Sep 21 07:16:06.277053: FIPS Product: YES Sep 21 07:16:06.277092: FIPS Kernel: NO Sep 21 07:16:06.277095: FIPS Mode: NO Sep 21 07:16:06.277098: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:16:06.277279: Initializing NSS Sep 21 07:16:06.277284: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:16:06.366728: NSS initialized Sep 21 07:16:06.366741: NSS crypto library initialized Sep 21 07:16:06.366744: FIPS HMAC integrity support [enabled] Sep 21 07:16:06.366746: FIPS mode disabled for pluto daemon Sep 21 07:16:06.483399: FIPS HMAC integrity verification self-test FAILED Sep 21 07:16:06.483497: libcap-ng support [enabled] Sep 21 07:16:06.483508: Linux audit support [enabled] Sep 21 07:16:06.483537: Linux audit activated Sep 21 07:16:06.483540: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:23802 Sep 21 07:16:06.483543: core dump dir: /tmp Sep 21 07:16:06.483545: secrets file: /etc/ipsec.secrets Sep 21 07:16:06.483547: leak-detective disabled Sep 21 07:16:06.483549: NSS crypto [enabled] Sep 21 07:16:06.483551: XAUTH PAM support [enabled] Sep 21 07:16:06.483624: | libevent is using pluto's memory allocator Sep 21 07:16:06.483630: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:16:06.483643: | libevent_malloc: new ptr-libevent@0x56102a1ba3e0 size 40 Sep 21 07:16:06.483646: | libevent_malloc: new ptr-libevent@0x56102a1ba410 size 40 Sep 21 07:16:06.483649: | libevent_malloc: new ptr-libevent@0x56102a1bbba0 size 40 Sep 21 07:16:06.483651: | creating event base Sep 21 07:16:06.483654: | libevent_malloc: new ptr-libevent@0x56102a1bbb60 size 56 Sep 21 07:16:06.483657: | libevent_malloc: new ptr-libevent@0x56102a1bbbd0 size 664 Sep 21 07:16:06.483670: | libevent_malloc: new ptr-libevent@0x56102a1bbe70 size 24 Sep 21 07:16:06.483674: | libevent_malloc: new ptr-libevent@0x56102a175380 size 384 Sep 21 07:16:06.483684: | libevent_malloc: new ptr-libevent@0x56102a1bbe90 size 16 Sep 21 07:16:06.483687: | libevent_malloc: new ptr-libevent@0x56102a1bbeb0 size 40 Sep 21 07:16:06.483689: | libevent_malloc: new ptr-libevent@0x56102a1bbee0 size 48 Sep 21 07:16:06.483696: | libevent_realloc: new ptr-libevent@0x56102a1bbf20 size 256 Sep 21 07:16:06.483698: | libevent_malloc: new ptr-libevent@0x56102a1bc030 size 16 Sep 21 07:16:06.483705: | libevent_free: release ptr-libevent@0x56102a1bbb60 Sep 21 07:16:06.483709: | libevent initialized Sep 21 07:16:06.483712: | libevent_realloc: new ptr-libevent@0x56102a1bc050 size 64 Sep 21 07:16:06.483716: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:16:06.483728: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:16:06.483731: NAT-Traversal support [enabled] Sep 21 07:16:06.483734: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:16:06.483739: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:16:06.483746: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:16:06.483782: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:16:06.484052: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:16:06.484055: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:16:06.484105: Encryption algorithms: Sep 21 07:16:06.484115: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:16:06.484119: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:16:06.484123: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:16:06.484126: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:16:06.484129: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:16:06.484138: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:16:06.484142: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:16:06.484145: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:16:06.484149: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:16:06.484152: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:16:06.484156: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:16:06.484159: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:16:06.484163: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:16:06.484166: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:16:06.484170: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:16:06.484173: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:16:06.484176: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:16:06.484183: Hash algorithms: Sep 21 07:16:06.484186: MD5 IKEv1: IKE IKEv2: Sep 21 07:16:06.484188: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:16:06.484192: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:16:06.484194: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:16:06.484197: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:16:06.484209: PRF algorithms: Sep 21 07:16:06.484212: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:16:06.484215: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:16:06.484219: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:16:06.484222: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:16:06.484225: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:16:06.484228: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:16:06.484252: Integrity algorithms: Sep 21 07:16:06.484256: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:16:06.484260: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:16:06.484263: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:16:06.484267: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:16:06.484271: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:16:06.484274: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:16:06.484278: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:16:06.484280: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:16:06.484283: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:16:06.484295: DH algorithms: Sep 21 07:16:06.484298: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:16:06.484301: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:16:06.484304: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:16:06.484309: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:16:06.484312: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:16:06.484315: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:16:06.484317: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:16:06.484320: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:16:06.484323: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:16:06.484327: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:16:06.484329: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:16:06.484332: testing CAMELLIA_CBC: Sep 21 07:16:06.484334: Camellia: 16 bytes with 128-bit key Sep 21 07:16:06.484457: Camellia: 16 bytes with 128-bit key Sep 21 07:16:06.484490: Camellia: 16 bytes with 256-bit key Sep 21 07:16:06.484520: Camellia: 16 bytes with 256-bit key Sep 21 07:16:06.484547: testing AES_GCM_16: Sep 21 07:16:06.484551: empty string Sep 21 07:16:06.484578: one block Sep 21 07:16:06.484604: two blocks Sep 21 07:16:06.484629: two blocks with associated data Sep 21 07:16:06.484656: testing AES_CTR: Sep 21 07:16:06.484659: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:16:06.484684: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:16:06.484711: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:16:06.484738: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:16:06.484763: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:16:06.484795: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:16:06.484824: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:16:06.484850: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:16:06.484877: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:16:06.484905: testing AES_CBC: Sep 21 07:16:06.487757: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:16:06.487824: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:16:06.487857: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:16:06.487888: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:16:06.487923: testing AES_XCBC: Sep 21 07:16:06.487926: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:16:06.488049: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:16:06.488179: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:16:06.488307: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:16:06.488435: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:16:06.488562: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:16:06.488693: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:16:06.488993: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:16:06.489124: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:16:06.489262: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:16:06.489500: testing HMAC_MD5: Sep 21 07:16:06.489503: RFC 2104: MD5_HMAC test 1 Sep 21 07:16:06.489678: RFC 2104: MD5_HMAC test 2 Sep 21 07:16:06.489838: RFC 2104: MD5_HMAC test 3 Sep 21 07:16:06.490019: 8 CPU cores online Sep 21 07:16:06.490022: starting up 7 crypto helpers Sep 21 07:16:06.490055: started thread for crypto helper 0 Sep 21 07:16:06.490075: started thread for crypto helper 1 Sep 21 07:16:06.490173: started thread for crypto helper 2 Sep 21 07:16:06.490194: started thread for crypto helper 3 Sep 21 07:16:06.490212: started thread for crypto helper 4 Sep 21 07:16:06.490229: started thread for crypto helper 5 Sep 21 07:16:06.490250: started thread for crypto helper 6 Sep 21 07:16:06.490254: | checking IKEv1 state table Sep 21 07:16:06.490262: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:06.490264: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:16:06.490267: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:06.490270: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:16:06.490272: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:16:06.490275: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:16:06.490277: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:06.490279: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:06.490282: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:16:06.490284: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:16:06.490286: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:06.490289: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:06.490291: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:16:06.490294: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:06.490296: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:06.490298: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:06.490301: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:16:06.490303: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:06.490305: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:06.490307: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:06.490310: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:16:06.490312: | -> UNDEFINED EVENT_NULL Sep 21 07:16:06.490315: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:16:06.490317: | -> UNDEFINED EVENT_NULL Sep 21 07:16:06.490320: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:06.490322: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:16:06.490325: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:06.490327: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:06.490330: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:06.490332: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:16:06.490334: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:06.490337: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:06.490339: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:16:06.490342: | -> UNDEFINED EVENT_NULL Sep 21 07:16:06.490344: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:16:06.490347: | -> UNDEFINED EVENT_NULL Sep 21 07:16:06.490349: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:16:06.490352: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:16:06.490354: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:16:06.490357: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:16:06.490359: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:16:06.490362: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:16:06.490364: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:16:06.490366: | -> UNDEFINED EVENT_NULL Sep 21 07:16:06.490369: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:16:06.490371: | -> UNDEFINED EVENT_NULL Sep 21 07:16:06.490374: | INFO: category: informational flags: 0: Sep 21 07:16:06.490376: | -> UNDEFINED EVENT_NULL Sep 21 07:16:06.490379: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:16:06.490381: | -> UNDEFINED EVENT_NULL Sep 21 07:16:06.490384: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:16:06.490386: | -> XAUTH_R1 EVENT_NULL Sep 21 07:16:06.490389: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:16:06.490391: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:06.490394: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:16:06.490396: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:16:06.490399: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:16:06.490401: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:16:06.490404: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:16:06.490406: | -> UNDEFINED EVENT_NULL Sep 21 07:16:06.490409: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:16:06.490413: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:06.490416: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:16:06.490418: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:16:06.490421: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:16:06.490423: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:16:06.490429: | checking IKEv2 state table Sep 21 07:16:06.490435: | PARENT_I0: category: ignore flags: 0: Sep 21 07:16:06.490438: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:16:06.490441: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:06.490444: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:16:06.490446: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:16:06.490449: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:16:06.490452: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:16:06.490455: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:16:06.490458: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:16:06.490460: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:16:06.490463: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:16:06.490466: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:16:06.490468: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:16:06.490471: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:16:06.490473: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:16:06.490476: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:16:06.490478: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:06.490481: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:16:06.490484: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:16:06.490486: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:16:06.490489: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:16:06.490492: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:16:06.490494: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:16:06.490497: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:16:06.490499: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:16:06.490502: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:16:06.490504: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:16:06.490507: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:16:06.490510: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:16:06.490512: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:16:06.490515: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:16:06.490518: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:06.490521: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:16:06.490524: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:16:06.490526: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:16:06.490529: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:16:06.490532: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:16:06.490535: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:16:06.490537: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:16:06.490543: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:16:06.490546: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:06.490549: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:16:06.490552: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:16:06.490555: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:16:06.490557: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:16:06.490560: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:16:06.490563: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:16:06.490602: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:16:06.490658: | Hard-wiring algorithms Sep 21 07:16:06.490662: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:16:06.490665: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:16:06.490668: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:16:06.490670: | adding 3DES_CBC to kernel algorithm db Sep 21 07:16:06.490672: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:16:06.490675: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:16:06.490677: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:16:06.490679: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:16:06.490682: | adding AES_CTR to kernel algorithm db Sep 21 07:16:06.490684: | adding AES_CBC to kernel algorithm db Sep 21 07:16:06.490686: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:16:06.490689: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:16:06.490691: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:16:06.490694: | adding NULL to kernel algorithm db Sep 21 07:16:06.490696: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:16:06.490699: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:16:06.490701: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:16:06.490704: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:16:06.490706: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:16:06.490709: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:16:06.490711: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:16:06.490713: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:16:06.490716: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:16:06.490718: | adding NONE to kernel algorithm db Sep 21 07:16:06.490737: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:16:06.490743: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:16:06.490746: | setup kernel fd callback Sep 21 07:16:06.490749: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x56102a1c6810 Sep 21 07:16:06.490752: | libevent_malloc: new ptr-libevent@0x56102a1cd7e0 size 128 Sep 21 07:16:06.490755: | libevent_malloc: new ptr-libevent@0x56102a1c6770 size 16 Sep 21 07:16:06.490761: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x56102a1c0cc0 Sep 21 07:16:06.490764: | libevent_malloc: new ptr-libevent@0x56102a1cd870 size 128 Sep 21 07:16:06.490766: | libevent_malloc: new ptr-libevent@0x56102a1c6750 size 16 Sep 21 07:16:06.491012: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:16:06.491021: selinux support is enabled. Sep 21 07:16:06.491094: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:16:06.491366: | unbound context created - setting debug level to 5 Sep 21 07:16:06.491399: | /etc/hosts lookups activated Sep 21 07:16:06.491414: | /etc/resolv.conf usage activated Sep 21 07:16:06.491479: | outgoing-port-avoid set 0-65535 Sep 21 07:16:06.491509: | outgoing-port-permit set 32768-60999 Sep 21 07:16:06.491512: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:16:06.491515: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:16:06.491518: | Setting up events, loop start Sep 21 07:16:06.491521: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x56102a1c0a80 Sep 21 07:16:06.491528: | libevent_malloc: new ptr-libevent@0x56102a1d7df0 size 128 Sep 21 07:16:06.491531: | libevent_malloc: new ptr-libevent@0x56102a1d7e80 size 16 Sep 21 07:16:06.491537: | libevent_realloc: new ptr-libevent@0x56102a1d7ea0 size 256 Sep 21 07:16:06.491539: | libevent_malloc: new ptr-libevent@0x56102a1d7fb0 size 8 Sep 21 07:16:06.491542: | libevent_realloc: new ptr-libevent@0x56102a1ccbe0 size 144 Sep 21 07:16:06.491545: | libevent_malloc: new ptr-libevent@0x56102a1d7fd0 size 152 Sep 21 07:16:06.491548: | libevent_malloc: new ptr-libevent@0x56102a1d8070 size 16 Sep 21 07:16:06.491552: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:16:06.491555: | libevent_malloc: new ptr-libevent@0x56102a1d8090 size 8 Sep 21 07:16:06.491558: | libevent_malloc: new ptr-libevent@0x56102a1d80b0 size 152 Sep 21 07:16:06.491561: | signal event handler PLUTO_SIGTERM installed Sep 21 07:16:06.491563: | libevent_malloc: new ptr-libevent@0x56102a1d8150 size 8 Sep 21 07:16:06.491566: | libevent_malloc: new ptr-libevent@0x56102a1d8170 size 152 Sep 21 07:16:06.491568: | signal event handler PLUTO_SIGHUP installed Sep 21 07:16:06.491571: | libevent_malloc: new ptr-libevent@0x56102a1d8210 size 8 Sep 21 07:16:06.491573: | libevent_realloc: release ptr-libevent@0x56102a1ccbe0 Sep 21 07:16:06.491576: | libevent_realloc: new ptr-libevent@0x56102a1d8230 size 256 Sep 21 07:16:06.491579: | libevent_malloc: new ptr-libevent@0x56102a1ccbe0 size 152 Sep 21 07:16:06.491582: | signal event handler PLUTO_SIGSYS installed Sep 21 07:16:06.491954: | created addconn helper (pid:24000) using fork+execve Sep 21 07:16:06.491968: | forked child 24000 Sep 21 07:16:06.492008: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:06.492026: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:06.492034: listening for IKE messages Sep 21 07:16:06.492085: | Inspecting interface lo Sep 21 07:16:06.492092: | found lo with address 127.0.0.1 Sep 21 07:16:06.492094: | Inspecting interface eth0 Sep 21 07:16:06.492098: | found eth0 with address 192.0.2.254 Sep 21 07:16:06.492103: | Inspecting interface eth1 Sep 21 07:16:06.492106: | found eth1 with address 192.1.2.23 Sep 21 07:16:06.492156: Kernel supports NIC esp-hw-offload Sep 21 07:16:06.492175: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Sep 21 07:16:06.492207: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:06.492213: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:06.492217: adding interface eth1/eth1 192.1.2.23:4500 Sep 21 07:16:06.492251: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Sep 21 07:16:06.492283: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:06.492288: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:06.492292: adding interface eth0/eth0 192.0.2.254:4500 Sep 21 07:16:06.492325: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:16:06.492355: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:06.492360: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:06.492363: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:16:06.492417: | no interfaces to sort Sep 21 07:16:06.492422: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:16:06.492430: | add_fd_read_event_handler: new ethX-pe@0x56102a1c1b80 Sep 21 07:16:06.492433: | libevent_malloc: new ptr-libevent@0x56102a1d8610 size 128 Sep 21 07:16:06.492436: | libevent_malloc: new ptr-libevent@0x56102a1d86a0 size 16 Sep 21 07:16:06.492442: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:16:06.492445: | add_fd_read_event_handler: new ethX-pe@0x56102a1d86c0 Sep 21 07:16:06.492448: | libevent_malloc: new ptr-libevent@0x56102a1d8700 size 128 Sep 21 07:16:06.492450: | libevent_malloc: new ptr-libevent@0x56102a1d8790 size 16 Sep 21 07:16:06.492456: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:16:06.492459: | add_fd_read_event_handler: new ethX-pe@0x56102a1d87b0 Sep 21 07:16:06.492461: | libevent_malloc: new ptr-libevent@0x56102a1d87f0 size 128 Sep 21 07:16:06.492463: | libevent_malloc: new ptr-libevent@0x56102a1d8880 size 16 Sep 21 07:16:06.492467: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:16:06.492469: | add_fd_read_event_handler: new ethX-pe@0x56102a1d88a0 Sep 21 07:16:06.492472: | libevent_malloc: new ptr-libevent@0x56102a1d88e0 size 128 Sep 21 07:16:06.492474: | libevent_malloc: new ptr-libevent@0x56102a1d8970 size 16 Sep 21 07:16:06.492478: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:16:06.492481: | add_fd_read_event_handler: new ethX-pe@0x56102a1d8990 Sep 21 07:16:06.492483: | libevent_malloc: new ptr-libevent@0x56102a1d89d0 size 128 Sep 21 07:16:06.492486: | libevent_malloc: new ptr-libevent@0x56102a1d8a60 size 16 Sep 21 07:16:06.492490: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:16:06.492493: | add_fd_read_event_handler: new ethX-pe@0x56102a1d8a80 Sep 21 07:16:06.492495: | libevent_malloc: new ptr-libevent@0x56102a1d8ac0 size 128 Sep 21 07:16:06.492498: | libevent_malloc: new ptr-libevent@0x56102a1d8b50 size 16 Sep 21 07:16:06.492502: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:16:06.492508: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:06.492510: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:06.492529: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:06.492554: | saving Modulus Sep 21 07:16:06.492559: | saving PublicExponent Sep 21 07:16:06.492563: | ignoring PrivateExponent Sep 21 07:16:06.492566: | ignoring Prime1 Sep 21 07:16:06.492569: | ignoring Prime2 Sep 21 07:16:06.492572: | ignoring Exponent1 Sep 21 07:16:06.492575: | ignoring Exponent2 Sep 21 07:16:06.492577: | ignoring Coefficient Sep 21 07:16:06.492580: | ignoring CKAIDNSS Sep 21 07:16:06.492621: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:16:06.492625: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:16:06.492628: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Sep 21 07:16:06.492640: | certs and keys locked by 'process_secret' Sep 21 07:16:06.492646: | certs and keys unlocked by 'process_secret' Sep 21 07:16:06.492651: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:06.493799: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:06.493812: | spent 0.615 milliseconds in whack Sep 21 07:16:06.494815: | starting up helper thread 1 Sep 21 07:16:06.494828: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:16:06.494834: | crypto helper 1 waiting (nothing to do) Sep 21 07:16:06.494846: | starting up helper thread 0 Sep 21 07:16:06.494851: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:16:06.494853: | crypto helper 0 waiting (nothing to do) Sep 21 07:16:06.494865: | starting up helper thread 4 Sep 21 07:16:06.494870: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:16:06.494873: | crypto helper 4 waiting (nothing to do) Sep 21 07:16:06.494882: | starting up helper thread 3 Sep 21 07:16:06.494888: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:16:06.494890: | crypto helper 3 waiting (nothing to do) Sep 21 07:16:06.494899: | starting up helper thread 2 Sep 21 07:16:06.494903: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:16:06.494905: | crypto helper 2 waiting (nothing to do) Sep 21 07:16:06.501809: | starting up helper thread 5 Sep 21 07:16:06.501827: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:16:06.501831: | crypto helper 5 waiting (nothing to do) Sep 21 07:16:06.501843: | starting up helper thread 6 Sep 21 07:16:06.501848: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:16:06.501855: | crypto helper 6 waiting (nothing to do) Sep 21 07:16:06.586490: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:06.586523: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:06.586529: listening for IKE messages Sep 21 07:16:06.586561: | Inspecting interface lo Sep 21 07:16:06.586568: | found lo with address 127.0.0.1 Sep 21 07:16:06.586571: | Inspecting interface eth0 Sep 21 07:16:06.586575: | found eth0 with address 192.0.2.254 Sep 21 07:16:06.586577: | Inspecting interface eth1 Sep 21 07:16:06.586581: | found eth1 with address 192.1.2.23 Sep 21 07:16:06.586634: | no interfaces to sort Sep 21 07:16:06.586642: | libevent_free: release ptr-libevent@0x56102a1d8610 Sep 21 07:16:06.586645: | free_event_entry: release EVENT_NULL-pe@0x56102a1c1b80 Sep 21 07:16:06.586648: | add_fd_read_event_handler: new ethX-pe@0x56102a1c1b80 Sep 21 07:16:06.586652: | libevent_malloc: new ptr-libevent@0x56102a1d8610 size 128 Sep 21 07:16:06.586659: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:16:06.586663: | libevent_free: release ptr-libevent@0x56102a1d8700 Sep 21 07:16:06.586665: | free_event_entry: release EVENT_NULL-pe@0x56102a1d86c0 Sep 21 07:16:06.586668: | add_fd_read_event_handler: new ethX-pe@0x56102a1d86c0 Sep 21 07:16:06.586670: | libevent_malloc: new ptr-libevent@0x56102a1d8700 size 128 Sep 21 07:16:06.586675: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:16:06.586678: | libevent_free: release ptr-libevent@0x56102a1d87f0 Sep 21 07:16:06.586681: | free_event_entry: release EVENT_NULL-pe@0x56102a1d87b0 Sep 21 07:16:06.586683: | add_fd_read_event_handler: new ethX-pe@0x56102a1d87b0 Sep 21 07:16:06.586686: | libevent_malloc: new ptr-libevent@0x56102a1d87f0 size 128 Sep 21 07:16:06.586691: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:16:06.586694: | libevent_free: release ptr-libevent@0x56102a1d88e0 Sep 21 07:16:06.586697: | free_event_entry: release EVENT_NULL-pe@0x56102a1d88a0 Sep 21 07:16:06.586699: | add_fd_read_event_handler: new ethX-pe@0x56102a1d88a0 Sep 21 07:16:06.586701: | libevent_malloc: new ptr-libevent@0x56102a1d88e0 size 128 Sep 21 07:16:06.586706: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:16:06.586709: | libevent_free: release ptr-libevent@0x56102a1d89d0 Sep 21 07:16:06.586712: | free_event_entry: release EVENT_NULL-pe@0x56102a1d8990 Sep 21 07:16:06.586714: | add_fd_read_event_handler: new ethX-pe@0x56102a1d8990 Sep 21 07:16:06.586716: | libevent_malloc: new ptr-libevent@0x56102a1d89d0 size 128 Sep 21 07:16:06.586721: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:16:06.586725: | libevent_free: release ptr-libevent@0x56102a1d8ac0 Sep 21 07:16:06.586727: | free_event_entry: release EVENT_NULL-pe@0x56102a1d8a80 Sep 21 07:16:06.586730: | add_fd_read_event_handler: new ethX-pe@0x56102a1d8a80 Sep 21 07:16:06.586732: | libevent_malloc: new ptr-libevent@0x56102a1d8ac0 size 128 Sep 21 07:16:06.586737: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:16:06.586740: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:06.586742: forgetting secrets Sep 21 07:16:06.586749: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:06.586763: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:06.586777: | saving Modulus Sep 21 07:16:06.586780: | saving PublicExponent Sep 21 07:16:06.586788: | ignoring PrivateExponent Sep 21 07:16:06.586794: | ignoring Prime1 Sep 21 07:16:06.586797: | ignoring Prime2 Sep 21 07:16:06.586800: | ignoring Exponent1 Sep 21 07:16:06.586803: | ignoring Exponent2 Sep 21 07:16:06.586806: | ignoring Coefficient Sep 21 07:16:06.586809: | ignoring CKAIDNSS Sep 21 07:16:06.586830: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:16:06.586833: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:16:06.586837: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Sep 21 07:16:06.586841: | certs and keys locked by 'process_secret' Sep 21 07:16:06.586849: | certs and keys unlocked by 'process_secret' Sep 21 07:16:06.586854: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:06.586860: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:06.586868: | spent 0.374 milliseconds in whack Sep 21 07:16:06.587422: | processing signal PLUTO_SIGCHLD Sep 21 07:16:06.587434: | waitpid returned pid 24000 (exited with status 0) Sep 21 07:16:06.587437: | reaped addconn helper child (status 0) Sep 21 07:16:06.587441: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:06.587446: | spent 0.0158 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:06.682299: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:06.682330: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:06.682334: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:06.682337: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:06.682339: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:06.682343: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:06.682350: | Added new connection northnet-eastnet-ipv4 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:06.682353: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:16:06.682408: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:16:06.682411: | from whack: got --esp= Sep 21 07:16:06.682447: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:16:06.682452: | counting wild cards for @north is 0 Sep 21 07:16:06.682455: | counting wild cards for @east is 0 Sep 21 07:16:06.682466: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Sep 21 07:16:06.682469: | new hp@0x56102a1ba330 Sep 21 07:16:06.682474: added connection description "northnet-eastnet-ipv4" Sep 21 07:16:06.682482: | ike_life: 50s; ipsec_life: 180s; rekey_margin: 5s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:06.682494: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.3.33<192.1.3.33>[@north]===192.0.3.0/24 Sep 21 07:16:06.682500: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:06.682507: | spent 0.212 milliseconds in whack Sep 21 07:16:06.682729: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:06.682743: add keyid @north Sep 21 07:16:06.682747: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Sep 21 07:16:06.682750: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Sep 21 07:16:06.682752: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Sep 21 07:16:06.682754: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Sep 21 07:16:06.682757: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Sep 21 07:16:06.682759: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Sep 21 07:16:06.682761: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Sep 21 07:16:06.682763: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Sep 21 07:16:06.682766: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Sep 21 07:16:06.682768: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Sep 21 07:16:06.682770: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Sep 21 07:16:06.682772: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Sep 21 07:16:06.682779: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Sep 21 07:16:06.682781: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Sep 21 07:16:06.682793: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Sep 21 07:16:06.682795: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Sep 21 07:16:06.682797: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Sep 21 07:16:06.682799: | add pubkey c7 5e a5 99 Sep 21 07:16:06.682824: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:06.682827: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:16:06.682833: | keyid: *AQPl33O2P Sep 21 07:16:06.682836: | n e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Sep 21 07:16:06.682838: | n 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Sep 21 07:16:06.682840: | n 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Sep 21 07:16:06.682842: | n 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Sep 21 07:16:06.682845: | n b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Sep 21 07:16:06.682847: | n 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Sep 21 07:16:06.682849: | n 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Sep 21 07:16:06.682852: | n 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Sep 21 07:16:06.682854: | n 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Sep 21 07:16:06.682856: | n 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Sep 21 07:16:06.682858: | n 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Sep 21 07:16:06.682861: | n 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Sep 21 07:16:06.682863: | n 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Sep 21 07:16:06.682865: | n 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Sep 21 07:16:06.682867: | n 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Sep 21 07:16:06.682869: | n d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Sep 21 07:16:06.682871: | n 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Sep 21 07:16:06.682873: | n a5 99 Sep 21 07:16:06.682875: | e 03 Sep 21 07:16:06.682877: | CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:06.682879: | CKAID 88 aa 7c 5d Sep 21 07:16:06.682889: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:06.682894: | spent 0.166 milliseconds in whack Sep 21 07:16:06.682964: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:06.682979: add keyid @east Sep 21 07:16:06.682983: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:16:06.682985: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:16:06.682988: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:16:06.682990: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:16:06.682993: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:16:06.682995: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:16:06.682997: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:16:06.683000: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:16:06.683002: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:16:06.683004: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:16:06.683007: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:16:06.683009: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:16:06.683011: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:16:06.683014: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:16:06.683016: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:16:06.683018: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:16:06.683025: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:16:06.683027: | add pubkey 51 51 48 ef Sep 21 07:16:06.683039: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:16:06.683042: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:16:06.683046: | keyid: *AQO9bJbr3 Sep 21 07:16:06.683048: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:16:06.683051: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:16:06.683053: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:16:06.683055: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:16:06.683058: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:16:06.683063: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:16:06.683065: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:16:06.683068: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:16:06.683070: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:16:06.683072: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:16:06.683075: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:16:06.683077: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:16:06.683079: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:16:06.683082: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:16:06.683084: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:16:06.683086: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:16:06.683089: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:16:06.683091: | n 48 ef Sep 21 07:16:06.683093: | e 03 Sep 21 07:16:06.683095: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:16:06.683098: | CKAID 8a 82 25 f1 Sep 21 07:16:06.683103: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:06.683108: | spent 0.143 milliseconds in whack Sep 21 07:16:06.818455: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:06.818652: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:06.818659: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:06.818716: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:16:06.818727: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:06.818733: | spent 0.289 milliseconds in whack Sep 21 07:16:09.416191: | spent 0.00281 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:09.416218: | *received 828 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:16:09.416221: | 2e c9 d4 ef 11 8f 29 e7 00 00 00 00 00 00 00 00 Sep 21 07:16:09.416224: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:16:09.416226: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:16:09.416228: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:16:09.416231: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:16:09.416233: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:16:09.416235: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:16:09.416238: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:16:09.416240: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:16:09.416242: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:16:09.416244: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:16:09.416247: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:16:09.416249: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:16:09.416251: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:16:09.416253: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:16:09.416256: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:16:09.416258: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:16:09.416263: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:16:09.416265: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:16:09.416267: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:16:09.416270: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:16:09.416272: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:16:09.416274: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:16:09.416276: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:16:09.416279: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:16:09.416281: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:16:09.416283: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:16:09.416285: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:16:09.416288: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:16:09.416290: | 28 00 01 08 00 0e 00 00 6f b5 71 63 18 3b 70 b4 Sep 21 07:16:09.416292: | 3f c0 79 08 57 c6 92 1a b1 ba 03 41 9a c7 c0 11 Sep 21 07:16:09.416295: | ac cc e2 0b ee d6 69 5d d3 f8 d0 d5 52 29 eb 3b Sep 21 07:16:09.416297: | a7 b2 c3 02 15 81 50 46 7c e7 fd 1f a0 d5 a3 50 Sep 21 07:16:09.416299: | ca 71 4b 1f 28 c2 d3 77 cc 1c 17 8c 46 b2 05 7b Sep 21 07:16:09.416301: | 6a fa 04 4f 35 c8 06 b2 16 1e c4 85 80 43 68 78 Sep 21 07:16:09.416304: | 0b c2 ba cb 48 d9 2e e1 82 80 46 5d 96 56 e2 65 Sep 21 07:16:09.416306: | a9 3c 1f 26 c9 34 f7 99 14 bd 09 ed d1 bd ed 4b Sep 21 07:16:09.416308: | 0b b6 76 be 1d 05 f6 00 7a 25 19 27 69 3a 11 52 Sep 21 07:16:09.416311: | c0 fe 2b 1a 7a 44 99 ee 80 5b d7 94 5d 00 34 67 Sep 21 07:16:09.416313: | f7 bc c7 9e 60 de 28 dd db 72 6c 91 cd e0 af 7d Sep 21 07:16:09.416315: | 1d b6 c2 a6 6d 06 ae 96 e0 c0 3e f5 5a a9 ca 26 Sep 21 07:16:09.416317: | b6 80 23 38 d1 d5 32 a3 f1 15 5d 99 27 01 a9 a7 Sep 21 07:16:09.416320: | 58 92 64 40 39 c9 ce e4 20 fd b5 be b0 9f 24 f7 Sep 21 07:16:09.416322: | 3b 75 4a 08 73 a1 84 59 ef 3e 69 34 a3 16 8a 4e Sep 21 07:16:09.416324: | fb 25 46 3e 66 c9 cc 43 fa b3 73 88 b9 eb 2b ea Sep 21 07:16:09.416326: | e4 21 9e 01 73 9b f0 90 29 00 00 24 45 7d d1 e5 Sep 21 07:16:09.416329: | 0b c8 27 86 69 26 12 19 c4 aa 00 9e 56 6e c2 c4 Sep 21 07:16:09.416331: | 0f 01 97 52 d7 04 15 f1 98 10 1c 1e 29 00 00 08 Sep 21 07:16:09.416333: | 00 00 40 2e 29 00 00 1c 00 00 40 04 1a d6 81 5c Sep 21 07:16:09.416335: | 84 43 e9 2c 92 95 21 f7 1f 56 b3 68 bb b1 19 aa Sep 21 07:16:09.416338: | 00 00 00 1c 00 00 40 05 cd a9 a8 49 7d f2 9d be Sep 21 07:16:09.416340: | 24 ff 60 22 7b 67 7f 7e 01 13 fd 84 Sep 21 07:16:09.416347: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:16:09.416351: | **parse ISAKMP Message: Sep 21 07:16:09.416353: | initiator cookie: Sep 21 07:16:09.416356: | 2e c9 d4 ef 11 8f 29 e7 Sep 21 07:16:09.416358: | responder cookie: Sep 21 07:16:09.416360: | 00 00 00 00 00 00 00 00 Sep 21 07:16:09.416363: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:09.416366: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:09.416368: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:09.416371: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:09.416373: | Message ID: 0 (0x0) Sep 21 07:16:09.416376: | length: 828 (0x33c) Sep 21 07:16:09.416378: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:16:09.416386: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Sep 21 07:16:09.416390: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Sep 21 07:16:09.416393: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:09.416397: | ***parse IKEv2 Security Association Payload: Sep 21 07:16:09.416399: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:16:09.416401: | flags: none (0x0) Sep 21 07:16:09.416406: | length: 436 (0x1b4) Sep 21 07:16:09.416408: | processing payload: ISAKMP_NEXT_v2SA (len=432) Sep 21 07:16:09.416411: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:16:09.416413: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:16:09.416416: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:16:09.416418: | flags: none (0x0) Sep 21 07:16:09.416420: | length: 264 (0x108) Sep 21 07:16:09.416423: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:09.416425: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:16:09.416427: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:16:09.416430: | ***parse IKEv2 Nonce Payload: Sep 21 07:16:09.416432: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:09.416434: | flags: none (0x0) Sep 21 07:16:09.416437: | length: 36 (0x24) Sep 21 07:16:09.416439: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:16:09.416441: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:09.416444: | ***parse IKEv2 Notify Payload: Sep 21 07:16:09.416446: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:09.416449: | flags: none (0x0) Sep 21 07:16:09.416451: | length: 8 (0x8) Sep 21 07:16:09.416453: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:09.416456: | SPI size: 0 (0x0) Sep 21 07:16:09.416459: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:09.416461: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:16:09.416463: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:09.416466: | ***parse IKEv2 Notify Payload: Sep 21 07:16:09.416468: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:09.416470: | flags: none (0x0) Sep 21 07:16:09.416473: | length: 28 (0x1c) Sep 21 07:16:09.416475: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:09.416477: | SPI size: 0 (0x0) Sep 21 07:16:09.416480: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:09.416482: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:09.416484: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:09.416487: | ***parse IKEv2 Notify Payload: Sep 21 07:16:09.416489: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:09.416491: | flags: none (0x0) Sep 21 07:16:09.416493: | length: 28 (0x1c) Sep 21 07:16:09.416496: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:09.416498: | SPI size: 0 (0x0) Sep 21 07:16:09.416500: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:09.416503: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:09.416505: | DDOS disabled and no cookie sent, continuing Sep 21 07:16:09.416511: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:16:09.416516: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:16:09.416520: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:16:09.416523: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnet-ipv4) Sep 21 07:16:09.416526: | find_next_host_connection returns empty Sep 21 07:16:09.416530: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:16:09.416533: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:16:09.416535: | find_next_host_connection returns empty Sep 21 07:16:09.416539: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Sep 21 07:16:09.416544: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Sep 21 07:16:09.416548: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:16:09.416551: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:16:09.416554: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnet-ipv4) Sep 21 07:16:09.416558: | find_next_host_connection returns northnet-eastnet-ipv4 Sep 21 07:16:09.416561: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:16:09.416563: | find_next_host_connection returns empty Sep 21 07:16:09.416566: | found connection: northnet-eastnet-ipv4 with policy RSASIG+IKEV2_ALLOW Sep 21 07:16:09.416586: | creating state object #1 at 0x56102a1dbf40 Sep 21 07:16:09.416590: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:16:09.416597: | pstats #1 ikev2.ike started Sep 21 07:16:09.416600: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:16:09.416604: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Sep 21 07:16:09.416609: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:09.416618: | start processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:09.416622: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:16:09.416626: | [RE]START processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:16:09.416629: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:16:09.416633: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Sep 21 07:16:09.416638: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:16:09.416641: | #1 in state PARENT_R0: processing SA_INIT request Sep 21 07:16:09.416643: | selected state microcode Respond to IKE_SA_INIT Sep 21 07:16:09.416646: | Now let's proceed with state specific processing Sep 21 07:16:09.416648: | calling processor Respond to IKE_SA_INIT Sep 21 07:16:09.416654: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:16:09.416657: | constructing local IKE proposals for northnet-eastnet-ipv4 (IKE SA responder matching remote proposals) Sep 21 07:16:09.416665: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:09.416673: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:09.416677: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:09.416682: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:09.416686: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:09.416691: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:09.416695: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:09.416701: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:09.416712: "northnet-eastnet-ipv4": constructed local IKE proposals for northnet-eastnet-ipv4 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:09.416718: | Comparing remote proposals against IKE responder 4 local proposals Sep 21 07:16:09.416721: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:09.416723: | local proposal 1 type PRF has 2 transforms Sep 21 07:16:09.416726: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:09.416728: | local proposal 1 type DH has 8 transforms Sep 21 07:16:09.416731: | local proposal 1 type ESN has 0 transforms Sep 21 07:16:09.416734: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:16:09.416736: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:09.416739: | local proposal 2 type PRF has 2 transforms Sep 21 07:16:09.416741: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:09.416743: | local proposal 2 type DH has 8 transforms Sep 21 07:16:09.416746: | local proposal 2 type ESN has 0 transforms Sep 21 07:16:09.416749: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:16:09.416751: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:09.416753: | local proposal 3 type PRF has 2 transforms Sep 21 07:16:09.416756: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:09.416758: | local proposal 3 type DH has 8 transforms Sep 21 07:16:09.416761: | local proposal 3 type ESN has 0 transforms Sep 21 07:16:09.416764: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:16:09.416766: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:09.416768: | local proposal 4 type PRF has 2 transforms Sep 21 07:16:09.416771: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:09.416773: | local proposal 4 type DH has 8 transforms Sep 21 07:16:09.416776: | local proposal 4 type ESN has 0 transforms Sep 21 07:16:09.416779: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:16:09.416781: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:09.416790: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:09.416793: | length: 100 (0x64) Sep 21 07:16:09.416795: | prop #: 1 (0x1) Sep 21 07:16:09.416798: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:09.416800: | spi size: 0 (0x0) Sep 21 07:16:09.416803: | # transforms: 11 (0xb) Sep 21 07:16:09.416806: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:16:09.416822: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.416824: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.416826: | length: 12 (0xc) Sep 21 07:16:09.416829: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:09.416831: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:09.416834: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:09.416837: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:09.416839: | length/value: 256 (0x100) Sep 21 07:16:09.416843: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:09.416846: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.416848: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.416851: | length: 8 (0x8) Sep 21 07:16:09.416853: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:09.416855: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:09.416859: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:16:09.416862: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Sep 21 07:16:09.416865: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Sep 21 07:16:09.416870: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Sep 21 07:16:09.416887: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.416890: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.416892: | length: 8 (0x8) Sep 21 07:16:09.416894: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:09.416897: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:09.416899: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.416902: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.416904: | length: 8 (0x8) Sep 21 07:16:09.416906: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.416909: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:09.416912: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:16:09.416915: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Sep 21 07:16:09.416918: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Sep 21 07:16:09.416921: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Sep 21 07:16:09.416924: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.416926: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.416928: | length: 8 (0x8) Sep 21 07:16:09.416931: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.416933: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:09.416936: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.416938: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.416940: | length: 8 (0x8) Sep 21 07:16:09.416943: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.416945: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:09.416948: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.416950: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.416952: | length: 8 (0x8) Sep 21 07:16:09.416955: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.416957: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:09.416960: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.416962: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.416964: | length: 8 (0x8) Sep 21 07:16:09.416967: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.416969: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:09.416972: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.416974: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.416976: | length: 8 (0x8) Sep 21 07:16:09.416979: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.416981: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:09.416984: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.416987: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.416989: | length: 8 (0x8) Sep 21 07:16:09.416991: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.416994: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:09.416996: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.416999: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:09.417001: | length: 8 (0x8) Sep 21 07:16:09.417003: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417006: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:09.417010: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:16:09.417014: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:16:09.417017: | remote proposal 1 matches local proposal 1 Sep 21 07:16:09.417021: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:09.417023: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:09.417025: | length: 100 (0x64) Sep 21 07:16:09.417027: | prop #: 2 (0x2) Sep 21 07:16:09.417030: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:09.417032: | spi size: 0 (0x0) Sep 21 07:16:09.417034: | # transforms: 11 (0xb) Sep 21 07:16:09.417038: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:16:09.417040: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417042: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417045: | length: 12 (0xc) Sep 21 07:16:09.417048: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:09.417050: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:09.417052: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:09.417055: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:09.417057: | length/value: 128 (0x80) Sep 21 07:16:09.417060: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417063: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417065: | length: 8 (0x8) Sep 21 07:16:09.417067: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:09.417069: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:09.417072: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417074: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417077: | length: 8 (0x8) Sep 21 07:16:09.417079: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:09.417081: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:09.417084: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417086: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417089: | length: 8 (0x8) Sep 21 07:16:09.417091: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417093: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:09.417096: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417099: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417101: | length: 8 (0x8) Sep 21 07:16:09.417103: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417105: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:09.417108: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417110: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417113: | length: 8 (0x8) Sep 21 07:16:09.417115: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417118: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:09.417120: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417123: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417125: | length: 8 (0x8) Sep 21 07:16:09.417127: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417130: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:09.417132: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417135: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417137: | length: 8 (0x8) Sep 21 07:16:09.417139: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417142: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:09.417144: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417147: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417149: | length: 8 (0x8) Sep 21 07:16:09.417151: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417154: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:09.417156: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417159: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417161: | length: 8 (0x8) Sep 21 07:16:09.417163: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417167: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:09.417170: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417172: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:09.417175: | length: 8 (0x8) Sep 21 07:16:09.417177: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417180: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:09.417183: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Sep 21 07:16:09.417186: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Sep 21 07:16:09.417189: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:09.417191: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:09.417193: | length: 116 (0x74) Sep 21 07:16:09.417196: | prop #: 3 (0x3) Sep 21 07:16:09.417198: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:09.417200: | spi size: 0 (0x0) Sep 21 07:16:09.417202: | # transforms: 13 (0xd) Sep 21 07:16:09.417206: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:16:09.417208: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417210: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417213: | length: 12 (0xc) Sep 21 07:16:09.417215: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:09.417217: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:09.417220: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:09.417222: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:09.417225: | length/value: 256 (0x100) Sep 21 07:16:09.417227: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417230: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417232: | length: 8 (0x8) Sep 21 07:16:09.417234: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:09.417237: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:09.417239: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417242: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417244: | length: 8 (0x8) Sep 21 07:16:09.417247: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:09.417249: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:09.417252: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417254: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417256: | length: 8 (0x8) Sep 21 07:16:09.417259: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:09.417261: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:09.417264: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417266: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417268: | length: 8 (0x8) Sep 21 07:16:09.417271: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:09.417273: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:09.417276: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417278: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417280: | length: 8 (0x8) Sep 21 07:16:09.417283: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417285: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:09.417288: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417290: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417292: | length: 8 (0x8) Sep 21 07:16:09.417295: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417297: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:09.417300: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417302: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417304: | length: 8 (0x8) Sep 21 07:16:09.417307: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417309: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:09.417312: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417315: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417318: | length: 8 (0x8) Sep 21 07:16:09.417320: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417322: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:09.417325: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417327: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417330: | length: 8 (0x8) Sep 21 07:16:09.417332: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417334: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:09.417337: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417339: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417341: | length: 8 (0x8) Sep 21 07:16:09.417344: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417346: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:09.417349: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417351: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417354: | length: 8 (0x8) Sep 21 07:16:09.417356: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417358: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:09.417361: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417363: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:09.417366: | length: 8 (0x8) Sep 21 07:16:09.417368: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417370: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:09.417374: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:16:09.417377: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:16:09.417379: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:09.417382: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:09.417384: | length: 116 (0x74) Sep 21 07:16:09.417386: | prop #: 4 (0x4) Sep 21 07:16:09.417389: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:09.417391: | spi size: 0 (0x0) Sep 21 07:16:09.417393: | # transforms: 13 (0xd) Sep 21 07:16:09.417396: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:16:09.417399: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417401: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417403: | length: 12 (0xc) Sep 21 07:16:09.417406: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:09.417409: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:09.417411: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:09.417413: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:09.417416: | length/value: 128 (0x80) Sep 21 07:16:09.417418: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417421: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417423: | length: 8 (0x8) Sep 21 07:16:09.417425: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:09.417428: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:09.417430: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417433: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417435: | length: 8 (0x8) Sep 21 07:16:09.417437: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:09.417440: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:09.417442: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417445: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417447: | length: 8 (0x8) Sep 21 07:16:09.417449: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:09.417452: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:09.417454: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417457: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417460: | length: 8 (0x8) Sep 21 07:16:09.417463: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:09.417465: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:09.417468: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417470: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417472: | length: 8 (0x8) Sep 21 07:16:09.417475: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417477: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:09.417480: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417482: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417484: | length: 8 (0x8) Sep 21 07:16:09.417487: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417489: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:09.417492: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417494: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417496: | length: 8 (0x8) Sep 21 07:16:09.417498: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417501: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:09.417504: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417506: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417508: | length: 8 (0x8) Sep 21 07:16:09.417511: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417513: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:09.417516: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417518: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417520: | length: 8 (0x8) Sep 21 07:16:09.417523: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417525: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:09.417528: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417530: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417532: | length: 8 (0x8) Sep 21 07:16:09.417535: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417537: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:09.417540: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417542: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.417545: | length: 8 (0x8) Sep 21 07:16:09.417548: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417550: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:09.417553: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.417555: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:09.417557: | length: 8 (0x8) Sep 21 07:16:09.417560: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.417562: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:09.417566: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:16:09.417569: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:16:09.417573: "northnet-eastnet-ipv4" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Sep 21 07:16:09.417578: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Sep 21 07:16:09.417582: | converting proposal to internal trans attrs Sep 21 07:16:09.417587: | natd_hash: rcookie is zero Sep 21 07:16:09.417603: | natd_hash: hasher=0x5610288707a0(20) Sep 21 07:16:09.417606: | natd_hash: icookie= 2e c9 d4 ef 11 8f 29 e7 Sep 21 07:16:09.417608: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:09.417610: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:09.417613: | natd_hash: port= 01 f4 Sep 21 07:16:09.417615: | natd_hash: hash= cd a9 a8 49 7d f2 9d be 24 ff 60 22 7b 67 7f 7e Sep 21 07:16:09.417617: | natd_hash: hash= 01 13 fd 84 Sep 21 07:16:09.417619: | natd_hash: rcookie is zero Sep 21 07:16:09.417626: | natd_hash: hasher=0x5610288707a0(20) Sep 21 07:16:09.417629: | natd_hash: icookie= 2e c9 d4 ef 11 8f 29 e7 Sep 21 07:16:09.417631: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:09.417634: | natd_hash: ip= c0 01 03 21 Sep 21 07:16:09.417636: | natd_hash: port= 01 f4 Sep 21 07:16:09.417638: | natd_hash: hash= 1a d6 81 5c 84 43 e9 2c 92 95 21 f7 1f 56 b3 68 Sep 21 07:16:09.417640: | natd_hash: hash= bb b1 19 aa Sep 21 07:16:09.417643: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:16:09.417645: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:16:09.417647: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:16:09.417651: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Sep 21 07:16:09.417654: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Sep 21 07:16:09.417658: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56102a1deb50 Sep 21 07:16:09.417661: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:16:09.417665: | libevent_malloc: new ptr-libevent@0x56102a1deb90 size 128 Sep 21 07:16:09.417678: | #1 spent 1.02 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Sep 21 07:16:09.417680: | crypto helper 1 resuming Sep 21 07:16:09.417685: | [RE]START processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:09.417692: | crypto helper 1 starting work-order 1 for state #1 Sep 21 07:16:09.417698: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Sep 21 07:16:09.417706: | crypto helper 1 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Sep 21 07:16:09.417707: | suspending state #1 and saving MD Sep 21 07:16:09.417714: | #1 is busy; has a suspended MD Sep 21 07:16:09.417719: | [RE]START processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:09.417722: | "northnet-eastnet-ipv4" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:09.417727: | stop processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:09.417731: | #1 spent 1.52 milliseconds in ikev2_process_packet() Sep 21 07:16:09.417735: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:16:09.417738: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:09.417741: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:09.417745: | spent 1.53 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:09.418585: | crypto helper 1 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000879 seconds Sep 21 07:16:09.418596: | (#1) spent 0.886 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Sep 21 07:16:09.418598: | crypto helper 1 sending results from work-order 1 for state #1 to event queue Sep 21 07:16:09.418601: | scheduling resume sending helper answer for #1 Sep 21 07:16:09.418603: | libevent_malloc: new ptr-libevent@0x7f8d88006900 size 128 Sep 21 07:16:09.418610: | crypto helper 1 waiting (nothing to do) Sep 21 07:16:09.418619: | processing resume sending helper answer for #1 Sep 21 07:16:09.418631: | start processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:16:09.418636: | crypto helper 1 replies to request ID 1 Sep 21 07:16:09.418638: | calling continuation function 0x56102879a630 Sep 21 07:16:09.418641: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Sep 21 07:16:09.418671: | **emit ISAKMP Message: Sep 21 07:16:09.418674: | initiator cookie: Sep 21 07:16:09.418676: | 2e c9 d4 ef 11 8f 29 e7 Sep 21 07:16:09.418679: | responder cookie: Sep 21 07:16:09.418681: | 32 98 59 7e f8 8c 71 f0 Sep 21 07:16:09.418684: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:09.418686: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:09.418689: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:09.418692: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:09.418694: | Message ID: 0 (0x0) Sep 21 07:16:09.418697: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:09.418700: | Emitting ikev2_proposal ... Sep 21 07:16:09.418703: | ***emit IKEv2 Security Association Payload: Sep 21 07:16:09.418706: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:09.418708: | flags: none (0x0) Sep 21 07:16:09.418711: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:09.418714: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:09.418717: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:09.418720: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:09.418722: | prop #: 1 (0x1) Sep 21 07:16:09.418724: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:09.418727: | spi size: 0 (0x0) Sep 21 07:16:09.418729: | # transforms: 3 (0x3) Sep 21 07:16:09.418732: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:09.418735: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.418737: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.418740: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:09.418743: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:09.418745: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.418748: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:09.418751: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:09.418754: | length/value: 256 (0x100) Sep 21 07:16:09.418756: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:09.418759: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.418761: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.418764: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:09.418766: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:09.418769: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.418772: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.418775: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.418777: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.418780: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:09.418782: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.418794: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:09.418797: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.418799: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.418804: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.418806: | emitting length of IKEv2 Proposal Substructure Payload: 36 Sep 21 07:16:09.418809: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:09.418811: | emitting length of IKEv2 Security Association Payload: 40 Sep 21 07:16:09.418814: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:09.418818: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:16:09.418820: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:09.418822: | flags: none (0x0) Sep 21 07:16:09.418825: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:09.418828: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:09.418831: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:09.418834: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:09.418837: | ikev2 g^x b3 9a 9b e0 5c 86 45 99 75 e3 e3 c8 a4 aa 7d 45 Sep 21 07:16:09.418839: | ikev2 g^x 3a 08 71 bd df 51 55 be 32 28 2e 17 47 2f 00 b7 Sep 21 07:16:09.418841: | ikev2 g^x 77 e8 62 05 c2 cf e8 97 d0 46 27 a8 30 bc be c4 Sep 21 07:16:09.418843: | ikev2 g^x 38 19 85 f6 b7 10 74 1c 4e bd 04 59 32 24 75 27 Sep 21 07:16:09.418846: | ikev2 g^x e8 47 7e 14 a2 6f ff e2 d0 60 5d f7 14 d0 e8 cc Sep 21 07:16:09.418848: | ikev2 g^x e0 a3 d5 9b 3f 0a 9f 32 c0 b4 67 30 1b 86 54 a7 Sep 21 07:16:09.418850: | ikev2 g^x 94 db 80 56 f1 ad 6c 7e b1 dd ec 9a 7c a4 b1 ee Sep 21 07:16:09.418853: | ikev2 g^x 17 42 10 a2 b0 25 54 57 17 4e 75 46 bf f7 93 70 Sep 21 07:16:09.418855: | ikev2 g^x cc d4 77 44 91 ca cf c1 7d 1d 90 c7 d4 f6 aa 7b Sep 21 07:16:09.418857: | ikev2 g^x 10 c4 eb 99 0e 4e ac d3 68 76 19 ce 2a 27 a0 17 Sep 21 07:16:09.418860: | ikev2 g^x 9c c8 dc e0 88 98 52 c0 36 0c 5a 80 b0 20 e2 b1 Sep 21 07:16:09.418862: | ikev2 g^x 9e 05 46 d8 b4 43 67 ca 7b f7 5a 5f 06 8d dd a4 Sep 21 07:16:09.418864: | ikev2 g^x 4b 1f 8e 79 3c 0e f8 44 b9 c6 19 f0 2d 38 4d 31 Sep 21 07:16:09.418867: | ikev2 g^x 32 47 2c 99 16 d6 33 08 65 f4 ee 89 ec 7e 92 e0 Sep 21 07:16:09.418869: | ikev2 g^x 45 8b bb 57 41 5a 5c 45 55 1b a3 f7 51 fe 7f a8 Sep 21 07:16:09.418871: | ikev2 g^x 0b a7 36 3e ab c6 57 d5 90 e0 5e 93 3b a0 32 b3 Sep 21 07:16:09.418874: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:16:09.418876: | ***emit IKEv2 Nonce Payload: Sep 21 07:16:09.418878: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:09.418881: | flags: none (0x0) Sep 21 07:16:09.418884: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:16:09.418887: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:09.418889: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:09.418892: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:09.418895: | IKEv2 nonce 1e 2a 0b 29 d2 85 d8 b9 7f ff 5d 7e cb 8d 69 60 Sep 21 07:16:09.418897: | IKEv2 nonce 66 96 05 3c 4e ed fb cb e4 0d 62 c0 a3 98 39 ff Sep 21 07:16:09.418899: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:09.418903: | Adding a v2N Payload Sep 21 07:16:09.418905: | ***emit IKEv2 Notify Payload: Sep 21 07:16:09.418908: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:09.418910: | flags: none (0x0) Sep 21 07:16:09.418913: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:09.418915: | SPI size: 0 (0x0) Sep 21 07:16:09.418919: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:09.418922: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:09.418925: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:09.418927: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:16:09.418930: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:16:09.418943: | natd_hash: hasher=0x5610288707a0(20) Sep 21 07:16:09.418945: | natd_hash: icookie= 2e c9 d4 ef 11 8f 29 e7 Sep 21 07:16:09.418948: | natd_hash: rcookie= 32 98 59 7e f8 8c 71 f0 Sep 21 07:16:09.418950: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:09.418952: | natd_hash: port= 01 f4 Sep 21 07:16:09.418955: | natd_hash: hash= 18 19 ef ac f5 61 4e 83 a0 99 94 ec 25 fc c6 02 Sep 21 07:16:09.418957: | natd_hash: hash= 6a 75 54 54 Sep 21 07:16:09.418959: | Adding a v2N Payload Sep 21 07:16:09.418962: | ***emit IKEv2 Notify Payload: Sep 21 07:16:09.418964: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:09.418966: | flags: none (0x0) Sep 21 07:16:09.418969: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:09.418971: | SPI size: 0 (0x0) Sep 21 07:16:09.418973: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:09.418976: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:09.418979: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:09.418982: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:09.418984: | Notify data 18 19 ef ac f5 61 4e 83 a0 99 94 ec 25 fc c6 02 Sep 21 07:16:09.418987: | Notify data 6a 75 54 54 Sep 21 07:16:09.418989: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:09.418995: | natd_hash: hasher=0x5610288707a0(20) Sep 21 07:16:09.418997: | natd_hash: icookie= 2e c9 d4 ef 11 8f 29 e7 Sep 21 07:16:09.419000: | natd_hash: rcookie= 32 98 59 7e f8 8c 71 f0 Sep 21 07:16:09.419002: | natd_hash: ip= c0 01 03 21 Sep 21 07:16:09.419004: | natd_hash: port= 01 f4 Sep 21 07:16:09.419007: | natd_hash: hash= f5 1f 31 09 c5 86 67 5b c3 4f 7b 8c d2 0d ef fa Sep 21 07:16:09.419009: | natd_hash: hash= 61 b8 9c a8 Sep 21 07:16:09.419011: | Adding a v2N Payload Sep 21 07:16:09.419014: | ***emit IKEv2 Notify Payload: Sep 21 07:16:09.419016: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:09.419018: | flags: none (0x0) Sep 21 07:16:09.419021: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:09.419023: | SPI size: 0 (0x0) Sep 21 07:16:09.419025: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:09.419028: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:09.419031: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:09.419034: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:09.419036: | Notify data f5 1f 31 09 c5 86 67 5b c3 4f 7b 8c d2 0d ef fa Sep 21 07:16:09.419038: | Notify data 61 b8 9c a8 Sep 21 07:16:09.419041: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:09.419043: | emitting length of ISAKMP Message: 432 Sep 21 07:16:09.419051: | [RE]START processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:09.419055: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Sep 21 07:16:09.419057: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Sep 21 07:16:09.419061: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Sep 21 07:16:09.419064: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:16:09.419069: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:16:09.419075: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:09.419080: "northnet-eastnet-ipv4" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:16:09.419085: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:16:09.419094: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:16:09.419097: | 2e c9 d4 ef 11 8f 29 e7 32 98 59 7e f8 8c 71 f0 Sep 21 07:16:09.419099: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:16:09.419101: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:16:09.419104: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:16:09.419106: | 04 00 00 0e 28 00 01 08 00 0e 00 00 b3 9a 9b e0 Sep 21 07:16:09.419108: | 5c 86 45 99 75 e3 e3 c8 a4 aa 7d 45 3a 08 71 bd Sep 21 07:16:09.419110: | df 51 55 be 32 28 2e 17 47 2f 00 b7 77 e8 62 05 Sep 21 07:16:09.419113: | c2 cf e8 97 d0 46 27 a8 30 bc be c4 38 19 85 f6 Sep 21 07:16:09.419115: | b7 10 74 1c 4e bd 04 59 32 24 75 27 e8 47 7e 14 Sep 21 07:16:09.419117: | a2 6f ff e2 d0 60 5d f7 14 d0 e8 cc e0 a3 d5 9b Sep 21 07:16:09.419120: | 3f 0a 9f 32 c0 b4 67 30 1b 86 54 a7 94 db 80 56 Sep 21 07:16:09.419122: | f1 ad 6c 7e b1 dd ec 9a 7c a4 b1 ee 17 42 10 a2 Sep 21 07:16:09.419124: | b0 25 54 57 17 4e 75 46 bf f7 93 70 cc d4 77 44 Sep 21 07:16:09.419126: | 91 ca cf c1 7d 1d 90 c7 d4 f6 aa 7b 10 c4 eb 99 Sep 21 07:16:09.419129: | 0e 4e ac d3 68 76 19 ce 2a 27 a0 17 9c c8 dc e0 Sep 21 07:16:09.419131: | 88 98 52 c0 36 0c 5a 80 b0 20 e2 b1 9e 05 46 d8 Sep 21 07:16:09.419133: | b4 43 67 ca 7b f7 5a 5f 06 8d dd a4 4b 1f 8e 79 Sep 21 07:16:09.419136: | 3c 0e f8 44 b9 c6 19 f0 2d 38 4d 31 32 47 2c 99 Sep 21 07:16:09.419138: | 16 d6 33 08 65 f4 ee 89 ec 7e 92 e0 45 8b bb 57 Sep 21 07:16:09.419140: | 41 5a 5c 45 55 1b a3 f7 51 fe 7f a8 0b a7 36 3e Sep 21 07:16:09.419142: | ab c6 57 d5 90 e0 5e 93 3b a0 32 b3 29 00 00 24 Sep 21 07:16:09.419145: | 1e 2a 0b 29 d2 85 d8 b9 7f ff 5d 7e cb 8d 69 60 Sep 21 07:16:09.419147: | 66 96 05 3c 4e ed fb cb e4 0d 62 c0 a3 98 39 ff Sep 21 07:16:09.419149: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:16:09.419152: | 18 19 ef ac f5 61 4e 83 a0 99 94 ec 25 fc c6 02 Sep 21 07:16:09.419154: | 6a 75 54 54 00 00 00 1c 00 00 40 05 f5 1f 31 09 Sep 21 07:16:09.419156: | c5 86 67 5b c3 4f 7b 8c d2 0d ef fa 61 b8 9c a8 Sep 21 07:16:09.419213: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:09.419218: | libevent_free: release ptr-libevent@0x56102a1deb90 Sep 21 07:16:09.419221: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56102a1deb50 Sep 21 07:16:09.419224: | event_schedule: new EVENT_SO_DISCARD-pe@0x56102a1deb50 Sep 21 07:16:09.419227: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Sep 21 07:16:09.419230: | libevent_malloc: new ptr-libevent@0x56102a1deb90 size 128 Sep 21 07:16:09.419235: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:16:09.419240: | #1 spent 0.569 milliseconds in resume sending helper answer Sep 21 07:16:09.419245: | stop processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:16:09.419248: | libevent_free: release ptr-libevent@0x7f8d88006900 Sep 21 07:16:26.508997: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:16:26.509011: | expiring aged bare shunts from shunt table Sep 21 07:16:26.509017: | spent 0.00509 milliseconds in global timer EVENT_SHUNT_SCAN Sep 21 07:16:46.510817: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:16:46.510838: | expiring aged bare shunts from shunt table Sep 21 07:16:46.510847: | spent 0.00794 milliseconds in global timer EVENT_SHUNT_SCAN