firewall_notified: true Sep 21 07:16:07.088756: | running updown command "ipsec _updown" for verb prepare Sep 21 07:16:07.088759: | command executing prepare-client Sep 21 07:16:07.088802: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:07.088813: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:07.088835: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CON Sep 21 07:16:07.088838: | popen cmd is 1413 chars long Sep 21 07:16:07.088841: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:16:07.088844: | cmd( 80):ets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Sep 21 07:16:07.088847: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:16:07.088849: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Sep 21 07:16:07.088852: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Sep 21 07:16:07.088855: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TY: Sep 21 07:16:07.088857: | cmd( 480):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=L: Sep 21 07:16:07.088860: | cmd( 560):ibreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing: Sep 21 07:16:07.088862: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Sep 21 07:16:07.088865: | cmd( 720):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Sep 21 07:16:07.088867: | cmd( 800):COL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departm: Sep 21 07:16:07.088870: | cmd( 880):ent, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netk: Sep 21 07:16:07.088872: | cmd( 960):ey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLO: Sep 21 07:16:07.088875: | cmd(1040):W+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_A: Sep 21 07:16:07.088877: | cmd(1120):DDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' P: Sep 21 07:16:07.088880: | cmd(1200):LUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLI: Sep 21 07:16:07.088882: | cmd(1280):ENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP: Sep 21 07:16:07.088885: | cmd(1360):I_IN=0x770d6534 SPI_OUT=0x7996ec21 ipsec _updown 2>&1: Sep 21 07:16:07.189161: | running updown command "ipsec _updown" for verb route Sep 21 07:16:07.189178: | command executing route-client Sep 21 07:16:07.189217: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:07.189226: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:07.189247: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO Sep 21 07:16:07.189251: | popen cmd is 1411 chars long Sep 21 07:16:07.189254: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Sep 21 07:16:07.189256: | cmd( 80):s/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33': Sep 21 07:16:07.189259: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=n: Sep 21 07:16:07.189261: | cmd( 240):orth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=: Sep 21 07:16:07.189264: | cmd( 320):'192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255: Sep 21 07:16:07.189266: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE: Sep 21 07:16:07.189269: | cmd( 480):='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Sep 21 07:16:07.189271: | cmd( 560):reswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.l: Sep 21 07:16:07.189274: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.: Sep 21 07:16:07.189276: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Sep 21 07:16:07.189279: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Sep 21 07:16:07.189281: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Sep 21 07:16:07.189284: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+: Sep 21 07:16:07.189286: | cmd(1040):SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADD: Sep 21 07:16:07.189288: | cmd(1120):RFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLU: Sep 21 07:16:07.189291: | cmd(1200):TO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIEN: Sep 21 07:16:07.189293: | cmd(1280):T='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_: Sep 21 07:16:07.189296: | cmd(1360):IN=0x770d6534 SPI_OUT=0x7996ec21 ipsec _updown 2>&1: Sep 21 07:16:07.310202: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x5570b1dac030,sr=0x5570b1dac030} to #3 (was #0) (newest_ipsec_sa=#0) Sep 21 07:16:07.310430: | #1 spent 1.06 milliseconds in install_ipsec_sa() Sep 21 07:16:07.310438: | inR2: instance northnet-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Sep 21 07:16:07.310442: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:07.310447: | libevent_free: release ptr-libevent@0x5570b1dc17e0 Sep 21 07:16:07.310454: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5570b1db1c70 Sep 21 07:16:07.310462: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:07.310466: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_OK Sep 21 07:16:07.310470: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Sep 21 07:16:07.310473: | child state #3: V2_CREATE_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:16:07.310476: | Message ID: updating counters for #3 to 2 after switching state Sep 21 07:16:07.310482: | Message ID: recv #1.#3 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1; child: wip.initiator=2->-1 wip.responder=-1 Sep 21 07:16:07.310487: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:07.310490: | pstats #3 ikev2.child established Sep 21 07:16:07.310498: "northnet-eastnets/0x2" #3: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.22.0-192.0.22.255:0-65535 0] Sep 21 07:16:07.310509: | NAT-T: encaps is 'auto' Sep 21 07:16:07.310515: "northnet-eastnets/0x2" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x770d6534 <0x7996ec21 xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Sep 21 07:16:07.310519: | releasing whack for #3 (sock=fd@25) Sep 21 07:16:07.310525: | close_any(fd@25) (in release_whack() at state.c:654) Sep 21 07:16:07.310528: | releasing whack and unpending for parent #1 Sep 21 07:16:07.310531: | unpending state #1 connection "northnet-eastnets/0x2" Sep 21 07:16:07.310535: | #3 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Sep 21 07:16:07.310538: | event_schedule: new EVENT_SA_REKEY-pe@0x5570b1db1c70 Sep 21 07:16:07.310541: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #3 Sep 21 07:16:07.310544: | libevent_malloc: new ptr-libevent@0x5570b1dc17e0 size 128 Sep 21 07:16:07.310551: | #3 spent 1.51 milliseconds in resume sending helper answer Sep 21 07:16:07.310556: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:07.310558: | libevent_free: release ptr-libevent@0x7efd78001ef0 Sep 21 07:16:07.310569: | processing signal PLUTO_SIGCHLD Sep 21 07:16:07.310575: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:07.310579: | spent 0.00534 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:07.310582: | processing signal PLUTO_SIGCHLD Sep 21 07:16:07.310585: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:07.310589: | spent 0.00361 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:07.310591: | processing signal PLUTO_SIGCHLD Sep 21 07:16:07.310594: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:07.310598: | spent 0.00337 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:07.420387: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:07.420601: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:07.420607: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:07.420801: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:16:07.420807: | FOR_EACH_STATE_... in sort_states Sep 21 07:16:07.420819: | get_sa_info esp.44b898c2@192.1.3.33 Sep 21 07:16:07.420835: | get_sa_info esp.feac9940@192.1.2.23 Sep 21 07:16:07.420857: | get_sa_info esp.7996ec21@192.1.3.33 Sep 21 07:16:07.420866: | get_sa_info esp.770d6534@192.1.2.23 Sep 21 07:16:07.420889: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:07.420897: | spent 0.514 milliseconds in whack Sep 21 07:16:09.824252: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:09.824276: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:16:09.824281: | FOR_EACH_STATE_... in sort_states Sep 21 07:16:09.824289: | get_sa_info esp.44b898c2@192.1.3.33 Sep 21 07:16:09.824305: | get_sa_info esp.feac9940@192.1.2.23 Sep 21 07:16:09.824325: | get_sa_info esp.7996ec21@192.1.3.33 Sep 21 07:16:09.824334: | get_sa_info esp.770d6534@192.1.2.23 Sep 21 07:16:09.824352: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:09.824361: | spent 0.117 milliseconds in whack Sep 21 07:16:10.739695: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:10.739896: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:10.739904: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:10.740074: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:16:10.740080: | FOR_EACH_STATE_... in sort_states Sep 21 07:16:10.740089: | get_sa_info esp.44b898c2@192.1.3.33 Sep 21 07:16:10.740107: | get_sa_info esp.feac9940@192.1.2.23 Sep 21 07:16:10.740128: | get_sa_info esp.7996ec21@192.1.3.33 Sep 21 07:16:10.740137: | get_sa_info esp.770d6534@192.1.2.23 Sep 21 07:16:10.740157: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:10.740165: | spent 0.475 milliseconds in whack Sep 21 07:16:11.091059: | spent 0.00296 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:11.091082: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:11.091085: | 14 26 af c6 81 2a 4f 05 e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:11.091088: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:16:11.091090: | f8 13 1b 8f 19 0b 95 77 91 96 7a e7 37 7f 31 19 Sep 21 07:16:11.091092: | 88 fd e2 66 0c ad 7e 5d 79 69 d3 5f ff 25 d7 1f Sep 21 07:16:11.091094: | fb 5d a8 45 ae Sep 21 07:16:11.091099: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:11.091102: | **parse ISAKMP Message: Sep 21 07:16:11.091105: | initiator cookie: Sep 21 07:16:11.091107: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:11.091109: | responder cookie: Sep 21 07:16:11.091111: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:11.091114: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:11.091117: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:11.091119: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:11.091122: | flags: none (0x0) Sep 21 07:16:11.091124: | Message ID: 0 (0x0) Sep 21 07:16:11.091126: | length: 69 (0x45) Sep 21 07:16:11.091129: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:16:11.091133: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:16:11.091137: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:16:11.091143: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:11.091146: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:16:11.091150: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:16:11.091153: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:16:11.091157: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Sep 21 07:16:11.091160: | unpacking clear payload Sep 21 07:16:11.091162: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:11.091165: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:11.091168: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:16:11.091170: | flags: none (0x0) Sep 21 07:16:11.091172: | length: 41 (0x29) Sep 21 07:16:11.091175: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:16:11.091179: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:16:11.091185: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:16:11.091201: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:16:11.091204: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:16:11.091207: | **parse IKEv2 Delete Payload: Sep 21 07:16:11.091209: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:11.091211: | flags: none (0x0) Sep 21 07:16:11.091214: | length: 12 (0xc) Sep 21 07:16:11.091217: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:11.091219: | SPI size: 4 (0x4) Sep 21 07:16:11.091221: | number of SPIs: 1 (0x1) Sep 21 07:16:11.091224: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:16:11.091226: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:16:11.091229: | Now let's proceed with state specific processing Sep 21 07:16:11.091231: | calling processor I3: INFORMATIONAL Request Sep 21 07:16:11.091234: | an informational request should send a response Sep 21 07:16:11.091239: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:16:11.091242: | **emit ISAKMP Message: Sep 21 07:16:11.091245: | initiator cookie: Sep 21 07:16:11.091247: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:11.091249: | responder cookie: Sep 21 07:16:11.091251: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:11.091254: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:11.091256: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:11.091259: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:11.091261: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:16:11.091264: | Message ID: 0 (0x0) Sep 21 07:16:11.091267: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:11.091269: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:11.091272: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:11.091274: | flags: none (0x0) Sep 21 07:16:11.091277: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:11.091280: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:11.091283: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:11.091290: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:16:11.091292: | SPI 77 0d 65 34 Sep 21 07:16:11.091295: | delete PROTO_v2_ESP SA(0x770d6534) Sep 21 07:16:11.091298: | v2 CHILD SA #3 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:16:11.091300: | State DB: found IKEv2 state #3 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:16:11.091303: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x770d6534) Sep 21 07:16:11.091306: "northnet-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #3 now Sep 21 07:16:11.091309: | state #3 requesting EVENT_SA_REKEY to be deleted Sep 21 07:16:11.091312: | libevent_free: release ptr-libevent@0x5570b1dc17e0 Sep 21 07:16:11.091315: | free_event_entry: release EVENT_SA_REKEY-pe@0x5570b1db1c70 Sep 21 07:16:11.091318: | event_schedule: new EVENT_SA_REPLACE-pe@0x5570b1db1c70 Sep 21 07:16:11.091322: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3 Sep 21 07:16:11.091325: | libevent_malloc: new ptr-libevent@0x5570b1dc17e0 size 128 Sep 21 07:16:11.091328: | ****emit IKEv2 Delete Payload: Sep 21 07:16:11.091331: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:11.091333: | flags: none (0x0) Sep 21 07:16:11.091336: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:11.091338: | SPI size: 4 (0x4) Sep 21 07:16:11.091340: | number of SPIs: 1 (0x1) Sep 21 07:16:11.091344: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:16:11.091347: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:11.091351: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:16:11.091354: | local SPIs 79 96 ec 21 Sep 21 07:16:11.091356: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:16:11.091359: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:11.091362: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:11.091364: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:11.091367: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:16:11.091369: | emitting length of ISAKMP Message: 69 Sep 21 07:16:11.091381: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:11.091384: | 14 26 af c6 81 2a 4f 05 e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:11.091386: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:16:11.091388: | 93 1a 0c c0 46 ba f4 c7 27 4c 13 3d de 86 3a a8 Sep 21 07:16:11.091390: | 3a 74 a6 cf 38 aa fe e8 9a eb 18 ac c5 25 42 60 Sep 21 07:16:11.091393: | e9 c1 75 52 f9 Sep 21 07:16:11.091425: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:16:11.091431: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:16:11.091437: | #1 spent 0.185 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:16:11.091442: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:11.091446: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:16:11.091449: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:16:11.091453: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:16:11.091457: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:11.091461: "northnet-eastnets/0x2" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:16:11.091465: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:11.091470: | #1 spent 0.382 milliseconds in ikev2_process_packet() Sep 21 07:16:11.091474: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:11.091477: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:11.091480: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:11.091483: | spent 0.396 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:11.091490: | timer_event_cb: processing event@0x5570b1db1c70 Sep 21 07:16:11.091492: | handling event EVENT_SA_REPLACE for child state #3 Sep 21 07:16:11.091497: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:11.091501: | picked newest_ipsec_sa #3 for #3 Sep 21 07:16:11.091503: | replacing stale CHILD SA Sep 21 07:16:11.091507: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:16:11.091509: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:11.091513: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:16:11.091517: | creating state object #4 at 0x5570b1dc8e20 Sep 21 07:16:11.091520: | State DB: adding IKEv2 state #4 in UNDEFINED Sep 21 07:16:11.091524: | pstats #4 ikev2.child started Sep 21 07:16:11.091529: | duplicating state object #1 "northnet-eastnets/0x2" as #4 for IPSEC SA Sep 21 07:16:11.091534: | #4 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:11.091540: | Message ID: init_child #1.#4; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:11.091545: | suspend processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:11.091549: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:11.091553: | child state #4: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:16:11.091565: | using existing local ESP/AH proposals for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:11.091570: | #4 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #3 using IKE# 1 pfs=MODP2048 Sep 21 07:16:11.091573: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7efd84002b20 Sep 21 07:16:11.091577: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Sep 21 07:16:11.091580: | libevent_malloc: new ptr-libevent@0x7efd78001ef0 size 128 Sep 21 07:16:11.091585: | RESET processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:16:11.091588: | event_schedule: new EVENT_SA_EXPIRE-pe@0x5570b1db6f10 Sep 21 07:16:11.091591: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3 Sep 21 07:16:11.091594: | libevent_malloc: new ptr-libevent@0x7efd84006900 size 128 Sep 21 07:16:11.091597: | libevent_free: release ptr-libevent@0x5570b1dc17e0 Sep 21 07:16:11.091599: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5570b1db1c70 Sep 21 07:16:11.091603: | #3 spent 0.113 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:16:11.091606: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:16:11.091610: | timer_event_cb: processing event@0x7efd84002b20 Sep 21 07:16:11.091613: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Sep 21 07:16:11.091617: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:11.091622: | adding Child Rekey Initiator KE and nonce ni work-order 5 for state #4 Sep 21 07:16:11.091625: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5570b1db1c70 Sep 21 07:16:11.091628: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:16:11.091630: | libevent_malloc: new ptr-libevent@0x5570b1dc17e0 size 128 Sep 21 07:16:11.091637: | libevent_free: release ptr-libevent@0x7efd78001ef0 Sep 21 07:16:11.091640: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7efd84002b20 Sep 21 07:16:11.091644: | #4 spent 0.0326 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:16:11.091645: | crypto helper 4 resuming Sep 21 07:16:11.091649: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:16:11.091661: | crypto helper 4 starting work-order 5 for state #4 Sep 21 07:16:11.091663: | timer_event_cb: processing event@0x5570b1db6f10 Sep 21 07:16:11.091666: | handling event EVENT_SA_EXPIRE for child state #3 Sep 21 07:16:11.091668: | crypto helper 4 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 Sep 21 07:16:11.091671: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:11.091681: | picked newest_ipsec_sa #3 for #3 Sep 21 07:16:11.091683: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:16:11.091686: | pstats #3 ikev2.child re-failed exchange-timeout Sep 21 07:16:11.091688: | pstats #3 ikev2.child deleted completed Sep 21 07:16:11.091691: | #3 spent 3.92 milliseconds in total Sep 21 07:16:11.091696: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:11.091699: "northnet-eastnets/0x2" #3: deleting state (STATE_V2_IPSEC_I) aged 4.170s and NOT sending notification Sep 21 07:16:11.091702: | child state #3: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:16:11.091706: | get_sa_info esp.770d6534@192.1.2.23 Sep 21 07:16:11.091718: | get_sa_info esp.7996ec21@192.1.3.33 Sep 21 07:16:11.091725: "northnet-eastnets/0x2" #3: ESP traffic information: in=0B out=168B Sep 21 07:16:11.091729: | child state #3: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:16:11.091888: | running updown command "ipsec _updown" for verb down Sep 21 07:16:11.091896: | command executing down-client Sep 21 07:16:11.091931: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:11.091940: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:11.091961: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050166' PLUTO_ Sep 21 07:16:11.091964: | popen cmd is 1419 chars long Sep 21 07:16:11.091967: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Sep 21 07:16:11.091970: | cmd( 80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' : Sep 21 07:16:11.091972: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=no: Sep 21 07:16:11.091975: | cmd( 240):rth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=': Sep 21 07:16:11.091977: | cmd( 320):192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Sep 21 07:16:11.091980: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE=: Sep 21 07:16:11.091983: | cmd( 480):'ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Sep 21 07:16:11.091985: | cmd( 560):eswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.li: Sep 21 07:16:11.091988: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0: Sep 21 07:16:11.091991: | cmd( 720):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Sep 21 07:16:11.091993: | cmd( 800):='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department: Sep 21 07:16:11.091996: | cmd( 880):, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey': Sep 21 07:16:11.091998: | cmd( 960): PLUTO_ADDTIME='1569050166' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV: Sep 21 07:16:11.092003: | cmd(1040):2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_: Sep 21 07:16:11.092006: | cmd(1120):CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INF: Sep 21 07:16:11.092009: | cmd(1200):O='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_C: Sep 21 07:16:11.092011: | cmd(1280):FG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=': Sep 21 07:16:11.092014: | cmd(1360):no' SPI_IN=0x770d6534 SPI_OUT=0x7996ec21 ipsec _updown 2>&1: Sep 21 07:16:11.092950: | crypto helper 4 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 time elapsed 0.001281 seconds Sep 21 07:16:11.092965: | (#4) spent 1.29 milliseconds in crypto helper computing work-order 5: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:16:11.092970: | crypto helper 4 sending results from work-order 5 for state #4 to event queue Sep 21 07:16:11.092974: | scheduling resume sending helper answer for #4 Sep 21 07:16:11.092979: | libevent_malloc: new ptr-libevent@0x7efd7c006900 size 128 Sep 21 07:16:11.092987: | crypto helper 4 waiting (nothing to do) Sep 21 07:16:11.106540: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0 Sep 21 07:16:11.106553: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0 Sep 21 07:16:11.106558: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:11.106561: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:11.106605: | delete esp.770d6534@192.1.2.23 Sep 21 07:16:11.106632: | netlink response for Del SA esp.770d6534@192.1.2.23 included non-error error Sep 21 07:16:11.106635: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:11.106643: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:11.106686: | raw_eroute result=success Sep 21 07:16:11.106690: | delete esp.7996ec21@192.1.3.33 Sep 21 07:16:11.106711: | netlink response for Del SA esp.7996ec21@192.1.3.33 included non-error error Sep 21 07:16:11.106716: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:16:11.106719: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Sep 21 07:16:11.106723: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:16:11.106743: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:11.106752: | State DB: found IKEv2 state #4 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:16:11.106755: | can't expire unused IKE SA #1; it has the child #4 Sep 21 07:16:11.106760: | libevent_free: release ptr-libevent@0x7efd84006900 Sep 21 07:16:11.106763: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x5570b1db6f10 Sep 21 07:16:11.106766: | in statetime_stop() and could not find #3 Sep 21 07:16:11.106769: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:16:11.106794: | spent 0.00241 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:11.106808: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:11.106811: | 14 26 af c6 81 2a 4f 05 e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:11.106813: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Sep 21 07:16:11.106816: | fd fe 4b 90 7a f9 c5 61 58 0d 87 ee e6 17 7e 8c Sep 21 07:16:11.106818: | bd 3b 75 9c 20 35 2c 19 bb 3a 2a 0c 98 2d 95 fe Sep 21 07:16:11.106820: | c4 ef 9e 10 37 Sep 21 07:16:11.106825: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:11.106828: | **parse ISAKMP Message: Sep 21 07:16:11.106831: | initiator cookie: Sep 21 07:16:11.106833: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:11.106836: | responder cookie: Sep 21 07:16:11.106838: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:11.106841: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:11.106847: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:11.106849: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:11.106852: | flags: none (0x0) Sep 21 07:16:11.106854: | Message ID: 1 (0x1) Sep 21 07:16:11.106857: | length: 69 (0x45) Sep 21 07:16:11.106860: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:16:11.106863: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:16:11.106867: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:16:11.106873: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:11.106876: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:16:11.106881: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:16:11.106884: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:16:11.106888: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Sep 21 07:16:11.106890: | unpacking clear payload Sep 21 07:16:11.106893: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:11.106896: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:11.106898: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:16:11.106901: | flags: none (0x0) Sep 21 07:16:11.106903: | length: 41 (0x29) Sep 21 07:16:11.106906: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:16:11.106910: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:16:11.106913: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:16:11.106927: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:16:11.106930: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:16:11.106933: | **parse IKEv2 Delete Payload: Sep 21 07:16:11.106935: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:11.106938: | flags: none (0x0) Sep 21 07:16:11.106940: | length: 12 (0xc) Sep 21 07:16:11.106943: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:11.106945: | SPI size: 4 (0x4) Sep 21 07:16:11.106947: | number of SPIs: 1 (0x1) Sep 21 07:16:11.106950: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:16:11.106952: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:16:11.106955: | Now let's proceed with state specific processing Sep 21 07:16:11.106957: | calling processor I3: INFORMATIONAL Request Sep 21 07:16:11.106961: | an informational request should send a response Sep 21 07:16:11.106965: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:16:11.106969: | **emit ISAKMP Message: Sep 21 07:16:11.106971: | initiator cookie: Sep 21 07:16:11.106974: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:11.106976: | responder cookie: Sep 21 07:16:11.106978: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:11.106981: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:11.106983: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:11.106986: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:11.106988: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:16:11.106991: | Message ID: 1 (0x1) Sep 21 07:16:11.106994: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:11.106997: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:11.106999: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:11.107002: | flags: none (0x0) Sep 21 07:16:11.107005: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:11.107008: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:11.107042: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:11.107053: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:16:11.107055: | SPI fe ac 99 40 Sep 21 07:16:11.107058: | delete PROTO_v2_ESP SA(0xfeac9940) Sep 21 07:16:11.107061: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:16:11.107064: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:16:11.107067: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xfeac9940) Sep 21 07:16:11.107070: "northnet-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #2 now Sep 21 07:16:11.107073: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:16:11.107076: | libevent_free: release ptr-libevent@0x5570b1dc1750 Sep 21 07:16:11.107079: | free_event_entry: release EVENT_SA_REKEY-pe@0x5570b1dbb9d0 Sep 21 07:16:11.107082: | event_schedule: new EVENT_SA_REPLACE-pe@0x5570b1db6f10 Sep 21 07:16:11.107086: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Sep 21 07:16:11.107089: | libevent_malloc: new ptr-libevent@0x5570b1dc1750 size 128 Sep 21 07:16:11.107092: | ****emit IKEv2 Delete Payload: Sep 21 07:16:11.107109: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:11.107112: | flags: none (0x0) Sep 21 07:16:11.107115: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:11.107117: | SPI size: 4 (0x4) Sep 21 07:16:11.107119: | number of SPIs: 1 (0x1) Sep 21 07:16:11.107122: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:16:11.107125: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:11.107128: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:16:11.107131: | local SPIs 44 b8 98 c2 Sep 21 07:16:11.107133: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:16:11.107136: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:11.107139: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:11.107142: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:11.107144: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:16:11.107147: | emitting length of ISAKMP Message: 69 Sep 21 07:16:11.107161: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:11.107163: | 14 26 af c6 81 2a 4f 05 e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:11.107166: | 2e 20 25 28 00 00 00 01 00 00 00 45 2a 00 00 29 Sep 21 07:16:11.107168: | 8c 3f 3f 3d 20 e6 af 5b f0 b6 c7 cd f7 a0 6e df Sep 21 07:16:11.107170: | e3 82 20 04 b5 b1 34 54 ae a4 76 51 d5 f7 0a 7d Sep 21 07:16:11.107173: | 01 1e 9f 23 25 Sep 21 07:16:11.107212: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:16:11.107218: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:16:11.107224: | #1 spent 0.206 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:16:11.107229: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:11.107233: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:16:11.107236: | Message ID: updating counters for #1 to 1 after switching state Sep 21 07:16:11.107241: | Message ID: recv #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=0->1 wip.initiator=-1 wip.responder=1->-1 Sep 21 07:16:11.107247: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:11.107250: "northnet-eastnets/0x2" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:16:11.107255: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:11.107259: | #1 spent 0.404 milliseconds in ikev2_process_packet() Sep 21 07:16:11.107264: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:11.107267: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:11.107270: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:11.107274: | spent 0.419 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:11.107280: | processing resume sending helper answer for #4 Sep 21 07:16:11.107286: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:11.107289: | crypto helper 4 replies to request ID 5 Sep 21 07:16:11.107292: | calling continuation function 0x5570b193b630 Sep 21 07:16:11.107295: | ikev2_child_outI_continue for #4 STATE_V2_REKEY_CHILD_I0 Sep 21 07:16:11.107298: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:11.107301: | libevent_free: release ptr-libevent@0x5570b1dc17e0 Sep 21 07:16:11.107304: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5570b1db1c70 Sep 21 07:16:11.107307: | event_schedule: new EVENT_SA_REPLACE-pe@0x5570b1db1c70 Sep 21 07:16:11.107310: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #4 Sep 21 07:16:11.107313: | libevent_malloc: new ptr-libevent@0x5570b1dc17e0 size 128 Sep 21 07:16:11.107318: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:11.107321: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:16:11.107323: | libevent_malloc: new ptr-libevent@0x7efd84006900 size 128 Sep 21 07:16:11.107328: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:11.107332: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Sep 21 07:16:11.107334: | suspending state #4 and saving MD Sep 21 07:16:11.107337: | #4 is busy; has a suspended MD Sep 21 07:16:11.107341: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:11.107345: | "northnet-eastnets/0x2" #4 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:11.107348: | resume sending helper answer for #4 suppresed complete_v2_state_transition() Sep 21 07:16:11.107352: | #4 spent 0.0625 milliseconds in resume sending helper answer Sep 21 07:16:11.107357: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:11.107360: | libevent_free: release ptr-libevent@0x7efd7c006900 Sep 21 07:16:11.107362: | processing signal PLUTO_SIGCHLD Sep 21 07:16:11.107367: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:11.107371: | spent 0.00461 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:11.107376: | timer_event_cb: processing event@0x5570b1db6f10 Sep 21 07:16:11.107379: | handling event EVENT_SA_REPLACE for child state #2 Sep 21 07:16:11.107384: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:11.107387: | picked newest_ipsec_sa #2 for #2 Sep 21 07:16:11.107389: | replacing stale CHILD SA Sep 21 07:16:11.107393: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:16:11.107396: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:11.107401: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:16:11.107406: | creating state object #5 at 0x5570b1dbe1a0 Sep 21 07:16:11.107408: | State DB: adding IKEv2 state #5 in UNDEFINED Sep 21 07:16:11.107412: | pstats #5 ikev2.child started Sep 21 07:16:11.107415: | duplicating state object #1 "northnet-eastnets/0x2" as #5 for IPSEC SA Sep 21 07:16:11.107419: | #5 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:11.107425: | Message ID: init_child #1.#5; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:11.107428: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:16:11.107433: | suspend processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:11.107437: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:11.107441: | child state #5: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:16:11.107444: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:16:11.107448: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x1 (ESP/AH initiator emitting proposals) Sep 21 07:16:11.107452: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:16:11.107458: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:16:11.107461: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:16:11.107465: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:16:11.107468: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:11.107472: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:11.107475: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:11.107479: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:11.107487: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:11.107493: | #5 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Sep 21 07:16:11.107496: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7efd7c002b20 Sep 21 07:16:11.107499: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #5 Sep 21 07:16:11.107502: | libevent_malloc: new ptr-libevent@0x7efd7c006900 size 128 Sep 21 07:16:11.107507: | RESET processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:16:11.107510: | event_schedule: new EVENT_SA_EXPIRE-pe@0x5570b1dbb4b0 Sep 21 07:16:11.107513: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Sep 21 07:16:11.107516: | libevent_malloc: new ptr-libevent@0x7efd78001ef0 size 128 Sep 21 07:16:11.107519: | libevent_free: release ptr-libevent@0x5570b1dc1750 Sep 21 07:16:11.107521: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5570b1db6f10 Sep 21 07:16:11.107526: | #2 spent 0.149 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:16:11.107528: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:16:11.107531: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:16:11.107536: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:16:11.107543: | Message ID: #1.#4 resuming SA using IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:11.107547: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:16:11.107552: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:16:11.107556: | **emit ISAKMP Message: Sep 21 07:16:11.107559: | initiator cookie: Sep 21 07:16:11.107561: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:11.107563: | responder cookie: Sep 21 07:16:11.107565: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:11.107568: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:11.107571: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:11.107573: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:16:11.107576: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:11.107578: | Message ID: 3 (0x3) Sep 21 07:16:11.107581: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:11.107583: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:11.107586: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:11.107588: | flags: none (0x0) Sep 21 07:16:11.107591: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:11.107594: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:16:11.107597: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:11.107611: | netlink_get_spi: allocated 0x6aa661ba for esp.0@192.1.3.33 Sep 21 07:16:11.107614: | Emitting ikev2_proposals ... Sep 21 07:16:11.107617: | ****emit IKEv2 Security Association Payload: Sep 21 07:16:11.107619: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:11.107621: | flags: none (0x0) Sep 21 07:16:11.107624: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:11.107627: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:11.107630: | discarding INTEG=NONE Sep 21 07:16:11.107632: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:11.107635: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:11.107637: | prop #: 1 (0x1) Sep 21 07:16:11.107639: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:11.107642: | spi size: 4 (0x4) Sep 21 07:16:11.107644: | # transforms: 3 (0x3) Sep 21 07:16:11.107647: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:11.107650: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:11.107652: | our spi 6a a6 61 ba Sep 21 07:16:11.107655: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.107657: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.107660: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:11.107662: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:11.107665: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.107667: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:11.107670: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:11.107672: | length/value: 256 (0x100) Sep 21 07:16:11.107675: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:11.107677: | discarding INTEG=NONE Sep 21 07:16:11.107680: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.107682: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.107686: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.107688: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:11.107691: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.107694: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.107697: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.107699: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.107702: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:11.107704: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:11.107706: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:11.107709: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.107712: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.107714: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.107717: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:16:11.107719: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:11.107722: | discarding INTEG=NONE Sep 21 07:16:11.107724: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:11.107726: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:11.107729: | prop #: 2 (0x2) Sep 21 07:16:11.107731: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:11.107733: | spi size: 4 (0x4) Sep 21 07:16:11.107736: | # transforms: 3 (0x3) Sep 21 07:16:11.107739: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:11.107741: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:11.107744: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:11.107746: | our spi 6a a6 61 ba Sep 21 07:16:11.107749: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.107751: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.107753: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:11.107773: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:11.107776: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.107779: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:11.107781: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:11.107786: | length/value: 128 (0x80) Sep 21 07:16:11.107791: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:11.107793: | discarding INTEG=NONE Sep 21 07:16:11.107796: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.107798: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.107800: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.107803: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:11.107806: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.107808: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.107811: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.107813: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.107816: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:11.107818: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:11.107822: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:11.107825: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.107828: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.107830: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.107833: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:16:11.107835: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:11.107838: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:11.107840: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:11.107854: | prop #: 3 (0x3) Sep 21 07:16:11.107857: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:11.107869: | spi size: 4 (0x4) Sep 21 07:16:11.107872: | # transforms: 5 (0x5) Sep 21 07:16:11.107904: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:11.107907: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:11.107909: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:11.107912: | our spi 6a a6 61 ba Sep 21 07:16:11.107914: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.107916: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.107919: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:11.107921: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:11.107924: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.107927: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:11.107929: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:11.107931: | length/value: 256 (0x100) Sep 21 07:16:11.107934: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:11.107936: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.107938: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.107941: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:11.107943: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:11.107946: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.107949: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.107951: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.107954: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.107956: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.107958: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:11.107961: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:11.107964: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.107966: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.107969: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.107971: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.107974: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.107976: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.107978: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:11.107981: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.107985: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.107988: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.107990: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.107993: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:11.107995: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:11.107997: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:11.108000: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.108003: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.108006: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.108008: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:16:11.108011: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:11.108013: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:11.108016: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:11.108018: | prop #: 4 (0x4) Sep 21 07:16:11.108020: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:11.108022: | spi size: 4 (0x4) Sep 21 07:16:11.108025: | # transforms: 5 (0x5) Sep 21 07:16:11.108028: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:11.108030: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:11.108033: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:11.108035: | our spi 6a a6 61 ba Sep 21 07:16:11.108037: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.108040: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.108042: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:11.108045: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:11.108047: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.108050: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:11.108052: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:11.108054: | length/value: 128 (0x80) Sep 21 07:16:11.108057: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:11.108059: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.108062: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.108064: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:11.108066: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:11.108069: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.108072: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.108074: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.108077: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.108079: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.108081: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:11.108084: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:11.108087: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.108089: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.108093: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.108095: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.108098: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.108100: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.108102: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:11.108105: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.108108: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.108110: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.108113: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.108115: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:11.108117: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:11.108120: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:11.108123: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.108125: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.108128: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.108130: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:16:11.108133: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:11.108135: | emitting length of IKEv2 Security Association Payload: 196 Sep 21 07:16:11.108138: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:11.108141: "northnet-eastnets/0x2" #4: CHILD SA to rekey #3 vanished abort this exchange Sep 21 07:16:11.108144: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Sep 21 07:16:11.108149: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:11.108152: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Sep 21 07:16:11.108211: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Sep 21 07:16:11.108218: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:16:11.108222: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:16:11.108227: | #1 spent 0.625 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:16:11.108231: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:16:11.108235: | libevent_free: release ptr-libevent@0x7efd84006900 Sep 21 07:16:11.108239: | timer_event_cb: processing event@0x7efd7c002b20 Sep 21 07:16:11.108242: | handling event EVENT_v2_INITIATE_CHILD for child state #5 Sep 21 07:16:11.108247: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:11.108251: | adding Child Rekey Initiator KE and nonce ni work-order 6 for state #5 Sep 21 07:16:11.108254: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5570b1db6f10 Sep 21 07:16:11.108258: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Sep 21 07:16:11.108260: | libevent_malloc: new ptr-libevent@0x7efd84006900 size 128 Sep 21 07:16:11.108268: | libevent_free: release ptr-libevent@0x7efd7c006900 Sep 21 07:16:11.108271: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7efd7c002b20 Sep 21 07:16:11.108275: | #5 spent 0.0343 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:16:11.108276: | crypto helper 5 resuming Sep 21 07:16:11.108281: | stop processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:16:11.108301: | timer_event_cb: processing event@0x5570b1dbb4b0 Sep 21 07:16:11.108304: | handling event EVENT_SA_EXPIRE for child state #2 Sep 21 07:16:11.108309: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:11.108312: | picked newest_ipsec_sa #2 for #2 Sep 21 07:16:11.108314: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:16:11.108317: | pstats #2 ikev2.child re-failed exchange-timeout Sep 21 07:16:11.108319: | pstats #2 ikev2.child deleted completed Sep 21 07:16:11.108322: | #2 spent 6.78 milliseconds in total Sep 21 07:16:11.108327: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:11.108330: "northnet-eastnets/0x1" #2: deleting state (STATE_V2_IPSEC_I) aged 4.567s and NOT sending notification Sep 21 07:16:11.108333: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:16:11.108337: | get_sa_info esp.feac9940@192.1.2.23 Sep 21 07:16:11.108347: | get_sa_info esp.44b898c2@192.1.3.33 Sep 21 07:16:11.108354: "northnet-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Sep 21 07:16:11.108357: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:16:11.108292: | crypto helper 5 starting work-order 6 for state #5 Sep 21 07:16:11.108409: | crypto helper 5 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 Sep 21 07:16:11.109391: | crypto helper 5 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 time elapsed 0.000982 seconds Sep 21 07:16:11.109424: | (#5) spent 0.967 milliseconds in crypto helper computing work-order 6: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:16:11.109428: | crypto helper 5 sending results from work-order 6 for state #5 to event queue Sep 21 07:16:11.109431: | scheduling resume sending helper answer for #5 Sep 21 07:16:11.109434: | libevent_malloc: new ptr-libevent@0x7efd70006900 size 128 Sep 21 07:16:11.109440: | crypto helper 5 waiting (nothing to do) Sep 21 07:16:11.109449: | running updown command "ipsec _updown" for verb down Sep 21 07:16:11.109452: | command executing down-client Sep 21 07:16:11.109487: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:11.109495: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:16:11.109515: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050166' PLUTO_CO Sep 21 07:16:11.109519: | popen cmd is 1417 chars long Sep 21 07:16:11.109521: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Sep 21 07:16:11.109527: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' : Sep 21 07:16:11.109529: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=no: Sep 21 07:16:11.109532: | cmd( 240):rth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=': Sep 21 07:16:11.109534: | cmd( 320):192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Sep 21 07:16:11.109537: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=: Sep 21 07:16:11.109539: | cmd( 480):'ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Sep 21 07:16:11.109542: | cmd( 560):eswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.li: Sep 21 07:16:11.109544: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' : Sep 21 07:16:11.109547: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Sep 21 07:16:11.109550: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Sep 21 07:16:11.109552: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Sep 21 07:16:11.109555: | cmd( 960):LUTO_ADDTIME='1569050166' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_: Sep 21 07:16:11.109557: | cmd(1040):ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CO: Sep 21 07:16:11.109560: | cmd(1120):NN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO=: Sep 21 07:16:11.109562: | cmd(1200):'' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG: Sep 21 07:16:11.109565: | cmd(1280):_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no: Sep 21 07:16:11.109567: | cmd(1360):' SPI_IN=0xfeac9940 SPI_OUT=0x44b898c2 ipsec _updown 2>&1: Sep 21 07:16:11.122039: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:16:11.122054: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:16:11.122059: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:11.122063: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:11.122219: | delete esp.feac9940@192.1.2.23 Sep 21 07:16:11.122252: | netlink response for Del SA esp.feac9940@192.1.2.23 included non-error error Sep 21 07:16:11.122257: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:11.122264: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:11.122311: | raw_eroute result=success Sep 21 07:16:11.122317: | delete esp.44b898c2@192.1.3.33 Sep 21 07:16:11.122340: | netlink response for Del SA esp.44b898c2@192.1.3.33 included non-error error Sep 21 07:16:11.122346: | in connection_discard for connection northnet-eastnets/0x1 Sep 21 07:16:11.122350: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:16:11.122354: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:16:11.122361: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:11.122368: | State DB: found IKEv2 state #5 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:16:11.122370: | can't expire unused IKE SA #1; it has the child #5 Sep 21 07:16:11.122376: | libevent_free: release ptr-libevent@0x7efd78001ef0 Sep 21 07:16:11.122379: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x5570b1dbb4b0 Sep 21 07:16:11.122382: | in statetime_stop() and could not find #2 Sep 21 07:16:11.122385: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:16:11.122404: | spent 0.00248 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:11.122418: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:11.122424: | 14 26 af c6 81 2a 4f 05 e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:11.122427: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Sep 21 07:16:11.122429: | 2e 80 2f d6 0f be 01 55 ab f8 e5 3c f1 e0 e6 44 Sep 21 07:16:11.122432: | 33 2c bc 70 d2 2c cb 0e 2a 44 6e 18 67 dc 6d cd Sep 21 07:16:11.122434: | cc Sep 21 07:16:11.122438: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:11.122443: | **parse ISAKMP Message: Sep 21 07:16:11.122445: | initiator cookie: Sep 21 07:16:11.122448: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:11.122450: | responder cookie: Sep 21 07:16:11.122452: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:11.122455: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:11.122458: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:11.122461: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:11.122464: | flags: none (0x0) Sep 21 07:16:11.122467: | Message ID: 2 (0x2) Sep 21 07:16:11.122469: | length: 65 (0x41) Sep 21 07:16:11.122472: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:16:11.122476: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:16:11.122479: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:16:11.122486: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:11.122489: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:16:11.122494: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:16:11.122497: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Sep 21 07:16:11.122502: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 Sep 21 07:16:11.122504: | unpacking clear payload Sep 21 07:16:11.122507: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:11.122510: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:11.122513: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:16:11.122515: | flags: none (0x0) Sep 21 07:16:11.122518: | length: 37 (0x25) Sep 21 07:16:11.122520: | processing payload: ISAKMP_NEXT_v2SK (len=33) Sep 21 07:16:11.122525: | Message ID: start-responder #1 request 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Sep 21 07:16:11.122528: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:16:11.122547: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:16:11.122550: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:16:11.122553: | **parse IKEv2 Delete Payload: Sep 21 07:16:11.122556: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:11.122558: | flags: none (0x0) Sep 21 07:16:11.122561: | length: 8 (0x8) Sep 21 07:16:11.122563: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:16:11.122566: | SPI size: 0 (0x0) Sep 21 07:16:11.122568: | number of SPIs: 0 (0x0) Sep 21 07:16:11.122571: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:16:11.122573: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:16:11.122576: | Now let's proceed with state specific processing Sep 21 07:16:11.122578: | calling processor I3: INFORMATIONAL Request Sep 21 07:16:11.122582: | an informational request should send a response Sep 21 07:16:11.122587: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:16:11.122590: | **emit ISAKMP Message: Sep 21 07:16:11.122593: | initiator cookie: Sep 21 07:16:11.122595: | 14 26 af c6 81 2a 4f 05 Sep 21 07:16:11.122597: | responder cookie: Sep 21 07:16:11.122599: | e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:11.122602: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:11.122605: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:11.122607: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:11.122612: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:16:11.122615: | Message ID: 2 (0x2) Sep 21 07:16:11.122618: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:11.122621: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:11.122624: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:11.122626: | flags: none (0x0) Sep 21 07:16:11.122629: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:11.122632: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:11.122635: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:11.122647: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:11.122651: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:11.122654: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:11.122656: | emitting length of IKEv2 Encryption Payload: 29 Sep 21 07:16:11.122659: | emitting length of ISAKMP Message: 57 Sep 21 07:16:11.122672: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:11.122675: | 14 26 af c6 81 2a 4f 05 e8 18 d8 4f 4b d7 60 16 Sep 21 07:16:11.122678: | 2e 20 25 28 00 00 00 02 00 00 00 39 00 00 00 1d Sep 21 07:16:11.122680: | 20 dc c8 17 da d6 11 81 8d cf 47 6b 3f 38 90 c4 Sep 21 07:16:11.122682: | 9f 50 12 a3 fc 34 d0 d3 b5 Sep 21 07:16:11.122731: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 Sep 21 07:16:11.122737: | Message ID: sent #1 response 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 Sep 21 07:16:11.122741: | child state #5: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:16:11.122744: | pstats #5 ikev2.child deleted other Sep 21 07:16:11.122748: | #5 spent 0.0343 milliseconds in total Sep 21 07:16:11.122753: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:11.122759: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:11.122763: "northnet-eastnets/0x1" #5: deleting other state #5 connection (STATE_CHILDSA_DEL) "northnet-eastnets/0x1" aged 0.015s and NOT sending notification Sep 21 07:16:11.122766: | child state #5: CHILDSA_DEL(informational) => delete Sep 21 07:16:11.122770: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:11.122773: | libevent_free: release ptr-libevent@0x7efd84006900 Sep 21 07:16:11.122776: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5570b1db6f10 Sep 21 07:16:11.122780: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:11.122799: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:11.122815: | raw_eroute result=success Sep 21 07:16:11.122819: | in connection_discard for connection northnet-eastnets/0x1 Sep 21 07:16:11.122822: | State DB: deleting IKEv2 state #5 in CHILDSA_DEL Sep 21 07:16:11.122825: | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:16:11.122830: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:11.122835: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:11.122839: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:16:11.122844: | pstats #4 ikev2.child deleted other Sep 21 07:16:11.122847: | #4 spent 1.39 milliseconds in total Sep 21 07:16:11.122852: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:11.122856: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:11.122860: "northnet-eastnets/0x2" #4: deleting other state #4 (STATE_CHILDSA_DEL) aged 0.031s and NOT sending notification Sep 21 07:16:11.122862: | child state #4: CHILDSA_DEL(informational) => delete Sep 21 07:16:11.122865: | state #4 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:16:11.122868: | libevent_free: release ptr-libevent@0x5570b1dc17e0 Sep 21 07:16:11.122871: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5570b1db1c70 Sep 21 07:16:11.122874: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:11.122881: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:11.122890: | raw_eroute result=success Sep 21 07:16:11.122893: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:16:11.122896: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL Sep 21 07:16:11.122899: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:16:11.122913: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:11.122918: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:11.122921: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:16:11.122924: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:16:11.122927: | pstats #1 ikev2.ike deleted completed Sep 21 07:16:11.122931: | #1 spent 29.4 milliseconds in total Sep 21 07:16:11.122935: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:11.122938: "northnet-eastnets/0x2" #1: deleting state (STATE_IKESA_DEL) aged 4.598s and NOT sending notification Sep 21 07:16:11.122941: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:16:11.123002: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:16:11.123007: | libevent_free: release ptr-libevent@0x5570b1da3ed0 Sep 21 07:16:11.123010: | free_event_entry: release EVENT_SA_REKEY-pe@0x5570b1db7080 Sep 21 07:16:11.123013: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:16:11.123015: | picked newest_isakmp_sa #0 for #1 Sep 21 07:16:11.123018: "northnet-eastnets/0x2" #1: deleting IKE SA for connection 'northnet-eastnets/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:16:11.123021: | add revival: connection 'northnet-eastnets/0x2' added to the list and scheduled for 0 seconds Sep 21 07:16:11.123024: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:16:11.123028: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:16:11.123031: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:16:11.123034: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:16:11.123045: | unreference key: 0x5570b1dbf510 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 2-- Sep 21 07:16:11.123057: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:11.123068: | unreference key: 0x5570b1dbf510 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:11.123073: | unreference key: 0x5570b1dd0180 user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:11.123077: | unreference key: 0x5570b1dd0640 @east.testing.libreswan.org cnt 1-- Sep 21 07:16:11.123081: | unreference key: 0x5570b1db3f30 east@testing.libreswan.org cnt 1-- Sep 21 07:16:11.123088: | unreference key: 0x5570b1db79d0 192.1.2.23 cnt 1-- Sep 21 07:16:11.123102: | in statetime_stop() and could not find #1 Sep 21 07:16:11.123106: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:11.123110: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Sep 21 07:16:11.123112: | STF_OK but no state object remains Sep 21 07:16:11.123115: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:11.123118: | in statetime_stop() and could not find #1 Sep 21 07:16:11.123122: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:11.123125: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:11.123128: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:11.123133: | spent 0.686 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:11.123140: | processing resume sending helper answer for #5 Sep 21 07:16:11.123144: | crypto helper 5 replies to request ID 6 Sep 21 07:16:11.123146: | calling continuation function 0x5570b193b630 Sep 21 07:16:11.123149: | work-order 6 state #5 crypto result suppressed Sep 21 07:16:11.123161: | (#5) spent 0.0162 milliseconds in resume sending helper answer Sep 21 07:16:11.123164: | libevent_free: release ptr-libevent@0x7efd70006900 Sep 21 07:16:11.123168: | processing signal PLUTO_SIGCHLD Sep 21 07:16:11.123172: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:11.123176: | spent 0.00459 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:11.123181: | processing global timer EVENT_REVIVE_CONNS Sep 21 07:16:11.123184: Initiating connection northnet-eastnets/0x2 which received a Delete/Notify but must remain up per local policy Sep 21 07:16:11.123187: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:11.123192: | start processing: connection "northnet-eastnets/0x2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:16:11.123194: | connection 'northnet-eastnets/0x2' +POLICY_UP Sep 21 07:16:11.123197: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:16:11.123200: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:11.123205: | creating state object #6 at 0x5570b1dbe1a0 Sep 21 07:16:11.123208: | State DB: adding IKEv2 state #6 in UNDEFINED Sep 21 07:16:11.123214: | pstats #6 ikev2.ike started Sep 21 07:16:11.123217: | Message ID: init #6: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:16:11.123220: | parent state #6: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:16:11.123226: | Message ID: init_ike #6; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:11.123231: | suspend processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:11.123236: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:11.123239: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:16:11.123243: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x2" IKE SA #6 "northnet-eastnets/0x2" Sep 21 07:16:11.123246: "northnet-eastnets/0x2" #6: initiating v2 parent SA Sep 21 07:16:11.123263: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:11.123270: | adding ikev2_outI1 KE work-order 7 for state #6 Sep 21 07:16:11.123273: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5570b1dcfa90 Sep 21 07:16:11.123277: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Sep 21 07:16:11.123280: | libevent_malloc: new ptr-libevent@0x5570b1da3ed0 size 128 Sep 21 07:16:11.123289: | #6 spent 0.0975 milliseconds in ikev2_parent_outI1() Sep 21 07:16:11.123294: | RESET processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:11.123293: | crypto helper 0 resuming Sep 21 07:16:11.123298: | RESET processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:11.123305: | crypto helper 0 starting work-order 7 for state #6 Sep 21 07:16:11.123311: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:16:11.123318: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 7 Sep 21 07:16:11.123323: | spent 0.132 milliseconds in global timer EVENT_REVIVE_CONNS Sep 21 07:16:11.124326: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 7 time elapsed 0.001008 seconds Sep 21 07:16:11.124337: | (#6) spent 0.993 milliseconds in crypto helper computing work-order 7: ikev2_outI1 KE (pcr) Sep 21 07:16:11.124340: | crypto helper 0 sending results from work-order 7 for state #6 to event queue Sep 21 07:16:11.124343: | scheduling resume sending helper answer for #6 Sep 21 07:16:11.124347: | libevent_malloc: new ptr-libevent@0x7efd74006900 size 128 Sep 21 07:16:11.124354: | crypto helper 0 waiting (nothing to do) Sep 21 07:16:11.124362: | processing resume sending helper answer for #6 Sep 21 07:16:11.124371: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:11.124376: | crypto helper 0 replies to request ID 7 Sep 21 07:16:11.124378: | calling continuation function 0x5570b193b630 Sep 21 07:16:11.124381: | ikev2_parent_outI1_continue for #6 Sep 21 07:16:11.124386: | **emit ISAKMP Message: Sep 21 07:16:11.124389: | initiator cookie: Sep 21 07:16:11.124391: | e1 7d 9e 09 01 99 f9 b7 Sep 21 07:16:11.124393: | responder cookie: Sep 21 07:16:11.124395: | 00 00 00 00 00 00 00 00 Sep 21 07:16:11.124396: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:11.124398: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:11.124400: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:11.124402: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:11.124403: | Message ID: 0 (0x0) Sep 21 07:16:11.124405: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:11.124415: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:11.124417: | Emitting ikev2_proposals ... Sep 21 07:16:11.124419: | ***emit IKEv2 Security Association Payload: Sep 21 07:16:11.124420: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:11.124422: | flags: none (0x0) Sep 21 07:16:11.124424: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:11.124428: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:11.124430: | discarding INTEG=NONE Sep 21 07:16:11.124432: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:11.124434: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:11.124435: | prop #: 1 (0x1) Sep 21 07:16:11.124437: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:11.124438: | spi size: 0 (0x0) Sep 21 07:16:11.124440: | # transforms: 11 (0xb) Sep 21 07:16:11.124442: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:11.124443: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124445: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124447: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:11.124448: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:11.124450: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124452: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:11.124454: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:11.124455: | length/value: 256 (0x100) Sep 21 07:16:11.124457: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:11.124459: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124460: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124462: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:11.124463: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:11.124465: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124467: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124469: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124470: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124472: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124473: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:11.124475: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:11.124476: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124478: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124480: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124481: | discarding INTEG=NONE Sep 21 07:16:11.124482: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124484: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124485: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124487: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:11.124489: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124490: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124492: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124493: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124495: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124496: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124498: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:11.124500: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124502: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124504: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124505: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124507: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124508: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124510: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:11.124512: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124513: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124515: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124516: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124518: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124519: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124521: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:11.124522: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124524: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124526: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124527: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124529: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124530: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124532: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:11.124533: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124535: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124537: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124538: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124539: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124541: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124542: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:11.124544: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124546: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124547: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124549: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124550: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124552: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124553: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:11.124555: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124557: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124558: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124560: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124561: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:11.124563: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124565: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:11.124567: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124569: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124570: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124572: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:11.124573: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:11.124575: | discarding INTEG=NONE Sep 21 07:16:11.124576: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:11.124578: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:11.124579: | prop #: 2 (0x2) Sep 21 07:16:11.124581: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:11.124582: | spi size: 0 (0x0) Sep 21 07:16:11.124584: | # transforms: 11 (0xb) Sep 21 07:16:11.124586: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:11.124588: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:11.124589: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124591: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124592: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:11.124594: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:11.124595: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124597: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:11.124598: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:11.124600: | length/value: 128 (0x80) Sep 21 07:16:11.124602: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:11.124603: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124605: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124606: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:11.124607: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:11.124609: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124611: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124613: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124614: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124615: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124617: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:11.124618: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:11.124620: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124622: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124623: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124625: | discarding INTEG=NONE Sep 21 07:16:11.124626: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124628: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124629: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124631: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:11.124632: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124636: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124638: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124639: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124641: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124642: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124644: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:11.124645: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124647: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124649: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124650: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124651: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124653: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124654: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:11.124656: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124658: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124659: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124661: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124662: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124664: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124665: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:11.124667: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124669: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124670: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124672: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124673: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124675: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124676: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:11.124678: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124679: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124681: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124682: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124684: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124685: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124687: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:11.124689: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124690: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124692: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124693: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124695: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124696: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124698: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:11.124701: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124702: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124704: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124705: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124707: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:11.124708: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124710: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:11.124712: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124713: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124715: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124716: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:11.124718: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:11.124720: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:11.124721: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:11.124723: | prop #: 3 (0x3) Sep 21 07:16:11.124724: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:11.124726: | spi size: 0 (0x0) Sep 21 07:16:11.124727: | # transforms: 13 (0xd) Sep 21 07:16:11.124729: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:11.124731: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:11.124732: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124734: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124735: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:11.124737: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:11.124738: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124740: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:11.124741: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:11.124743: | length/value: 256 (0x100) Sep 21 07:16:11.124744: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:11.124746: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124747: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124749: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:11.124750: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:11.124752: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124754: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124755: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124757: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124758: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124760: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:11.124761: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:11.124763: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124765: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124769: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124770: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124772: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124773: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:11.124775: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:11.124776: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124778: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124780: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124781: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124789: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124793: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:11.124795: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:11.124797: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124798: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124800: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124801: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124803: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124804: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124806: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:11.124808: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124809: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124811: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124812: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124814: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124815: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124817: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:11.124818: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124820: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124822: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124823: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124825: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124826: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124828: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:11.124829: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124831: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124833: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124834: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124835: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124837: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124838: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:11.124840: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124843: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124845: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124846: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124847: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124849: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124850: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:11.124852: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124854: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124855: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124857: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124858: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124860: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124861: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:11.124863: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124865: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124866: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124868: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124869: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124871: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124872: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:11.124874: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124875: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124877: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124878: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124880: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:11.124881: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124883: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:11.124885: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124886: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124888: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124889: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:11.124891: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:11.124893: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:11.124894: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:11.124896: | prop #: 4 (0x4) Sep 21 07:16:11.124897: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:11.124899: | spi size: 0 (0x0) Sep 21 07:16:11.124900: | # transforms: 13 (0xd) Sep 21 07:16:11.124902: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:11.124903: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:11.124906: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124907: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124909: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:11.124910: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:11.124912: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124914: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:11.124915: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:11.124917: | length/value: 128 (0x80) Sep 21 07:16:11.124918: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:11.124920: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124921: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124923: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:11.124924: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:11.124926: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124927: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124929: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124930: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124932: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124933: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:11.124935: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:11.124937: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124938: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124940: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124941: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124943: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124944: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:11.124946: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:11.124948: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124949: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124951: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124952: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124954: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124955: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:11.124957: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:11.124958: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124960: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124962: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124963: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124964: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124966: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124967: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:11.124969: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124971: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124974: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124975: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124976: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124978: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124979: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:11.124981: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124983: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124984: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124986: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124987: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124989: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.124990: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:11.124992: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124994: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.124995: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.124997: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.124998: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.124999: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.125001: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:11.125003: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.125004: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.125006: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.125007: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.125009: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.125010: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.125012: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:11.125014: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.125015: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.125017: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.125018: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.125020: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.125021: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.125023: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:11.125024: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.125026: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.125028: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.125029: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.125030: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.125032: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.125033: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:11.125035: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.125038: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.125039: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.125041: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:11.125042: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:11.125044: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:11.125045: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:11.125047: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:11.125049: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:11.125050: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:11.125052: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:11.125053: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:11.125055: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:16:11.125056: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:11.125058: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:16:11.125060: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:11.125061: | flags: none (0x0) Sep 21 07:16:11.125063: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:11.125065: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:11.125067: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:11.125069: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:11.125071: | ikev2 g^x a7 03 f3 b3 1d bb 92 95 07 4b ca 71 35 b9 c0 3b Sep 21 07:16:11.125072: | ikev2 g^x 6b cd 86 8d 9f 60 7e 32 57 24 48 ff ac 38 a8 74 Sep 21 07:16:11.125073: | ikev2 g^x 9e 39 98 fc 57 f2 1d 10 90 f9 4b 0b 77 cd c7 81 Sep 21 07:16:11.125075: | ikev2 g^x 91 f5 eb 7d 10 1f 58 a6 91 5a f2 7d f6 93 b2 50 Sep 21 07:16:11.125076: | ikev2 g^x 5a e8 1e ac 48 d1 03 06 7e 48 d6 2c a0 2f 7f 2f Sep 21 07:16:11.125078: | ikev2 g^x 6d 7c 15 d7 4e 00 16 21 d0 f6 be ef bd bb 36 09 Sep 21 07:16:11.125079: | ikev2 g^x 23 fd 83 83 67 a3 70 fc 12 b4 74 88 78 7e 3a bb Sep 21 07:16:11.125081: | ikev2 g^x a5 b7 4a 68 21 d8 e1 98 68 af 2b a8 97 05 2e 01 Sep 21 07:16:11.125082: | ikev2 g^x cf 71 af 43 b6 b8 3b 0f 42 ad 93 41 cd 9e 82 06 Sep 21 07:16:11.125083: | ikev2 g^x c1 d9 c1 26 af 7f 36 1a 23 72 c2 6f f8 47 38 50 Sep 21 07:16:11.125085: | ikev2 g^x a6 76 70 e8 8e 65 ca 5c 48 c8 aa 09 b1 b1 ee 6b Sep 21 07:16:11.125086: | ikev2 g^x 10 d7 75 9a d1 8c c8 42 5e 67 b3 46 16 bc 66 c4 Sep 21 07:16:11.125088: | ikev2 g^x 66 c6 c9 07 21 26 ca 07 89 55 1a 9a c2 51 c5 e1 Sep 21 07:16:11.125089: | ikev2 g^x 3b c2 b2 6a f3 e7 2d e4 d1 da 63 31 de c1 77 dc Sep 21 07:16:11.125090: | ikev2 g^x e9 8e b7 71 03 ca 38 55 71 0c 66 49 b9 a2 39 00 Sep 21 07:16:11.125092: | ikev2 g^x 3c fb 50 89 17 b7 be 01 9d 89 ea 39 e4 cf 72 9e Sep 21 07:16:11.125093: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:16:11.125095: | ***emit IKEv2 Nonce Payload: Sep 21 07:16:11.125096: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:11.125098: | flags: none (0x0) Sep 21 07:16:11.125100: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:16:11.125102: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:11.125104: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:11.125106: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:11.125107: | IKEv2 nonce b8 7d 65 77 94 0c 1d fb 94 ac 16 8d 33 e4 fb fe Sep 21 07:16:11.125109: | IKEv2 nonce 20 24 98 e4 4c 6a ff 7d 46 57 25 04 8e 30 35 08 Sep 21 07:16:11.125110: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:11.125112: | Adding a v2N Payload Sep 21 07:16:11.125113: | ***emit IKEv2 Notify Payload: Sep 21 07:16:11.125115: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:11.125116: | flags: none (0x0) Sep 21 07:16:11.125118: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:11.125120: | SPI size: 0 (0x0) Sep 21 07:16:11.125121: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:11.125123: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:11.125125: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:11.125126: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:16:11.125129: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:16:11.125130: | natd_hash: rcookie is zero Sep 21 07:16:11.125141: | natd_hash: hasher=0x5570b1a117a0(20) Sep 21 07:16:11.125142: | natd_hash: icookie= e1 7d 9e 09 01 99 f9 b7 Sep 21 07:16:11.125144: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:11.125145: | natd_hash: ip= c0 01 03 21 Sep 21 07:16:11.125147: | natd_hash: port= 01 f4 Sep 21 07:16:11.125148: | natd_hash: hash= 47 d1 68 7a 17 be a6 50 97 00 cf dc df 99 4d 63 Sep 21 07:16:11.125150: | natd_hash: hash= 79 6e 2d d6 Sep 21 07:16:11.125151: | Adding a v2N Payload Sep 21 07:16:11.125153: | ***emit IKEv2 Notify Payload: Sep 21 07:16:11.125154: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:11.125156: | flags: none (0x0) Sep 21 07:16:11.125157: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:11.125159: | SPI size: 0 (0x0) Sep 21 07:16:11.125160: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:11.125162: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:11.125164: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:11.125165: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:11.125167: | Notify data 47 d1 68 7a 17 be a6 50 97 00 cf dc df 99 4d 63 Sep 21 07:16:11.125168: | Notify data 79 6e 2d d6 Sep 21 07:16:11.125170: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:11.125171: | natd_hash: rcookie is zero Sep 21 07:16:11.125175: | natd_hash: hasher=0x5570b1a117a0(20) Sep 21 07:16:11.125176: | natd_hash: icookie= e1 7d 9e 09 01 99 f9 b7 Sep 21 07:16:11.125178: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:11.125179: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:11.125181: | natd_hash: port= 01 f4 Sep 21 07:16:11.125182: | natd_hash: hash= b2 24 3e 8a d3 89 45 05 73 e6 d9 7d 90 b3 76 b6 Sep 21 07:16:11.125184: | natd_hash: hash= e8 1f cb e4 Sep 21 07:16:11.125185: | Adding a v2N Payload Sep 21 07:16:11.125186: | ***emit IKEv2 Notify Payload: Sep 21 07:16:11.125188: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:11.125189: | flags: none (0x0) Sep 21 07:16:11.125191: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:11.125192: | SPI size: 0 (0x0) Sep 21 07:16:11.125194: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:11.125196: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:11.125197: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:11.125200: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:11.125202: | Notify data b2 24 3e 8a d3 89 45 05 73 e6 d9 7d 90 b3 76 b6 Sep 21 07:16:11.125203: | Notify data e8 1f cb e4 Sep 21 07:16:11.125204: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:11.125206: | emitting length of ISAKMP Message: 828 Sep 21 07:16:11.125210: | stop processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:16:11.125214: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:11.125217: | #6 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:16:11.125218: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:16:11.125220: | parent state #6: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:16:11.125222: | Message ID: updating counters for #6 to 4294967295 after switching state Sep 21 07:16:11.125224: | Message ID: IKE #6 skipping update_recv as MD is fake Sep 21 07:16:11.125227: | Message ID: sent #6 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:11.125229: "northnet-eastnets/0x2" #6: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:11.125232: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:16:11.125236: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #6) Sep 21 07:16:11.125237: | e1 7d 9e 09 01 99 f9 b7 00 00 00 00 00 00 00 00 Sep 21 07:16:11.125239: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:16:11.125240: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:16:11.125242: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:16:11.125243: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:16:11.125244: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:16:11.125246: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:16:11.125247: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:16:11.125249: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:16:11.125250: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:16:11.125251: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:16:11.125253: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:16:11.125254: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:16:11.125256: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:16:11.125257: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:16:11.125258: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:16:11.125260: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:16:11.125261: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:16:11.125263: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:16:11.125264: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:16:11.125265: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:16:11.125267: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:16:11.125268: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:16:11.125269: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:16:11.125271: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:16:11.125272: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:16:11.125274: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:16:11.125275: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:16:11.125276: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:16:11.125278: | 28 00 01 08 00 0e 00 00 a7 03 f3 b3 1d bb 92 95 Sep 21 07:16:11.125279: | 07 4b ca 71 35 b9 c0 3b 6b cd 86 8d 9f 60 7e 32 Sep 21 07:16:11.125282: | 57 24 48 ff ac 38 a8 74 9e 39 98 fc 57 f2 1d 10 Sep 21 07:16:11.125283: | 90 f9 4b 0b 77 cd c7 81 91 f5 eb 7d 10 1f 58 a6 Sep 21 07:16:11.125284: | 91 5a f2 7d f6 93 b2 50 5a e8 1e ac 48 d1 03 06 Sep 21 07:16:11.125286: | 7e 48 d6 2c a0 2f 7f 2f 6d 7c 15 d7 4e 00 16 21 Sep 21 07:16:11.125287: | d0 f6 be ef bd bb 36 09 23 fd 83 83 67 a3 70 fc Sep 21 07:16:11.125289: | 12 b4 74 88 78 7e 3a bb a5 b7 4a 68 21 d8 e1 98 Sep 21 07:16:11.125290: | 68 af 2b a8 97 05 2e 01 cf 71 af 43 b6 b8 3b 0f Sep 21 07:16:11.125291: | 42 ad 93 41 cd 9e 82 06 c1 d9 c1 26 af 7f 36 1a Sep 21 07:16:11.125293: | 23 72 c2 6f f8 47 38 50 a6 76 70 e8 8e 65 ca 5c Sep 21 07:16:11.125294: | 48 c8 aa 09 b1 b1 ee 6b 10 d7 75 9a d1 8c c8 42 Sep 21 07:16:11.125296: | 5e 67 b3 46 16 bc 66 c4 66 c6 c9 07 21 26 ca 07 Sep 21 07:16:11.125297: | 89 55 1a 9a c2 51 c5 e1 3b c2 b2 6a f3 e7 2d e4 Sep 21 07:16:11.125298: | d1 da 63 31 de c1 77 dc e9 8e b7 71 03 ca 38 55 Sep 21 07:16:11.125300: | 71 0c 66 49 b9 a2 39 00 3c fb 50 89 17 b7 be 01 Sep 21 07:16:11.125301: | 9d 89 ea 39 e4 cf 72 9e 29 00 00 24 b8 7d 65 77 Sep 21 07:16:11.125303: | 94 0c 1d fb 94 ac 16 8d 33 e4 fb fe 20 24 98 e4 Sep 21 07:16:11.125304: | 4c 6a ff 7d 46 57 25 04 8e 30 35 08 29 00 00 08 Sep 21 07:16:11.125305: | 00 00 40 2e 29 00 00 1c 00 00 40 04 47 d1 68 7a Sep 21 07:16:11.125307: | 17 be a6 50 97 00 cf dc df 99 4d 63 79 6e 2d d6 Sep 21 07:16:11.125308: | 00 00 00 1c 00 00 40 05 b2 24 3e 8a d3 89 45 05 Sep 21 07:16:11.125310: | 73 e6 d9 7d 90 b3 76 b6 e8 1f cb e4 Sep 21 07:16:11.125339: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:11.125343: | libevent_free: release ptr-libevent@0x5570b1da3ed0 Sep 21 07:16:11.125345: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5570b1dcfa90 Sep 21 07:16:11.125346: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:16:11.125348: "northnet-eastnets/0x2" #6: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:16:11.125351: | event_schedule: new EVENT_RETRANSMIT-pe@0x5570b1dcfa90 Sep 21 07:16:11.125353: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #6 Sep 21 07:16:11.125355: | libevent_malloc: new ptr-libevent@0x5570b1da3ed0 size 128 Sep 21 07:16:11.125358: | #6 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48817.493615 Sep 21 07:16:11.125361: | resume sending helper answer for #6 suppresed complete_v2_state_transition() and stole MD Sep 21 07:16:11.125365: | #6 spent 0.967 milliseconds in resume sending helper answer Sep 21 07:16:11.125368: | stop processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:11.125369: | libevent_free: release ptr-libevent@0x7efd74006900 Sep 21 07:16:11.580638: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:11.580664: shutting down Sep 21 07:16:11.580675: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:16:11.580680: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:16:11.580685: destroying root certificate cache Sep 21 07:16:11.580703: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:11.580706: forgetting secrets Sep 21 07:16:11.580711: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:11.580723: | unreference key: 0x5570b1dad6c0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:11.580729: | unreference key: 0x5570b1dad2b0 user-east@testing.libreswan.org cnt 1-- Sep 21 07:16:11.580733: | unreference key: 0x5570b1daebf0 @east.testing.libreswan.org cnt 1-- Sep 21 07:16:11.580737: | unreference key: 0x5570b1dac6f0 east@testing.libreswan.org cnt 1-- Sep 21 07:16:11.580744: | unreference key: 0x5570b1daeb30 192.1.2.23 cnt 1-- Sep 21 07:16:11.580754: | unreference key: 0x5570b1da7d00 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:11.580759: | unreference key: 0x5570b1da7b30 user-north@testing.libreswan.org cnt 1-- Sep 21 07:16:11.580763: | unreference key: 0x5570b1da3b40 @north.testing.libreswan.org cnt 1-- Sep 21 07:16:11.580768: | start processing: connection "northnet-eastnets/0x2" (in delete_connection() at connections.c:189) Sep 21 07:16:11.580772: | removing pending policy for no connection {0x5570b1db98c0} Sep 21 07:16:11.580775: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:16:11.580777: | pass 0 Sep 21 07:16:11.580780: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:11.580782: | state #6 Sep 21 07:16:11.580793: | suspend processing: connection "northnet-eastnets/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:16:11.580799: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:16:11.580802: | pstats #6 ikev2.ike deleted other Sep 21 07:16:11.580808: | #6 spent 2.06 milliseconds in total Sep 21 07:16:11.580813: | [RE]START processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:11.580817: "northnet-eastnets/0x2" #6: deleting state (STATE_PARENT_I1) aged 0.457s and NOT sending notification Sep 21 07:16:11.580820: | parent state #6: PARENT_I1(half-open IKE SA) => delete Sep 21 07:16:11.580824: | state #6 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:11.580826: | #6 STATE_PARENT_I1: retransmits: cleared Sep 21 07:16:11.580831: | libevent_free: release ptr-libevent@0x5570b1da3ed0 Sep 21 07:16:11.580834: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5570b1dcfa90 Sep 21 07:16:11.580838: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:16:11.580841: | picked newest_isakmp_sa #0 for #6 Sep 21 07:16:11.580843: "northnet-eastnets/0x2" #6: deleting IKE SA for connection 'northnet-eastnets/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:16:11.580847: | add revival: connection 'northnet-eastnets/0x2' added to the list and scheduled for 5 seconds Sep 21 07:16:11.580850: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Sep 21 07:16:11.580857: | stop processing: connection "northnet-eastnets/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:16:11.580860: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:16:11.580863: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:16:11.580865: | State DB: deleting IKEv2 state #6 in PARENT_I1 Sep 21 07:16:11.580869: | parent state #6: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:16:11.580884: | stop processing: state #6 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:11.580889: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:16:11.580892: | pass 1 Sep 21 07:16:11.580894: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:11.580901: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0 Sep 21 07:16:11.580907: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0 Sep 21 07:16:11.580910: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:11.580961: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:11.580972: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:11.580976: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:11.580979: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:11.580987: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:11.580991: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:11.580994: | route owner of "northnet-eastnets/0x2" unrouted: NULL Sep 21 07:16:11.580997: | running updown command "ipsec _updown" for verb unroute Sep 21 07:16:11.581000: | command executing unroute-client Sep 21 07:16:11.581041: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' Sep 21 07:16:11.581045: | popen cmd is 1282 chars long Sep 21 07:16:11.581049: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:16:11.581051: | cmd( 80):ets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Sep 21 07:16:11.581054: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:16:11.581057: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Sep 21 07:16:11.581059: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Sep 21 07:16:11.581062: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TY: Sep 21 07:16:11.581064: | cmd( 480):PE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=: Sep 21 07:16:11.581067: | cmd( 560):Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testin: Sep 21 07:16:11.581070: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Sep 21 07:16:11.581072: | cmd( 720):22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROT: Sep 21 07:16:11.581075: | cmd( 800):OCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI: Sep 21 07:16:11.581077: | cmd( 880):CY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : Sep 21 07:16:11.581080: | cmd( 960):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO: Sep 21 07:16:11.581082: | cmd(1040):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B: Sep 21 07:16:11.581085: | cmd(1120):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I: Sep 21 07:16:11.581087: | cmd(1200):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>: Sep 21 07:16:11.581090: | cmd(1280):&1: Sep 21 07:16:11.596274: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596292: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596297: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596312: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596325: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596339: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596354: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596368: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596382: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596395: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596409: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596425: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596442: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596455: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596468: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596482: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596496: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596510: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596523: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596537: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596550: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596565: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596580: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596594: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596607: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596620: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596635: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596651: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596665: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596678: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596691: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596706: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.596718: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.598288: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.598332: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.598367: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.607171: | flush revival: connection 'northnet-eastnets/0x2' revival flushed Sep 21 07:16:11.607188: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:16:11.607204: | start processing: connection "northnet-eastnets/0x1" (in delete_connection() at connections.c:189) Sep 21 07:16:11.607208: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:16:11.607212: | pass 0 Sep 21 07:16:11.607214: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:11.607217: | pass 1 Sep 21 07:16:11.607220: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:11.607229: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:16:11.607236: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:16:11.607240: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:11.607287: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:11.607299: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:11.607303: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:11.607305: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:11.607310: | route owner of "northnet-eastnets/0x1" unrouted: NULL Sep 21 07:16:11.607313: | running updown command "ipsec _updown" for verb unroute Sep 21 07:16:11.607316: | command executing unroute-client Sep 21 07:16:11.607360: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL Sep 21 07:16:11.607364: | popen cmd is 1280 chars long Sep 21 07:16:11.607367: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:16:11.607370: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Sep 21 07:16:11.607372: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:16:11.607375: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Sep 21 07:16:11.607377: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Sep 21 07:16:11.607380: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Sep 21 07:16:11.607382: | cmd( 480):PE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=: Sep 21 07:16:11.607385: | cmd( 560):Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testin: Sep 21 07:16:11.607387: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Sep 21 07:16:11.607390: | cmd( 720):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Sep 21 07:16:11.607392: | cmd( 800):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY: Sep 21 07:16:11.607394: | cmd( 880):='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Sep 21 07:16:11.607397: | cmd( 960):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Sep 21 07:16:11.607399: | cmd(1040):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Sep 21 07:16:11.607402: | cmd(1120):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Sep 21 07:16:11.607404: | cmd(1200):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:16:11.617362: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617377: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617388: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617403: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617416: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617432: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617445: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617456: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617466: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617477: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617491: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617506: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617520: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617529: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617539: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617548: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617559: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617568: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617576: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617585: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617594: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617604: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617613: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617622: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617635: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617648: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617662: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617677: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617690: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617699: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617716: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617733: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617747: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617930: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617938: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.617947: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:11.623719: | free hp@0x5570b1dac7f0 Sep 21 07:16:11.623737: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list Sep 21 07:16:11.623743: | stop processing: connection "northnet-eastnets/0x1" (in discard_connection() at connections.c:249) Sep 21 07:16:11.623767: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:16:11.623771: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:16:11.623789: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:16:11.623795: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:16:11.623798: shutting down interface eth0/eth0 192.0.3.254:4500 Sep 21 07:16:11.623802: shutting down interface eth0/eth0 192.0.3.254:500 Sep 21 07:16:11.623805: shutting down interface eth1/eth1 192.1.3.33:4500 Sep 21 07:16:11.623809: shutting down interface eth1/eth1 192.1.3.33:500 Sep 21 07:16:11.623813: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:16:11.623822: | libevent_free: release ptr-libevent@0x5570b1da1640 Sep 21 07:16:11.623826: | free_event_entry: release EVENT_NULL-pe@0x5570b1d8aab0 Sep 21 07:16:11.623837: | libevent_free: release ptr-libevent@0x5570b1da1730 Sep 21 07:16:11.623843: | free_event_entry: release EVENT_NULL-pe@0x5570b1da16f0 Sep 21 07:16:11.623850: | libevent_free: release ptr-libevent@0x5570b1da1820 Sep 21 07:16:11.623854: | free_event_entry: release EVENT_NULL-pe@0x5570b1da17e0 Sep 21 07:16:11.623860: | libevent_free: release ptr-libevent@0x5570b1da1910 Sep 21 07:16:11.623863: | free_event_entry: release EVENT_NULL-pe@0x5570b1da18d0 Sep 21 07:16:11.623869: | libevent_free: release ptr-libevent@0x5570b1da1a00 Sep 21 07:16:11.623872: | free_event_entry: release EVENT_NULL-pe@0x5570b1da19c0 Sep 21 07:16:11.623879: | libevent_free: release ptr-libevent@0x5570b1da1af0 Sep 21 07:16:11.623882: | free_event_entry: release EVENT_NULL-pe@0x5570b1da1ab0 Sep 21 07:16:11.623888: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:16:11.624266: | libevent_free: release ptr-libevent@0x5570b1da0e20 Sep 21 07:16:11.624274: | free_event_entry: release EVENT_NULL-pe@0x5570b1d899b0 Sep 21 07:16:11.624279: | libevent_free: release ptr-libevent@0x5570b1d968a0 Sep 21 07:16:11.624282: | free_event_entry: release EVENT_NULL-pe@0x5570b1d89bf0 Sep 21 07:16:11.624286: | libevent_free: release ptr-libevent@0x5570b1d96810 Sep 21 07:16:11.624289: | free_event_entry: release EVENT_NULL-pe@0x5570b1d8f740 Sep 21 07:16:11.624293: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:16:11.624296: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:16:11.624299: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:16:11.624302: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:16:11.624305: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:16:11.624308: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:16:11.624311: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:16:11.624314: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:16:11.624317: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:16:11.624322: | libevent_free: release ptr-libevent@0x5570b1da1000 Sep 21 07:16:11.624325: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:16:11.624329: | libevent_free: release ptr-libevent@0x5570b1da10e0 Sep 21 07:16:11.624332: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:16:11.624336: | libevent_free: release ptr-libevent@0x5570b1da11a0 Sep 21 07:16:11.624339: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:16:11.624342: | libevent_free: release ptr-libevent@0x5570b1d95b10 Sep 21 07:16:11.624345: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:16:11.624348: | releasing event base Sep 21 07:16:11.624361: | libevent_free: release ptr-libevent@0x5570b1da1260 Sep 21 07:16:11.624364: | libevent_free: release ptr-libevent@0x5570b1d3e330 Sep 21 07:16:11.624368: | libevent_free: release ptr-libevent@0x5570b1d84da0 Sep 21 07:16:11.624371: | libevent_free: release ptr-libevent@0x5570b1dbec60 Sep 21 07:16:11.624374: | libevent_free: release ptr-libevent@0x5570b1d84dc0 Sep 21 07:16:11.624378: | libevent_free: release ptr-libevent@0x5570b1da0eb0 Sep 21 07:16:11.624381: | libevent_free: release ptr-libevent@0x5570b1da10a0 Sep 21 07:16:11.624384: | libevent_free: release ptr-libevent@0x5570b1d84f60 Sep 21 07:16:11.624387: | libevent_free: release ptr-libevent@0x5570b1d8f6a0 Sep 21 07:16:11.624390: | libevent_free: release ptr-libevent@0x5570b1d8f680 Sep 21 07:16:11.624393: | libevent_free: release ptr-libevent@0x5570b1da1b80 Sep 21 07:16:11.624396: | libevent_free: release ptr-libevent@0x5570b1da1a90 Sep 21 07:16:11.624399: | libevent_free: release ptr-libevent@0x5570b1da19a0 Sep 21 07:16:11.624402: | libevent_free: release ptr-libevent@0x5570b1da18b0 Sep 21 07:16:11.624405: | libevent_free: release ptr-libevent@0x5570b1da17c0 Sep 21 07:16:11.624408: | libevent_free: release ptr-libevent@0x5570b1da16d0 Sep 21 07:16:11.624411: | libevent_free: release ptr-libevent@0x5570b1d84e50 Sep 21 07:16:11.624414: | libevent_free: release ptr-libevent@0x5570b1da1180 Sep 21 07:16:11.624417: | libevent_free: release ptr-libevent@0x5570b1da10c0 Sep 21 07:16:11.624420: | libevent_free: release ptr-libevent@0x5570b1da0fe0 Sep 21 07:16:11.624425: | libevent_free: release ptr-libevent@0x5570b1da1240 Sep 21 07:16:11.624428: | libevent_free: release ptr-libevent@0x5570b1da0ed0 Sep 21 07:16:11.624431: | libevent_free: release ptr-libevent@0x5570b1d84de0 Sep 21 07:16:11.624434: | libevent_free: release ptr-libevent@0x5570b1d84e10 Sep 21 07:16:11.624437: | libevent_free: release ptr-libevent@0x5570b1d84b00 Sep 21 07:16:11.624440: | releasing global libevent data Sep 21 07:16:11.624443: | libevent_free: release ptr-libevent@0x5570b1d832f0 Sep 21 07:16:11.624447: | libevent_free: release ptr-libevent@0x5570b1d83320 Sep 21 07:16:11.624450: | libevent_free: release ptr-libevent@0x5570b1d84ad0