Sep 21 07:16:33.302670: FIPS Product: YES Sep 21 07:16:33.302700: FIPS Kernel: NO Sep 21 07:16:33.302703: FIPS Mode: NO Sep 21 07:16:33.302704: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:16:33.302876: Initializing NSS Sep 21 07:16:33.302882: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:16:33.332269: NSS initialized Sep 21 07:16:33.332281: NSS crypto library initialized Sep 21 07:16:33.332282: FIPS HMAC integrity support [enabled] Sep 21 07:16:33.332284: FIPS mode disabled for pluto daemon Sep 21 07:16:33.400431: FIPS HMAC integrity verification self-test FAILED Sep 21 07:16:33.400516: libcap-ng support [enabled] Sep 21 07:16:33.400525: Linux audit support [enabled] Sep 21 07:16:33.400547: Linux audit activated Sep 21 07:16:33.400550: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:14368 Sep 21 07:16:33.400552: core dump dir: /tmp Sep 21 07:16:33.400554: secrets file: /etc/ipsec.secrets Sep 21 07:16:33.400555: leak-detective disabled Sep 21 07:16:33.400556: NSS crypto [enabled] Sep 21 07:16:33.400557: XAUTH PAM support [enabled] Sep 21 07:16:33.400614: | libevent is using pluto's memory allocator Sep 21 07:16:33.400621: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:16:33.400633: | libevent_malloc: new ptr-libevent@0x561b42b01e50 size 40 Sep 21 07:16:33.400635: | libevent_malloc: new ptr-libevent@0x561b42b01e80 size 40 Sep 21 07:16:33.400638: | libevent_malloc: new ptr-libevent@0x561b42b03150 size 40 Sep 21 07:16:33.400639: | creating event base Sep 21 07:16:33.400641: | libevent_malloc: new ptr-libevent@0x561b42b03110 size 56 Sep 21 07:16:33.400643: | libevent_malloc: new ptr-libevent@0x561b42b03180 size 664 Sep 21 07:16:33.400654: | libevent_malloc: new ptr-libevent@0x561b42b03420 size 24 Sep 21 07:16:33.400656: | libevent_malloc: new ptr-libevent@0x561b42af4bd0 size 384 Sep 21 07:16:33.400664: | libevent_malloc: new ptr-libevent@0x561b42b03440 size 16 Sep 21 07:16:33.400666: | libevent_malloc: new ptr-libevent@0x561b42b03460 size 40 Sep 21 07:16:33.400667: | libevent_malloc: new ptr-libevent@0x561b42b03490 size 48 Sep 21 07:16:33.400672: | libevent_realloc: new ptr-libevent@0x561b42a85370 size 256 Sep 21 07:16:33.400674: | libevent_malloc: new ptr-libevent@0x561b42b034d0 size 16 Sep 21 07:16:33.400678: | libevent_free: release ptr-libevent@0x561b42b03110 Sep 21 07:16:33.400680: | libevent initialized Sep 21 07:16:33.400682: | libevent_realloc: new ptr-libevent@0x561b42b034f0 size 64 Sep 21 07:16:33.400684: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:16:33.400694: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:16:33.400696: NAT-Traversal support [enabled] Sep 21 07:16:33.400698: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:16:33.400702: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:16:33.400707: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:16:33.400734: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:16:33.400736: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:16:33.400738: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:16:33.400774: Encryption algorithms: Sep 21 07:16:33.400781: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:16:33.400787: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:16:33.400793: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:16:33.400796: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:16:33.400798: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:16:33.400805: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:16:33.400808: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:16:33.400810: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:16:33.400812: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:16:33.400814: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:16:33.400816: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:16:33.400818: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:16:33.400821: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:16:33.400823: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:16:33.400825: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:16:33.400826: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:16:33.400829: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:16:33.400833: Hash algorithms: Sep 21 07:16:33.400835: MD5 IKEv1: IKE IKEv2: Sep 21 07:16:33.400837: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:16:33.400839: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:16:33.400841: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:16:33.400842: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:16:33.400851: PRF algorithms: Sep 21 07:16:33.400853: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:16:33.400855: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:16:33.400857: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:16:33.400859: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:16:33.400860: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:16:33.400862: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:16:33.400877: Integrity algorithms: Sep 21 07:16:33.400879: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:16:33.400881: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:16:33.400884: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:16:33.400886: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:16:33.400888: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:16:33.400890: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:16:33.400892: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:16:33.400894: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:16:33.400896: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:16:33.400903: DH algorithms: Sep 21 07:16:33.400905: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:16:33.400907: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:16:33.400909: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:16:33.400912: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:16:33.400914: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:16:33.400916: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:16:33.400917: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:16:33.400919: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:16:33.400921: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:16:33.400923: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:16:33.400925: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:16:33.400926: testing CAMELLIA_CBC: Sep 21 07:16:33.400928: Camellia: 16 bytes with 128-bit key Sep 21 07:16:33.401019: Camellia: 16 bytes with 128-bit key Sep 21 07:16:33.401038: Camellia: 16 bytes with 256-bit key Sep 21 07:16:33.401055: Camellia: 16 bytes with 256-bit key Sep 21 07:16:33.401073: testing AES_GCM_16: Sep 21 07:16:33.401075: empty string Sep 21 07:16:33.401093: one block Sep 21 07:16:33.401108: two blocks Sep 21 07:16:33.401124: two blocks with associated data Sep 21 07:16:33.401140: testing AES_CTR: Sep 21 07:16:33.401142: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:16:33.401158: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:16:33.401174: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:16:33.401191: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:16:33.401206: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:16:33.401222: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:16:33.401238: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:16:33.401254: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:16:33.401271: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:16:33.401288: testing AES_CBC: Sep 21 07:16:33.401289: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:16:33.401306: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:16:33.401323: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:16:33.401340: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:16:33.401360: testing AES_XCBC: Sep 21 07:16:33.401362: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:16:33.401439: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:16:33.401518: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:16:33.401649: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:16:33.401777: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:16:33.401934: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:16:33.402071: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:16:33.402382: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:16:33.402517: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:16:33.402662: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:16:33.402911: testing HMAC_MD5: Sep 21 07:16:33.402918: RFC 2104: MD5_HMAC test 1 Sep 21 07:16:33.403106: RFC 2104: MD5_HMAC test 2 Sep 21 07:16:33.403294: RFC 2104: MD5_HMAC test 3 Sep 21 07:16:33.403482: 8 CPU cores online Sep 21 07:16:33.403487: starting up 7 crypto helpers Sep 21 07:16:33.403522: started thread for crypto helper 0 Sep 21 07:16:33.403543: started thread for crypto helper 1 Sep 21 07:16:33.403565: started thread for crypto helper 2 Sep 21 07:16:33.403586: started thread for crypto helper 3 Sep 21 07:16:33.403605: started thread for crypto helper 4 Sep 21 07:16:33.403628: started thread for crypto helper 5 Sep 21 07:16:33.403650: started thread for crypto helper 6 Sep 21 07:16:33.403655: | checking IKEv1 state table Sep 21 07:16:33.403663: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:33.403665: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:16:33.403668: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:33.403670: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:16:33.403673: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:16:33.403675: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:16:33.403677: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:33.403680: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:33.403683: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:16:33.403686: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:16:33.403688: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:33.403690: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:33.403693: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:16:33.403695: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:33.403698: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:33.403700: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:33.403702: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:16:33.403704: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:33.403707: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:33.403709: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:33.403711: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:16:33.403714: | -> UNDEFINED EVENT_NULL Sep 21 07:16:33.403716: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:16:33.403719: | -> UNDEFINED EVENT_NULL Sep 21 07:16:33.403721: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:33.403723: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:16:33.403726: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:33.403728: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:33.403730: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:33.403733: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:16:33.403735: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:33.403737: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:33.403740: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:16:33.403742: | -> UNDEFINED EVENT_NULL Sep 21 07:16:33.403745: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:16:33.403747: | -> UNDEFINED EVENT_NULL Sep 21 07:16:33.403750: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:16:33.403752: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:16:33.403755: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:16:33.403757: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:16:33.403760: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:16:33.403762: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:16:33.403765: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:16:33.403767: | -> UNDEFINED EVENT_NULL Sep 21 07:16:33.403769: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:16:33.403772: | -> UNDEFINED EVENT_NULL Sep 21 07:16:33.403775: | INFO: category: informational flags: 0: Sep 21 07:16:33.403777: | -> UNDEFINED EVENT_NULL Sep 21 07:16:33.403780: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:16:33.403782: | -> UNDEFINED EVENT_NULL Sep 21 07:16:33.403806: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:16:33.403808: | -> XAUTH_R1 EVENT_NULL Sep 21 07:16:33.403811: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:16:33.403813: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:33.403815: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:16:33.403818: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:16:33.403821: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:16:33.403823: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:16:33.403839: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:16:33.403841: | -> UNDEFINED EVENT_NULL Sep 21 07:16:33.403844: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:16:33.403849: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:33.403852: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:16:33.403854: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:16:33.403856: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:16:33.403858: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:16:33.403865: | checking IKEv2 state table Sep 21 07:16:33.403871: | PARENT_I0: category: ignore flags: 0: Sep 21 07:16:33.403873: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:16:33.403876: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:33.403879: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:16:33.403881: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:16:33.403884: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:16:33.403887: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:16:33.403889: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:16:33.403892: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:16:33.403894: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:16:33.403896: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:16:33.403899: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:16:33.403901: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:16:33.403904: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:16:33.403906: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:16:33.403908: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:16:33.403911: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:33.403913: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:16:33.403916: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:16:33.403918: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:16:33.403921: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:16:33.403923: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:16:33.403926: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:16:33.403928: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:16:33.403930: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:16:33.403933: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:16:33.403935: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:16:33.403938: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:16:33.403941: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:16:33.403943: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:16:33.403946: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:16:33.403948: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:33.403951: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:16:33.403953: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:16:33.403956: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:16:33.403958: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:16:33.403961: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:16:33.403964: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:16:33.403966: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:16:33.403971: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:16:33.403974: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:33.403977: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:16:33.403979: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:16:33.403982: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:16:33.403985: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:16:33.403987: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:16:33.403990: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:16:33.404000: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:16:33.404063: | Hard-wiring algorithms Sep 21 07:16:33.404066: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:16:33.404070: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:16:33.404072: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:16:33.404074: | adding 3DES_CBC to kernel algorithm db Sep 21 07:16:33.404076: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:16:33.404079: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:16:33.404081: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:16:33.404083: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:16:33.404085: | adding AES_CTR to kernel algorithm db Sep 21 07:16:33.404087: | adding AES_CBC to kernel algorithm db Sep 21 07:16:33.404090: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:16:33.404092: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:16:33.404094: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:16:33.404096: | adding NULL to kernel algorithm db Sep 21 07:16:33.404099: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:16:33.404101: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:16:33.404103: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:16:33.404106: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:16:33.404108: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:16:33.404110: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:16:33.404112: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:16:33.404115: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:16:33.404117: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:16:33.404119: | adding NONE to kernel algorithm db Sep 21 07:16:33.404138: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:16:33.404144: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:16:33.404146: | setup kernel fd callback Sep 21 07:16:33.404149: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x561b42b08b90 Sep 21 07:16:33.404152: | libevent_malloc: new ptr-libevent@0x561b42b14d30 size 128 Sep 21 07:16:33.404155: | libevent_malloc: new ptr-libevent@0x561b42b07e70 size 16 Sep 21 07:16:33.404161: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x561b42b08b50 Sep 21 07:16:33.404163: | libevent_malloc: new ptr-libevent@0x561b42b14dc0 size 128 Sep 21 07:16:33.404165: | libevent_malloc: new ptr-libevent@0x561b42b07e90 size 16 Sep 21 07:16:33.404389: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:16:33.404398: selinux support is enabled. Sep 21 07:16:33.404478: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:16:33.404645: | unbound context created - setting debug level to 5 Sep 21 07:16:33.404670: | /etc/hosts lookups activated Sep 21 07:16:33.404683: | /etc/resolv.conf usage activated Sep 21 07:16:33.404745: | outgoing-port-avoid set 0-65535 Sep 21 07:16:33.404772: | outgoing-port-permit set 32768-60999 Sep 21 07:16:33.404775: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:16:33.404778: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:16:33.404781: | Setting up events, loop start Sep 21 07:16:33.404804: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x561b42b03110 Sep 21 07:16:33.404812: | libevent_malloc: new ptr-libevent@0x561b42b1f330 size 128 Sep 21 07:16:33.404816: | libevent_malloc: new ptr-libevent@0x561b42b1f3c0 size 16 Sep 21 07:16:33.404824: | libevent_realloc: new ptr-libevent@0x561b42a835b0 size 256 Sep 21 07:16:33.404827: | libevent_malloc: new ptr-libevent@0x561b42b1f3e0 size 8 Sep 21 07:16:33.404830: | libevent_realloc: new ptr-libevent@0x561b42b140b0 size 144 Sep 21 07:16:33.404833: | libevent_malloc: new ptr-libevent@0x561b42b1f400 size 152 Sep 21 07:16:33.404836: | libevent_malloc: new ptr-libevent@0x561b42b1f4a0 size 16 Sep 21 07:16:33.404840: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:16:33.404843: | libevent_malloc: new ptr-libevent@0x561b42b1f4c0 size 8 Sep 21 07:16:33.404859: | libevent_malloc: new ptr-libevent@0x561b42b1f4e0 size 152 Sep 21 07:16:33.404862: | signal event handler PLUTO_SIGTERM installed Sep 21 07:16:33.404864: | libevent_malloc: new ptr-libevent@0x561b42b1f580 size 8 Sep 21 07:16:33.404867: | libevent_malloc: new ptr-libevent@0x561b42b1f5a0 size 152 Sep 21 07:16:33.404869: | signal event handler PLUTO_SIGHUP installed Sep 21 07:16:33.404872: | libevent_malloc: new ptr-libevent@0x561b42b1f640 size 8 Sep 21 07:16:33.404875: | libevent_realloc: release ptr-libevent@0x561b42b140b0 Sep 21 07:16:33.404877: | libevent_realloc: new ptr-libevent@0x561b42b1f660 size 256 Sep 21 07:16:33.404880: | libevent_malloc: new ptr-libevent@0x561b42b140b0 size 152 Sep 21 07:16:33.404882: | signal event handler PLUTO_SIGSYS installed Sep 21 07:16:33.405227: | created addconn helper (pid:14436) using fork+execve Sep 21 07:16:33.405242: | forked child 14436 Sep 21 07:16:33.405279: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:33.405311: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:33.405318: listening for IKE messages Sep 21 07:16:33.405381: | Inspecting interface lo Sep 21 07:16:33.405388: | found lo with address 127.0.0.1 Sep 21 07:16:33.405391: | Inspecting interface eth0 Sep 21 07:16:33.405395: | found eth0 with address 192.0.3.254 Sep 21 07:16:33.405397: | Inspecting interface eth1 Sep 21 07:16:33.405401: | found eth1 with address 192.1.3.33 Sep 21 07:16:33.405459: Kernel supports NIC esp-hw-offload Sep 21 07:16:33.405469: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Sep 21 07:16:33.405505: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:33.405509: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:33.405526: adding interface eth1/eth1 192.1.3.33:4500 Sep 21 07:16:33.405565: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Sep 21 07:16:33.405614: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:33.405619: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:33.405622: adding interface eth0/eth0 192.0.3.254:4500 Sep 21 07:16:33.405647: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:16:33.405669: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:33.405673: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:33.405676: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:16:33.405729: | no interfaces to sort Sep 21 07:16:33.405733: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:16:33.405742: | add_fd_read_event_handler: new ethX-pe@0x561b42b1f9d0 Sep 21 07:16:33.405745: | libevent_malloc: new ptr-libevent@0x561b42b1fa10 size 128 Sep 21 07:16:33.405748: | libevent_malloc: new ptr-libevent@0x561b42b1faa0 size 16 Sep 21 07:16:33.405756: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:16:33.405759: | add_fd_read_event_handler: new ethX-pe@0x561b42b1fac0 Sep 21 07:16:33.405761: | libevent_malloc: new ptr-libevent@0x561b42b1fb00 size 128 Sep 21 07:16:33.405764: | libevent_malloc: new ptr-libevent@0x561b42b1fb90 size 16 Sep 21 07:16:33.405771: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:16:33.405774: | add_fd_read_event_handler: new ethX-pe@0x561b42b1fbb0 Sep 21 07:16:33.405777: | libevent_malloc: new ptr-libevent@0x561b42b1fbf0 size 128 Sep 21 07:16:33.405779: | libevent_malloc: new ptr-libevent@0x561b42b1fc80 size 16 Sep 21 07:16:33.405788: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:16:33.405793: | add_fd_read_event_handler: new ethX-pe@0x561b42b1fca0 Sep 21 07:16:33.405795: | libevent_malloc: new ptr-libevent@0x561b42b1fce0 size 128 Sep 21 07:16:33.405798: | libevent_malloc: new ptr-libevent@0x561b42b1fd70 size 16 Sep 21 07:16:33.405803: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:16:33.405805: | add_fd_read_event_handler: new ethX-pe@0x561b42b1fd90 Sep 21 07:16:33.405808: | libevent_malloc: new ptr-libevent@0x561b42b1fdd0 size 128 Sep 21 07:16:33.405811: | libevent_malloc: new ptr-libevent@0x561b42b1fe60 size 16 Sep 21 07:16:33.405815: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:16:33.405818: | add_fd_read_event_handler: new ethX-pe@0x561b42b1fe80 Sep 21 07:16:33.405820: | libevent_malloc: new ptr-libevent@0x561b42b1fec0 size 128 Sep 21 07:16:33.405823: | libevent_malloc: new ptr-libevent@0x561b42b1ff50 size 16 Sep 21 07:16:33.405827: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:16:33.405832: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:33.405835: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:33.405855: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:33.405875: | saving Modulus Sep 21 07:16:33.405880: | saving PublicExponent Sep 21 07:16:33.405884: | ignoring PrivateExponent Sep 21 07:16:33.405887: | ignoring Prime1 Sep 21 07:16:33.405890: | ignoring Prime2 Sep 21 07:16:33.405893: | ignoring Exponent1 Sep 21 07:16:33.405896: | ignoring Exponent2 Sep 21 07:16:33.405899: | ignoring Coefficient Sep 21 07:16:33.405902: | ignoring CKAIDNSS Sep 21 07:16:33.405942: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:33.405946: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:16:33.405949: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:16:33.405956: | certs and keys locked by 'process_secret' Sep 21 07:16:33.405961: | certs and keys unlocked by 'process_secret' Sep 21 07:16:33.405967: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:33.405975: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:33.405982: | spent 0.706 milliseconds in whack Sep 21 07:16:33.405998: | starting up helper thread 3 Sep 21 07:16:33.406006: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:16:33.406011: | crypto helper 3 waiting (nothing to do) Sep 21 07:16:33.406021: | starting up helper thread 1 Sep 21 07:16:33.406026: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:16:33.406028: | crypto helper 1 waiting (nothing to do) Sep 21 07:16:33.406037: | starting up helper thread 0 Sep 21 07:16:33.406042: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:16:33.406044: | crypto helper 0 waiting (nothing to do) Sep 21 07:16:33.406861: | starting up helper thread 5 Sep 21 07:16:33.406874: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:16:33.406877: | crypto helper 5 waiting (nothing to do) Sep 21 07:16:33.406888: | starting up helper thread 6 Sep 21 07:16:33.406893: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:16:33.406895: | crypto helper 6 waiting (nothing to do) Sep 21 07:16:33.407091: | starting up helper thread 2 Sep 21 07:16:33.407098: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:16:33.407101: | crypto helper 2 waiting (nothing to do) Sep 21 07:16:33.410162: | starting up helper thread 4 Sep 21 07:16:33.410177: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:16:33.410187: | crypto helper 4 waiting (nothing to do) Sep 21 07:16:33.444080: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:33.444103: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:33.444108: listening for IKE messages Sep 21 07:16:33.444143: | Inspecting interface lo Sep 21 07:16:33.444150: | found lo with address 127.0.0.1 Sep 21 07:16:33.444153: | Inspecting interface eth0 Sep 21 07:16:33.444158: | found eth0 with address 192.0.3.254 Sep 21 07:16:33.444160: | Inspecting interface eth1 Sep 21 07:16:33.444165: | found eth1 with address 192.1.3.33 Sep 21 07:16:33.444219: | no interfaces to sort Sep 21 07:16:33.444228: | libevent_free: release ptr-libevent@0x561b42b1fa10 Sep 21 07:16:33.444232: | free_event_entry: release EVENT_NULL-pe@0x561b42b1f9d0 Sep 21 07:16:33.444235: | add_fd_read_event_handler: new ethX-pe@0x561b42b1f9d0 Sep 21 07:16:33.444238: | libevent_malloc: new ptr-libevent@0x561b42b1fa10 size 128 Sep 21 07:16:33.444245: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:16:33.444249: | libevent_free: release ptr-libevent@0x561b42b1fb00 Sep 21 07:16:33.444252: | free_event_entry: release EVENT_NULL-pe@0x561b42b1fac0 Sep 21 07:16:33.444254: | add_fd_read_event_handler: new ethX-pe@0x561b42b1fac0 Sep 21 07:16:33.444257: | libevent_malloc: new ptr-libevent@0x561b42b1fb00 size 128 Sep 21 07:16:33.444262: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:16:33.444265: | libevent_free: release ptr-libevent@0x561b42b1fbf0 Sep 21 07:16:33.444314: | free_event_entry: release EVENT_NULL-pe@0x561b42b1fbb0 Sep 21 07:16:33.444320: | add_fd_read_event_handler: new ethX-pe@0x561b42b1fbb0 Sep 21 07:16:33.444322: | libevent_malloc: new ptr-libevent@0x561b42b1fbf0 size 128 Sep 21 07:16:33.444328: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:16:33.444333: | libevent_free: release ptr-libevent@0x561b42b1fce0 Sep 21 07:16:33.444336: | free_event_entry: release EVENT_NULL-pe@0x561b42b1fca0 Sep 21 07:16:33.444338: | add_fd_read_event_handler: new ethX-pe@0x561b42b1fca0 Sep 21 07:16:33.444341: | libevent_malloc: new ptr-libevent@0x561b42b1fce0 size 128 Sep 21 07:16:33.444345: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:16:33.444349: | libevent_free: release ptr-libevent@0x561b42b1fdd0 Sep 21 07:16:33.444352: | free_event_entry: release EVENT_NULL-pe@0x561b42b1fd90 Sep 21 07:16:33.444354: | add_fd_read_event_handler: new ethX-pe@0x561b42b1fd90 Sep 21 07:16:33.444357: | libevent_malloc: new ptr-libevent@0x561b42b1fdd0 size 128 Sep 21 07:16:33.444362: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:16:33.444366: | libevent_free: release ptr-libevent@0x561b42b1fec0 Sep 21 07:16:33.444368: | free_event_entry: release EVENT_NULL-pe@0x561b42b1fe80 Sep 21 07:16:33.444371: | add_fd_read_event_handler: new ethX-pe@0x561b42b1fe80 Sep 21 07:16:33.444373: | libevent_malloc: new ptr-libevent@0x561b42b1fec0 size 128 Sep 21 07:16:33.444379: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:16:33.444382: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:33.444385: forgetting secrets Sep 21 07:16:33.444395: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:33.444411: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:33.444428: | saving Modulus Sep 21 07:16:33.444432: | saving PublicExponent Sep 21 07:16:33.444435: | ignoring PrivateExponent Sep 21 07:16:33.444438: | ignoring Prime1 Sep 21 07:16:33.444442: | ignoring Prime2 Sep 21 07:16:33.444445: | ignoring Exponent1 Sep 21 07:16:33.444448: | ignoring Exponent2 Sep 21 07:16:33.444450: | ignoring Coefficient Sep 21 07:16:33.444454: | ignoring CKAIDNSS Sep 21 07:16:33.444480: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:33.444484: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:16:33.444488: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:16:33.444495: | certs and keys locked by 'process_secret' Sep 21 07:16:33.444504: | certs and keys unlocked by 'process_secret' Sep 21 07:16:33.444510: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:33.444519: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:33.444526: | spent 0.417 milliseconds in whack Sep 21 07:16:33.445125: | processing signal PLUTO_SIGCHLD Sep 21 07:16:33.445144: | waitpid returned pid 14436 (exited with status 0) Sep 21 07:16:33.445148: | reaped addconn helper child (status 0) Sep 21 07:16:33.445152: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:33.445157: | spent 0.0205 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:33.757399: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:33.757452: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:33.757456: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:33.757458: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:33.757460: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:33.757464: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:33.757471: | Added new connection north-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:33.757474: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:16:33.757509: | ike (phase1) algorithm values: AES_CBC_256-HMAC_SHA2_256-MODP2048 Sep 21 07:16:33.757512: | from whack: got --esp=aes128-sha2_512;modp3072 Sep 21 07:16:33.757525: | ESP/AH string values: AES_CBC_128-HMAC_SHA2_512_256-MODP3072 Sep 21 07:16:33.757530: | counting wild cards for @north is 0 Sep 21 07:16:33.757533: | counting wild cards for @east is 0 Sep 21 07:16:33.757543: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:16:33.757547: | new hp@0x561b42aec4a0 Sep 21 07:16:33.757565: added connection description "north-eastnets/0x1" Sep 21 07:16:33.757575: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:33.757586: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:16:33.757595: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:33.757602: | spent 0.211 milliseconds in whack Sep 21 07:16:33.757641: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:33.757651: add keyid @north Sep 21 07:16:33.757655: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Sep 21 07:16:33.757658: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Sep 21 07:16:33.757660: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Sep 21 07:16:33.757662: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Sep 21 07:16:33.757664: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Sep 21 07:16:33.757666: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Sep 21 07:16:33.757668: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Sep 21 07:16:33.757670: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Sep 21 07:16:33.757672: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Sep 21 07:16:33.757675: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Sep 21 07:16:33.757677: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Sep 21 07:16:33.757679: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Sep 21 07:16:33.757681: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Sep 21 07:16:33.757684: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Sep 21 07:16:33.757686: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Sep 21 07:16:33.757688: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Sep 21 07:16:33.757690: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Sep 21 07:16:33.757698: | add pubkey c7 5e a5 99 Sep 21 07:16:33.757721: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:33.757723: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:16:33.757729: | keyid: *AQPl33O2P Sep 21 07:16:33.757730: | n e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Sep 21 07:16:33.757732: | n 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Sep 21 07:16:33.757733: | n 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Sep 21 07:16:33.757734: | n 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Sep 21 07:16:33.757736: | n b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Sep 21 07:16:33.757737: | n 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Sep 21 07:16:33.757739: | n 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Sep 21 07:16:33.757740: | n 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Sep 21 07:16:33.757741: | n 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Sep 21 07:16:33.757743: | n 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Sep 21 07:16:33.757744: | n 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Sep 21 07:16:33.757745: | n 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Sep 21 07:16:33.757747: | n 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Sep 21 07:16:33.757748: | n 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Sep 21 07:16:33.757750: | n 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Sep 21 07:16:33.757751: | n d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Sep 21 07:16:33.757752: | n 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Sep 21 07:16:33.757754: | n a5 99 Sep 21 07:16:33.757755: | e 03 Sep 21 07:16:33.757757: | CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:33.757758: | CKAID 88 aa 7c 5d Sep 21 07:16:33.757764: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:33.757767: | spent 0.131 milliseconds in whack Sep 21 07:16:33.757807: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:33.757817: add keyid @east Sep 21 07:16:33.757819: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:16:33.757821: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:16:33.757822: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:16:33.757824: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:16:33.757825: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:16:33.757827: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:16:33.757828: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:16:33.757829: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:16:33.757831: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:16:33.757832: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:16:33.757834: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:16:33.757835: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:16:33.757836: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:16:33.757838: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:16:33.757839: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:16:33.757841: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:16:33.757842: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:16:33.757843: | add pubkey 51 51 48 ef Sep 21 07:16:33.757850: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:16:33.757852: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:16:33.757855: | keyid: *AQO9bJbr3 Sep 21 07:16:33.757857: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:16:33.757863: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:16:33.757865: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:16:33.757868: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:16:33.757870: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:16:33.757872: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:16:33.757874: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:16:33.757876: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:16:33.757878: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:16:33.757881: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:16:33.757883: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:16:33.757885: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:16:33.757887: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:16:33.757889: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:16:33.757891: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:16:33.757893: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:16:33.757895: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:16:33.757897: | n 48 ef Sep 21 07:16:33.757899: | e 03 Sep 21 07:16:33.757902: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:16:33.757904: | CKAID 8a 82 25 f1 Sep 21 07:16:33.757911: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:33.757917: | spent 0.113 milliseconds in whack Sep 21 07:16:33.757951: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:33.757961: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:33.757964: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:33.757967: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:33.757970: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:33.757973: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:33.757978: | Added new connection north-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:33.757981: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:16:33.757999: | ike (phase1) algorithm values: AES_CBC_256-HMAC_SHA2_256-MODP2048 Sep 21 07:16:33.758002: | from whack: got --esp=aes128-sha2_512;modp3072 Sep 21 07:16:33.758017: | ESP/AH string values: AES_CBC_128-HMAC_SHA2_512_256-MODP3072 Sep 21 07:16:33.758022: | counting wild cards for @north is 0 Sep 21 07:16:33.758025: | counting wild cards for @east is 0 Sep 21 07:16:33.758032: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Sep 21 07:16:33.758037: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x561b42aec4a0: north-eastnets/0x1 Sep 21 07:16:33.758039: added connection description "north-eastnets/0x2" Sep 21 07:16:33.758049: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:33.758060: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.22.0/24 Sep 21 07:16:33.758067: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:33.758071: | spent 0.125 milliseconds in whack Sep 21 07:16:33.758195: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:33.758207: add keyid @north Sep 21 07:16:33.758213: | unreference key: 0x561b42aaad60 @north cnt 1-- Sep 21 07:16:33.758217: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Sep 21 07:16:33.758220: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Sep 21 07:16:33.758222: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Sep 21 07:16:33.758225: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Sep 21 07:16:33.758231: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Sep 21 07:16:33.758233: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Sep 21 07:16:33.758236: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Sep 21 07:16:33.758238: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Sep 21 07:16:33.758241: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Sep 21 07:16:33.758243: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Sep 21 07:16:33.758245: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Sep 21 07:16:33.758248: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Sep 21 07:16:33.758250: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Sep 21 07:16:33.758252: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Sep 21 07:16:33.758255: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Sep 21 07:16:33.758257: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Sep 21 07:16:33.758260: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Sep 21 07:16:33.758262: | add pubkey c7 5e a5 99 Sep 21 07:16:33.758272: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:33.758275: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:16:33.758279: | keyid: *AQPl33O2P Sep 21 07:16:33.758282: | n e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Sep 21 07:16:33.758285: | n 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Sep 21 07:16:33.758287: | n 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Sep 21 07:16:33.758289: | n 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Sep 21 07:16:33.758291: | n b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Sep 21 07:16:33.758294: | n 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Sep 21 07:16:33.758296: | n 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Sep 21 07:16:33.758298: | n 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Sep 21 07:16:33.758300: | n 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Sep 21 07:16:33.758303: | n 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Sep 21 07:16:33.758305: | n 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Sep 21 07:16:33.758307: | n 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Sep 21 07:16:33.758310: | n 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Sep 21 07:16:33.758312: | n 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Sep 21 07:16:33.758314: | n 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Sep 21 07:16:33.758316: | n d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Sep 21 07:16:33.758319: | n 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Sep 21 07:16:33.758321: | n a5 99 Sep 21 07:16:33.758323: | e 03 Sep 21 07:16:33.758325: | CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:33.758327: | CKAID 88 aa 7c 5d Sep 21 07:16:33.758335: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:33.758341: | spent 0.15 milliseconds in whack Sep 21 07:16:33.758377: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:33.758387: add keyid @east Sep 21 07:16:33.758392: | unreference key: 0x561b42a7a8f0 @east cnt 1-- Sep 21 07:16:33.758395: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:16:33.758398: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:16:33.758400: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:16:33.758402: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:16:33.758405: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:16:33.758407: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:16:33.758409: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:16:33.758412: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:16:33.758417: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:16:33.758420: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:16:33.758422: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:16:33.758424: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:16:33.758426: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:16:33.758429: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:16:33.758431: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:16:33.758433: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:16:33.758435: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:16:33.758437: | add pubkey 51 51 48 ef Sep 21 07:16:33.758446: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:16:33.758449: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:16:33.758453: | keyid: *AQO9bJbr3 Sep 21 07:16:33.758455: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:16:33.758458: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:16:33.758460: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:16:33.758462: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:16:33.758464: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:16:33.758467: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:16:33.758469: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:16:33.758471: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:16:33.758473: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:16:33.758475: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:16:33.758478: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:16:33.758480: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:16:33.758482: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:16:33.758485: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:16:33.758487: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:16:33.758489: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:16:33.758491: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:16:33.758493: | n 48 ef Sep 21 07:16:33.758496: | e 03 Sep 21 07:16:33.758498: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:16:33.758500: | CKAID 8a 82 25 f1 Sep 21 07:16:33.758509: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:33.758514: | spent 0.141 milliseconds in whack Sep 21 07:16:33.823096: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:33.823118: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:16:33.823122: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:33.823126: initiating all conns with alias='north-eastnets' Sep 21 07:16:33.823133: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:33.823138: | start processing: connection "north-eastnets/0x2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:16:33.823141: | connection 'north-eastnets/0x2' +POLICY_UP Sep 21 07:16:33.823144: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:16:33.823147: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:33.823169: | creating state object #1 at 0x561b42b21d50 Sep 21 07:16:33.823173: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:16:33.823181: | pstats #1 ikev2.ike started Sep 21 07:16:33.823184: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:16:33.823187: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:16:33.823193: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:33.823204: | suspend processing: connection "north-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:33.823210: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:33.823213: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:16:33.823218: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-eastnets/0x2" IKE SA #1 "north-eastnets/0x2" Sep 21 07:16:33.823222: "north-eastnets/0x2" #1: initiating v2 parent SA Sep 21 07:16:33.823229: | constructing local IKE proposals for north-eastnets/0x2 (IKE SA initiator selecting KE) Sep 21 07:16:33.823234: | converting ike_info AES_CBC_256-HMAC_SHA2_256-MODP2048 to ikev2 ... Sep 21 07:16:33.823241: | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Sep 21 07:16:33.823245: "north-eastnets/0x2": constructed local IKE proposals for north-eastnets/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Sep 21 07:16:33.823254: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:16:33.823258: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x561b42b21510 Sep 21 07:16:33.823261: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:16:33.823265: | libevent_malloc: new ptr-libevent@0x561b42b21550 size 128 Sep 21 07:16:33.823280: | #1 spent 0.14 milliseconds in ikev2_parent_outI1() Sep 21 07:16:33.823280: | crypto helper 3 resuming Sep 21 07:16:33.823283: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:33.823300: | RESET processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:33.823303: | RESET processing: connection "north-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:33.823306: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:16:33.823311: | start processing: connection "north-eastnets/0x1" (in initiate_a_connection() at initiate.c:186) Sep 21 07:16:33.823313: | connection 'north-eastnets/0x1' +POLICY_UP Sep 21 07:16:33.823317: | dup_any(fd@23) -> fd@26 (in initiate_a_connection() at initiate.c:342) Sep 21 07:16:33.823319: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:33.823324: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-eastnets/0x1" IKE SA #1 "north-eastnets/0x2" Sep 21 07:16:33.823329: | stop processing: connection "north-eastnets/0x1" (in initiate_a_connection() at initiate.c:349) Sep 21 07:16:33.823333: | close_any(fd@23) (in initiate_connection() at initiate.c:384) Sep 21 07:16:33.823336: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:33.823341: | spent 0.252 milliseconds in whack Sep 21 07:16:33.823292: | crypto helper 3 starting work-order 1 for state #1 Sep 21 07:16:33.823353: | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:16:33.823355: | crypto helper is pausing for 1 seconds Sep 21 07:16:34.824907: | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 1.001551 seconds Sep 21 07:16:34.824928: | (#1) spent 1.51 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:16:34.824933: | crypto helper 3 sending results from work-order 1 for state #1 to event queue Sep 21 07:16:34.824937: | scheduling resume sending helper answer for #1 Sep 21 07:16:34.824942: | libevent_malloc: new ptr-libevent@0x7f9628006900 size 128 Sep 21 07:16:34.824954: | crypto helper 3 waiting (nothing to do) Sep 21 07:16:34.824994: | processing resume sending helper answer for #1 Sep 21 07:16:34.825007: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:34.825012: | crypto helper 3 replies to request ID 1 Sep 21 07:16:34.825020: | calling continuation function 0x561b40eca630 Sep 21 07:16:34.825023: | ikev2_parent_outI1_continue for #1 Sep 21 07:16:34.825058: | **emit ISAKMP Message: Sep 21 07:16:34.825061: | initiator cookie: Sep 21 07:16:34.825063: | 37 34 b6 02 ea fb 65 7e Sep 21 07:16:34.825065: | responder cookie: Sep 21 07:16:34.825067: | 00 00 00 00 00 00 00 00 Sep 21 07:16:34.825070: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:34.825072: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:34.825075: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:34.825077: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:34.825080: | Message ID: 0 (0x0) Sep 21 07:16:34.825082: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:34.825089: | using existing local IKE proposals for connection north-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Sep 21 07:16:34.825091: | Emitting ikev2_proposals ... Sep 21 07:16:34.825094: | ***emit IKEv2 Security Association Payload: Sep 21 07:16:34.825097: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.825099: | flags: none (0x0) Sep 21 07:16:34.825102: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:34.825105: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:34.825108: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:34.825111: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:34.825115: | prop #: 1 (0x1) Sep 21 07:16:34.825118: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:34.825122: | spi size: 0 (0x0) Sep 21 07:16:34.825125: | # transforms: 4 (0x4) Sep 21 07:16:34.825129: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:34.825134: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.825137: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.825141: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:34.825145: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:34.825149: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.825154: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:34.825158: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:34.825161: | length/value: 256 (0x100) Sep 21 07:16:34.825165: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:34.825169: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.825173: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.825176: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:34.825179: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:34.825184: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.825188: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.825191: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.825195: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.825198: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.825202: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:34.825205: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:34.825209: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.825213: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.825223: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.825227: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.825231: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:34.825234: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.825237: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:34.825241: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.825245: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.825249: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.825252: | emitting length of IKEv2 Proposal Substructure Payload: 44 Sep 21 07:16:34.825256: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:34.825260: | emitting length of IKEv2 Security Association Payload: 48 Sep 21 07:16:34.825264: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:34.825267: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:16:34.825271: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.825274: | flags: none (0x0) Sep 21 07:16:34.825278: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:34.825282: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:34.825286: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:34.825291: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:34.825294: | ikev2 g^x c9 13 f2 80 6e fb b3 58 8c b3 3d f1 44 f8 6e be Sep 21 07:16:34.825298: | ikev2 g^x 68 e6 b1 bd 4c 91 5b b8 c8 07 fd 2b d5 24 40 b6 Sep 21 07:16:34.825301: | ikev2 g^x 22 72 c8 9d 16 a6 63 87 c4 c5 2c f7 b2 35 a2 86 Sep 21 07:16:34.825304: | ikev2 g^x 44 8d ff 73 f4 87 cf 5d ad 16 20 6a 68 e9 20 b8 Sep 21 07:16:34.825308: | ikev2 g^x 92 24 48 46 9e 99 1d ed a0 24 c2 9b 2d 75 3a 41 Sep 21 07:16:34.825311: | ikev2 g^x da 40 b5 19 40 4f 1d d0 33 62 37 68 d5 d5 24 3c Sep 21 07:16:34.825314: | ikev2 g^x 09 5e 72 1c 48 8f d2 b9 c0 fd 34 d0 0a 05 54 25 Sep 21 07:16:34.825317: | ikev2 g^x c6 03 8c 78 0f eb a4 30 d8 de 23 23 ce ac c8 e8 Sep 21 07:16:34.825320: | ikev2 g^x d1 02 76 45 98 7a da 2d 65 ce f5 9e 0d de 3a 11 Sep 21 07:16:34.825323: | ikev2 g^x 8a 51 ee 02 bb e3 a6 9b cb f3 5e 77 8f e2 30 2e Sep 21 07:16:34.825326: | ikev2 g^x cd e8 9a 0e 8a d4 04 23 81 b8 12 cd df 46 cf 85 Sep 21 07:16:34.825329: | ikev2 g^x a5 66 49 f7 61 5f 61 9f e9 45 9a 15 1c b8 d4 f6 Sep 21 07:16:34.825332: | ikev2 g^x ad ef 70 62 db b5 d4 31 8e ab 16 3b eb ef 08 76 Sep 21 07:16:34.825335: | ikev2 g^x b9 ac a6 4a 0f ea 7d f4 0a 97 fe ad 16 4d c2 e3 Sep 21 07:16:34.825339: | ikev2 g^x d2 0d 76 78 b0 cb 14 a0 8b 33 79 d2 22 50 92 6f Sep 21 07:16:34.825342: | ikev2 g^x ce 6d da 12 cd 9f e5 18 b9 05 bc 57 f6 87 de 67 Sep 21 07:16:34.825345: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:16:34.825349: | ***emit IKEv2 Nonce Payload: Sep 21 07:16:34.825353: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:34.825356: | flags: none (0x0) Sep 21 07:16:34.825360: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:16:34.825364: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:34.825367: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:34.825374: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:34.825378: | IKEv2 nonce 2a 1b 10 9a 69 75 92 dc b3 b2 69 5c 6d 8a ec 9e Sep 21 07:16:34.825381: | IKEv2 nonce 2c 82 34 43 38 d7 c0 f5 91 6b 0e 48 7d e8 91 ca Sep 21 07:16:34.825385: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:34.825388: | Adding a v2N Payload Sep 21 07:16:34.825391: | ***emit IKEv2 Notify Payload: Sep 21 07:16:34.825395: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.825398: | flags: none (0x0) Sep 21 07:16:34.825402: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:34.825405: | SPI size: 0 (0x0) Sep 21 07:16:34.825409: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:34.825413: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:34.825417: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:34.825421: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:16:34.825426: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:16:34.825429: | natd_hash: rcookie is zero Sep 21 07:16:34.825448: | natd_hash: hasher=0x561b40fa07a0(20) Sep 21 07:16:34.825453: | natd_hash: icookie= 37 34 b6 02 ea fb 65 7e Sep 21 07:16:34.825455: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:34.825457: | natd_hash: ip= c0 01 03 21 Sep 21 07:16:34.825459: | natd_hash: port= 01 f4 Sep 21 07:16:34.825461: | natd_hash: hash= 71 5e f2 f2 a9 34 74 25 9b 72 a0 39 60 a8 9b 57 Sep 21 07:16:34.825463: | natd_hash: hash= 72 c0 30 ea Sep 21 07:16:34.825465: | Adding a v2N Payload Sep 21 07:16:34.825468: | ***emit IKEv2 Notify Payload: Sep 21 07:16:34.825470: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.825472: | flags: none (0x0) Sep 21 07:16:34.825474: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:34.825476: | SPI size: 0 (0x0) Sep 21 07:16:34.825478: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:34.825481: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:34.825483: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:34.825486: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:34.825488: | Notify data 71 5e f2 f2 a9 34 74 25 9b 72 a0 39 60 a8 9b 57 Sep 21 07:16:34.825490: | Notify data 72 c0 30 ea Sep 21 07:16:34.825493: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:34.825494: | natd_hash: rcookie is zero Sep 21 07:16:34.825500: | natd_hash: hasher=0x561b40fa07a0(20) Sep 21 07:16:34.825503: | natd_hash: icookie= 37 34 b6 02 ea fb 65 7e Sep 21 07:16:34.825505: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:34.825507: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:34.825508: | natd_hash: port= 01 f4 Sep 21 07:16:34.825511: | natd_hash: hash= 4e 27 45 89 8d ba a7 24 46 7b 20 84 4d 6e f9 03 Sep 21 07:16:34.825513: | natd_hash: hash= 20 30 98 55 Sep 21 07:16:34.825515: | Adding a v2N Payload Sep 21 07:16:34.825517: | ***emit IKEv2 Notify Payload: Sep 21 07:16:34.825519: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.825521: | flags: none (0x0) Sep 21 07:16:34.825523: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:34.825525: | SPI size: 0 (0x0) Sep 21 07:16:34.825527: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:34.825530: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:34.825532: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:34.825534: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:34.825536: | Notify data 4e 27 45 89 8d ba a7 24 46 7b 20 84 4d 6e f9 03 Sep 21 07:16:34.825541: | Notify data 20 30 98 55 Sep 21 07:16:34.825543: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:34.825545: | emitting length of ISAKMP Message: 440 Sep 21 07:16:34.825553: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:16:34.825566: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:34.825572: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:16:34.825576: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:16:34.825580: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:16:34.825584: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:16:34.825588: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:16:34.825595: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:34.825599: "north-eastnets/0x2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:34.825617: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:16:34.825630: | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:34.825634: | 37 34 b6 02 ea fb 65 7e 00 00 00 00 00 00 00 00 Sep 21 07:16:34.825637: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Sep 21 07:16:34.825639: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Sep 21 07:16:34.825641: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:16:34.825643: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Sep 21 07:16:34.825645: | 00 0e 00 00 c9 13 f2 80 6e fb b3 58 8c b3 3d f1 Sep 21 07:16:34.825647: | 44 f8 6e be 68 e6 b1 bd 4c 91 5b b8 c8 07 fd 2b Sep 21 07:16:34.825649: | d5 24 40 b6 22 72 c8 9d 16 a6 63 87 c4 c5 2c f7 Sep 21 07:16:34.825651: | b2 35 a2 86 44 8d ff 73 f4 87 cf 5d ad 16 20 6a Sep 21 07:16:34.825653: | 68 e9 20 b8 92 24 48 46 9e 99 1d ed a0 24 c2 9b Sep 21 07:16:34.825655: | 2d 75 3a 41 da 40 b5 19 40 4f 1d d0 33 62 37 68 Sep 21 07:16:34.825657: | d5 d5 24 3c 09 5e 72 1c 48 8f d2 b9 c0 fd 34 d0 Sep 21 07:16:34.825659: | 0a 05 54 25 c6 03 8c 78 0f eb a4 30 d8 de 23 23 Sep 21 07:16:34.825661: | ce ac c8 e8 d1 02 76 45 98 7a da 2d 65 ce f5 9e Sep 21 07:16:34.825663: | 0d de 3a 11 8a 51 ee 02 bb e3 a6 9b cb f3 5e 77 Sep 21 07:16:34.825665: | 8f e2 30 2e cd e8 9a 0e 8a d4 04 23 81 b8 12 cd Sep 21 07:16:34.825667: | df 46 cf 85 a5 66 49 f7 61 5f 61 9f e9 45 9a 15 Sep 21 07:16:34.825669: | 1c b8 d4 f6 ad ef 70 62 db b5 d4 31 8e ab 16 3b Sep 21 07:16:34.825671: | eb ef 08 76 b9 ac a6 4a 0f ea 7d f4 0a 97 fe ad Sep 21 07:16:34.825673: | 16 4d c2 e3 d2 0d 76 78 b0 cb 14 a0 8b 33 79 d2 Sep 21 07:16:34.825675: | 22 50 92 6f ce 6d da 12 cd 9f e5 18 b9 05 bc 57 Sep 21 07:16:34.825677: | f6 87 de 67 29 00 00 24 2a 1b 10 9a 69 75 92 dc Sep 21 07:16:34.825679: | b3 b2 69 5c 6d 8a ec 9e 2c 82 34 43 38 d7 c0 f5 Sep 21 07:16:34.825681: | 91 6b 0e 48 7d e8 91 ca 29 00 00 08 00 00 40 2e Sep 21 07:16:34.825683: | 29 00 00 1c 00 00 40 04 71 5e f2 f2 a9 34 74 25 Sep 21 07:16:34.825685: | 9b 72 a0 39 60 a8 9b 57 72 c0 30 ea 00 00 00 1c Sep 21 07:16:34.825687: | 00 00 40 05 4e 27 45 89 8d ba a7 24 46 7b 20 84 Sep 21 07:16:34.825689: | 4d 6e f9 03 20 30 98 55 Sep 21 07:16:34.825729: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:34.825735: | libevent_free: release ptr-libevent@0x561b42b21550 Sep 21 07:16:34.825739: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x561b42b21510 Sep 21 07:16:34.825743: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=50ms Sep 21 07:16:34.825747: | event_schedule: new EVENT_RETRANSMIT-pe@0x561b42b21510 Sep 21 07:16:34.825755: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #1 Sep 21 07:16:34.825759: | libevent_malloc: new ptr-libevent@0x561b42b21550 size 128 Sep 21 07:16:34.825767: | #1 STATE_PARENT_I1: retransmits: first event in 0.05 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48841.194011 Sep 21 07:16:34.825772: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:16:34.825780: | #1 spent 0.744 milliseconds in resume sending helper answer Sep 21 07:16:34.825792: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:34.825800: | libevent_free: release ptr-libevent@0x7f9628006900 Sep 21 07:16:34.828488: | spent 0.0028 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:34.828512: | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:34.828517: | 37 34 b6 02 ea fb 65 7e 41 58 a7 32 16 4b 4c eb Sep 21 07:16:34.828521: | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 Sep 21 07:16:34.828524: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Sep 21 07:16:34.828528: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:16:34.828531: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Sep 21 07:16:34.828534: | 00 0e 00 00 f9 5d 26 49 5c 19 e6 c7 c8 77 3a 24 Sep 21 07:16:34.828537: | a4 d6 72 6b a0 94 ac fd a1 4a 05 73 c2 0e 4b 8c Sep 21 07:16:34.828539: | a5 75 89 36 3b 72 56 b3 a6 6d 78 d4 17 7e a3 85 Sep 21 07:16:34.828541: | e8 5e 5d c6 20 e7 68 e2 c3 12 f7 77 71 53 e0 c3 Sep 21 07:16:34.828543: | 87 1c 99 04 af e9 df 33 8e 19 f2 d4 92 63 d1 31 Sep 21 07:16:34.828545: | 10 65 ba 9c 97 51 7e 25 51 c2 34 5e b6 cf 62 ab Sep 21 07:16:34.828547: | c0 60 79 d6 54 89 e5 79 21 f5 2e 3f 3b 6b 83 70 Sep 21 07:16:34.828549: | 49 86 23 75 d8 f0 49 ce f0 1c a8 5e 18 aa c0 9a Sep 21 07:16:34.828551: | 1c 90 65 68 ec cd 8b e0 c9 6a 23 81 42 2a 80 9e Sep 21 07:16:34.828553: | e6 6e 0d 02 54 47 f5 96 09 0d 41 05 9a 8c 9e 4c Sep 21 07:16:34.828555: | be 2f b4 ef eb f3 90 2c ba 9f 81 02 88 71 76 6e Sep 21 07:16:34.828557: | 69 81 6d 00 31 58 68 61 e4 8e 9b 67 ab 44 cb e9 Sep 21 07:16:34.828559: | 51 c2 d9 f4 75 7e cb 6f f4 57 9a 16 61 20 ed b4 Sep 21 07:16:34.828561: | cb da bb cb 40 bc ce 6d ae 93 cb b5 a6 21 b2 91 Sep 21 07:16:34.828563: | 19 5e 27 8f db 9a e7 84 c8 bf b0 81 d7 10 32 22 Sep 21 07:16:34.828565: | 35 c4 8f 79 9b a9 be ae d2 66 08 99 86 f1 46 d6 Sep 21 07:16:34.828567: | 11 be 6c 54 29 00 00 24 8a a4 fa 29 c9 b5 d4 5c Sep 21 07:16:34.828569: | 35 8b 87 8d 81 2f d2 c5 e7 25 b5 b1 89 70 b3 e4 Sep 21 07:16:34.828571: | ee 32 d7 c3 f4 44 3b 2b 29 00 00 08 00 00 40 2e Sep 21 07:16:34.828573: | 29 00 00 1c 00 00 40 04 cb 85 c8 77 d5 bc 28 f3 Sep 21 07:16:34.828575: | 1b 60 20 c3 6a d3 b8 ec 55 27 fe 7d 00 00 00 1c Sep 21 07:16:34.828577: | 00 00 40 05 89 28 8f 03 85 20 27 e8 3e 16 d0 24 Sep 21 07:16:34.828579: | 59 dd f4 15 08 2c 25 51 Sep 21 07:16:34.828584: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:34.828587: | **parse ISAKMP Message: Sep 21 07:16:34.828589: | initiator cookie: Sep 21 07:16:34.828591: | 37 34 b6 02 ea fb 65 7e Sep 21 07:16:34.828593: | responder cookie: Sep 21 07:16:34.828595: | 41 58 a7 32 16 4b 4c eb Sep 21 07:16:34.828598: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:34.828600: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:34.828602: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:34.828605: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:34.828607: | Message ID: 0 (0x0) Sep 21 07:16:34.828609: | length: 440 (0x1b8) Sep 21 07:16:34.828612: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:16:34.828615: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:16:34.828621: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:16:34.828626: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:34.828630: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:34.828633: | #1 is idle Sep 21 07:16:34.828635: | #1 idle Sep 21 07:16:34.828637: | unpacking clear payload Sep 21 07:16:34.828639: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:34.828642: | ***parse IKEv2 Security Association Payload: Sep 21 07:16:34.828644: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:16:34.828646: | flags: none (0x0) Sep 21 07:16:34.828649: | length: 48 (0x30) Sep 21 07:16:34.828651: | processing payload: ISAKMP_NEXT_v2SA (len=44) Sep 21 07:16:34.828653: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:16:34.828656: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:16:34.828658: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:16:34.828660: | flags: none (0x0) Sep 21 07:16:34.828662: | length: 264 (0x108) Sep 21 07:16:34.828664: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:34.828666: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:16:34.828668: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:16:34.828670: | ***parse IKEv2 Nonce Payload: Sep 21 07:16:34.828673: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:34.828675: | flags: none (0x0) Sep 21 07:16:34.828677: | length: 36 (0x24) Sep 21 07:16:34.828679: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:16:34.828681: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:34.828683: | ***parse IKEv2 Notify Payload: Sep 21 07:16:34.828685: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:34.828687: | flags: none (0x0) Sep 21 07:16:34.828689: | length: 8 (0x8) Sep 21 07:16:34.828692: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:34.828694: | SPI size: 0 (0x0) Sep 21 07:16:34.828696: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:34.828698: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:16:34.828700: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:34.828702: | ***parse IKEv2 Notify Payload: Sep 21 07:16:34.828705: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:34.828707: | flags: none (0x0) Sep 21 07:16:34.828709: | length: 28 (0x1c) Sep 21 07:16:34.828711: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:34.828713: | SPI size: 0 (0x0) Sep 21 07:16:34.828715: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:34.828717: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:34.828719: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:34.828721: | ***parse IKEv2 Notify Payload: Sep 21 07:16:34.828724: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.828726: | flags: none (0x0) Sep 21 07:16:34.828728: | length: 28 (0x1c) Sep 21 07:16:34.828730: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:34.828732: | SPI size: 0 (0x0) Sep 21 07:16:34.828734: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:34.828736: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:34.828738: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:16:34.828745: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:34.828747: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:16:34.828749: | Now let's proceed with state specific processing Sep 21 07:16:34.828752: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:16:34.828755: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:16:34.828761: | using existing local IKE proposals for connection north-eastnets/0x2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Sep 21 07:16:34.828766: | Comparing remote proposals against IKE initiator (accepting) 1 local proposals Sep 21 07:16:34.828769: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:34.828771: | local proposal 1 type PRF has 1 transforms Sep 21 07:16:34.828773: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:34.828775: | local proposal 1 type DH has 1 transforms Sep 21 07:16:34.828778: | local proposal 1 type ESN has 0 transforms Sep 21 07:16:34.828781: | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:16:34.828788: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:34.828794: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:34.828798: | length: 44 (0x2c) Sep 21 07:16:34.828801: | prop #: 1 (0x1) Sep 21 07:16:34.828804: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:34.828807: | spi size: 0 (0x0) Sep 21 07:16:34.828810: | # transforms: 4 (0x4) Sep 21 07:16:34.828815: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Sep 21 07:16:34.828819: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:34.828821: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.828823: | length: 12 (0xc) Sep 21 07:16:34.828825: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:34.828827: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:34.828830: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:34.828832: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:34.828834: | length/value: 256 (0x100) Sep 21 07:16:34.828838: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:34.828841: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:34.828843: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.828845: | length: 8 (0x8) Sep 21 07:16:34.828847: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:34.828849: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:34.828852: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_256) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:16:34.828854: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:34.828857: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.828859: | length: 8 (0x8) Sep 21 07:16:34.828861: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:34.828863: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:34.828866: | remote proposal 1 transform 2 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Sep 21 07:16:34.828868: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:34.828870: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:34.828872: | length: 8 (0x8) Sep 21 07:16:34.828874: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.828876: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:34.828879: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:16:34.828883: | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none Sep 21 07:16:34.828887: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH Sep 21 07:16:34.828889: | remote proposal 1 matches local proposal 1 Sep 21 07:16:34.828892: | remote accepted the proposal 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] Sep 21 07:16:34.828894: | converting proposal to internal trans attrs Sep 21 07:16:34.828905: | natd_hash: hasher=0x561b40fa07a0(20) Sep 21 07:16:34.828908: | natd_hash: icookie= 37 34 b6 02 ea fb 65 7e Sep 21 07:16:34.828910: | natd_hash: rcookie= 41 58 a7 32 16 4b 4c eb Sep 21 07:16:34.828912: | natd_hash: ip= c0 01 03 21 Sep 21 07:16:34.828916: | natd_hash: port= 01 f4 Sep 21 07:16:34.828919: | natd_hash: hash= 89 28 8f 03 85 20 27 e8 3e 16 d0 24 59 dd f4 15 Sep 21 07:16:34.828921: | natd_hash: hash= 08 2c 25 51 Sep 21 07:16:34.828926: | natd_hash: hasher=0x561b40fa07a0(20) Sep 21 07:16:34.828928: | natd_hash: icookie= 37 34 b6 02 ea fb 65 7e Sep 21 07:16:34.828930: | natd_hash: rcookie= 41 58 a7 32 16 4b 4c eb Sep 21 07:16:34.828932: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:34.828934: | natd_hash: port= 01 f4 Sep 21 07:16:34.828936: | natd_hash: hash= cb 85 c8 77 d5 bc 28 f3 1b 60 20 c3 6a d3 b8 ec Sep 21 07:16:34.828938: | natd_hash: hash= 55 27 fe 7d Sep 21 07:16:34.828940: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:16:34.828942: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:16:34.828944: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:16:34.828947: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:16:34.828953: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_256 integ=HMAC_SHA2_256_128 cipherkey=AES_CBC Sep 21 07:16:34.828956: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:16:34.828958: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:34.828961: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:16:34.828964: | libevent_free: release ptr-libevent@0x561b42b21550 Sep 21 07:16:34.828967: | free_event_entry: release EVENT_RETRANSMIT-pe@0x561b42b21510 Sep 21 07:16:34.828969: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x561b42b21510 Sep 21 07:16:34.828973: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:16:34.828975: | libevent_malloc: new ptr-libevent@0x561b42b21550 size 128 Sep 21 07:16:34.828985: | #1 spent 0.225 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:16:34.828988: | crypto helper 1 resuming Sep 21 07:16:34.829001: | crypto helper 1 starting work-order 2 for state #1 Sep 21 07:16:34.828990: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:34.829007: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:16:34.829022: | crypto helper is pausing for 1 seconds Sep 21 07:16:34.829014: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:16:34.829032: | suspending state #1 and saving MD Sep 21 07:16:34.829035: | #1 is busy; has a suspended MD Sep 21 07:16:34.829040: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:34.829043: | "north-eastnets/0x2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:34.829047: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:34.829052: | #1 spent 0.539 milliseconds in ikev2_process_packet() Sep 21 07:16:34.829055: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:34.829058: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:34.829060: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:34.829064: | spent 0.551 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:35.829659: | calculating skeyseed using prf=sha2_256 integ=sha2_256 cipherkey-size=32 salt-size=0 Sep 21 07:16:35.830157: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 1.001149 seconds Sep 21 07:16:35.830172: | (#1) spent 1.1 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:16:35.830176: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Sep 21 07:16:35.830180: | scheduling resume sending helper answer for #1 Sep 21 07:16:35.830184: | libevent_malloc: new ptr-libevent@0x7f9620003060 size 128 Sep 21 07:16:35.830197: | crypto helper 1 waiting (nothing to do) Sep 21 07:16:35.830211: | processing resume sending helper answer for #1 Sep 21 07:16:35.830224: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:35.830229: | crypto helper 1 replies to request ID 2 Sep 21 07:16:35.830232: | calling continuation function 0x561b40eca630 Sep 21 07:16:35.830235: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:16:35.830244: | creating state object #2 at 0x561b42b25ba0 Sep 21 07:16:35.830248: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:16:35.830252: | pstats #2 ikev2.child started Sep 21 07:16:35.830255: | duplicating state object #1 "north-eastnets/0x2" as #2 for IPSEC SA Sep 21 07:16:35.830260: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:35.830267: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:35.830272: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:16:35.830277: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:35.830281: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:35.830284: | libevent_free: release ptr-libevent@0x561b42b21550 Sep 21 07:16:35.830287: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x561b42b21510 Sep 21 07:16:35.830291: | event_schedule: new EVENT_SA_REPLACE-pe@0x561b42b21510 Sep 21 07:16:35.830295: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:16:35.830297: | libevent_malloc: new ptr-libevent@0x561b42b21550 size 128 Sep 21 07:16:35.830302: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:16:35.830308: | **emit ISAKMP Message: Sep 21 07:16:35.830310: | initiator cookie: Sep 21 07:16:35.830312: | 37 34 b6 02 ea fb 65 7e Sep 21 07:16:35.830313: | responder cookie: Sep 21 07:16:35.830315: | 41 58 a7 32 16 4b 4c eb Sep 21 07:16:35.830317: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:35.830319: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:35.830320: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:35.830322: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:35.830324: | Message ID: 1 (0x1) Sep 21 07:16:35.830326: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:35.830328: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:35.830330: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:35.830331: | flags: none (0x0) Sep 21 07:16:35.830333: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:35.830335: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:16:35.830337: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:35.830344: | IKEv2 CERT: send a certificate? Sep 21 07:16:35.830346: | IKEv2 CERT: no certificate to send Sep 21 07:16:35.830347: | IDr payload will be sent Sep 21 07:16:35.830358: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:16:35.830361: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:35.830362: | flags: none (0x0) Sep 21 07:16:35.830364: | ID type: ID_FQDN (0x2) Sep 21 07:16:35.830366: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:16:35.830368: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:35.830370: | emitting 5 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:16:35.830373: | my identity 6e 6f 72 74 68 Sep 21 07:16:35.830375: | emitting length of IKEv2 Identification - Initiator - Payload: 13 Sep 21 07:16:35.830381: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:16:35.830383: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:16:35.830384: | flags: none (0x0) Sep 21 07:16:35.830385: | ID type: ID_FQDN (0x2) Sep 21 07:16:35.830387: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:16:35.830389: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:16:35.830391: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:35.830393: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:16:35.830394: | IDr 65 61 73 74 Sep 21 07:16:35.830396: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:16:35.830397: | not sending INITIAL_CONTACT Sep 21 07:16:35.830399: | ****emit IKEv2 Authentication Payload: Sep 21 07:16:35.830401: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:35.830402: | flags: none (0x0) Sep 21 07:16:35.830404: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:16:35.830406: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:16:35.830408: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:16:35.830412: | started looking for secret for @north->@east of kind PKK_RSA Sep 21 07:16:35.830414: | actually looking for secret for @north->@east of kind PKK_RSA Sep 21 07:16:35.830416: | line 1: key type PKK_RSA(@north) to type PKK_RSA Sep 21 07:16:35.830419: | 1: compared key (none) to @north / @east -> 002 Sep 21 07:16:35.830421: | 2: compared key (none) to @north / @east -> 002 Sep 21 07:16:35.830422: | line 1: match=002 Sep 21 07:16:35.830424: | match 002 beats previous best_match 000 match=0x561b42b14f10 (line=1) Sep 21 07:16:35.830426: | concluding with best_match=002 best=0x561b42b14f10 (lineno=1) Sep 21 07:16:35.833873: | #1 spent 3.39 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Sep 21 07:16:35.833887: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Sep 21 07:16:35.833890: | rsa signature cd 6d 4d bc 8a de a2 46 12 f2 5c 2e 6d 32 9f 2a Sep 21 07:16:35.833893: | rsa signature de b9 70 4c b9 a8 ba a6 74 6a af 83 a4 47 ed 1f Sep 21 07:16:35.833895: | rsa signature 54 4b ad cb bb 31 9e a3 4f a1 85 1b 5c 94 5a 82 Sep 21 07:16:35.833897: | rsa signature cc fb ca 67 3e 24 5a 62 33 de 1c ae f2 c5 bc e5 Sep 21 07:16:35.833898: | rsa signature 3c 74 b9 f2 3f 24 ff 09 22 3d 2f 62 97 7d 5c bf Sep 21 07:16:35.833900: | rsa signature ca eb f2 13 8b 9a 6d 57 4a 37 83 87 9c 2f a2 16 Sep 21 07:16:35.833901: | rsa signature c6 22 25 8c 14 87 5a f9 dc 63 91 f3 1c 19 1c d4 Sep 21 07:16:35.833902: | rsa signature d3 84 9a 7b c8 83 f7 95 38 1e c8 49 a8 14 f5 42 Sep 21 07:16:35.833904: | rsa signature fe d7 d6 e8 db 75 5b 55 aa 05 24 a9 8d 3a b8 4c Sep 21 07:16:35.833905: | rsa signature 67 08 ee cf 5d c2 b8 aa 1d 71 e4 12 a8 32 33 b6 Sep 21 07:16:35.833907: | rsa signature 88 e2 8c df cb 65 f9 73 cc 9f a6 c4 71 8e 28 f2 Sep 21 07:16:35.833908: | rsa signature 4a 9f 43 f5 35 93 44 21 ad df 54 8f 0f 96 d8 0a Sep 21 07:16:35.833909: | rsa signature 38 e8 6d 30 bb 29 a4 cf 2b 97 32 3f fc 31 22 4c Sep 21 07:16:35.833911: | rsa signature 33 64 55 bd 22 0d 92 6f 1a ac cd 69 65 9c 43 56 Sep 21 07:16:35.833912: | rsa signature 41 08 9f c7 38 37 07 bd f2 c3 35 88 5b 8e ce fa Sep 21 07:16:35.833914: | rsa signature 35 c2 40 c0 0b d2 c5 96 a8 3c 0d 08 7e 75 66 3b Sep 21 07:16:35.833918: | rsa signature 77 01 1d d3 d3 80 41 30 90 4a 2c 18 5a a3 db 2f Sep 21 07:16:35.833919: | rsa signature 8f 10 Sep 21 07:16:35.833923: | #1 spent 3.48 milliseconds in ikev2_calculate_rsa_hash() Sep 21 07:16:35.833925: | emitting length of IKEv2 Authentication Payload: 282 Sep 21 07:16:35.833927: | getting first pending from state #1 Sep 21 07:16:35.833929: | Switching Child connection for #2 to "north-eastnets/0x1" from "north-eastnets/0x2" Sep 21 07:16:35.833932: | in connection_discard for connection north-eastnets/0x2 Sep 21 07:16:35.833952: | netlink_get_spi: allocated 0xafda9a3b for esp.0@192.1.3.33 Sep 21 07:16:35.833954: | constructing ESP/AH proposals with all DH removed for north-eastnets/0x1 (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:16:35.833958: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Sep 21 07:16:35.833963: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=NONE;ESN=DISABLED Sep 21 07:16:35.833967: "north-eastnets/0x1": constructed local ESP/AH proposals for north-eastnets/0x1 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=NONE;ESN=DISABLED Sep 21 07:16:35.833975: | Emitting ikev2_proposals ... Sep 21 07:16:35.833978: | ****emit IKEv2 Security Association Payload: Sep 21 07:16:35.833981: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:35.833983: | flags: none (0x0) Sep 21 07:16:35.833987: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:35.833990: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:35.833992: | discarding DH=NONE Sep 21 07:16:35.833996: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:35.833997: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:35.833999: | prop #: 1 (0x1) Sep 21 07:16:35.834001: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:35.834002: | spi size: 4 (0x4) Sep 21 07:16:35.834003: | # transforms: 3 (0x3) Sep 21 07:16:35.834005: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:35.834007: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:35.834009: | our spi af da 9a 3b Sep 21 07:16:35.834011: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:35.834025: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:35.834027: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:35.834028: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:35.834030: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:35.834032: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:35.834034: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:35.834035: | length/value: 128 (0x80) Sep 21 07:16:35.834037: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:35.834038: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:35.834040: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:35.834041: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:35.834043: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:35.834045: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:35.834046: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:35.834048: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:35.834049: | discarding DH=NONE Sep 21 07:16:35.834051: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:35.834052: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:35.834069: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:35.834070: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:35.834072: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:35.834074: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:35.834076: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:35.834077: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:16:35.834079: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:35.834080: | emitting length of IKEv2 Security Association Payload: 44 Sep 21 07:16:35.834082: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:35.834085: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:35.834086: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:35.834088: | flags: none (0x0) Sep 21 07:16:35.834089: | number of TS: 1 (0x1) Sep 21 07:16:35.834112: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:16:35.834116: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:35.834120: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:35.834122: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:35.834125: | IP Protocol ID: 0 (0x0) Sep 21 07:16:35.834127: | start port: 0 (0x0) Sep 21 07:16:35.834130: | end port: 65535 (0xffff) Sep 21 07:16:35.834133: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:35.834136: | IP start c0 00 03 00 Sep 21 07:16:35.834142: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:35.834147: | IP end c0 00 03 ff Sep 21 07:16:35.834149: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:35.834152: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:16:35.834154: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:35.834156: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:35.834158: | flags: none (0x0) Sep 21 07:16:35.834160: | number of TS: 1 (0x1) Sep 21 07:16:35.834163: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:16:35.834165: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:35.834167: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:35.834170: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:35.834172: | IP Protocol ID: 0 (0x0) Sep 21 07:16:35.834174: | start port: 0 (0x0) Sep 21 07:16:35.834176: | end port: 65535 (0xffff) Sep 21 07:16:35.834179: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:35.834181: | IP start c0 00 02 00 Sep 21 07:16:35.834184: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:35.834186: | IP end c0 00 02 ff Sep 21 07:16:35.834189: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:35.834191: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:16:35.834193: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:16:35.834194: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:16:35.834196: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:35.834199: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:35.834204: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:35.834206: | emitting length of IKEv2 Encryption Payload: 436 Sep 21 07:16:35.834208: | emitting length of ISAKMP Message: 464 Sep 21 07:16:35.834241: | data being hmac: 37 34 b6 02 ea fb 65 7e 41 58 a7 32 16 4b 4c eb Sep 21 07:16:35.834243: | data being hmac: 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Sep 21 07:16:35.834244: | data being hmac: c6 28 cb 95 cb 91 c6 f4 bc 91 37 54 bf 1c 47 a1 Sep 21 07:16:35.834246: | data being hmac: f9 51 66 9f b5 86 d8 73 70 dd 2e 53 b0 b3 ea b8 Sep 21 07:16:35.834247: | data being hmac: 53 fd 95 32 93 00 7a 4b 71 67 7f 98 6e af da 26 Sep 21 07:16:35.834248: | data being hmac: af a0 f9 a7 c3 9a 34 ea 5b 40 6b 43 8b 01 86 6f Sep 21 07:16:35.834250: | data being hmac: e9 08 bd 28 1d 1e 15 10 cb 8e f2 47 97 d6 82 fc Sep 21 07:16:35.834251: | data being hmac: 73 c3 ae 2e b3 b4 a8 56 66 90 47 c0 06 70 ef 45 Sep 21 07:16:35.834253: | data being hmac: f7 dd 23 a1 cd 80 f4 97 1e 02 d3 ca 14 38 cb b3 Sep 21 07:16:35.834254: | data being hmac: ad 14 d4 81 ad 68 08 5d 3a 5e bd c2 ee 12 e6 68 Sep 21 07:16:35.834256: | data being hmac: 4a 4d 91 e4 86 99 db f2 22 f8 62 1f b1 f3 fe 0c Sep 21 07:16:35.834257: | data being hmac: d3 3b 32 a3 69 2d 51 13 d9 c8 2d 88 a0 9d ff f9 Sep 21 07:16:35.834258: | data being hmac: 5c 1a 6b 48 3f 41 a3 e3 03 99 17 ef 14 25 71 73 Sep 21 07:16:35.834260: | data being hmac: bb 4c 45 3a 8d 8a c1 1a 29 d8 e2 56 9a 52 9f 3d Sep 21 07:16:35.834261: | data being hmac: 78 17 f9 e1 57 fa 09 5e 15 a8 e8 47 1b 85 2a 5f Sep 21 07:16:35.834263: | data being hmac: 80 ba 32 ca 8c 61 45 b9 19 bc e9 21 59 1a 85 98 Sep 21 07:16:35.834264: | data being hmac: 45 f9 cd ab 22 d9 cc 78 b8 4e bd 6b 17 9b 53 da Sep 21 07:16:35.834266: | data being hmac: 8e 34 95 cc ed 97 d7 26 03 e3 78 0a 0c d8 1f 28 Sep 21 07:16:35.834267: | data being hmac: 4e 27 57 b1 e4 34 0f b7 be 4c f9 0f 7c 38 c6 0a Sep 21 07:16:35.834268: | data being hmac: bd 2c 0e c3 81 61 75 48 8f fd 1e 89 5b e0 e5 90 Sep 21 07:16:35.834270: | data being hmac: 77 e0 26 98 d0 ce 6d 54 3b 5a 75 ff fe b9 a4 06 Sep 21 07:16:35.834271: | data being hmac: df b6 5c 2f 2f 5c b1 11 4d 2f fe 7b 25 e1 59 65 Sep 21 07:16:35.834273: | data being hmac: 3a 5a a5 6f 3b 28 85 6c 81 c2 60 6a 49 da 6c 0c Sep 21 07:16:35.834274: | data being hmac: 02 59 19 4e a4 a8 f0 82 15 91 68 c8 71 c8 ad 38 Sep 21 07:16:35.834276: | data being hmac: ca 1e 42 5f b9 99 fd 2e 6f c8 d0 5c 03 ce b8 1d Sep 21 07:16:35.834277: | data being hmac: e8 26 e9 35 9b 3e 8e bb 43 d1 fd 17 4d 52 52 b5 Sep 21 07:16:35.834278: | data being hmac: 08 ed de 1b 84 75 8a 77 6a 1b f0 1b 6f 03 ee 66 Sep 21 07:16:35.834280: | data being hmac: 62 1a fa 6a 01 d8 a8 01 cc 5a 6e 79 d1 7c 05 2d Sep 21 07:16:35.834281: | out calculated auth: Sep 21 07:16:35.834283: | df 78 90 c8 77 43 7a 55 3c 98 6d 37 fc 09 43 d7 Sep 21 07:16:35.834289: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:35.834292: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:35.834295: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:16:35.834297: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:16:35.834299: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:16:35.834301: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:16:35.834305: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:16:35.834308: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:16:35.834313: "north-eastnets/0x1" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} Sep 21 07:16:35.834323: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:16:35.834331: | sending 464 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:35.834334: | 37 34 b6 02 ea fb 65 7e 41 58 a7 32 16 4b 4c eb Sep 21 07:16:35.834337: | 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Sep 21 07:16:35.834339: | c6 28 cb 95 cb 91 c6 f4 bc 91 37 54 bf 1c 47 a1 Sep 21 07:16:35.834340: | f9 51 66 9f b5 86 d8 73 70 dd 2e 53 b0 b3 ea b8 Sep 21 07:16:35.834341: | 53 fd 95 32 93 00 7a 4b 71 67 7f 98 6e af da 26 Sep 21 07:16:35.834343: | af a0 f9 a7 c3 9a 34 ea 5b 40 6b 43 8b 01 86 6f Sep 21 07:16:35.834344: | e9 08 bd 28 1d 1e 15 10 cb 8e f2 47 97 d6 82 fc Sep 21 07:16:35.834346: | 73 c3 ae 2e b3 b4 a8 56 66 90 47 c0 06 70 ef 45 Sep 21 07:16:35.834347: | f7 dd 23 a1 cd 80 f4 97 1e 02 d3 ca 14 38 cb b3 Sep 21 07:16:35.834348: | ad 14 d4 81 ad 68 08 5d 3a 5e bd c2 ee 12 e6 68 Sep 21 07:16:35.834350: | 4a 4d 91 e4 86 99 db f2 22 f8 62 1f b1 f3 fe 0c Sep 21 07:16:35.834351: | d3 3b 32 a3 69 2d 51 13 d9 c8 2d 88 a0 9d ff f9 Sep 21 07:16:35.834353: | 5c 1a 6b 48 3f 41 a3 e3 03 99 17 ef 14 25 71 73 Sep 21 07:16:35.834354: | bb 4c 45 3a 8d 8a c1 1a 29 d8 e2 56 9a 52 9f 3d Sep 21 07:16:35.834355: | 78 17 f9 e1 57 fa 09 5e 15 a8 e8 47 1b 85 2a 5f Sep 21 07:16:35.834357: | 80 ba 32 ca 8c 61 45 b9 19 bc e9 21 59 1a 85 98 Sep 21 07:16:35.834358: | 45 f9 cd ab 22 d9 cc 78 b8 4e bd 6b 17 9b 53 da Sep 21 07:16:35.834360: | 8e 34 95 cc ed 97 d7 26 03 e3 78 0a 0c d8 1f 28 Sep 21 07:16:35.834361: | 4e 27 57 b1 e4 34 0f b7 be 4c f9 0f 7c 38 c6 0a Sep 21 07:16:35.834362: | bd 2c 0e c3 81 61 75 48 8f fd 1e 89 5b e0 e5 90 Sep 21 07:16:35.834364: | 77 e0 26 98 d0 ce 6d 54 3b 5a 75 ff fe b9 a4 06 Sep 21 07:16:35.834365: | df b6 5c 2f 2f 5c b1 11 4d 2f fe 7b 25 e1 59 65 Sep 21 07:16:35.834367: | 3a 5a a5 6f 3b 28 85 6c 81 c2 60 6a 49 da 6c 0c Sep 21 07:16:35.834368: | 02 59 19 4e a4 a8 f0 82 15 91 68 c8 71 c8 ad 38 Sep 21 07:16:35.834369: | ca 1e 42 5f b9 99 fd 2e 6f c8 d0 5c 03 ce b8 1d Sep 21 07:16:35.834371: | e8 26 e9 35 9b 3e 8e bb 43 d1 fd 17 4d 52 52 b5 Sep 21 07:16:35.834372: | 08 ed de 1b 84 75 8a 77 6a 1b f0 1b 6f 03 ee 66 Sep 21 07:16:35.834374: | 62 1a fa 6a 01 d8 a8 01 cc 5a 6e 79 d1 7c 05 2d Sep 21 07:16:35.834375: | df 78 90 c8 77 43 7a 55 3c 98 6d 37 fc 09 43 d7 Sep 21 07:16:35.834414: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=50ms Sep 21 07:16:35.834418: | event_schedule: new EVENT_RETRANSMIT-pe@0x561b42b28e40 Sep 21 07:16:35.834421: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #2 Sep 21 07:16:35.834424: | libevent_malloc: new ptr-libevent@0x7f9628006900 size 128 Sep 21 07:16:35.834428: | #2 STATE_PARENT_I2: retransmits: first event in 0.05 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48842.202682 Sep 21 07:16:35.834431: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:16:35.834435: | #1 spent 4.13 milliseconds in resume sending helper answer Sep 21 07:16:35.834438: | stop processing: state #2 connection "north-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:35.834441: | libevent_free: release ptr-libevent@0x7f9620003060 Sep 21 07:16:35.852278: | spent 0.00285 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:35.852300: | *received 464 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:35.852303: | 37 34 b6 02 ea fb 65 7e 41 58 a7 32 16 4b 4c eb Sep 21 07:16:35.852306: | 2e 20 23 20 00 00 00 01 00 00 01 d0 24 00 01 b4 Sep 21 07:16:35.852308: | 0c 57 c2 7b f3 56 49 d5 31 73 b2 31 ea 58 08 03 Sep 21 07:16:35.852313: | 5f e7 44 3e 9c e8 1e 54 f2 b9 92 bf 21 25 e5 48 Sep 21 07:16:35.852316: | bc 4f cf 0f 72 b5 7d b0 0c b5 8c ba 0c 8f c9 e6 Sep 21 07:16:35.852318: | d3 79 b2 3e 4c c4 9a bb 9d fa 1e 01 09 41 12 2a Sep 21 07:16:35.852320: | 33 86 9c 5b 62 c3 8b 74 83 f6 86 59 37 74 19 02 Sep 21 07:16:35.852322: | e0 dc de 48 7a 15 34 f5 ca 7e 43 39 62 62 ca b2 Sep 21 07:16:35.852325: | c1 a9 f9 ba 8c f6 2d 68 ab 71 1d 72 0f 49 9c bd Sep 21 07:16:35.852327: | b6 2c b9 58 29 92 d1 d7 15 cb de c5 dc d0 a0 d1 Sep 21 07:16:35.852329: | 5a 6f ff fa 52 2b 32 c7 72 d1 cb 9c f2 f6 85 40 Sep 21 07:16:35.852331: | 85 22 ae 9d 0d ab 29 25 70 43 a3 94 9a b1 f0 0d Sep 21 07:16:35.852333: | c6 c6 92 a1 1a 3c fd ee 9e 82 00 a9 34 2b 50 3b Sep 21 07:16:35.852335: | d9 7c 14 07 13 5e 9e 02 de ef 12 b4 24 96 df 29 Sep 21 07:16:35.852337: | 90 37 c4 3a a4 5f d8 6d af f6 d5 a6 47 81 05 63 Sep 21 07:16:35.852340: | db 5d e4 c4 af dc ad 5b cb c9 df 29 be c4 c9 78 Sep 21 07:16:35.852342: | c3 83 fd e8 ae 00 13 8f d4 fe 94 e4 df a9 99 ea Sep 21 07:16:35.852344: | 8c 0a 48 0d d0 c6 3a 35 47 e2 c6 87 ae 44 8d 0b Sep 21 07:16:35.852347: | 82 76 d3 c5 a5 e9 e2 21 af 55 a6 02 ca 7c 9b 73 Sep 21 07:16:35.852349: | a8 cf 28 aa 80 66 61 d6 61 32 a9 69 6e 5f 85 9d Sep 21 07:16:35.852351: | a6 fc 22 ad 9b 36 8b b8 8f cd 5a d8 ed a3 15 38 Sep 21 07:16:35.852353: | 3c 3e 57 65 cf fb 2e e1 d9 a4 f3 12 eb 00 13 2c Sep 21 07:16:35.852355: | 75 c5 cf c1 6e 10 10 1f 5a a8 ae e3 26 c2 8d a6 Sep 21 07:16:35.852357: | 26 8a 02 7a 77 c3 d0 10 17 04 d3 da 76 7f f5 0b Sep 21 07:16:35.852360: | 6e 40 b7 4c 34 f0 57 96 05 82 28 61 7d f2 a0 4c Sep 21 07:16:35.852362: | 42 50 1b da 1b 7e b6 06 00 eb d1 47 bc d9 5e a1 Sep 21 07:16:35.852364: | 01 64 8d 20 bf 8c 67 8a ec c1 e4 1c 81 af e1 7a Sep 21 07:16:35.852365: | d9 77 91 f7 47 67 ed 5e bf d2 93 25 88 bd b0 c4 Sep 21 07:16:35.852367: | 16 a6 24 98 16 97 96 59 ef d1 aa 26 a2 81 61 bf Sep 21 07:16:35.852372: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:35.852376: | **parse ISAKMP Message: Sep 21 07:16:35.852378: | initiator cookie: Sep 21 07:16:35.852380: | 37 34 b6 02 ea fb 65 7e Sep 21 07:16:35.852383: | responder cookie: Sep 21 07:16:35.852385: | 41 58 a7 32 16 4b 4c eb Sep 21 07:16:35.852388: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:35.852390: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:35.852393: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:35.852396: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:35.852398: | Message ID: 1 (0x1) Sep 21 07:16:35.852400: | length: 464 (0x1d0) Sep 21 07:16:35.852403: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:35.852406: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:16:35.852410: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:16:35.852416: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:35.852419: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:16:35.852424: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:35.852428: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:35.852431: | #2 is idle Sep 21 07:16:35.852433: | #2 idle Sep 21 07:16:35.852435: | unpacking clear payload Sep 21 07:16:35.852438: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:35.852441: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:35.852443: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:16:35.852446: | flags: none (0x0) Sep 21 07:16:35.852448: | length: 436 (0x1b4) Sep 21 07:16:35.852452: | processing payload: ISAKMP_NEXT_v2SK (len=432) Sep 21 07:16:35.852455: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:16:35.852486: | data for hmac: 37 34 b6 02 ea fb 65 7e 41 58 a7 32 16 4b 4c eb Sep 21 07:16:35.852489: | data for hmac: 2e 20 23 20 00 00 00 01 00 00 01 d0 24 00 01 b4 Sep 21 07:16:35.852491: | data for hmac: 0c 57 c2 7b f3 56 49 d5 31 73 b2 31 ea 58 08 03 Sep 21 07:16:35.852494: | data for hmac: 5f e7 44 3e 9c e8 1e 54 f2 b9 92 bf 21 25 e5 48 Sep 21 07:16:35.852496: | data for hmac: bc 4f cf 0f 72 b5 7d b0 0c b5 8c ba 0c 8f c9 e6 Sep 21 07:16:35.852498: | data for hmac: d3 79 b2 3e 4c c4 9a bb 9d fa 1e 01 09 41 12 2a Sep 21 07:16:35.852501: | data for hmac: 33 86 9c 5b 62 c3 8b 74 83 f6 86 59 37 74 19 02 Sep 21 07:16:35.852503: | data for hmac: e0 dc de 48 7a 15 34 f5 ca 7e 43 39 62 62 ca b2 Sep 21 07:16:35.852505: | data for hmac: c1 a9 f9 ba 8c f6 2d 68 ab 71 1d 72 0f 49 9c bd Sep 21 07:16:35.852508: | data for hmac: b6 2c b9 58 29 92 d1 d7 15 cb de c5 dc d0 a0 d1 Sep 21 07:16:35.852510: | data for hmac: 5a 6f ff fa 52 2b 32 c7 72 d1 cb 9c f2 f6 85 40 Sep 21 07:16:35.852512: | data for hmac: 85 22 ae 9d 0d ab 29 25 70 43 a3 94 9a b1 f0 0d Sep 21 07:16:35.852514: | data for hmac: c6 c6 92 a1 1a 3c fd ee 9e 82 00 a9 34 2b 50 3b Sep 21 07:16:35.852517: | data for hmac: d9 7c 14 07 13 5e 9e 02 de ef 12 b4 24 96 df 29 Sep 21 07:16:35.852519: | data for hmac: 90 37 c4 3a a4 5f d8 6d af f6 d5 a6 47 81 05 63 Sep 21 07:16:35.852521: | data for hmac: db 5d e4 c4 af dc ad 5b cb c9 df 29 be c4 c9 78 Sep 21 07:16:35.852524: | data for hmac: c3 83 fd e8 ae 00 13 8f d4 fe 94 e4 df a9 99 ea Sep 21 07:16:35.852526: | data for hmac: 8c 0a 48 0d d0 c6 3a 35 47 e2 c6 87 ae 44 8d 0b Sep 21 07:16:35.852528: | data for hmac: 82 76 d3 c5 a5 e9 e2 21 af 55 a6 02 ca 7c 9b 73 Sep 21 07:16:35.852531: | data for hmac: a8 cf 28 aa 80 66 61 d6 61 32 a9 69 6e 5f 85 9d Sep 21 07:16:35.852533: | data for hmac: a6 fc 22 ad 9b 36 8b b8 8f cd 5a d8 ed a3 15 38 Sep 21 07:16:35.852535: | data for hmac: 3c 3e 57 65 cf fb 2e e1 d9 a4 f3 12 eb 00 13 2c Sep 21 07:16:35.852538: | data for hmac: 75 c5 cf c1 6e 10 10 1f 5a a8 ae e3 26 c2 8d a6 Sep 21 07:16:35.852540: | data for hmac: 26 8a 02 7a 77 c3 d0 10 17 04 d3 da 76 7f f5 0b Sep 21 07:16:35.852542: | data for hmac: 6e 40 b7 4c 34 f0 57 96 05 82 28 61 7d f2 a0 4c Sep 21 07:16:35.852545: | data for hmac: 42 50 1b da 1b 7e b6 06 00 eb d1 47 bc d9 5e a1 Sep 21 07:16:35.852547: | data for hmac: 01 64 8d 20 bf 8c 67 8a ec c1 e4 1c 81 af e1 7a Sep 21 07:16:35.852549: | data for hmac: d9 77 91 f7 47 67 ed 5e bf d2 93 25 88 bd b0 c4 Sep 21 07:16:35.852552: | calculated auth: 16 a6 24 98 16 97 96 59 ef d1 aa 26 a2 81 61 bf Sep 21 07:16:35.852554: | provided auth: 16 a6 24 98 16 97 96 59 ef d1 aa 26 a2 81 61 bf Sep 21 07:16:35.852556: | authenticator matched Sep 21 07:16:35.852567: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:16:35.852570: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:16:35.852573: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:16:35.852575: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:16:35.852578: | flags: none (0x0) Sep 21 07:16:35.852580: | length: 12 (0xc) Sep 21 07:16:35.852582: | ID type: ID_FQDN (0x2) Sep 21 07:16:35.852585: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:16:35.852587: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:16:35.852590: | **parse IKEv2 Authentication Payload: Sep 21 07:16:35.852592: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:35.852595: | flags: none (0x0) Sep 21 07:16:35.852597: | length: 282 (0x11a) Sep 21 07:16:35.852599: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:16:35.852602: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Sep 21 07:16:35.852604: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:35.852607: | **parse IKEv2 Security Association Payload: Sep 21 07:16:35.852611: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:16:35.852613: | flags: none (0x0) Sep 21 07:16:35.852615: | length: 44 (0x2c) Sep 21 07:16:35.852618: | processing payload: ISAKMP_NEXT_v2SA (len=40) Sep 21 07:16:35.852620: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:16:35.852622: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:35.852625: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:16:35.852627: | flags: none (0x0) Sep 21 07:16:35.852629: | length: 24 (0x18) Sep 21 07:16:35.852632: | number of TS: 1 (0x1) Sep 21 07:16:35.852634: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:16:35.852636: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:16:35.852639: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:35.852641: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:35.852643: | flags: none (0x0) Sep 21 07:16:35.852646: | length: 24 (0x18) Sep 21 07:16:35.852648: | number of TS: 1 (0x1) Sep 21 07:16:35.852650: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:16:35.852653: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:16:35.852655: | Now let's proceed with state specific processing Sep 21 07:16:35.852658: | calling processor Initiator: process IKE_AUTH response Sep 21 07:16:35.852663: | offered CA: '%none' Sep 21 07:16:35.852667: "north-eastnets/0x1" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:16:35.852690: | verifying AUTH payload Sep 21 07:16:35.852707: | required RSA CA is '%any' Sep 21 07:16:35.852711: | checking RSA keyid '@east' for match with '@east' Sep 21 07:16:35.852714: | RSA key issuer CA is '%any' Sep 21 07:16:35.852779: | an RSA Sig check passed with *AQO9bJbr3 [preloaded keys] Sep 21 07:16:35.852793: | #1 spent 0.0662 milliseconds in try_all_keys() trying a pubkey Sep 21 07:16:35.852798: "north-eastnets/0x1" #2: Authenticated using RSA Sep 21 07:16:35.852808: | #1 spent 0.104 milliseconds in ikev2_verify_rsa_hash() Sep 21 07:16:35.852811: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:16:35.852816: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:16:35.852819: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:16:35.852823: | libevent_free: release ptr-libevent@0x561b42b21550 Sep 21 07:16:35.852826: | free_event_entry: release EVENT_SA_REPLACE-pe@0x561b42b21510 Sep 21 07:16:35.852850: | event_schedule: new EVENT_SA_REKEY-pe@0x561b42b21510 Sep 21 07:16:35.852854: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:16:35.852857: | libevent_malloc: new ptr-libevent@0x561b42b21550 size 128 Sep 21 07:16:35.853072: | pstats #1 ikev2.ike established Sep 21 07:16:35.853080: | TSi: parsing 1 traffic selectors Sep 21 07:16:35.853084: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:35.853086: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:35.853089: | IP Protocol ID: 0 (0x0) Sep 21 07:16:35.853092: | length: 16 (0x10) Sep 21 07:16:35.853094: | start port: 0 (0x0) Sep 21 07:16:35.853096: | end port: 65535 (0xffff) Sep 21 07:16:35.853099: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:35.853102: | TS low c0 00 03 00 Sep 21 07:16:35.853105: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:35.853107: | TS high c0 00 03 ff Sep 21 07:16:35.853110: | TSi: parsed 1 traffic selectors Sep 21 07:16:35.853150: | TSr: parsing 1 traffic selectors Sep 21 07:16:35.853156: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:35.853159: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:35.853161: | IP Protocol ID: 0 (0x0) Sep 21 07:16:35.853164: | length: 16 (0x10) Sep 21 07:16:35.853166: | start port: 0 (0x0) Sep 21 07:16:35.853168: | end port: 65535 (0xffff) Sep 21 07:16:35.853171: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:35.853174: | TS low c0 00 02 00 Sep 21 07:16:35.853176: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:35.853183: | TS high c0 00 02 ff Sep 21 07:16:35.853186: | TSr: parsed 1 traffic selectors Sep 21 07:16:35.853193: | evaluating our conn="north-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:16:35.853199: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:35.853206: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:16:35.853210: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:16:35.853212: | TSi[0] port match: YES fitness 65536 Sep 21 07:16:35.853216: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:16:35.853219: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:35.853224: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:35.853230: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:16:35.853233: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:16:35.853235: | TSr[0] port match: YES fitness 65536 Sep 21 07:16:35.853238: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:16:35.853241: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:35.853243: | best fit so far: TSi[0] TSr[0] Sep 21 07:16:35.853246: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:16:35.853248: | printing contents struct traffic_selector Sep 21 07:16:35.853251: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:35.853253: | ipprotoid: 0 Sep 21 07:16:35.853255: | port range: 0-65535 Sep 21 07:16:35.853259: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:16:35.853261: | printing contents struct traffic_selector Sep 21 07:16:35.853264: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:35.853266: | ipprotoid: 0 Sep 21 07:16:35.853268: | port range: 0-65535 Sep 21 07:16:35.853272: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:16:35.853280: | using existing local ESP/AH proposals for north-eastnets/0x1 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=NONE;ESN=DISABLED Sep 21 07:16:35.853283: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals Sep 21 07:16:35.853288: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:35.853290: | local proposal 1 type PRF has 0 transforms Sep 21 07:16:35.853293: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:35.853295: | local proposal 1 type DH has 1 transforms Sep 21 07:16:35.853298: | local proposal 1 type ESN has 1 transforms Sep 21 07:16:35.853301: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:16:35.853304: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:35.853307: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:35.853310: | length: 40 (0x28) Sep 21 07:16:35.853312: | prop #: 1 (0x1) Sep 21 07:16:35.853314: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:35.853316: | spi size: 4 (0x4) Sep 21 07:16:35.853319: | # transforms: 3 (0x3) Sep 21 07:16:35.853322: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:16:35.853324: | remote SPI d6 2b 72 fb Sep 21 07:16:35.853327: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Sep 21 07:16:35.853330: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:35.853333: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:35.853335: | length: 12 (0xc) Sep 21 07:16:35.853338: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:35.853340: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:35.853343: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:35.853345: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:35.853348: | length/value: 128 (0x80) Sep 21 07:16:35.853352: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:35.853356: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:35.853359: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:35.853361: | length: 8 (0x8) Sep 21 07:16:35.853364: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:35.853366: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:35.853370: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Sep 21 07:16:35.853373: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:35.853375: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:35.853377: | length: 8 (0x8) Sep 21 07:16:35.853380: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:35.853382: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:35.853388: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:16:35.853391: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Sep 21 07:16:35.853396: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Sep 21 07:16:35.853399: | remote proposal 1 matches local proposal 1 Sep 21 07:16:35.853402: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED[first-match] Sep 21 07:16:35.853407: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=d62b72fb;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED Sep 21 07:16:35.853411: | converting proposal to internal trans attrs Sep 21 07:16:35.853417: | integ=sha2_512: .key_size=64 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=80 Sep 21 07:16:35.853734: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:16:35.853740: | could_route called for north-eastnets/0x1 (kind=CK_PERMANENT) Sep 21 07:16:35.853743: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:35.853746: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:35.853749: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:35.853751: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:35.853754: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:35.853759: | route owner of "north-eastnets/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:16:35.853763: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Sep 21 07:16:35.853766: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:16:35.853769: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Sep 21 07:16:35.853773: | setting IPsec SA replay-window to 32 Sep 21 07:16:35.853776: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Sep 21 07:16:35.853779: | netlink: enabling tunnel mode Sep 21 07:16:35.853782: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:35.853796: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:35.853881: | netlink response for Add SA esp.d62b72fb@192.1.2.23 included non-error error Sep 21 07:16:35.853885: | set up outgoing SA, ref=0/0 Sep 21 07:16:35.853888: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Sep 21 07:16:35.853891: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:16:35.853894: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Sep 21 07:16:35.853897: | setting IPsec SA replay-window to 32 Sep 21 07:16:35.853900: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Sep 21 07:16:35.853903: | netlink: enabling tunnel mode Sep 21 07:16:35.853905: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:35.853908: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:35.853958: | netlink response for Add SA esp.afda9a3b@192.1.3.33 included non-error error Sep 21 07:16:35.853964: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:35.853972: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:35.853975: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:35.854365: | raw_eroute result=success Sep 21 07:16:35.854373: | set up incoming SA, ref=0/0 Sep 21 07:16:35.854376: | sr for #2: unrouted Sep 21 07:16:35.854379: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:16:35.854382: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:35.854385: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:35.854388: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:35.854390: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:35.854393: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:35.854396: | route owner of "north-eastnets/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:16:35.854400: | route_and_eroute with c: north-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:16:35.854404: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Sep 21 07:16:35.854411: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:16:35.854414: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:35.854443: | raw_eroute result=success Sep 21 07:16:35.854447: | running updown command "ipsec _updown" for verb up Sep 21 07:16:35.854449: | command executing up-client Sep 21 07:16:35.854478: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xd Sep 21 07:16:35.854482: | popen cmd is 1041 chars long Sep 21 07:16:35.854484: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1': Sep 21 07:16:35.854487: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_: Sep 21 07:16:35.854490: | cmd( 160):MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PL: Sep 21 07:16:35.854492: | cmd( 240):UTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO: Sep 21 07:16:35.854495: | cmd( 320):_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@ea: Sep 21 07:16:35.854497: | cmd( 400):st' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEE: Sep 21 07:16:35.854500: | cmd( 480):R_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_: Sep 21 07:16:35.854502: | cmd( 560):PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCR: Sep 21 07:16:35.854505: | cmd( 640):YPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND: Sep 21 07:16:35.854507: | cmd( 720):='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=: Sep 21 07:16:35.854510: | cmd( 800):'0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_: Sep 21 07:16:35.854512: | cmd( 880):CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROU: Sep 21 07:16:35.854517: | cmd( 960):TING='no' VTI_SHARED='no' SPI_IN=0xd62b72fb SPI_OUT=0xafda9a3b ipsec _updown 2>&: Sep 21 07:16:35.854520: | cmd(1040):1: Sep 21 07:16:35.862108: | route_and_eroute: firewall_notified: true Sep 21 07:16:35.862126: | running updown command "ipsec _updown" for verb prepare Sep 21 07:16:35.862129: | command executing prepare-client Sep 21 07:16:35.862162: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Sep 21 07:16:35.862165: | popen cmd is 1046 chars long Sep 21 07:16:35.862168: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets: Sep 21 07:16:35.862171: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' P: Sep 21 07:16:35.862173: | cmd( 160):LUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Sep 21 07:16:35.862176: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Sep 21 07:16:35.862178: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Sep 21 07:16:35.862181: | cmd( 400):='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUT: Sep 21 07:16:35.862183: | cmd( 480):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Sep 21 07:16:35.862186: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG: Sep 21 07:16:35.862188: | cmd( 640):+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Sep 21 07:16:35.862191: | cmd( 720):_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C: Sep 21 07:16:35.862193: | cmd( 800):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P: Sep 21 07:16:35.862196: | cmd( 880):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT: Sep 21 07:16:35.862198: | cmd( 960):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0xd62b72fb SPI_OUT=0xafda9a3b ipsec _updow: Sep 21 07:16:35.862200: | cmd(1040):n 2>&1: Sep 21 07:16:35.881495: | running updown command "ipsec _updown" for verb route Sep 21 07:16:35.881509: | command executing route-client Sep 21 07:16:35.881545: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_ Sep 21 07:16:35.881553: | popen cmd is 1044 chars long Sep 21 07:16:35.881557: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0: Sep 21 07:16:35.881560: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLU: Sep 21 07:16:35.881562: | cmd( 160):TO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0': Sep 21 07:16:35.881565: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Sep 21 07:16:35.881567: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=': Sep 21 07:16:35.881569: | cmd( 400):@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_: Sep 21 07:16:35.881572: | cmd( 480):PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLU: Sep 21 07:16:35.881574: | cmd( 560):TO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+E: Sep 21 07:16:35.881577: | cmd( 640):NCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_K: Sep 21 07:16:35.881580: | cmd( 720):IND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CIS: Sep 21 07:16:35.881582: | cmd( 800):CO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLU: Sep 21 07:16:35.881584: | cmd( 880):TO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_: Sep 21 07:16:35.881587: | cmd( 960):ROUTING='no' VTI_SHARED='no' SPI_IN=0xd62b72fb SPI_OUT=0xafda9a3b ipsec _updown : Sep 21 07:16:35.881589: | cmd(1040):2>&1: Sep 21 07:16:35.971187: | route_and_eroute: instance "north-eastnets/0x1", setting eroute_owner {spd=0x561b42b208a0,sr=0x561b42b208a0} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:16:35.971275: | #1 spent 0.938 milliseconds in install_ipsec_sa() Sep 21 07:16:35.971283: | inR2: instance north-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:16:35.971287: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:35.971290: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:16:35.971296: | libevent_free: release ptr-libevent@0x7f9628006900 Sep 21 07:16:35.971299: | free_event_entry: release EVENT_RETRANSMIT-pe@0x561b42b28e40 Sep 21 07:16:35.971304: | #2 spent 1.86 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:16:35.971312: | [RE]START processing: state #2 connection "north-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:35.971317: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:16:35.971320: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:16:35.971323: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:16:35.971326: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:16:35.971332: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:16:35.971337: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:35.971340: | pstats #2 ikev2.child established Sep 21 07:16:35.971348: "north-eastnets/0x1" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:16:35.971360: | NAT-T: encaps is 'auto' Sep 21 07:16:35.971366: "north-eastnets/0x1" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xd62b72fb <0xafda9a3b xfrm=AES_CBC_128-HMAC_SHA2_512_256 NATOA=none NATD=none DPD=passive} Sep 21 07:16:35.971371: | releasing whack for #2 (sock=fd@26) Sep 21 07:16:35.971378: | close_any(fd@26) (in release_whack() at state.c:654) Sep 21 07:16:35.971381: | releasing whack and unpending for parent #1 Sep 21 07:16:35.971384: | unpending state #1 connection "north-eastnets/0x1" Sep 21 07:16:35.971389: | delete from pending Child SA with 192.1.2.23 "north-eastnets/0x1" Sep 21 07:16:35.971392: | removing pending policy for no connection {0x561b42aae530} Sep 21 07:16:35.971395: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:16:35.971399: | creating state object #3 at 0x561b42b24ff0 Sep 21 07:16:35.971402: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:16:35.971408: | pstats #3 ikev2.child started Sep 21 07:16:35.971412: | duplicating state object #1 "north-eastnets/0x2" as #3 for IPSEC SA Sep 21 07:16:35.971417: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:35.971424: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:35.971429: | suspend processing: state #2 connection "north-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:35.971434: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:35.971437: | child state #3: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA) Sep 21 07:16:35.971441: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:16:35.971444: | constructing ESP/AH proposals with default DH MODP2048 for north-eastnets/0x2 (ESP/AH initiator emitting proposals) Sep 21 07:16:35.971449: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Sep 21 07:16:35.971456: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Sep 21 07:16:35.971460: "north-eastnets/0x2": constructed local ESP/AH proposals for north-eastnets/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Sep 21 07:16:35.971468: | #3 schedule initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=MODP3072 Sep 21 07:16:35.971472: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x561b42b28e40 Sep 21 07:16:35.971476: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Sep 21 07:16:35.971479: | libevent_malloc: new ptr-libevent@0x7f9628006900 size 128 Sep 21 07:16:35.971485: | RESET processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:16:35.971489: | RESET processing: from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:16:35.971493: | delete from pending Child SA with 192.1.2.23 "north-eastnets/0x2" Sep 21 07:16:35.971496: | removing pending policy for no connection {0x561b42aa7df0} Sep 21 07:16:35.971499: | close_any(fd@24) (in release_whack() at state.c:654) Sep 21 07:16:35.971504: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:16:35.971507: | event_schedule: new EVENT_SA_REKEY-pe@0x561b42b298d0 Sep 21 07:16:35.971510: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:16:35.971513: | libevent_malloc: new ptr-libevent@0x561b42b2b060 size 128 Sep 21 07:16:35.971516: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:35.971521: | #1 spent 2.45 milliseconds in ikev2_process_packet() Sep 21 07:16:35.971525: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:35.971528: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:35.971532: | spent 2.46 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:35.971545: | timer_event_cb: processing event@0x561b42b28e40 Sep 21 07:16:35.971548: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Sep 21 07:16:35.971556: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:35.971561: | adding Child Initiator KE and nonce ni work-order 3 for state #3 Sep 21 07:16:35.971564: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x561b42b29dc0 Sep 21 07:16:35.971567: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:16:35.971570: | libevent_malloc: new ptr-libevent@0x561b42b2b2c0 size 128 Sep 21 07:16:35.971577: | libevent_free: release ptr-libevent@0x7f9628006900 Sep 21 07:16:35.971581: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x561b42b28e40 Sep 21 07:16:35.971585: | #3 spent 0.0399 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:16:35.971584: | crypto helper 0 resuming Sep 21 07:16:35.971603: | crypto helper 0 starting work-order 3 for state #3 Sep 21 07:16:35.971609: | crypto helper 0 doing build KE and nonce (Child Initiator KE and nonce ni); request ID 3 Sep 21 07:16:35.971612: | crypto helper is pausing for 1 seconds Sep 21 07:16:35.971594: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:16:35.971625: | processing signal PLUTO_SIGCHLD Sep 21 07:16:35.971631: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:35.971635: | spent 0.00568 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:35.971638: | processing signal PLUTO_SIGCHLD Sep 21 07:16:35.971641: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:35.971644: | spent 0.00343 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:35.971647: | processing signal PLUTO_SIGCHLD Sep 21 07:16:35.971650: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:35.971654: | spent 0.0034 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:36.973934: | crypto helper 0 finished build KE and nonce (Child Initiator KE and nonce ni); request ID 3 time elapsed 1.002322 seconds Sep 21 07:16:36.973951: | (#3) spent 2.27 milliseconds in crypto helper computing work-order 3: Child Initiator KE and nonce ni (pcr) Sep 21 07:16:36.973956: | crypto helper 0 sending results from work-order 3 for state #3 to event queue Sep 21 07:16:36.973959: | scheduling resume sending helper answer for #3 Sep 21 07:16:36.973964: | libevent_malloc: new ptr-libevent@0x7f9624005780 size 128 Sep 21 07:16:36.973968: | libevent_realloc: release ptr-libevent@0x561b42b034f0 Sep 21 07:16:36.973971: | libevent_realloc: new ptr-libevent@0x561b42b28b00 size 128 Sep 21 07:16:36.973980: | crypto helper 0 waiting (nothing to do) Sep 21 07:16:36.973991: | processing resume sending helper answer for #3 Sep 21 07:16:36.974005: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:36.974011: | crypto helper 0 replies to request ID 3 Sep 21 07:16:36.974017: | calling continuation function 0x561b40eca630 Sep 21 07:16:36.974022: | ikev2_child_outI_continue for #3 STATE_V2_CREATE_I0 Sep 21 07:16:36.974026: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:36.974029: | libevent_free: release ptr-libevent@0x561b42b2b2c0 Sep 21 07:16:36.974032: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x561b42b29dc0 Sep 21 07:16:36.974035: | event_schedule: new EVENT_SA_REPLACE-pe@0x561b42b29dc0 Sep 21 07:16:36.974038: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Sep 21 07:16:36.974041: | libevent_malloc: new ptr-libevent@0x561b42b2b2c0 size 128 Sep 21 07:16:36.974046: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:36.974049: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:16:36.974052: | libevent_malloc: new ptr-libevent@0x7f9628006900 size 128 Sep 21 07:16:36.974058: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:36.974062: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND Sep 21 07:16:36.974068: | suspending state #3 and saving MD Sep 21 07:16:36.974071: | #3 is busy; has a suspended MD Sep 21 07:16:36.974075: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:36.974079: | "north-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:36.974082: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Sep 21 07:16:36.974088: | #3 spent 0.0763 milliseconds in resume sending helper answer Sep 21 07:16:36.974093: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:36.974096: | libevent_free: release ptr-libevent@0x7f9624005780 Sep 21 07:16:36.974101: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:16:36.974106: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:16:36.974112: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:36.974117: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:16:36.974121: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:16:36.974128: | **emit ISAKMP Message: Sep 21 07:16:36.974131: | initiator cookie: Sep 21 07:16:36.974133: | 37 34 b6 02 ea fb 65 7e Sep 21 07:16:36.974136: | responder cookie: Sep 21 07:16:36.974138: | 41 58 a7 32 16 4b 4c eb Sep 21 07:16:36.974141: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:36.974146: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:36.974155: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:16:36.974160: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:36.974163: | Message ID: 2 (0x2) Sep 21 07:16:36.974166: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:36.974169: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:36.974172: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:36.974174: | flags: none (0x0) Sep 21 07:16:36.974179: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:36.974184: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:16:36.974190: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:36.974216: | netlink_get_spi: allocated 0xa2721547 for esp.0@192.1.3.33 Sep 21 07:16:36.974224: | Emitting ikev2_proposals ... Sep 21 07:16:36.974230: | ****emit IKEv2 Security Association Payload: Sep 21 07:16:36.974234: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:36.974237: | flags: none (0x0) Sep 21 07:16:36.974240: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:36.974246: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:36.974252: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:36.974255: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:36.974258: | prop #: 1 (0x1) Sep 21 07:16:36.974261: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:36.974264: | spi size: 4 (0x4) Sep 21 07:16:36.974267: | # transforms: 4 (0x4) Sep 21 07:16:36.974271: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:36.974275: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:36.974282: | our spi a2 72 15 47 Sep 21 07:16:36.974287: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.974290: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.974293: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:36.974296: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:36.974299: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.974303: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:36.974306: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:36.974309: | length/value: 128 (0x80) Sep 21 07:16:36.974312: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:36.974315: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.974318: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.974321: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:36.974323: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:36.974327: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.974331: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.974335: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.974338: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.974340: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.974345: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.974351: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:36.974355: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.974359: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.974363: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.974366: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.974369: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:36.974373: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:36.974378: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:36.974384: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.974388: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.974391: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.974394: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:16:36.974398: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:36.974401: | emitting length of IKEv2 Security Association Payload: 52 Sep 21 07:16:36.974405: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:36.974408: | ****emit IKEv2 Nonce Payload: Sep 21 07:16:36.974412: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:36.974417: | flags: none (0x0) Sep 21 07:16:36.974422: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:36.974426: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:36.974430: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:36.974433: | IKEv2 nonce 0a a9 36 f3 31 ec 3b da 42 f5 31 8e 28 4c f1 5e Sep 21 07:16:36.974437: | IKEv2 nonce 66 1d 86 f5 ef 47 6d 29 69 44 27 ed 9d 12 43 61 Sep 21 07:16:36.974445: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:36.974450: | ****emit IKEv2 Key Exchange Payload: Sep 21 07:16:36.974453: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:36.974456: | flags: none (0x0) Sep 21 07:16:36.974458: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:36.974462: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:36.974466: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:36.974470: | emitting 384 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:36.974473: | ikev2 g^x ab 1e 81 1d 7a 53 e7 22 24 97 e5 09 1d 92 e1 1c Sep 21 07:16:36.974476: | ikev2 g^x 6a 94 96 0d 07 9f 40 e6 9f bc 43 86 4e 6a 54 75 Sep 21 07:16:36.974479: | ikev2 g^x b5 a6 92 2d bd 5d 54 d0 09 4f 8a 8a a0 ec 55 0a Sep 21 07:16:36.974481: | ikev2 g^x f2 e3 0c 53 34 83 da 1c eb 7b 61 e7 c8 db 4f 6d Sep 21 07:16:36.974484: | ikev2 g^x ce c4 8e 9c 8d f9 de 9f 68 7d 5b 1f 75 bb f0 51 Sep 21 07:16:36.974487: | ikev2 g^x ef b7 f6 a6 5d de 6a ce 6e a2 c5 9a b3 42 ab d9 Sep 21 07:16:36.974490: | ikev2 g^x 93 fa 98 05 01 28 15 0b 04 cb 21 44 f0 fd 17 7a Sep 21 07:16:36.974493: | ikev2 g^x 7e 19 e8 af 7d 64 9f 30 d1 01 47 70 90 2d de 74 Sep 21 07:16:36.974495: | ikev2 g^x 62 65 a9 d6 dd 40 9d 7f 63 61 e8 c8 d3 da af e3 Sep 21 07:16:36.974498: | ikev2 g^x 58 68 19 7f ff 26 8b 83 44 e9 37 5d a4 e4 e7 ed Sep 21 07:16:36.974501: | ikev2 g^x 32 09 05 31 43 99 4e f2 81 7e d3 5d bf 7a 1b 47 Sep 21 07:16:36.974504: | ikev2 g^x 02 50 9a 01 f4 40 a7 68 2e 9c 1d e0 77 0f b4 1c Sep 21 07:16:36.974507: | ikev2 g^x b4 6b 50 ac 8d e1 08 80 43 cd 4c e2 07 17 b4 1a Sep 21 07:16:36.974510: | ikev2 g^x 7d e7 5b d1 6a 02 04 00 a1 65 56 0a 3c d2 49 d7 Sep 21 07:16:36.974513: | ikev2 g^x 03 98 d4 c4 17 99 03 98 8a 4e 99 8c d8 6c 8a 2b Sep 21 07:16:36.974515: | ikev2 g^x 2e 4c f0 b0 8d 46 98 21 65 72 9d 1c af 46 90 73 Sep 21 07:16:36.974518: | ikev2 g^x d7 53 fc 83 ad 30 e7 04 6c 26 73 c6 56 7c bc 8d Sep 21 07:16:36.974521: | ikev2 g^x 7c 55 b2 a1 7a 2f 10 f2 05 1c 8e 0a 47 fb 03 66 Sep 21 07:16:36.974524: | ikev2 g^x 4d a9 89 16 cc 5e 74 e1 7f 2b d8 f7 03 18 11 7f Sep 21 07:16:36.974527: | ikev2 g^x 20 8b 37 5d 57 0c 11 a6 8d 0b 14 99 18 64 16 92 Sep 21 07:16:36.974529: | ikev2 g^x d5 79 77 a8 21 53 28 9d bc 59 af 23 c0 fe d5 d6 Sep 21 07:16:36.974532: | ikev2 g^x 3a d4 49 8e 84 11 6e 7e 8d 6f fa 06 d7 06 f4 73 Sep 21 07:16:36.974535: | ikev2 g^x 5a d7 6b 7a a8 64 ad 02 9b a7 ff dd 3e 6a fd 15 Sep 21 07:16:36.974538: | ikev2 g^x 9d 45 39 4c 11 9c 5a 10 98 7b 45 01 f0 26 d2 d0 Sep 21 07:16:36.974541: | emitting length of IKEv2 Key Exchange Payload: 392 Sep 21 07:16:36.974547: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:36.974552: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:36.974555: | flags: none (0x0) Sep 21 07:16:36.974558: | number of TS: 1 (0x1) Sep 21 07:16:36.974563: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:16:36.974569: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:36.974574: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:36.974581: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:36.974584: | IP Protocol ID: 0 (0x0) Sep 21 07:16:36.974591: | start port: 0 (0x0) Sep 21 07:16:36.974596: | end port: 65535 (0xffff) Sep 21 07:16:36.974600: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:36.974603: | IP start c0 00 03 00 Sep 21 07:16:36.974609: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:36.974613: | IP end c0 00 03 ff Sep 21 07:16:36.974618: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:36.974621: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:16:36.974624: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:36.974628: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:36.974631: | flags: none (0x0) Sep 21 07:16:36.974633: | number of TS: 1 (0x1) Sep 21 07:16:36.974640: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:16:36.974645: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:36.974648: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:36.974651: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:36.974653: | IP Protocol ID: 0 (0x0) Sep 21 07:16:36.974656: | start port: 0 (0x0) Sep 21 07:16:36.974658: | end port: 65535 (0xffff) Sep 21 07:16:36.974661: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:36.974664: | IP start c0 00 16 00 Sep 21 07:16:36.974667: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:36.974669: | IP end c0 00 16 ff Sep 21 07:16:36.974671: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:36.974673: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:16:36.974676: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:16:36.974680: | adding 16 bytes of padding (including 1 byte padding-length) Sep 21 07:16:36.974683: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:36.974686: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:36.974689: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:36.974692: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:36.974695: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:36.974698: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:36.974701: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:36.974704: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:36.974706: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:36.974709: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:36.974712: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:36.974718: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:36.974725: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:36.974728: | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:36.974731: | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:36.974734: | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:36.974737: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:36.974740: | emitting length of IKEv2 Encryption Payload: 580 Sep 21 07:16:36.974742: | emitting length of ISAKMP Message: 608 Sep 21 07:16:36.974900: | data being hmac: 37 34 b6 02 ea fb 65 7e 41 58 a7 32 16 4b 4c eb Sep 21 07:16:36.974909: | data being hmac: 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Sep 21 07:16:36.974911: | data being hmac: c5 fb 50 f2 61 ad d0 18 f2 4a e9 72 04 77 55 3d Sep 21 07:16:36.974914: | data being hmac: c2 9f 3d 73 b2 ca c3 ea 9e ba 3f 70 ee 3a 1c 0e Sep 21 07:16:36.974915: | data being hmac: d4 ad 61 5c d9 53 63 f8 c9 f0 68 fc 73 64 b2 cf Sep 21 07:16:36.974920: | data being hmac: d0 f5 67 d1 cc 5d 73 32 5c f0 1d b5 51 19 1a 12 Sep 21 07:16:36.974922: | data being hmac: 43 e4 ca 4a 80 ad e4 2c 92 00 ff b8 10 95 55 9b Sep 21 07:16:36.974925: | data being hmac: 7c 03 2e 86 4d 2a 6a 36 ed ec f6 a6 69 9d 87 8b Sep 21 07:16:36.974927: | data being hmac: 83 d7 eb 88 17 ce f7 d8 d9 19 74 ee 04 42 d6 7c Sep 21 07:16:36.974929: | data being hmac: 70 39 01 a5 be 5d ad 62 23 ec 90 97 88 c6 6d c5 Sep 21 07:16:36.974932: | data being hmac: 46 de c8 2a ac 2b a6 f3 96 4f be ec 4b af 1d 36 Sep 21 07:16:36.974934: | data being hmac: 83 6e d1 a9 71 4e cf 23 ec 3a 7b 3d 41 b4 d4 2c Sep 21 07:16:36.974936: | data being hmac: 83 14 8b 94 89 59 05 8c ab 35 f7 6e f3 66 e7 1e Sep 21 07:16:36.974939: | data being hmac: 9d 8a 4a e6 f7 89 8a a5 95 06 44 18 c2 5e 2d 14 Sep 21 07:16:36.974941: | data being hmac: bf c1 6c 68 bd 48 79 26 6c ac d9 49 42 b0 ff 7a Sep 21 07:16:36.974944: | data being hmac: bd cf ba 7c bb c5 40 12 a5 7f 3e aa 83 b9 e1 79 Sep 21 07:16:36.974946: | data being hmac: 45 24 c7 1b f9 39 4f 48 68 45 13 17 ab 91 99 4f Sep 21 07:16:36.974948: | data being hmac: 57 26 8d 47 4f cb 4a 6b 97 90 ea 33 8d 0a c4 bc Sep 21 07:16:36.974951: | data being hmac: ab 19 f7 3c 93 f6 92 06 0c 6c af 22 a0 40 7d 93 Sep 21 07:16:36.974953: | data being hmac: 46 59 a9 2d 61 a3 a4 dc 29 b0 d4 7a 30 77 a4 0a Sep 21 07:16:36.974955: | data being hmac: ba 47 86 7a 68 22 5e ce 7e ba 16 5e 5c 1c a9 48 Sep 21 07:16:36.974957: | data being hmac: db 78 64 dd 57 f3 5c 71 12 28 ff 43 bd c2 0c 9c Sep 21 07:16:36.974959: | data being hmac: f3 ac 0c 5b 98 24 fe d0 df 53 c2 f6 c7 75 46 ca Sep 21 07:16:36.974961: | data being hmac: 01 70 28 c9 e6 96 7c 37 2f 28 23 d5 cf 2b 27 c7 Sep 21 07:16:36.974963: | data being hmac: 93 a3 36 b0 2e b8 60 5f 41 4e 0f 1a e2 2f 4a 20 Sep 21 07:16:36.974966: | data being hmac: fa 1d b7 c8 c8 fc 53 32 e7 b6 ca 45 81 ae 6b 70 Sep 21 07:16:36.974968: | data being hmac: 66 da 56 3b 83 2e 52 c9 d6 34 b1 9e 20 8f 14 57 Sep 21 07:16:36.974970: | data being hmac: 79 73 55 34 dd e8 a8 bf 50 7c 0c 77 9f cc 85 b0 Sep 21 07:16:36.974972: | data being hmac: c4 34 bc e7 e2 dd d9 ec a9 56 12 95 6f 00 87 b2 Sep 21 07:16:36.974975: | data being hmac: 88 87 82 91 f6 21 62 68 7b 9b 2d 7a bf 60 31 b7 Sep 21 07:16:36.974977: | data being hmac: f4 70 c3 83 0e 39 03 0c e5 db 23 56 1e 0c 72 e1 Sep 21 07:16:36.974979: | data being hmac: 5c c8 80 02 34 cc 11 bd 66 dc 05 d7 dd ef a5 fa Sep 21 07:16:36.974984: | data being hmac: cb e2 ee d3 e1 e9 86 27 73 71 5d 09 46 cb 75 d9 Sep 21 07:16:36.974988: | data being hmac: 61 56 c5 4f 79 15 aa 9f da 12 a8 85 2d 09 cf bd Sep 21 07:16:36.974991: | data being hmac: 68 ee 28 da 82 16 9e c0 4d fe d2 a2 7a 40 7c a3 Sep 21 07:16:36.974994: | data being hmac: d3 f8 c5 ac 06 86 56 22 da 4e 8b 16 7a c3 cd a6 Sep 21 07:16:36.974997: | data being hmac: 74 52 fe fb cd c0 f1 c2 d0 09 c9 a6 eb 7b d2 09 Sep 21 07:16:36.975000: | out calculated auth: Sep 21 07:16:36.975003: | 0e 90 0d 84 fc 37 f6 47 cf bc 71 37 e2 ad 87 08 Sep 21 07:16:36.975012: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:36.975016: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_OK Sep 21 07:16:36.975020: | IKEv2: transition from state STATE_V2_CREATE_I0 to state STATE_V2_CREATE_I Sep 21 07:16:36.975024: | child state #3: V2_CREATE_I0(established IKE SA) => V2_CREATE_I(established IKE SA) Sep 21 07:16:36.975028: | Message ID: updating counters for #3 to 4294967295 after switching state Sep 21 07:16:36.975031: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:16:36.975038: | Message ID: sent #1.#3 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1 Sep 21 07:16:36.975042: "north-eastnets/0x2" #3: STATE_V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:16:36.975060: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:16:36.975069: | sending 608 bytes for STATE_V2_CREATE_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:36.975073: | 37 34 b6 02 ea fb 65 7e 41 58 a7 32 16 4b 4c eb Sep 21 07:16:36.975076: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Sep 21 07:16:36.975078: | c5 fb 50 f2 61 ad d0 18 f2 4a e9 72 04 77 55 3d Sep 21 07:16:36.975081: | c2 9f 3d 73 b2 ca c3 ea 9e ba 3f 70 ee 3a 1c 0e Sep 21 07:16:36.975084: | d4 ad 61 5c d9 53 63 f8 c9 f0 68 fc 73 64 b2 cf Sep 21 07:16:36.975087: | d0 f5 67 d1 cc 5d 73 32 5c f0 1d b5 51 19 1a 12 Sep 21 07:16:36.975090: | 43 e4 ca 4a 80 ad e4 2c 92 00 ff b8 10 95 55 9b Sep 21 07:16:36.975093: | 7c 03 2e 86 4d 2a 6a 36 ed ec f6 a6 69 9d 87 8b Sep 21 07:16:36.975096: | 83 d7 eb 88 17 ce f7 d8 d9 19 74 ee 04 42 d6 7c Sep 21 07:16:36.975099: | 70 39 01 a5 be 5d ad 62 23 ec 90 97 88 c6 6d c5 Sep 21 07:16:36.975102: | 46 de c8 2a ac 2b a6 f3 96 4f be ec 4b af 1d 36 Sep 21 07:16:36.975106: | 83 6e d1 a9 71 4e cf 23 ec 3a 7b 3d 41 b4 d4 2c Sep 21 07:16:36.975109: | 83 14 8b 94 89 59 05 8c ab 35 f7 6e f3 66 e7 1e Sep 21 07:16:36.975112: | 9d 8a 4a e6 f7 89 8a a5 95 06 44 18 c2 5e 2d 14 Sep 21 07:16:36.975115: | bf c1 6c 68 bd 48 79 26 6c ac d9 49 42 b0 ff 7a Sep 21 07:16:36.975118: | bd cf ba 7c bb c5 40 12 a5 7f 3e aa 83 b9 e1 79 Sep 21 07:16:36.975121: | 45 24 c7 1b f9 39 4f 48 68 45 13 17 ab 91 99 4f Sep 21 07:16:36.975124: | 57 26 8d 47 4f cb 4a 6b 97 90 ea 33 8d 0a c4 bc Sep 21 07:16:36.975127: | ab 19 f7 3c 93 f6 92 06 0c 6c af 22 a0 40 7d 93 Sep 21 07:16:36.975129: | 46 59 a9 2d 61 a3 a4 dc 29 b0 d4 7a 30 77 a4 0a Sep 21 07:16:36.975133: | ba 47 86 7a 68 22 5e ce 7e ba 16 5e 5c 1c a9 48 Sep 21 07:16:36.975135: | db 78 64 dd 57 f3 5c 71 12 28 ff 43 bd c2 0c 9c Sep 21 07:16:36.975138: | f3 ac 0c 5b 98 24 fe d0 df 53 c2 f6 c7 75 46 ca Sep 21 07:16:36.975141: | 01 70 28 c9 e6 96 7c 37 2f 28 23 d5 cf 2b 27 c7 Sep 21 07:16:36.975144: | 93 a3 36 b0 2e b8 60 5f 41 4e 0f 1a e2 2f 4a 20 Sep 21 07:16:36.975147: | fa 1d b7 c8 c8 fc 53 32 e7 b6 ca 45 81 ae 6b 70 Sep 21 07:16:36.975150: | 66 da 56 3b 83 2e 52 c9 d6 34 b1 9e 20 8f 14 57 Sep 21 07:16:36.975153: | 79 73 55 34 dd e8 a8 bf 50 7c 0c 77 9f cc 85 b0 Sep 21 07:16:36.975156: | c4 34 bc e7 e2 dd d9 ec a9 56 12 95 6f 00 87 b2 Sep 21 07:16:36.975159: | 88 87 82 91 f6 21 62 68 7b 9b 2d 7a bf 60 31 b7 Sep 21 07:16:36.975161: | f4 70 c3 83 0e 39 03 0c e5 db 23 56 1e 0c 72 e1 Sep 21 07:16:36.975164: | 5c c8 80 02 34 cc 11 bd 66 dc 05 d7 dd ef a5 fa Sep 21 07:16:36.975167: | cb e2 ee d3 e1 e9 86 27 73 71 5d 09 46 cb 75 d9 Sep 21 07:16:36.975169: | 61 56 c5 4f 79 15 aa 9f da 12 a8 85 2d 09 cf bd Sep 21 07:16:36.975172: | 68 ee 28 da 82 16 9e c0 4d fe d2 a2 7a 40 7c a3 Sep 21 07:16:36.975175: | d3 f8 c5 ac 06 86 56 22 da 4e 8b 16 7a c3 cd a6 Sep 21 07:16:36.975177: | 74 52 fe fb cd c0 f1 c2 d0 09 c9 a6 eb 7b d2 09 Sep 21 07:16:36.975180: | 0e 90 0d 84 fc 37 f6 47 cf bc 71 37 e2 ad 87 08 Sep 21 07:16:36.975210: | state #3 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:16:36.975217: | libevent_free: release ptr-libevent@0x561b42b2b2c0 Sep 21 07:16:36.975222: | free_event_entry: release EVENT_SA_REPLACE-pe@0x561b42b29dc0 Sep 21 07:16:36.975225: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=50ms Sep 21 07:16:36.975229: | event_schedule: new EVENT_RETRANSMIT-pe@0x561b42b29dc0 Sep 21 07:16:36.975233: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #3 Sep 21 07:16:36.975236: | libevent_malloc: new ptr-libevent@0x561b42b2b2c0 size 128 Sep 21 07:16:36.975241: | #3 STATE_V2_CREATE_I: retransmits: first event in 0.05 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48843.343493 Sep 21 07:16:36.975248: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:16:36.975255: | resume processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:16:36.975260: | #1 spent 1.04 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:16:36.975265: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:16:36.975268: | libevent_free: release ptr-libevent@0x7f9628006900 Sep 21 07:16:37.008841: | spent 0.00281 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:37.008861: | *received 608 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:37.008864: | 37 34 b6 02 ea fb 65 7e 41 58 a7 32 16 4b 4c eb Sep 21 07:16:37.008866: | 2e 20 24 20 00 00 00 02 00 00 02 60 21 00 02 44 Sep 21 07:16:37.008869: | ca 75 2b 55 a9 ab c1 ac 95 27 dd d1 67 88 cb 90 Sep 21 07:16:37.008871: | bf 24 c9 d2 73 35 48 5f 6b b2 94 c4 0b 2e 77 54 Sep 21 07:16:37.008873: | d4 c6 77 75 19 5f fd f7 70 eb 56 fa 6b a6 b8 0c Sep 21 07:16:37.008876: | 1b 50 a5 13 75 59 70 11 d0 98 18 df ea d0 a3 a8 Sep 21 07:16:37.008878: | 07 e1 73 5b f3 99 1e b4 a3 49 b1 ed b7 67 28 e5 Sep 21 07:16:37.008880: | af 68 b7 d1 2d ee c4 5f aa 10 0d 86 06 90 eb 61 Sep 21 07:16:37.008882: | 05 2b 35 4b cf 4e f5 4b 19 b7 ee 9e 4e 06 bf f9 Sep 21 07:16:37.008884: | a9 22 80 87 8a 47 3f c5 b0 9c c1 f0 d4 55 7e 69 Sep 21 07:16:37.008886: | 2f 6f 53 62 21 68 8f db a4 d1 09 42 cd cc 56 61 Sep 21 07:16:37.008888: | c5 0c a8 9f 41 89 ea 34 12 07 c6 2f d1 09 e7 3d Sep 21 07:16:37.008890: | 89 74 ca 94 d5 93 f4 78 cf 1d 5f bc 9f d4 ab 51 Sep 21 07:16:37.008892: | 5b 8e 84 e4 44 83 3a 55 c3 c1 e9 cc 54 b8 7b a7 Sep 21 07:16:37.008894: | a0 19 77 35 a5 5d 45 8c d6 95 98 40 6e 7e f1 fa Sep 21 07:16:37.008897: | e5 b5 df 20 b9 55 a5 ee be d1 16 a8 8d 44 d7 d0 Sep 21 07:16:37.008899: | a0 1e 39 c2 a5 08 26 7e 0f 89 1b ab 49 c1 ba 3c Sep 21 07:16:37.008901: | 36 81 e9 5e d0 98 85 07 41 a6 13 ae 6c f7 88 32 Sep 21 07:16:37.008903: | 67 cb da 36 c4 47 ac 6b 42 38 ad e8 fd 20 c9 ab Sep 21 07:16:37.008905: | 62 d8 69 26 a2 51 08 c1 c1 4d f5 83 f5 93 e6 d8 Sep 21 07:16:37.008907: | 52 66 ab 90 66 68 5e f6 02 b0 ee 18 39 56 1d a9 Sep 21 07:16:37.008909: | 32 7f f3 31 8e ad 27 a4 ba 89 d5 2b d9 f8 94 3d Sep 21 07:16:37.008912: | 5b fd 47 e9 d0 6e fa e8 8b 47 58 89 14 54 9d d6 Sep 21 07:16:37.008914: | 16 58 1b 6f 02 72 50 9d df 94 d3 9e d2 06 9c f9 Sep 21 07:16:37.008916: | e3 f6 b9 64 6f 80 ab e4 5e 6c e8 f9 8e 97 57 89 Sep 21 07:16:37.008918: | a6 24 b1 d8 9d f9 1f 78 af 6d b4 76 2c 25 03 e8 Sep 21 07:16:37.008920: | da c8 90 64 b0 4e 2d a8 dc e1 5b b3 fe 9d e0 54 Sep 21 07:16:37.008922: | 64 66 a4 07 dc 0b 4f 57 67 ed ca 1b 1c d4 da 04 Sep 21 07:16:37.008924: | 7e 36 a5 08 2c 92 62 57 34 95 dd 50 d6 36 2f b9 Sep 21 07:16:37.008926: | d7 8e 31 90 89 28 51 f0 ec d1 d1 65 82 5a 37 77 Sep 21 07:16:37.008928: | 16 01 87 97 c5 bc 62 5f b0 93 3b 08 1f 70 1d b1 Sep 21 07:16:37.008930: | 7f f5 8f 06 8a 5c 1d 5c 9f c5 2c 71 9b 03 c3 a7 Sep 21 07:16:37.008933: | b3 ec 4b 33 70 b1 a5 a1 6a 08 0a c5 f7 a3 61 f2 Sep 21 07:16:37.008935: | 54 12 35 b6 98 33 ea e3 48 6f 02 65 03 d5 68 ca Sep 21 07:16:37.008937: | aa 33 07 a9 bd 35 ba 4a 6c 5d 83 8e 6e d4 ca f7 Sep 21 07:16:37.008939: | 67 a9 69 26 d2 a1 00 eb 91 30 0c 04 76 40 5b 02 Sep 21 07:16:37.008941: | 07 0e 4f b6 ca bc ff 4c 44 6d f1 ee 50 02 5a 13 Sep 21 07:16:37.008943: | e0 a9 e8 80 28 ef 2a 15 d1 52 e2 08 06 c5 e7 b7 Sep 21 07:16:37.008948: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:37.008952: | **parse ISAKMP Message: Sep 21 07:16:37.008955: | initiator cookie: Sep 21 07:16:37.008957: | 37 34 b6 02 ea fb 65 7e Sep 21 07:16:37.008959: | responder cookie: Sep 21 07:16:37.008960: | 41 58 a7 32 16 4b 4c eb Sep 21 07:16:37.008965: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:37.008968: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:37.008970: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:16:37.008973: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:37.008975: | Message ID: 2 (0x2) Sep 21 07:16:37.008977: | length: 608 (0x260) Sep 21 07:16:37.008979: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Sep 21 07:16:37.008982: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Sep 21 07:16:37.008987: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:16:37.008993: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:37.008997: | State DB: found IKEv2 state #3 in V2_CREATE_I (find_v2_sa_by_initiator_wip) Sep 21 07:16:37.009001: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:37.009006: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:37.009009: | #3 is idle Sep 21 07:16:37.009011: | #3 idle Sep 21 07:16:37.009013: | unpacking clear payload Sep 21 07:16:37.009016: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:37.009018: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:37.009021: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:37.009023: | flags: none (0x0) Sep 21 07:16:37.009026: | length: 580 (0x244) Sep 21 07:16:37.009028: | processing payload: ISAKMP_NEXT_v2SK (len=576) Sep 21 07:16:37.009031: | #3 in state V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:16:37.009066: | data for hmac: 37 34 b6 02 ea fb 65 7e 41 58 a7 32 16 4b 4c eb Sep 21 07:16:37.009070: | data for hmac: 2e 20 24 20 00 00 00 02 00 00 02 60 21 00 02 44 Sep 21 07:16:37.009072: | data for hmac: ca 75 2b 55 a9 ab c1 ac 95 27 dd d1 67 88 cb 90 Sep 21 07:16:37.009074: | data for hmac: bf 24 c9 d2 73 35 48 5f 6b b2 94 c4 0b 2e 77 54 Sep 21 07:16:37.009076: | data for hmac: d4 c6 77 75 19 5f fd f7 70 eb 56 fa 6b a6 b8 0c Sep 21 07:16:37.009078: | data for hmac: 1b 50 a5 13 75 59 70 11 d0 98 18 df ea d0 a3 a8 Sep 21 07:16:37.009081: | data for hmac: 07 e1 73 5b f3 99 1e b4 a3 49 b1 ed b7 67 28 e5 Sep 21 07:16:37.009083: | data for hmac: af 68 b7 d1 2d ee c4 5f aa 10 0d 86 06 90 eb 61 Sep 21 07:16:37.009085: | data for hmac: 05 2b 35 4b cf 4e f5 4b 19 b7 ee 9e 4e 06 bf f9 Sep 21 07:16:37.009087: | data for hmac: a9 22 80 87 8a 47 3f c5 b0 9c c1 f0 d4 55 7e 69 Sep 21 07:16:37.009089: | data for hmac: 2f 6f 53 62 21 68 8f db a4 d1 09 42 cd cc 56 61 Sep 21 07:16:37.009091: | data for hmac: c5 0c a8 9f 41 89 ea 34 12 07 c6 2f d1 09 e7 3d Sep 21 07:16:37.009094: | data for hmac: 89 74 ca 94 d5 93 f4 78 cf 1d 5f bc 9f d4 ab 51 Sep 21 07:16:37.009096: | data for hmac: 5b 8e 84 e4 44 83 3a 55 c3 c1 e9 cc 54 b8 7b a7 Sep 21 07:16:37.009098: | data for hmac: a0 19 77 35 a5 5d 45 8c d6 95 98 40 6e 7e f1 fa Sep 21 07:16:37.009100: | data for hmac: e5 b5 df 20 b9 55 a5 ee be d1 16 a8 8d 44 d7 d0 Sep 21 07:16:37.009102: | data for hmac: a0 1e 39 c2 a5 08 26 7e 0f 89 1b ab 49 c1 ba 3c Sep 21 07:16:37.009104: | data for hmac: 36 81 e9 5e d0 98 85 07 41 a6 13 ae 6c f7 88 32 Sep 21 07:16:37.009106: | data for hmac: 67 cb da 36 c4 47 ac 6b 42 38 ad e8 fd 20 c9 ab Sep 21 07:16:37.009108: | data for hmac: 62 d8 69 26 a2 51 08 c1 c1 4d f5 83 f5 93 e6 d8 Sep 21 07:16:37.009111: | data for hmac: 52 66 ab 90 66 68 5e f6 02 b0 ee 18 39 56 1d a9 Sep 21 07:16:37.009113: | data for hmac: 32 7f f3 31 8e ad 27 a4 ba 89 d5 2b d9 f8 94 3d Sep 21 07:16:37.009116: | data for hmac: 5b fd 47 e9 d0 6e fa e8 8b 47 58 89 14 54 9d d6 Sep 21 07:16:37.009119: | data for hmac: 16 58 1b 6f 02 72 50 9d df 94 d3 9e d2 06 9c f9 Sep 21 07:16:37.009124: | data for hmac: e3 f6 b9 64 6f 80 ab e4 5e 6c e8 f9 8e 97 57 89 Sep 21 07:16:37.009127: | data for hmac: a6 24 b1 d8 9d f9 1f 78 af 6d b4 76 2c 25 03 e8 Sep 21 07:16:37.009129: | data for hmac: da c8 90 64 b0 4e 2d a8 dc e1 5b b3 fe 9d e0 54 Sep 21 07:16:37.009131: | data for hmac: 64 66 a4 07 dc 0b 4f 57 67 ed ca 1b 1c d4 da 04 Sep 21 07:16:37.009133: | data for hmac: 7e 36 a5 08 2c 92 62 57 34 95 dd 50 d6 36 2f b9 Sep 21 07:16:37.009135: | data for hmac: d7 8e 31 90 89 28 51 f0 ec d1 d1 65 82 5a 37 77 Sep 21 07:16:37.009138: | data for hmac: 16 01 87 97 c5 bc 62 5f b0 93 3b 08 1f 70 1d b1 Sep 21 07:16:37.009140: | data for hmac: 7f f5 8f 06 8a 5c 1d 5c 9f c5 2c 71 9b 03 c3 a7 Sep 21 07:16:37.009142: | data for hmac: b3 ec 4b 33 70 b1 a5 a1 6a 08 0a c5 f7 a3 61 f2 Sep 21 07:16:37.009148: | data for hmac: 54 12 35 b6 98 33 ea e3 48 6f 02 65 03 d5 68 ca Sep 21 07:16:37.009152: | data for hmac: aa 33 07 a9 bd 35 ba 4a 6c 5d 83 8e 6e d4 ca f7 Sep 21 07:16:37.009154: | data for hmac: 67 a9 69 26 d2 a1 00 eb 91 30 0c 04 76 40 5b 02 Sep 21 07:16:37.009158: | data for hmac: 07 0e 4f b6 ca bc ff 4c 44 6d f1 ee 50 02 5a 13 Sep 21 07:16:37.009161: | calculated auth: e0 a9 e8 80 28 ef 2a 15 d1 52 e2 08 06 c5 e7 b7 Sep 21 07:16:37.009164: | provided auth: e0 a9 e8 80 28 ef 2a 15 d1 52 e2 08 06 c5 e7 b7 Sep 21 07:16:37.009166: | authenticator matched Sep 21 07:16:37.009179: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Sep 21 07:16:37.009183: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:37.009186: | **parse IKEv2 Security Association Payload: Sep 21 07:16:37.009190: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:16:37.009193: | flags: none (0x0) Sep 21 07:16:37.009196: | length: 52 (0x34) Sep 21 07:16:37.009200: | processing payload: ISAKMP_NEXT_v2SA (len=48) Sep 21 07:16:37.009203: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:16:37.009206: | **parse IKEv2 Nonce Payload: Sep 21 07:16:37.009209: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:16:37.009212: | flags: none (0x0) Sep 21 07:16:37.009215: | length: 36 (0x24) Sep 21 07:16:37.009218: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:16:37.009221: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:16:37.009224: | **parse IKEv2 Key Exchange Payload: Sep 21 07:16:37.009228: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:16:37.009231: | flags: none (0x0) Sep 21 07:16:37.009234: | length: 392 (0x188) Sep 21 07:16:37.009237: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:37.009242: | processing payload: ISAKMP_NEXT_v2KE (len=384) Sep 21 07:16:37.009245: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:16:37.009248: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:37.009251: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:16:37.009253: | flags: none (0x0) Sep 21 07:16:37.009255: | length: 24 (0x18) Sep 21 07:16:37.009257: | number of TS: 1 (0x1) Sep 21 07:16:37.009259: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:16:37.009261: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:16:37.009263: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:37.009265: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:37.009267: | flags: none (0x0) Sep 21 07:16:37.009269: | length: 24 (0x18) Sep 21 07:16:37.009272: | number of TS: 1 (0x1) Sep 21 07:16:37.009274: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:16:37.009277: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:16:37.009283: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:16:37.009286: | forcing ST #3 to CHILD #1.#3 in FSM processor Sep 21 07:16:37.009288: | Now let's proceed with state specific processing Sep 21 07:16:37.009290: | calling processor Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:16:37.009303: | using existing local ESP/AH proposals for north-eastnets/0x2 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Sep 21 07:16:37.009307: | Comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 1 local proposals Sep 21 07:16:37.009311: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:37.009313: | local proposal 1 type PRF has 0 transforms Sep 21 07:16:37.009316: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:37.009318: | local proposal 1 type DH has 1 transforms Sep 21 07:16:37.009320: | local proposal 1 type ESN has 1 transforms Sep 21 07:16:37.009324: | local proposal 1 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:16:37.009327: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:37.009329: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:37.009332: | length: 48 (0x30) Sep 21 07:16:37.009334: | prop #: 1 (0x1) Sep 21 07:16:37.009337: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:37.009339: | spi size: 4 (0x4) Sep 21 07:16:37.009341: | # transforms: 4 (0x4) Sep 21 07:16:37.009345: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:16:37.009347: | remote SPI 4e 78 29 0b Sep 21 07:16:37.009350: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Sep 21 07:16:37.009353: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:37.009356: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.009358: | length: 12 (0xc) Sep 21 07:16:37.009361: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:37.009363: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:37.009366: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:37.009369: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:37.009371: | length/value: 128 (0x80) Sep 21 07:16:37.009376: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:37.009379: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:37.009382: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.009384: | length: 8 (0x8) Sep 21 07:16:37.009387: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:37.009389: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:37.009393: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Sep 21 07:16:37.009396: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:37.009398: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.009400: | length: 8 (0x8) Sep 21 07:16:37.009403: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.009405: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:37.009409: | remote proposal 1 transform 2 (DH=MODP3072) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:16:37.009411: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:37.009413: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:37.009415: | length: 8 (0x8) Sep 21 07:16:37.009418: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:37.009419: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:37.009422: | remote proposal 1 transform 3 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:16:37.009426: | remote proposal 1 proposed transforms: ENCR+INTEG+DH+ESN; matched: ENCR+INTEG+DH+ESN; unmatched: none Sep 21 07:16:37.009430: | comparing remote proposal 1 containing ENCR+INTEG+DH+ESN transforms to local proposal 1; required: ENCR+INTEG+DH+ESN; optional: none; matched: ENCR+INTEG+DH+ESN Sep 21 07:16:37.009433: | remote proposal 1 matches local proposal 1 Sep 21 07:16:37.009436: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED[first-match] Sep 21 07:16:37.009441: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=4e78290b;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Sep 21 07:16:37.009446: | converting proposal to internal trans attrs Sep 21 07:16:37.009451: | updating #3's .st_oakley with preserved PRF, but why update? Sep 21 07:16:37.009459: | adding ikev2 Child SA initiator pfs=yes work-order 4 for state #3 Sep 21 07:16:37.009462: | state #3 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:37.009465: | #3 STATE_V2_CREATE_I: retransmits: cleared Sep 21 07:16:37.009469: | libevent_free: release ptr-libevent@0x561b42b2b2c0 Sep 21 07:16:37.009472: | free_event_entry: release EVENT_RETRANSMIT-pe@0x561b42b29dc0 Sep 21 07:16:37.009475: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x561b42b29dc0 Sep 21 07:16:37.009478: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:16:37.009481: | libevent_malloc: new ptr-libevent@0x561b42b2b2c0 size 128 Sep 21 07:16:37.009493: | #3 spent 0.193 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Sep 21 07:16:37.009499: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:37.009503: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_SUSPEND Sep 21 07:16:37.009505: | suspending state #3 and saving MD Sep 21 07:16:37.009508: | #3 is busy; has a suspended MD Sep 21 07:16:37.009512: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:37.009516: | "north-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:37.009520: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:37.009525: | #1 spent 0.673 milliseconds in ikev2_process_packet() Sep 21 07:16:37.009530: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:37.009533: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:37.009535: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:37.009540: | spent 0.688 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:37.010494: | crypto helper 5 resuming Sep 21 07:16:37.010504: | crypto helper 5 starting work-order 4 for state #3 Sep 21 07:16:37.010509: | crypto helper 5 doing crypto (ikev2 Child SA initiator pfs=yes); request ID 4 Sep 21 07:16:37.010512: | crypto helper is pausing for 1 seconds Sep 21 07:16:38.021849: | crypto helper 5 finished crypto (ikev2 Child SA initiator pfs=yes); request ID 4 time elapsed 1.011337 seconds Sep 21 07:16:38.021866: | (#3) spent 2.48 milliseconds in crypto helper computing work-order 4: ikev2 Child SA initiator pfs=yes (dh) Sep 21 07:16:38.021870: | crypto helper 5 sending results from work-order 4 for state #3 to event queue Sep 21 07:16:38.021873: | scheduling resume sending helper answer for #3 Sep 21 07:16:38.021878: | libevent_malloc: new ptr-libevent@0x7f9618001100 size 128 Sep 21 07:16:38.021888: | crypto helper 5 waiting (nothing to do) Sep 21 07:16:38.021900: | processing resume sending helper answer for #3 Sep 21 07:16:38.021909: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:38.021913: | crypto helper 5 replies to request ID 4 Sep 21 07:16:38.021915: | calling continuation function 0x561b40ecb4f0 Sep 21 07:16:38.021920: | ikev2_child_inR_continue for #3 STATE_V2_CREATE_I Sep 21 07:16:38.021923: | TSi: parsing 1 traffic selectors Sep 21 07:16:38.021927: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:38.021930: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:38.021932: | IP Protocol ID: 0 (0x0) Sep 21 07:16:38.021935: | length: 16 (0x10) Sep 21 07:16:38.021937: | start port: 0 (0x0) Sep 21 07:16:38.021939: | end port: 65535 (0xffff) Sep 21 07:16:38.021945: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:38.021948: | TS low c0 00 03 00 Sep 21 07:16:38.021951: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:38.021954: | TS high c0 00 03 ff Sep 21 07:16:38.021956: | TSi: parsed 1 traffic selectors Sep 21 07:16:38.021958: | TSr: parsing 1 traffic selectors Sep 21 07:16:38.021961: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:38.021963: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:38.021966: | IP Protocol ID: 0 (0x0) Sep 21 07:16:38.021968: | length: 16 (0x10) Sep 21 07:16:38.021970: | start port: 0 (0x0) Sep 21 07:16:38.021973: | end port: 65535 (0xffff) Sep 21 07:16:38.021976: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:38.021978: | TS low c0 00 16 00 Sep 21 07:16:38.021980: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:38.021982: | TS high c0 00 16 ff Sep 21 07:16:38.021985: | TSr: parsed 1 traffic selectors Sep 21 07:16:38.021992: | evaluating our conn="north-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Sep 21 07:16:38.021998: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:38.022006: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:16:38.022010: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:16:38.022013: | TSi[0] port match: YES fitness 65536 Sep 21 07:16:38.022016: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:16:38.022020: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:38.022025: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:38.022032: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Sep 21 07:16:38.022035: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:16:38.022038: | TSr[0] port match: YES fitness 65536 Sep 21 07:16:38.022041: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:16:38.022044: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:38.022046: | best fit so far: TSi[0] TSr[0] Sep 21 07:16:38.022049: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:16:38.022051: | printing contents struct traffic_selector Sep 21 07:16:38.022053: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:38.022055: | ipprotoid: 0 Sep 21 07:16:38.022058: | port range: 0-65535 Sep 21 07:16:38.022062: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:16:38.022064: | printing contents struct traffic_selector Sep 21 07:16:38.022067: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:38.022069: | ipprotoid: 0 Sep 21 07:16:38.022071: | port range: 0-65535 Sep 21 07:16:38.022076: | ip range: 192.0.22.0-192.0.22.255 Sep 21 07:16:38.022080: | integ=sha2_512: .key_size=64 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=80 Sep 21 07:16:38.023386: | install_ipsec_sa() for #3: inbound and outbound Sep 21 07:16:38.023398: | could_route called for north-eastnets/0x2 (kind=CK_PERMANENT) Sep 21 07:16:38.023401: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:38.023404: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:38.023407: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:38.023409: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:38.023411: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:38.023415: | route owner of "north-eastnets/0x2" unrouted: NULL; eroute owner: NULL Sep 21 07:16:38.023419: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Sep 21 07:16:38.023422: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:16:38.023425: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Sep 21 07:16:38.023430: | setting IPsec SA replay-window to 32 Sep 21 07:16:38.023433: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Sep 21 07:16:38.023439: | netlink: enabling tunnel mode Sep 21 07:16:38.023442: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:38.023445: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:38.023536: | netlink response for Add SA esp.4e78290b@192.1.2.23 included non-error error Sep 21 07:16:38.023542: | set up outgoing SA, ref=0/0 Sep 21 07:16:38.023546: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Sep 21 07:16:38.023549: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:16:38.023552: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Sep 21 07:16:38.023555: | setting IPsec SA replay-window to 32 Sep 21 07:16:38.023558: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Sep 21 07:16:38.023561: | netlink: enabling tunnel mode Sep 21 07:16:38.023564: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:38.023567: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:38.023623: | netlink response for Add SA esp.a2721547@192.1.3.33 included non-error error Sep 21 07:16:38.023628: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:38.023635: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:38.023639: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:38.023687: | raw_eroute result=success Sep 21 07:16:38.023691: | set up incoming SA, ref=0/0 Sep 21 07:16:38.023693: | sr for #3: unrouted Sep 21 07:16:38.023696: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:16:38.023699: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:38.023702: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:38.023704: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:38.023707: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:38.023710: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:38.023714: | route owner of "north-eastnets/0x2" unrouted: NULL; eroute owner: NULL Sep 21 07:16:38.023718: | route_and_eroute with c: north-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Sep 21 07:16:38.023721: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Sep 21 07:16:38.023729: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:16:38.023732: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:38.023756: | raw_eroute result=success Sep 21 07:16:38.023760: | running updown command "ipsec _updown" for verb up Sep 21 07:16:38.023763: | command executing up-client Sep 21 07:16:38.028832: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0 Sep 21 07:16:38.028846: | popen cmd is 1043 chars long Sep 21 07:16:38.028849: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2': Sep 21 07:16:38.028852: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_: Sep 21 07:16:38.028858: | cmd( 160):MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PL: Sep 21 07:16:38.028861: | cmd( 240):UTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO: Sep 21 07:16:38.028864: | cmd( 320):_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@ea: Sep 21 07:16:38.028866: | cmd( 400):st' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_P: Sep 21 07:16:38.028869: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Sep 21 07:16:38.028871: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN: Sep 21 07:16:38.028874: | cmd( 640):CRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KI: Sep 21 07:16:38.028876: | cmd( 720):ND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISC: Sep 21 07:16:38.028879: | cmd( 800):O='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUT: Sep 21 07:16:38.028882: | cmd( 880):O_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_R: Sep 21 07:16:38.028884: | cmd( 960):OUTING='no' VTI_SHARED='no' SPI_IN=0x4e78290b SPI_OUT=0xa2721547 ipsec _updown 2: Sep 21 07:16:38.028886: | cmd(1040):>&1: Sep 21 07:16:38.429041: | route_and_eroute: firewall_notified: true Sep 21 07:16:38.429061: | running updown command "ipsec _updown" for verb prepare Sep 21 07:16:38.429065: | command executing prepare-client Sep 21 07:16:38.429099: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no Sep 21 07:16:38.429103: | popen cmd is 1048 chars long Sep 21 07:16:38.429106: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets: Sep 21 07:16:38.429109: | cmd( 80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' P: Sep 21 07:16:38.429112: | cmd( 160):LUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Sep 21 07:16:38.429115: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Sep 21 07:16:38.429117: | cmd( 320):PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Sep 21 07:16:38.429120: | cmd( 400):='@east' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PL: Sep 21 07:16:38.429123: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Sep 21 07:16:38.429125: | cmd( 560): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSAS: Sep 21 07:16:38.429128: | cmd( 640):IG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CO: Sep 21 07:16:38.429131: | cmd( 720):NN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER: Sep 21 07:16:38.429133: | cmd( 800):_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='': Sep 21 07:16:38.429136: | cmd( 880): PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' : Sep 21 07:16:38.429142: | cmd( 960):VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4e78290b SPI_OUT=0xa2721547 ipsec _upd: Sep 21 07:16:38.429145: | cmd(1040):own 2>&1: Sep 21 07:16:38.526059: | running updown command "ipsec _updown" for verb route Sep 21 07:16:38.526078: | command executing route-client Sep 21 07:16:38.526118: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Sep 21 07:16:38.526122: | popen cmd is 1046 chars long Sep 21 07:16:38.526126: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0: Sep 21 07:16:38.526130: | cmd( 80):x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLU: Sep 21 07:16:38.526133: | cmd( 160):TO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0': Sep 21 07:16:38.526137: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Sep 21 07:16:38.526140: | cmd( 320):UTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=': Sep 21 07:16:38.526143: | cmd( 400):@east' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUT: Sep 21 07:16:38.526147: | cmd( 480):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Sep 21 07:16:38.526150: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG: Sep 21 07:16:38.526154: | cmd( 640):+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Sep 21 07:16:38.526157: | cmd( 720):_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C: Sep 21 07:16:38.526161: | cmd( 800):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P: Sep 21 07:16:38.526164: | cmd( 880):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT: Sep 21 07:16:38.526167: | cmd( 960):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4e78290b SPI_OUT=0xa2721547 ipsec _updow: Sep 21 07:16:38.526170: | cmd(1040):n 2>&1: Sep 21 07:16:38.670250: | route_and_eroute: instance "north-eastnets/0x2", setting eroute_owner {spd=0x561b42b218f0,sr=0x561b42b218f0} to #3 (was #0) (newest_ipsec_sa=#0) Sep 21 07:16:38.670416: | #1 spent 1.01 milliseconds in install_ipsec_sa() Sep 21 07:16:38.670424: | inR2: instance north-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Sep 21 07:16:38.670428: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:38.670433: | libevent_free: release ptr-libevent@0x561b42b2b2c0 Sep 21 07:16:38.670437: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x561b42b29dc0 Sep 21 07:16:38.670446: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:38.670450: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_OK Sep 21 07:16:38.670453: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Sep 21 07:16:38.670457: | child state #3: V2_CREATE_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:16:38.670464: | Message ID: updating counters for #3 to 2 after switching state Sep 21 07:16:38.670470: | Message ID: recv #1.#3 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1; child: wip.initiator=2->-1 wip.responder=-1 Sep 21 07:16:38.670476: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:38.670480: | pstats #3 ikev2.child established Sep 21 07:16:38.670488: "north-eastnets/0x2" #3: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.22.0-192.0.22.255:0-65535 0] Sep 21 07:16:38.670501: | NAT-T: encaps is 'auto' Sep 21 07:16:38.670507: "north-eastnets/0x2" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x4e78290b <0xa2721547 xfrm=AES_CBC_128-HMAC_SHA2_512_256-MODP3072 NATOA=none NATD=none DPD=passive} Sep 21 07:16:38.670512: | releasing whack for #3 (sock=fd@25) Sep 21 07:16:38.670519: | close_any(fd@25) (in release_whack() at state.c:654) Sep 21 07:16:38.670522: | releasing whack and unpending for parent #1 Sep 21 07:16:38.670526: | unpending state #1 connection "north-eastnets/0x2" Sep 21 07:16:38.670531: | #3 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Sep 21 07:16:38.670534: | event_schedule: new EVENT_SA_REKEY-pe@0x561b42b29dc0 Sep 21 07:16:38.670538: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #3 Sep 21 07:16:38.670541: | libevent_malloc: new ptr-libevent@0x561b42b2b2c0 size 128 Sep 21 07:16:38.670549: | #3 spent 1.67 milliseconds in resume sending helper answer Sep 21 07:16:38.670555: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:38.670558: | libevent_free: release ptr-libevent@0x7f9618001100 Sep 21 07:16:38.670570: | processing signal PLUTO_SIGCHLD Sep 21 07:16:38.670576: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:38.670582: | spent 0.00572 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:38.670585: | processing signal PLUTO_SIGCHLD Sep 21 07:16:38.670588: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:38.670592: | spent 0.00363 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:38.670595: | processing signal PLUTO_SIGCHLD Sep 21 07:16:38.670598: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:38.670602: | spent 0.00355 milliseconds in signal handler PLUTO_SIGCHLD