Sep 21 07:16:09.001339: FIPS Product: YES Sep 21 07:16:09.001376: FIPS Kernel: NO Sep 21 07:16:09.001379: FIPS Mode: NO Sep 21 07:16:09.001382: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:16:09.001544: Initializing NSS Sep 21 07:16:09.001548: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:16:09.039568: NSS initialized Sep 21 07:16:09.039581: NSS crypto library initialized Sep 21 07:16:09.039584: FIPS HMAC integrity support [enabled] Sep 21 07:16:09.039586: FIPS mode disabled for pluto daemon Sep 21 07:16:09.102077: FIPS HMAC integrity verification self-test FAILED Sep 21 07:16:09.102188: libcap-ng support [enabled] Sep 21 07:16:09.102197: Linux audit support [enabled] Sep 21 07:16:09.102236: Linux audit activated Sep 21 07:16:09.102242: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:26139 Sep 21 07:16:09.102244: core dump dir: /tmp Sep 21 07:16:09.102245: secrets file: /etc/ipsec.secrets Sep 21 07:16:09.102247: leak-detective disabled Sep 21 07:16:09.102248: NSS crypto [enabled] Sep 21 07:16:09.102249: XAUTH PAM support [enabled] Sep 21 07:16:09.102312: | libevent is using pluto's memory allocator Sep 21 07:16:09.102317: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:16:09.102328: | libevent_malloc: new ptr-libevent@0x558db0aa8510 size 40 Sep 21 07:16:09.102333: | libevent_malloc: new ptr-libevent@0x558db0aa8540 size 40 Sep 21 07:16:09.102335: | libevent_malloc: new ptr-libevent@0x558db0aa9cf0 size 40 Sep 21 07:16:09.102337: | creating event base Sep 21 07:16:09.102339: | libevent_malloc: new ptr-libevent@0x558db0aa9cb0 size 56 Sep 21 07:16:09.102341: | libevent_malloc: new ptr-libevent@0x558db0aa9d20 size 664 Sep 21 07:16:09.102350: | libevent_malloc: new ptr-libevent@0x558db0aa9fc0 size 24 Sep 21 07:16:09.102353: | libevent_malloc: new ptr-libevent@0x558db0a63550 size 384 Sep 21 07:16:09.102360: | libevent_malloc: new ptr-libevent@0x558db0aa9fe0 size 16 Sep 21 07:16:09.102363: | libevent_malloc: new ptr-libevent@0x558db0aaa000 size 40 Sep 21 07:16:09.102365: | libevent_malloc: new ptr-libevent@0x558db0aaa030 size 48 Sep 21 07:16:09.102369: | libevent_realloc: new ptr-libevent@0x558db0aaa070 size 256 Sep 21 07:16:09.102370: | libevent_malloc: new ptr-libevent@0x558db0aaa180 size 16 Sep 21 07:16:09.102375: | libevent_free: release ptr-libevent@0x558db0aa9cb0 Sep 21 07:16:09.102377: | libevent initialized Sep 21 07:16:09.102380: | libevent_realloc: new ptr-libevent@0x558db0aaa1a0 size 64 Sep 21 07:16:09.102385: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:16:09.102397: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:16:09.102398: NAT-Traversal support [enabled] Sep 21 07:16:09.102400: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:16:09.102405: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:16:09.102407: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:16:09.102436: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:16:09.102438: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:16:09.102440: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:16:09.102475: Encryption algorithms: Sep 21 07:16:09.102479: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:16:09.102481: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:16:09.102484: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:16:09.102486: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:16:09.102488: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:16:09.102495: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:16:09.102498: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:16:09.102500: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:16:09.102502: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:16:09.102504: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:16:09.102506: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:16:09.102508: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:16:09.102511: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:16:09.102513: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:16:09.102515: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:16:09.102517: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:16:09.102519: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:16:09.102523: Hash algorithms: Sep 21 07:16:09.102525: MD5 IKEv1: IKE IKEv2: Sep 21 07:16:09.102527: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:16:09.102529: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:16:09.102531: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:16:09.102533: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:16:09.102541: PRF algorithms: Sep 21 07:16:09.102543: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:16:09.102545: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:16:09.102547: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:16:09.102549: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:16:09.102551: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:16:09.102553: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:16:09.102568: Integrity algorithms: Sep 21 07:16:09.102570: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:16:09.102572: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:16:09.102575: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:16:09.102577: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:16:09.102579: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:16:09.102581: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:16:09.102583: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:16:09.102585: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:16:09.102587: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:16:09.102595: DH algorithms: Sep 21 07:16:09.102597: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:16:09.102598: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:16:09.102600: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:16:09.102604: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:16:09.102605: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:16:09.102607: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:16:09.102609: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:16:09.102611: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:16:09.102613: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:16:09.102615: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:16:09.102616: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:16:09.102618: testing CAMELLIA_CBC: Sep 21 07:16:09.102620: Camellia: 16 bytes with 128-bit key Sep 21 07:16:09.102717: Camellia: 16 bytes with 128-bit key Sep 21 07:16:09.102736: Camellia: 16 bytes with 256-bit key Sep 21 07:16:09.102753: Camellia: 16 bytes with 256-bit key Sep 21 07:16:09.102770: testing AES_GCM_16: Sep 21 07:16:09.102772: empty string Sep 21 07:16:09.102801: one block Sep 21 07:16:09.102821: two blocks Sep 21 07:16:09.102837: two blocks with associated data Sep 21 07:16:09.102853: testing AES_CTR: Sep 21 07:16:09.102855: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:16:09.102873: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:16:09.102890: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:16:09.102907: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:16:09.102923: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:16:09.102939: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:16:09.102956: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:16:09.102972: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:16:09.102988: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:16:09.103005: testing AES_CBC: Sep 21 07:16:09.103007: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:16:09.103023: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:16:09.103041: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:16:09.103058: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:16:09.103079: testing AES_XCBC: Sep 21 07:16:09.103081: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:16:09.103155: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:16:09.103273: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:16:09.103379: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:16:09.103459: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:16:09.103535: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:16:09.103614: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:16:09.103792: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:16:09.103926: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:16:09.104060: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:16:09.104292: testing HMAC_MD5: Sep 21 07:16:09.104298: RFC 2104: MD5_HMAC test 1 Sep 21 07:16:09.104472: RFC 2104: MD5_HMAC test 2 Sep 21 07:16:09.104627: RFC 2104: MD5_HMAC test 3 Sep 21 07:16:09.104815: 8 CPU cores online Sep 21 07:16:09.104822: starting up 7 crypto helpers Sep 21 07:16:09.104855: started thread for crypto helper 0 Sep 21 07:16:09.104878: started thread for crypto helper 1 Sep 21 07:16:09.104896: started thread for crypto helper 2 Sep 21 07:16:09.104914: started thread for crypto helper 3 Sep 21 07:16:09.104932: started thread for crypto helper 4 Sep 21 07:16:09.104949: started thread for crypto helper 5 Sep 21 07:16:09.104953: | starting up helper thread 1 Sep 21 07:16:09.104970: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:16:09.104974: | crypto helper 1 waiting (nothing to do) Sep 21 07:16:09.104980: started thread for crypto helper 6 Sep 21 07:16:09.104984: | checking IKEv1 state table Sep 21 07:16:09.104991: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:09.104994: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:16:09.104996: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:09.104999: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:16:09.105001: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:16:09.105004: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:16:09.105006: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:09.105008: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:09.105011: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:16:09.105013: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:16:09.105015: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:09.105017: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:09.105020: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:16:09.105022: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:09.105024: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:09.105027: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:09.105029: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:16:09.105031: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:09.105034: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:09.105036: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:09.105038: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:16:09.105041: | -> UNDEFINED EVENT_NULL Sep 21 07:16:09.105043: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:16:09.105046: | -> UNDEFINED EVENT_NULL Sep 21 07:16:09.105048: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:09.105051: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:16:09.105053: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:09.105056: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:09.105058: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:09.105060: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:16:09.105063: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:09.105065: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:09.105068: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:16:09.105070: | -> UNDEFINED EVENT_NULL Sep 21 07:16:09.105072: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:16:09.105075: | -> UNDEFINED EVENT_NULL Sep 21 07:16:09.105077: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:16:09.105080: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:16:09.105082: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:16:09.105084: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:16:09.105087: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:16:09.105089: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:16:09.105092: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:16:09.105094: | -> UNDEFINED EVENT_NULL Sep 21 07:16:09.105097: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:16:09.105099: | -> UNDEFINED EVENT_NULL Sep 21 07:16:09.105102: | INFO: category: informational flags: 0: Sep 21 07:16:09.105104: | -> UNDEFINED EVENT_NULL Sep 21 07:16:09.105107: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:16:09.105109: | -> UNDEFINED EVENT_NULL Sep 21 07:16:09.105111: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:16:09.105114: | -> XAUTH_R1 EVENT_NULL Sep 21 07:16:09.105116: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:16:09.105119: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:09.105121: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:16:09.105123: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:16:09.105126: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:16:09.105128: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:16:09.105133: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:16:09.105136: | -> UNDEFINED EVENT_NULL Sep 21 07:16:09.105138: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:16:09.105141: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:09.105143: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:16:09.105145: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:16:09.105148: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:16:09.105150: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:16:09.105156: | checking IKEv2 state table Sep 21 07:16:09.105162: | PARENT_I0: category: ignore flags: 0: Sep 21 07:16:09.105165: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:16:09.105168: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:09.105171: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:16:09.105173: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:16:09.105176: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:16:09.105179: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:16:09.105182: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:16:09.105184: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:16:09.105187: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:16:09.105189: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:16:09.105192: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:16:09.105195: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:16:09.105197: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:16:09.105199: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:16:09.105202: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:16:09.105205: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:09.105207: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:16:09.105210: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:16:09.105213: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:16:09.105215: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:16:09.105218: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:16:09.105220: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:16:09.105223: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:16:09.105225: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:16:09.105228: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:16:09.105231: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:16:09.105233: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:16:09.105236: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:16:09.105239: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:16:09.105241: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:16:09.105244: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:09.105247: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:16:09.105250: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:16:09.105252: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:16:09.105255: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:16:09.105258: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:16:09.105263: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:16:09.105265: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:16:09.105268: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:16:09.105271: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:09.105274: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:16:09.105276: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:16:09.105279: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:16:09.105282: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:16:09.105284: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:16:09.105287: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:16:09.105329: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:16:09.105377: | Hard-wiring algorithms Sep 21 07:16:09.105380: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:16:09.105384: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:16:09.105395: | starting up helper thread 6 Sep 21 07:16:09.105396: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:16:09.105411: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:16:09.105418: | starting up helper thread 3 Sep 21 07:16:09.105414: | adding 3DES_CBC to kernel algorithm db Sep 21 07:16:09.105432: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:16:09.105420: | crypto helper 6 waiting (nothing to do) Sep 21 07:16:09.104962: | starting up helper thread 0 Sep 21 07:16:09.105447: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:16:09.105452: | crypto helper 0 waiting (nothing to do) Sep 21 07:16:09.105384: | starting up helper thread 2 Sep 21 07:16:09.105460: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:16:09.105463: | crypto helper 3 waiting (nothing to do) Sep 21 07:16:09.105464: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:16:09.105436: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:16:09.105428: | starting up helper thread 4 Sep 21 07:16:09.105476: | crypto helper 2 waiting (nothing to do) Sep 21 07:16:09.105470: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:16:09.105485: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:16:09.105488: | adding AES_CTR to kernel algorithm db Sep 21 07:16:09.105490: | adding AES_CBC to kernel algorithm db Sep 21 07:16:09.105492: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:16:09.105495: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:16:09.105497: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:16:09.105500: | adding NULL to kernel algorithm db Sep 21 07:16:09.105503: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:16:09.105505: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:16:09.105508: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:16:09.105510: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:16:09.105513: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:16:09.105515: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:16:09.105518: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:16:09.105520: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:16:09.105523: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:16:09.105525: | adding NONE to kernel algorithm db Sep 21 07:16:09.105545: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:16:09.105551: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:16:09.105554: | setup kernel fd callback Sep 21 07:16:09.105557: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x558db0ab4960 Sep 21 07:16:09.105560: | libevent_malloc: new ptr-libevent@0x558db0abb9b0 size 128 Sep 21 07:16:09.105566: | libevent_malloc: new ptr-libevent@0x558db0ab48c0 size 16 Sep 21 07:16:09.105572: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x558db0aaee10 Sep 21 07:16:09.105575: | libevent_malloc: new ptr-libevent@0x558db0abba40 size 128 Sep 21 07:16:09.105577: | libevent_malloc: new ptr-libevent@0x558db0ab48a0 size 16 Sep 21 07:16:09.105822: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:16:09.105833: selinux support is enabled. Sep 21 07:16:09.105908: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:16:09.106080: | unbound context created - setting debug level to 5 Sep 21 07:16:09.106109: | /etc/hosts lookups activated Sep 21 07:16:09.106127: | /etc/resolv.conf usage activated Sep 21 07:16:09.106190: | outgoing-port-avoid set 0-65535 Sep 21 07:16:09.106220: | outgoing-port-permit set 32768-60999 Sep 21 07:16:09.106223: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:16:09.106226: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:16:09.106229: | Setting up events, loop start Sep 21 07:16:09.106232: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x558db0aaebd0 Sep 21 07:16:09.106235: | libevent_malloc: new ptr-libevent@0x558db0ac5fc0 size 128 Sep 21 07:16:09.106238: | libevent_malloc: new ptr-libevent@0x558db0ac6050 size 16 Sep 21 07:16:09.106244: | libevent_realloc: new ptr-libevent@0x558db0ac6070 size 256 Sep 21 07:16:09.106247: | libevent_malloc: new ptr-libevent@0x558db0ac6180 size 8 Sep 21 07:16:09.106250: | libevent_realloc: new ptr-libevent@0x558db0abad30 size 144 Sep 21 07:16:09.106252: | libevent_malloc: new ptr-libevent@0x558db0ac61a0 size 152 Sep 21 07:16:09.106256: | libevent_malloc: new ptr-libevent@0x558db0ac6240 size 16 Sep 21 07:16:09.106260: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:16:09.106262: | libevent_malloc: new ptr-libevent@0x558db0ac6260 size 8 Sep 21 07:16:09.106265: | libevent_malloc: new ptr-libevent@0x558db0ac6280 size 152 Sep 21 07:16:09.106268: | signal event handler PLUTO_SIGTERM installed Sep 21 07:16:09.106270: | libevent_malloc: new ptr-libevent@0x558db0ac6320 size 8 Sep 21 07:16:09.106273: | libevent_malloc: new ptr-libevent@0x558db0ac6340 size 152 Sep 21 07:16:09.106276: | signal event handler PLUTO_SIGHUP installed Sep 21 07:16:09.106278: | libevent_malloc: new ptr-libevent@0x558db0ac63e0 size 8 Sep 21 07:16:09.106281: | libevent_realloc: release ptr-libevent@0x558db0abad30 Sep 21 07:16:09.106284: | libevent_realloc: new ptr-libevent@0x558db0ac6400 size 256 Sep 21 07:16:09.106287: | libevent_malloc: new ptr-libevent@0x558db0abad30 size 152 Sep 21 07:16:09.106289: | signal event handler PLUTO_SIGSYS installed Sep 21 07:16:09.106651: | created addconn helper (pid:26227) using fork+execve Sep 21 07:16:09.106663: | forked child 26227 Sep 21 07:16:09.106704: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:09.106720: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:09.106727: listening for IKE messages Sep 21 07:16:09.106757: | Inspecting interface lo Sep 21 07:16:09.106763: | found lo with address 127.0.0.1 Sep 21 07:16:09.106766: | Inspecting interface eth0 Sep 21 07:16:09.106770: | found eth0 with address 192.0.3.254 Sep 21 07:16:09.106775: | Inspecting interface eth1 Sep 21 07:16:09.106778: | found eth1 with address 192.1.3.33 Sep 21 07:16:09.106831: Kernel supports NIC esp-hw-offload Sep 21 07:16:09.106844: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Sep 21 07:16:09.106868: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:09.106872: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:09.106876: adding interface eth1/eth1 192.1.3.33:4500 Sep 21 07:16:09.106900: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Sep 21 07:16:09.106922: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:09.106926: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:09.106933: adding interface eth0/eth0 192.0.3.254:4500 Sep 21 07:16:09.106957: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:16:09.106978: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:09.106982: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:09.106986: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:16:09.107033: | no interfaces to sort Sep 21 07:16:09.107037: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:16:09.107045: | add_fd_read_event_handler: new ethX-pe@0x558db0aafcd0 Sep 21 07:16:09.107048: | libevent_malloc: new ptr-libevent@0x558db0ac67e0 size 128 Sep 21 07:16:09.107051: | libevent_malloc: new ptr-libevent@0x558db0ac6870 size 16 Sep 21 07:16:09.107057: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:16:09.107060: | add_fd_read_event_handler: new ethX-pe@0x558db0ac6890 Sep 21 07:16:09.107062: | libevent_malloc: new ptr-libevent@0x558db0ac68d0 size 128 Sep 21 07:16:09.107065: | libevent_malloc: new ptr-libevent@0x558db0ac6960 size 16 Sep 21 07:16:09.107070: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:16:09.107072: | add_fd_read_event_handler: new ethX-pe@0x558db0ac6980 Sep 21 07:16:09.107075: | libevent_malloc: new ptr-libevent@0x558db0ac69c0 size 128 Sep 21 07:16:09.107078: | libevent_malloc: new ptr-libevent@0x558db0ac6a50 size 16 Sep 21 07:16:09.107082: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:16:09.107085: | add_fd_read_event_handler: new ethX-pe@0x558db0ac6a70 Sep 21 07:16:09.107087: | libevent_malloc: new ptr-libevent@0x558db0ac6ab0 size 128 Sep 21 07:16:09.107090: | libevent_malloc: new ptr-libevent@0x558db0ac6b40 size 16 Sep 21 07:16:09.107094: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:16:09.107097: | add_fd_read_event_handler: new ethX-pe@0x558db0ac6b60 Sep 21 07:16:09.107099: | libevent_malloc: new ptr-libevent@0x558db0ac6ba0 size 128 Sep 21 07:16:09.107102: | libevent_malloc: new ptr-libevent@0x558db0ac6c30 size 16 Sep 21 07:16:09.107106: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:16:09.107109: | add_fd_read_event_handler: new ethX-pe@0x558db0ac6c50 Sep 21 07:16:09.107111: | libevent_malloc: new ptr-libevent@0x558db0ac6c90 size 128 Sep 21 07:16:09.107114: | libevent_malloc: new ptr-libevent@0x558db0ac6d20 size 16 Sep 21 07:16:09.107118: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:16:09.107123: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:09.107125: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:09.107143: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:09.107160: | saving Modulus Sep 21 07:16:09.107165: | saving PublicExponent Sep 21 07:16:09.107168: | ignoring PrivateExponent Sep 21 07:16:09.107171: | ignoring Prime1 Sep 21 07:16:09.107174: | ignoring Prime2 Sep 21 07:16:09.107177: | ignoring Exponent1 Sep 21 07:16:09.107181: | ignoring Exponent2 Sep 21 07:16:09.107184: | ignoring Coefficient Sep 21 07:16:09.107187: | ignoring CKAIDNSS Sep 21 07:16:09.107218: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:09.107220: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:16:09.107225: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:16:09.107231: | certs and keys locked by 'process_secret' Sep 21 07:16:09.107234: | certs and keys unlocked by 'process_secret' Sep 21 07:16:09.107239: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:09.107248: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:09.107255: | spent 0.555 milliseconds in whack Sep 21 07:16:09.105476: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:16:09.107269: | crypto helper 4 waiting (nothing to do) Sep 21 07:16:09.108802: | starting up helper thread 5 Sep 21 07:16:09.108815: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:16:09.108823: | crypto helper 5 waiting (nothing to do) Sep 21 07:16:09.148768: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:09.148793: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:09.148799: listening for IKE messages Sep 21 07:16:09.148860: | Inspecting interface lo Sep 21 07:16:09.148865: | found lo with address 127.0.0.1 Sep 21 07:16:09.148867: | Inspecting interface eth0 Sep 21 07:16:09.148870: | found eth0 with address 192.0.3.254 Sep 21 07:16:09.148871: | Inspecting interface eth1 Sep 21 07:16:09.148874: | found eth1 with address 192.1.3.33 Sep 21 07:16:09.148920: | no interfaces to sort Sep 21 07:16:09.148927: | libevent_free: release ptr-libevent@0x558db0ac67e0 Sep 21 07:16:09.148929: | free_event_entry: release EVENT_NULL-pe@0x558db0aafcd0 Sep 21 07:16:09.148931: | add_fd_read_event_handler: new ethX-pe@0x558db0aafcd0 Sep 21 07:16:09.148934: | libevent_malloc: new ptr-libevent@0x558db0ac67e0 size 128 Sep 21 07:16:09.148939: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:16:09.148942: | libevent_free: release ptr-libevent@0x558db0ac68d0 Sep 21 07:16:09.148944: | free_event_entry: release EVENT_NULL-pe@0x558db0ac6890 Sep 21 07:16:09.148945: | add_fd_read_event_handler: new ethX-pe@0x558db0ac6890 Sep 21 07:16:09.148947: | libevent_malloc: new ptr-libevent@0x558db0ac68d0 size 128 Sep 21 07:16:09.148950: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:16:09.148952: | libevent_free: release ptr-libevent@0x558db0ac69c0 Sep 21 07:16:09.148954: | free_event_entry: release EVENT_NULL-pe@0x558db0ac6980 Sep 21 07:16:09.148956: | add_fd_read_event_handler: new ethX-pe@0x558db0ac6980 Sep 21 07:16:09.148957: | libevent_malloc: new ptr-libevent@0x558db0ac69c0 size 128 Sep 21 07:16:09.148960: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:16:09.148963: | libevent_free: release ptr-libevent@0x558db0ac6ab0 Sep 21 07:16:09.148965: | free_event_entry: release EVENT_NULL-pe@0x558db0ac6a70 Sep 21 07:16:09.148966: | add_fd_read_event_handler: new ethX-pe@0x558db0ac6a70 Sep 21 07:16:09.148968: | libevent_malloc: new ptr-libevent@0x558db0ac6ab0 size 128 Sep 21 07:16:09.148971: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:16:09.148973: | libevent_free: release ptr-libevent@0x558db0ac6ba0 Sep 21 07:16:09.148975: | free_event_entry: release EVENT_NULL-pe@0x558db0ac6b60 Sep 21 07:16:09.148976: | add_fd_read_event_handler: new ethX-pe@0x558db0ac6b60 Sep 21 07:16:09.148978: | libevent_malloc: new ptr-libevent@0x558db0ac6ba0 size 128 Sep 21 07:16:09.148981: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:16:09.148983: | libevent_free: release ptr-libevent@0x558db0ac6c90 Sep 21 07:16:09.148985: | free_event_entry: release EVENT_NULL-pe@0x558db0ac6c50 Sep 21 07:16:09.148987: | add_fd_read_event_handler: new ethX-pe@0x558db0ac6c50 Sep 21 07:16:09.148988: | libevent_malloc: new ptr-libevent@0x558db0ac6c90 size 128 Sep 21 07:16:09.148991: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:16:09.148993: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:09.148995: forgetting secrets Sep 21 07:16:09.149002: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:09.149014: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:09.149024: | saving Modulus Sep 21 07:16:09.149026: | saving PublicExponent Sep 21 07:16:09.149028: | ignoring PrivateExponent Sep 21 07:16:09.149030: | ignoring Prime1 Sep 21 07:16:09.149032: | ignoring Prime2 Sep 21 07:16:09.149034: | ignoring Exponent1 Sep 21 07:16:09.149036: | ignoring Exponent2 Sep 21 07:16:09.149038: | ignoring Coefficient Sep 21 07:16:09.149040: | ignoring CKAIDNSS Sep 21 07:16:09.149058: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:09.149060: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:16:09.149063: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:16:09.149067: | certs and keys locked by 'process_secret' Sep 21 07:16:09.149073: | certs and keys unlocked by 'process_secret' Sep 21 07:16:09.149077: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:09.149083: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:09.149088: | spent 0.325 milliseconds in whack Sep 21 07:16:09.149598: | processing signal PLUTO_SIGCHLD Sep 21 07:16:09.149607: | waitpid returned pid 26227 (exited with status 0) Sep 21 07:16:09.149610: | reaped addconn helper child (status 0) Sep 21 07:16:09.149613: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:09.149616: | spent 0.013 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:09.210198: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:09.210222: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:09.210227: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:09.210230: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:09.210233: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:09.210238: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:09.210246: | Added new connection northnet-eastnet-ipv4 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:09.210250: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:16:09.210328: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:16:09.210332: | from whack: got --esp= Sep 21 07:16:09.210390: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:16:09.210396: | counting wild cards for @north is 0 Sep 21 07:16:09.210400: | counting wild cards for @east is 0 Sep 21 07:16:09.210412: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:16:09.210416: | new hp@0x558db0aa8460 Sep 21 07:16:09.210421: added connection description "northnet-eastnet-ipv4" Sep 21 07:16:09.210433: | ike_life: 50s; ipsec_life: 180s; rekey_margin: 5s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:09.210446: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:16:09.210455: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:09.210463: | spent 0.273 milliseconds in whack Sep 21 07:16:09.210502: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:09.210511: add keyid @north Sep 21 07:16:09.210516: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Sep 21 07:16:09.210519: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Sep 21 07:16:09.210522: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Sep 21 07:16:09.210525: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Sep 21 07:16:09.210528: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Sep 21 07:16:09.210531: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Sep 21 07:16:09.210534: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Sep 21 07:16:09.210537: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Sep 21 07:16:09.210540: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Sep 21 07:16:09.210543: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Sep 21 07:16:09.210546: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Sep 21 07:16:09.210549: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Sep 21 07:16:09.210558: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Sep 21 07:16:09.210561: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Sep 21 07:16:09.210564: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Sep 21 07:16:09.210567: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Sep 21 07:16:09.210570: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Sep 21 07:16:09.210572: | add pubkey c7 5e a5 99 Sep 21 07:16:09.210594: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:09.210597: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:16:09.210604: | keyid: *AQPl33O2P Sep 21 07:16:09.210607: | n e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Sep 21 07:16:09.210610: | n 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Sep 21 07:16:09.210613: | n 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Sep 21 07:16:09.210616: | n 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Sep 21 07:16:09.210618: | n b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Sep 21 07:16:09.210621: | n 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Sep 21 07:16:09.210624: | n 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Sep 21 07:16:09.210627: | n 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Sep 21 07:16:09.210630: | n 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Sep 21 07:16:09.210633: | n 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Sep 21 07:16:09.210636: | n 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Sep 21 07:16:09.210639: | n 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Sep 21 07:16:09.210642: | n 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Sep 21 07:16:09.210644: | n 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Sep 21 07:16:09.210647: | n 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Sep 21 07:16:09.210650: | n d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Sep 21 07:16:09.210653: | n 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Sep 21 07:16:09.210655: | n a5 99 Sep 21 07:16:09.210658: | e 03 Sep 21 07:16:09.210661: | CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:09.210663: | CKAID 88 aa 7c 5d Sep 21 07:16:09.210671: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:09.210676: | spent 0.179 milliseconds in whack Sep 21 07:16:09.210705: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:09.210712: add keyid @east Sep 21 07:16:09.210716: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:16:09.210719: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:16:09.210722: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:16:09.210725: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:16:09.210728: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:16:09.210731: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:16:09.210734: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:16:09.210737: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:16:09.210740: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:16:09.210743: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:16:09.210746: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:16:09.210749: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:16:09.210752: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:16:09.210755: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:16:09.210758: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:16:09.210761: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:16:09.210766: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:16:09.210769: | add pubkey 51 51 48 ef Sep 21 07:16:09.210777: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:16:09.210780: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:16:09.210788: | keyid: *AQO9bJbr3 Sep 21 07:16:09.210794: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:16:09.210797: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:16:09.210800: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:16:09.210803: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:16:09.210806: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:16:09.210809: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:16:09.210812: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:16:09.210815: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:16:09.210817: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:16:09.210820: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:16:09.210823: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:16:09.210826: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:16:09.210829: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:16:09.210832: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:16:09.210835: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:16:09.210837: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:16:09.210840: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:16:09.210843: | n 48 ef Sep 21 07:16:09.210845: | e 03 Sep 21 07:16:09.210848: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:16:09.210850: | CKAID 8a 82 25 f1 Sep 21 07:16:09.210858: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:09.210863: | spent 0.16 milliseconds in whack Sep 21 07:16:09.272527: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:09.272695: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:09.272699: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:09.272759: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:16:09.272770: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:09.272777: | spent 0.255 milliseconds in whack Sep 21 07:16:09.410436: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:09.410471: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:16:09.410479: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:09.410491: | start processing: connection "northnet-eastnet-ipv4" (in initiate_a_connection() at initiate.c:186) Sep 21 07:16:09.410495: | connection 'northnet-eastnet-ipv4' +POLICY_UP Sep 21 07:16:09.410498: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:16:09.410501: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:09.410520: | creating state object #1 at 0x558db0ac8860 Sep 21 07:16:09.410525: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:16:09.410533: | pstats #1 ikev2.ike started Sep 21 07:16:09.410537: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:16:09.410540: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:16:09.410547: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:09.410555: | suspend processing: connection "northnet-eastnet-ipv4" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:09.410561: | start processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:09.410572: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:16:09.410577: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet-ipv4" IKE SA #1 "northnet-eastnet-ipv4" Sep 21 07:16:09.410583: "northnet-eastnet-ipv4" #1: initiating v2 parent SA Sep 21 07:16:09.410597: | constructing local IKE proposals for northnet-eastnet-ipv4 (IKE SA initiator selecting KE) Sep 21 07:16:09.410607: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:09.410616: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:09.410620: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:09.410625: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:09.410630: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:09.410636: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:09.410639: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:09.410645: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:09.410656: "northnet-eastnet-ipv4": constructed local IKE proposals for northnet-eastnet-ipv4 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:09.410663: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:16:09.410667: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x558db0acaef0 Sep 21 07:16:09.410671: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:16:09.410675: | libevent_malloc: new ptr-libevent@0x558db0acaf30 size 128 Sep 21 07:16:09.410690: | #1 spent 0.197 milliseconds in ikev2_parent_outI1() Sep 21 07:16:09.410692: | crypto helper 1 resuming Sep 21 07:16:09.410705: | crypto helper 1 starting work-order 1 for state #1 Sep 21 07:16:09.410710: | crypto helper 1 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:16:09.410694: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:09.413779: | RESET processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:09.413794: | RESET processing: connection "northnet-eastnet-ipv4" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:09.413799: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:16:09.413803: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Sep 21 07:16:09.413807: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:09.413846: | spent 0.311 milliseconds in whack Sep 21 07:16:09.414472: | crypto helper 1 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.00376 seconds Sep 21 07:16:09.414488: | (#1) spent 1.04 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:16:09.414493: | crypto helper 1 sending results from work-order 1 for state #1 to event queue Sep 21 07:16:09.414496: | scheduling resume sending helper answer for #1 Sep 21 07:16:09.414500: | libevent_malloc: new ptr-libevent@0x7f3744006900 size 128 Sep 21 07:16:09.414510: | crypto helper 1 waiting (nothing to do) Sep 21 07:16:09.414519: | processing resume sending helper answer for #1 Sep 21 07:16:09.414531: | start processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:09.414536: | crypto helper 1 replies to request ID 1 Sep 21 07:16:09.414538: | calling continuation function 0x558db087e630 Sep 21 07:16:09.414541: | ikev2_parent_outI1_continue for #1 Sep 21 07:16:09.414573: | **emit ISAKMP Message: Sep 21 07:16:09.414576: | initiator cookie: Sep 21 07:16:09.414579: | 2e c9 d4 ef 11 8f 29 e7 Sep 21 07:16:09.414581: | responder cookie: Sep 21 07:16:09.414583: | 00 00 00 00 00 00 00 00 Sep 21 07:16:09.414586: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:09.414589: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:09.414592: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:09.414594: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:09.414597: | Message ID: 0 (0x0) Sep 21 07:16:09.414600: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:09.414618: | using existing local IKE proposals for connection northnet-eastnet-ipv4 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:09.414621: | Emitting ikev2_proposals ... Sep 21 07:16:09.414624: | ***emit IKEv2 Security Association Payload: Sep 21 07:16:09.414627: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:09.414629: | flags: none (0x0) Sep 21 07:16:09.414632: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:09.414635: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:09.414638: | discarding INTEG=NONE Sep 21 07:16:09.414640: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:09.414643: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:09.414645: | prop #: 1 (0x1) Sep 21 07:16:09.414648: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:09.414650: | spi size: 0 (0x0) Sep 21 07:16:09.414652: | # transforms: 11 (0xb) Sep 21 07:16:09.414655: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:09.414658: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.414661: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414663: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:09.414665: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:09.414668: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.414671: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:09.414674: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:09.414676: | length/value: 256 (0x100) Sep 21 07:16:09.414683: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:09.414685: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.414688: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414690: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:09.414692: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:09.414695: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414698: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.414701: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.414703: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.414705: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414708: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:09.414710: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:09.414713: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414716: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.414719: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.414721: | discarding INTEG=NONE Sep 21 07:16:09.414723: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.414726: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414728: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.414730: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:09.414733: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414736: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.414738: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.414741: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.414743: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414745: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.414748: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:09.414750: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414753: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.414756: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.414758: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.414760: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414762: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.414764: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:09.414767: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414770: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.414772: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.414774: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.414777: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414779: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.414781: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:09.414799: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414805: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.414808: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.414810: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.414812: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414814: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.414817: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:09.414819: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414822: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.414825: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.414827: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.414829: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414832: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.414834: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:09.414837: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414840: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.414842: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.414845: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.414847: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414849: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.414852: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:09.414855: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414858: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.414860: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.414862: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.414865: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:09.414867: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.414870: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:09.414873: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414875: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.414878: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.414881: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:09.414883: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:09.414886: | discarding INTEG=NONE Sep 21 07:16:09.414888: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:09.414891: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:09.414893: | prop #: 2 (0x2) Sep 21 07:16:09.414895: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:09.414898: | spi size: 0 (0x0) Sep 21 07:16:09.414900: | # transforms: 11 (0xb) Sep 21 07:16:09.414903: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:09.414906: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:09.414912: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.414914: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414916: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:09.414919: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:09.414921: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.414924: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:09.414926: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:09.414929: | length/value: 128 (0x80) Sep 21 07:16:09.414931: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:09.414934: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.414936: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414938: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:09.414941: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:09.414944: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414947: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.414949: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.414952: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.414954: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414956: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:09.414959: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:09.414961: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414964: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.414967: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.414969: | discarding INTEG=NONE Sep 21 07:16:09.414971: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.414973: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414975: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.414978: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:09.414980: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414983: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.414986: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.414988: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.414990: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.414993: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.414995: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:09.414998: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415001: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415003: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415006: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415008: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415011: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415013: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:09.415016: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415020: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415023: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415025: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415028: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415030: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415033: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:09.415035: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415038: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415041: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415043: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415045: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415048: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415050: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:09.415053: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415056: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415059: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415061: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415063: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415066: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415068: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:09.415071: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415074: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415077: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415079: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415081: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415084: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415086: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:09.415089: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415092: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415094: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415097: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415099: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:09.415101: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415103: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:09.415106: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415109: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415111: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415114: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:09.415117: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:09.415121: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:09.415123: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:09.415125: | prop #: 3 (0x3) Sep 21 07:16:09.415128: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:09.415130: | spi size: 0 (0x0) Sep 21 07:16:09.415132: | # transforms: 13 (0xd) Sep 21 07:16:09.415135: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:09.415138: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:09.415140: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415143: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415145: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:09.415147: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:09.415150: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415152: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:09.415155: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:09.415157: | length/value: 256 (0x100) Sep 21 07:16:09.415160: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:09.415162: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415164: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415167: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:09.415169: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:09.415172: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415175: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415178: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415180: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415182: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415185: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:09.415187: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:09.415190: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415193: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415195: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415197: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415200: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415202: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:09.415205: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:09.415207: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415210: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415213: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415215: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415217: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415220: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:09.415222: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:09.415225: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415228: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415232: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415234: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415237: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415239: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415241: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:09.415244: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415247: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415249: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415252: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415254: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415256: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415259: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:09.415262: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415265: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415267: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415269: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415272: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415274: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415277: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:09.415279: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415282: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415285: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415287: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415289: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415292: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415294: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:09.415297: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415300: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415302: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415304: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415307: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415309: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415311: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:09.415314: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415317: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415319: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415322: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415324: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415327: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415329: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:09.415332: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415336: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415338: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415340: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415343: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415345: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415348: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:09.415350: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415353: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415356: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415358: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415360: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:09.415363: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415365: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:09.415368: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415371: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415373: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415376: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:09.415378: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:09.415381: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:09.415383: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:09.415386: | prop #: 4 (0x4) Sep 21 07:16:09.415388: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:09.415390: | spi size: 0 (0x0) Sep 21 07:16:09.415392: | # transforms: 13 (0xd) Sep 21 07:16:09.415395: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:09.415398: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:09.415401: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415403: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415405: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:09.415408: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:09.415410: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415413: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:09.415416: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:09.415418: | length/value: 128 (0x80) Sep 21 07:16:09.415420: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:09.415423: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415425: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415427: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:09.415430: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:09.415433: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415435: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415438: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415441: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415444: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415446: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:09.415449: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:09.415452: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415454: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415457: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415459: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415461: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415464: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:09.415466: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:09.415469: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415472: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415474: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415477: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415479: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415482: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:09.415484: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:09.415487: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415490: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415492: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415494: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415497: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415499: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415501: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:09.415504: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415507: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415509: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415512: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415514: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415517: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415519: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:09.415522: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415524: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415527: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415529: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415532: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415534: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415536: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:09.415539: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415543: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415546: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415548: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415550: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415553: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415555: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:09.415558: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415561: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415563: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415565: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415568: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415570: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415573: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:09.415576: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415578: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415581: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415583: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415585: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415588: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415590: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:09.415593: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415596: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415598: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415601: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415603: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415606: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415608: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:09.415611: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415614: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415616: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415618: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:09.415621: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:09.415623: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.415625: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:09.415628: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.415631: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:09.415633: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:09.415636: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:09.415639: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:09.415641: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:16:09.415645: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:09.415648: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:16:09.415650: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:09.415653: | flags: none (0x0) Sep 21 07:16:09.415655: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:09.415658: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:09.415661: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:09.415664: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:09.415667: | ikev2 g^x 6f b5 71 63 18 3b 70 b4 3f c0 79 08 57 c6 92 1a Sep 21 07:16:09.415669: | ikev2 g^x b1 ba 03 41 9a c7 c0 11 ac cc e2 0b ee d6 69 5d Sep 21 07:16:09.415672: | ikev2 g^x d3 f8 d0 d5 52 29 eb 3b a7 b2 c3 02 15 81 50 46 Sep 21 07:16:09.415674: | ikev2 g^x 7c e7 fd 1f a0 d5 a3 50 ca 71 4b 1f 28 c2 d3 77 Sep 21 07:16:09.415676: | ikev2 g^x cc 1c 17 8c 46 b2 05 7b 6a fa 04 4f 35 c8 06 b2 Sep 21 07:16:09.415679: | ikev2 g^x 16 1e c4 85 80 43 68 78 0b c2 ba cb 48 d9 2e e1 Sep 21 07:16:09.415681: | ikev2 g^x 82 80 46 5d 96 56 e2 65 a9 3c 1f 26 c9 34 f7 99 Sep 21 07:16:09.415683: | ikev2 g^x 14 bd 09 ed d1 bd ed 4b 0b b6 76 be 1d 05 f6 00 Sep 21 07:16:09.415686: | ikev2 g^x 7a 25 19 27 69 3a 11 52 c0 fe 2b 1a 7a 44 99 ee Sep 21 07:16:09.415688: | ikev2 g^x 80 5b d7 94 5d 00 34 67 f7 bc c7 9e 60 de 28 dd Sep 21 07:16:09.415690: | ikev2 g^x db 72 6c 91 cd e0 af 7d 1d b6 c2 a6 6d 06 ae 96 Sep 21 07:16:09.415693: | ikev2 g^x e0 c0 3e f5 5a a9 ca 26 b6 80 23 38 d1 d5 32 a3 Sep 21 07:16:09.415695: | ikev2 g^x f1 15 5d 99 27 01 a9 a7 58 92 64 40 39 c9 ce e4 Sep 21 07:16:09.415697: | ikev2 g^x 20 fd b5 be b0 9f 24 f7 3b 75 4a 08 73 a1 84 59 Sep 21 07:16:09.415700: | ikev2 g^x ef 3e 69 34 a3 16 8a 4e fb 25 46 3e 66 c9 cc 43 Sep 21 07:16:09.415702: | ikev2 g^x fa b3 73 88 b9 eb 2b ea e4 21 9e 01 73 9b f0 90 Sep 21 07:16:09.415704: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:16:09.415707: | ***emit IKEv2 Nonce Payload: Sep 21 07:16:09.415710: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:09.415712: | flags: none (0x0) Sep 21 07:16:09.415715: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:16:09.415718: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:09.415720: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:09.415723: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:09.415726: | IKEv2 nonce 45 7d d1 e5 0b c8 27 86 69 26 12 19 c4 aa 00 9e Sep 21 07:16:09.415728: | IKEv2 nonce 56 6e c2 c4 0f 01 97 52 d7 04 15 f1 98 10 1c 1e Sep 21 07:16:09.415731: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:09.415733: | Adding a v2N Payload Sep 21 07:16:09.415736: | ***emit IKEv2 Notify Payload: Sep 21 07:16:09.415738: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:09.415741: | flags: none (0x0) Sep 21 07:16:09.415743: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:09.415746: | SPI size: 0 (0x0) Sep 21 07:16:09.415748: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:09.415751: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:09.415754: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:09.415756: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:16:09.415760: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:16:09.415764: | natd_hash: rcookie is zero Sep 21 07:16:09.415780: | natd_hash: hasher=0x558db09547a0(20) Sep 21 07:16:09.415793: | natd_hash: icookie= 2e c9 d4 ef 11 8f 29 e7 Sep 21 07:16:09.415798: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:09.415800: | natd_hash: ip= c0 01 03 21 Sep 21 07:16:09.415802: | natd_hash: port= 01 f4 Sep 21 07:16:09.415804: | natd_hash: hash= 1a d6 81 5c 84 43 e9 2c 92 95 21 f7 1f 56 b3 68 Sep 21 07:16:09.415807: | natd_hash: hash= bb b1 19 aa Sep 21 07:16:09.415809: | Adding a v2N Payload Sep 21 07:16:09.415811: | ***emit IKEv2 Notify Payload: Sep 21 07:16:09.415814: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:09.415816: | flags: none (0x0) Sep 21 07:16:09.415818: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:09.415821: | SPI size: 0 (0x0) Sep 21 07:16:09.415823: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:09.415826: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:09.415829: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:09.415832: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:09.415834: | Notify data 1a d6 81 5c 84 43 e9 2c 92 95 21 f7 1f 56 b3 68 Sep 21 07:16:09.415836: | Notify data bb b1 19 aa Sep 21 07:16:09.415839: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:09.415841: | natd_hash: rcookie is zero Sep 21 07:16:09.415847: | natd_hash: hasher=0x558db09547a0(20) Sep 21 07:16:09.415850: | natd_hash: icookie= 2e c9 d4 ef 11 8f 29 e7 Sep 21 07:16:09.415852: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:09.415854: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:09.415856: | natd_hash: port= 01 f4 Sep 21 07:16:09.415859: | natd_hash: hash= cd a9 a8 49 7d f2 9d be 24 ff 60 22 7b 67 7f 7e Sep 21 07:16:09.415861: | natd_hash: hash= 01 13 fd 84 Sep 21 07:16:09.415863: | Adding a v2N Payload Sep 21 07:16:09.415865: | ***emit IKEv2 Notify Payload: Sep 21 07:16:09.415867: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:09.415870: | flags: none (0x0) Sep 21 07:16:09.415872: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:09.415874: | SPI size: 0 (0x0) Sep 21 07:16:09.415877: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:09.415880: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:09.415883: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:09.415885: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:09.415888: | Notify data cd a9 a8 49 7d f2 9d be 24 ff 60 22 7b 67 7f 7e Sep 21 07:16:09.415890: | Notify data 01 13 fd 84 Sep 21 07:16:09.415892: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:09.415895: | emitting length of ISAKMP Message: 828 Sep 21 07:16:09.415902: | stop processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:16:09.415912: | start processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:09.415916: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:16:09.415919: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:16:09.415922: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:16:09.415925: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:16:09.415928: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:16:09.415933: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:09.415938: "northnet-eastnet-ipv4" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:09.415951: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:16:09.415964: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:09.415966: | 2e c9 d4 ef 11 8f 29 e7 00 00 00 00 00 00 00 00 Sep 21 07:16:09.415969: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:16:09.415971: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:16:09.415973: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:16:09.415975: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:16:09.415978: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:16:09.415980: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:16:09.415982: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:16:09.415984: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:16:09.415987: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:16:09.415989: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:16:09.415991: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:16:09.415993: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:16:09.415996: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:16:09.415998: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:16:09.416000: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:16:09.416002: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:16:09.416005: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:16:09.416007: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:16:09.416009: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:16:09.416011: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:16:09.416014: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:16:09.416016: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:16:09.416018: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:16:09.416020: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:16:09.416023: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:16:09.416025: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:16:09.416027: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:16:09.416029: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:16:09.416032: | 28 00 01 08 00 0e 00 00 6f b5 71 63 18 3b 70 b4 Sep 21 07:16:09.416034: | 3f c0 79 08 57 c6 92 1a b1 ba 03 41 9a c7 c0 11 Sep 21 07:16:09.416036: | ac cc e2 0b ee d6 69 5d d3 f8 d0 d5 52 29 eb 3b Sep 21 07:16:09.416038: | a7 b2 c3 02 15 81 50 46 7c e7 fd 1f a0 d5 a3 50 Sep 21 07:16:09.416041: | ca 71 4b 1f 28 c2 d3 77 cc 1c 17 8c 46 b2 05 7b Sep 21 07:16:09.416043: | 6a fa 04 4f 35 c8 06 b2 16 1e c4 85 80 43 68 78 Sep 21 07:16:09.416045: | 0b c2 ba cb 48 d9 2e e1 82 80 46 5d 96 56 e2 65 Sep 21 07:16:09.416047: | a9 3c 1f 26 c9 34 f7 99 14 bd 09 ed d1 bd ed 4b Sep 21 07:16:09.416050: | 0b b6 76 be 1d 05 f6 00 7a 25 19 27 69 3a 11 52 Sep 21 07:16:09.416052: | c0 fe 2b 1a 7a 44 99 ee 80 5b d7 94 5d 00 34 67 Sep 21 07:16:09.416054: | f7 bc c7 9e 60 de 28 dd db 72 6c 91 cd e0 af 7d Sep 21 07:16:09.416056: | 1d b6 c2 a6 6d 06 ae 96 e0 c0 3e f5 5a a9 ca 26 Sep 21 07:16:09.416059: | b6 80 23 38 d1 d5 32 a3 f1 15 5d 99 27 01 a9 a7 Sep 21 07:16:09.416061: | 58 92 64 40 39 c9 ce e4 20 fd b5 be b0 9f 24 f7 Sep 21 07:16:09.416063: | 3b 75 4a 08 73 a1 84 59 ef 3e 69 34 a3 16 8a 4e Sep 21 07:16:09.416065: | fb 25 46 3e 66 c9 cc 43 fa b3 73 88 b9 eb 2b ea Sep 21 07:16:09.416068: | e4 21 9e 01 73 9b f0 90 29 00 00 24 45 7d d1 e5 Sep 21 07:16:09.416070: | 0b c8 27 86 69 26 12 19 c4 aa 00 9e 56 6e c2 c4 Sep 21 07:16:09.416072: | 0f 01 97 52 d7 04 15 f1 98 10 1c 1e 29 00 00 08 Sep 21 07:16:09.416076: | 00 00 40 2e 29 00 00 1c 00 00 40 04 1a d6 81 5c Sep 21 07:16:09.416078: | 84 43 e9 2c 92 95 21 f7 1f 56 b3 68 bb b1 19 aa Sep 21 07:16:09.416080: | 00 00 00 1c 00 00 40 05 cd a9 a8 49 7d f2 9d be Sep 21 07:16:09.416082: | 24 ff 60 22 7b 67 7f 7e 01 13 fd 84 Sep 21 07:16:09.416175: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:09.416181: | libevent_free: release ptr-libevent@0x558db0acaf30 Sep 21 07:16:09.416184: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x558db0acaef0 Sep 21 07:16:09.416187: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:16:09.416190: | event_schedule: new EVENT_RETRANSMIT-pe@0x558db0acaef0 Sep 21 07:16:09.416194: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:16:09.416197: | libevent_malloc: new ptr-libevent@0x558db0acaf30 size 128 Sep 21 07:16:09.416202: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48815.784454 Sep 21 07:16:09.416206: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:16:09.416212: | #1 spent 1.6 milliseconds in resume sending helper answer Sep 21 07:16:09.416217: | stop processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:09.416220: | libevent_free: release ptr-libevent@0x7f3744006900 Sep 21 07:16:09.419227: | spent 0.00236 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:09.419250: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:09.419253: | 2e c9 d4 ef 11 8f 29 e7 32 98 59 7e f8 8c 71 f0 Sep 21 07:16:09.419256: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:16:09.419258: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:16:09.419260: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:16:09.419263: | 04 00 00 0e 28 00 01 08 00 0e 00 00 b3 9a 9b e0 Sep 21 07:16:09.419265: | 5c 86 45 99 75 e3 e3 c8 a4 aa 7d 45 3a 08 71 bd Sep 21 07:16:09.419267: | df 51 55 be 32 28 2e 17 47 2f 00 b7 77 e8 62 05 Sep 21 07:16:09.419270: | c2 cf e8 97 d0 46 27 a8 30 bc be c4 38 19 85 f6 Sep 21 07:16:09.419272: | b7 10 74 1c 4e bd 04 59 32 24 75 27 e8 47 7e 14 Sep 21 07:16:09.419274: | a2 6f ff e2 d0 60 5d f7 14 d0 e8 cc e0 a3 d5 9b Sep 21 07:16:09.419277: | 3f 0a 9f 32 c0 b4 67 30 1b 86 54 a7 94 db 80 56 Sep 21 07:16:09.419279: | f1 ad 6c 7e b1 dd ec 9a 7c a4 b1 ee 17 42 10 a2 Sep 21 07:16:09.419281: | b0 25 54 57 17 4e 75 46 bf f7 93 70 cc d4 77 44 Sep 21 07:16:09.419283: | 91 ca cf c1 7d 1d 90 c7 d4 f6 aa 7b 10 c4 eb 99 Sep 21 07:16:09.419286: | 0e 4e ac d3 68 76 19 ce 2a 27 a0 17 9c c8 dc e0 Sep 21 07:16:09.419288: | 88 98 52 c0 36 0c 5a 80 b0 20 e2 b1 9e 05 46 d8 Sep 21 07:16:09.419290: | b4 43 67 ca 7b f7 5a 5f 06 8d dd a4 4b 1f 8e 79 Sep 21 07:16:09.419292: | 3c 0e f8 44 b9 c6 19 f0 2d 38 4d 31 32 47 2c 99 Sep 21 07:16:09.419295: | 16 d6 33 08 65 f4 ee 89 ec 7e 92 e0 45 8b bb 57 Sep 21 07:16:09.419297: | 41 5a 5c 45 55 1b a3 f7 51 fe 7f a8 0b a7 36 3e Sep 21 07:16:09.419299: | ab c6 57 d5 90 e0 5e 93 3b a0 32 b3 29 00 00 24 Sep 21 07:16:09.419302: | 1e 2a 0b 29 d2 85 d8 b9 7f ff 5d 7e cb 8d 69 60 Sep 21 07:16:09.419304: | 66 96 05 3c 4e ed fb cb e4 0d 62 c0 a3 98 39 ff Sep 21 07:16:09.419306: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:16:09.419309: | 18 19 ef ac f5 61 4e 83 a0 99 94 ec 25 fc c6 02 Sep 21 07:16:09.419311: | 6a 75 54 54 00 00 00 1c 00 00 40 05 f5 1f 31 09 Sep 21 07:16:09.419313: | c5 86 67 5b c3 4f 7b 8c d2 0d ef fa 61 b8 9c a8 Sep 21 07:16:09.419318: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:09.419321: | **parse ISAKMP Message: Sep 21 07:16:09.419324: | initiator cookie: Sep 21 07:16:09.419326: | 2e c9 d4 ef 11 8f 29 e7 Sep 21 07:16:09.419330: | responder cookie: Sep 21 07:16:09.419333: | 32 98 59 7e f8 8c 71 f0 Sep 21 07:16:09.419335: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:09.419338: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:09.419341: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:09.419343: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:09.419346: | Message ID: 0 (0x0) Sep 21 07:16:09.419348: | length: 432 (0x1b0) Sep 21 07:16:09.419351: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:16:09.419354: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:16:09.419358: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:16:09.419365: | start processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:09.419370: | [RE]START processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:09.419372: | #1 is idle Sep 21 07:16:09.419375: | #1 idle Sep 21 07:16:09.419377: | unpacking clear payload Sep 21 07:16:09.419380: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:09.419382: | ***parse IKEv2 Security Association Payload: Sep 21 07:16:09.419385: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:16:09.419387: | flags: none (0x0) Sep 21 07:16:09.419390: | length: 40 (0x28) Sep 21 07:16:09.419392: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:16:09.419395: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:16:09.419397: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:16:09.419400: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:16:09.419402: | flags: none (0x0) Sep 21 07:16:09.419404: | length: 264 (0x108) Sep 21 07:16:09.419407: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:09.419409: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:16:09.419412: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:16:09.419414: | ***parse IKEv2 Nonce Payload: Sep 21 07:16:09.419416: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:09.419419: | flags: none (0x0) Sep 21 07:16:09.419421: | length: 36 (0x24) Sep 21 07:16:09.419423: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:16:09.419426: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:09.419429: | ***parse IKEv2 Notify Payload: Sep 21 07:16:09.419431: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:09.419433: | flags: none (0x0) Sep 21 07:16:09.419436: | length: 8 (0x8) Sep 21 07:16:09.419438: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:09.419441: | SPI size: 0 (0x0) Sep 21 07:16:09.419443: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:09.419446: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:16:09.419448: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:09.419451: | ***parse IKEv2 Notify Payload: Sep 21 07:16:09.419453: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:09.419455: | flags: none (0x0) Sep 21 07:16:09.419457: | length: 28 (0x1c) Sep 21 07:16:09.419460: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:09.419462: | SPI size: 0 (0x0) Sep 21 07:16:09.419465: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:09.419467: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:09.419469: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:09.419472: | ***parse IKEv2 Notify Payload: Sep 21 07:16:09.419474: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:09.419476: | flags: none (0x0) Sep 21 07:16:09.419479: | length: 28 (0x1c) Sep 21 07:16:09.419481: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:09.419483: | SPI size: 0 (0x0) Sep 21 07:16:09.419486: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:09.419488: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:09.419492: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:16:09.419498: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:09.419501: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:16:09.419504: | Now let's proceed with state specific processing Sep 21 07:16:09.419506: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:16:09.419510: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:16:09.419527: | using existing local IKE proposals for connection northnet-eastnet-ipv4 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:09.419531: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:16:09.419534: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:09.419537: | local proposal 1 type PRF has 2 transforms Sep 21 07:16:09.419539: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:09.419542: | local proposal 1 type DH has 8 transforms Sep 21 07:16:09.419544: | local proposal 1 type ESN has 0 transforms Sep 21 07:16:09.419547: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:16:09.419550: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:09.419552: | local proposal 2 type PRF has 2 transforms Sep 21 07:16:09.419555: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:09.419557: | local proposal 2 type DH has 8 transforms Sep 21 07:16:09.419560: | local proposal 2 type ESN has 0 transforms Sep 21 07:16:09.419563: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:16:09.419565: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:09.419567: | local proposal 3 type PRF has 2 transforms Sep 21 07:16:09.419570: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:09.419572: | local proposal 3 type DH has 8 transforms Sep 21 07:16:09.419575: | local proposal 3 type ESN has 0 transforms Sep 21 07:16:09.419578: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:16:09.419580: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:09.419582: | local proposal 4 type PRF has 2 transforms Sep 21 07:16:09.419585: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:09.419587: | local proposal 4 type DH has 8 transforms Sep 21 07:16:09.419590: | local proposal 4 type ESN has 0 transforms Sep 21 07:16:09.419593: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:16:09.419595: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:09.419598: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:09.419600: | length: 36 (0x24) Sep 21 07:16:09.419603: | prop #: 1 (0x1) Sep 21 07:16:09.419605: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:09.419607: | spi size: 0 (0x0) Sep 21 07:16:09.419610: | # transforms: 3 (0x3) Sep 21 07:16:09.419613: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:16:09.419616: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.419618: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.419621: | length: 12 (0xc) Sep 21 07:16:09.419623: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:09.419626: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:09.419630: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:09.419632: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:09.419635: | length/value: 256 (0x100) Sep 21 07:16:09.419639: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:09.419642: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.419644: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:09.419647: | length: 8 (0x8) Sep 21 07:16:09.419649: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:09.419651: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:09.419655: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:16:09.419658: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:09.419660: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:09.419662: | length: 8 (0x8) Sep 21 07:16:09.419665: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:09.419667: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:09.419670: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:16:09.419674: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:16:09.419678: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:16:09.419681: | remote proposal 1 matches local proposal 1 Sep 21 07:16:09.419684: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:16:09.419687: | converting proposal to internal trans attrs Sep 21 07:16:09.419702: | natd_hash: hasher=0x558db09547a0(20) Sep 21 07:16:09.419704: | natd_hash: icookie= 2e c9 d4 ef 11 8f 29 e7 Sep 21 07:16:09.419707: | natd_hash: rcookie= 32 98 59 7e f8 8c 71 f0 Sep 21 07:16:09.419709: | natd_hash: ip= c0 01 03 21 Sep 21 07:16:09.419711: | natd_hash: port= 01 f4 Sep 21 07:16:09.419714: | natd_hash: hash= f5 1f 31 09 c5 86 67 5b c3 4f 7b 8c d2 0d ef fa Sep 21 07:16:09.419716: | natd_hash: hash= 61 b8 9c a8 Sep 21 07:16:09.419722: | natd_hash: hasher=0x558db09547a0(20) Sep 21 07:16:09.419724: | natd_hash: icookie= 2e c9 d4 ef 11 8f 29 e7 Sep 21 07:16:09.419727: | natd_hash: rcookie= 32 98 59 7e f8 8c 71 f0 Sep 21 07:16:09.419729: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:09.419731: | natd_hash: port= 01 f4 Sep 21 07:16:09.419733: | natd_hash: hash= 18 19 ef ac f5 61 4e 83 a0 99 94 ec 25 fc c6 02 Sep 21 07:16:09.419735: | natd_hash: hash= 6a 75 54 54 Sep 21 07:16:09.419739: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:16:09.419741: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:16:09.419743: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:16:09.419746: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:16:09.419752: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:16:09.419756: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:16:09.419759: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:09.419762: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:16:09.419765: | libevent_free: release ptr-libevent@0x558db0acaf30 Sep 21 07:16:09.419768: | free_event_entry: release EVENT_RETRANSMIT-pe@0x558db0acaef0 Sep 21 07:16:09.419771: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x558db0acaef0 Sep 21 07:16:09.419775: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:16:09.419777: | libevent_malloc: new ptr-libevent@0x558db0acaf30 size 128 Sep 21 07:16:09.419831: | #1 spent 0.297 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:16:09.419839: | [RE]START processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:09.419843: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:16:09.419847: | suspending state #1 and saving MD Sep 21 07:16:09.419850: | #1 is busy; has a suspended MD Sep 21 07:16:09.419858: | [RE]START processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:09.419862: | "northnet-eastnet-ipv4" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:09.419867: | stop processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:09.419872: | #1 spent 0.607 milliseconds in ikev2_process_packet() Sep 21 07:16:09.419876: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:09.419879: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:09.419881: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:09.419885: | spent 0.621 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:09.419927: | crypto helper 6 resuming Sep 21 07:16:09.419935: | crypto helper 6 starting work-order 2 for state #1 Sep 21 07:16:09.419939: | crypto helper 6 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:16:09.420557: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:16:09.421012: | crypto helper 6 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001073 seconds Sep 21 07:16:09.421025: | (#1) spent 1.08 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:16:09.421028: | crypto helper 6 sending results from work-order 2 for state #1 to event queue Sep 21 07:16:09.421031: | scheduling resume sending helper answer for #1 Sep 21 07:16:09.421035: | libevent_malloc: new ptr-libevent@0x7f373c006b90 size 128 Sep 21 07:16:09.421043: | crypto helper 6 waiting (nothing to do) Sep 21 07:16:09.421051: | processing resume sending helper answer for #1 Sep 21 07:16:09.421060: | start processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:09.421064: | crypto helper 6 replies to request ID 2 Sep 21 07:16:09.421066: | calling continuation function 0x558db087e630 Sep 21 07:16:09.421069: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:16:09.421076: | creating state object #2 at 0x558db0acd790 Sep 21 07:16:09.421079: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:16:09.421082: | pstats #2 ikev2.child started Sep 21 07:16:09.421086: | duplicating state object #1 "northnet-eastnet-ipv4" as #2 for IPSEC SA Sep 21 07:16:09.421090: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:09.421097: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:09.421101: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:16:09.421106: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:09.421109: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:09.421112: | libevent_free: release ptr-libevent@0x558db0acaf30 Sep 21 07:16:09.421115: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x558db0acaef0 Sep 21 07:16:09.421118: | event_schedule: new EVENT_SA_REPLACE-pe@0x558db0acaef0 Sep 21 07:16:09.421121: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:16:09.421124: | libevent_malloc: new ptr-libevent@0x558db0acaf30 size 128 Sep 21 07:16:09.421128: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:16:09.421133: | **emit ISAKMP Message: Sep 21 07:16:09.421140: | initiator cookie: Sep 21 07:16:09.421142: | 2e c9 d4 ef 11 8f 29 e7 Sep 21 07:16:09.421144: | responder cookie: Sep 21 07:16:09.421147: | 32 98 59 7e f8 8c 71 f0 Sep 21 07:16:09.421149: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:09.421152: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:09.421155: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:09.421157: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:09.421160: | Message ID: 1 (0x1) Sep 21 07:16:09.421162: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:09.421165: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:09.421168: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:09.421170: | flags: none (0x0) Sep 21 07:16:09.421173: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:09.421176: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:16:09.421179: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:09.421187: | IKEv2 CERT: send a certificate? Sep 21 07:16:09.421190: | IKEv2 CERT: no certificate to send Sep 21 07:16:09.421192: | IDr payload will be sent Sep 21 07:16:09.421207: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:16:09.421210: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:09.421212: | flags: none (0x0) Sep 21 07:16:09.421215: | ID type: ID_FQDN (0x2) Sep 21 07:16:09.421218: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:16:09.421221: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:09.421224: | emitting 5 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:16:09.421226: | my identity 6e 6f 72 74 68 Sep 21 07:16:09.421229: | emitting length of IKEv2 Identification - Initiator - Payload: 13 Sep 21 07:16:09.421237: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:16:09.421240: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:16:09.421242: | flags: none (0x0) Sep 21 07:16:09.421245: | ID type: ID_FQDN (0x2) Sep 21 07:16:09.421247: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:16:09.421251: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:16:09.421253: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:09.421256: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:16:09.421258: | IDr 65 61 73 74 Sep 21 07:16:09.421261: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:16:09.421263: | not sending INITIAL_CONTACT Sep 21 07:16:09.421266: | ****emit IKEv2 Authentication Payload: Sep 21 07:16:09.421269: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:09.421271: | flags: none (0x0) Sep 21 07:16:09.421274: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:16:09.421277: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:16:09.421279: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:16:09.421285: | started looking for secret for @north->@east of kind PKK_RSA Sep 21 07:16:09.421288: | actually looking for secret for @north->@east of kind PKK_RSA Sep 21 07:16:09.421291: | line 1: key type PKK_RSA(@north) to type PKK_RSA Sep 21 07:16:09.421295: | 1: compared key (none) to @north / @east -> 002 Sep 21 07:16:09.421300: | 2: compared key (none) to @north / @east -> 002 Sep 21 07:16:09.421302: | line 1: match=002 Sep 21 07:16:09.421305: | match 002 beats previous best_match 000 match=0x558db0abbb90 (line=1) Sep 21 07:16:09.421308: | concluding with best_match=002 best=0x558db0abbb90 (lineno=1) Sep 21 07:16:09.426780: "northnet-eastnet-ipv4" #1: Can't find the certificate or private key from the NSS CKA_ID Sep 21 07:16:09.426825: | #1 spent 5.44 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Sep 21 07:16:09.426829: "northnet-eastnet-ipv4" #1: Failed to find our RSA key Sep 21 07:16:09.426867: | suspend processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:09.426872: | start processing: state #2 connection "northnet-eastnet-ipv4" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:09.426877: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_FATAL Sep 21 07:16:09.426996: | release_pending_whacks: state #2 has no whack fd Sep 21 07:16:09.427002: | release_pending_whacks: IKE SA #1 fd@24 has pending CHILD SA with socket fd@25 Sep 21 07:16:09.427005: | pstats #2 ikev2.child deleted other Sep 21 07:16:09.427010: | [RE]START processing: state #2 connection "northnet-eastnet-ipv4" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:09.427014: "northnet-eastnet-ipv4" #2: deleting state (STATE_UNDEFINED) aged 0.005s and NOT sending notification Sep 21 07:16:09.427017: | child state #2: UNDEFINED(ignore) => delete Sep 21 07:16:09.427021: | child state #2: UNDEFINED(ignore) => CHILDSA_DEL(informational) Sep 21 07:16:09.427027: | priority calculation of connection "northnet-eastnet-ipv4" is 0xfe7e7 Sep 21 07:16:09.427035: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:09.427050: | raw_eroute result=success Sep 21 07:16:09.427054: | in connection_discard for connection northnet-eastnet-ipv4 Sep 21 07:16:09.427057: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:16:09.427060: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:16:09.427065: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:09.427071: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:16:09.427076: | #1 spent 5.95 milliseconds in resume sending helper answer Sep 21 07:16:09.427079: | processing: STOP state #0 (in resume_handler() at server.c:833) Sep 21 07:16:09.427084: | libevent_free: release ptr-libevent@0x7f373c006b90 Sep 21 07:16:29.130840: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:16:29.130854: | expiring aged bare shunts from shunt table Sep 21 07:16:29.130872: | spent 0.00408 milliseconds in global timer EVENT_SHUNT_SCAN Sep 21 07:16:49.125848: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:16:49.125863: | expiring aged bare shunts from shunt table Sep 21 07:16:49.125869: | spent 0.00408 milliseconds in global timer EVENT_SHUNT_SCAN