Sep 21 07:16:31.288154: FIPS Product: YES Sep 21 07:16:31.288194: FIPS Kernel: NO Sep 21 07:16:31.288197: FIPS Mode: NO Sep 21 07:16:31.288199: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:16:31.288352: Initializing NSS Sep 21 07:16:31.288355: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:16:31.328172: NSS initialized Sep 21 07:16:31.328186: NSS crypto library initialized Sep 21 07:16:31.328191: FIPS HMAC integrity support [enabled] Sep 21 07:16:31.328194: FIPS mode disabled for pluto daemon Sep 21 07:16:31.398296: FIPS HMAC integrity verification self-test FAILED Sep 21 07:16:31.398379: libcap-ng support [enabled] Sep 21 07:16:31.398386: Linux audit support [enabled] Sep 21 07:16:31.398406: Linux audit activated Sep 21 07:16:31.398411: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:12725 Sep 21 07:16:31.398413: core dump dir: /var/tmp Sep 21 07:16:31.398415: secrets file: /etc/ipsec.secrets Sep 21 07:16:31.398416: leak-detective disabled Sep 21 07:16:31.398417: NSS crypto [enabled] Sep 21 07:16:31.398418: XAUTH PAM support [enabled] Sep 21 07:16:31.398475: | libevent is using pluto's memory allocator Sep 21 07:16:31.398480: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:16:31.398491: | libevent_malloc: new ptr-libevent@0x564f7d3d63c0 size 40 Sep 21 07:16:31.398495: | libevent_malloc: new ptr-libevent@0x564f7d3d63f0 size 40 Sep 21 07:16:31.398498: | libevent_malloc: new ptr-libevent@0x564f7d3d80f0 size 40 Sep 21 07:16:31.398499: | creating event base Sep 21 07:16:31.398501: | libevent_malloc: new ptr-libevent@0x564f7d3d80b0 size 56 Sep 21 07:16:31.398503: | libevent_malloc: new ptr-libevent@0x564f7d3d8120 size 664 Sep 21 07:16:31.398512: | libevent_malloc: new ptr-libevent@0x564f7d3d83c0 size 24 Sep 21 07:16:31.398514: | libevent_malloc: new ptr-libevent@0x564f7d3ad1f0 size 384 Sep 21 07:16:31.398521: | libevent_malloc: new ptr-libevent@0x564f7d3d83e0 size 16 Sep 21 07:16:31.398523: | libevent_malloc: new ptr-libevent@0x564f7d3d8400 size 40 Sep 21 07:16:31.398525: | libevent_malloc: new ptr-libevent@0x564f7d3d8430 size 48 Sep 21 07:16:31.398531: | libevent_realloc: new ptr-libevent@0x564f7d3d8470 size 256 Sep 21 07:16:31.398533: | libevent_malloc: new ptr-libevent@0x564f7d3d8580 size 16 Sep 21 07:16:31.398536: | libevent_free: release ptr-libevent@0x564f7d3d80b0 Sep 21 07:16:31.398539: | libevent initialized Sep 21 07:16:31.398541: | libevent_realloc: new ptr-libevent@0x564f7d3d85a0 size 64 Sep 21 07:16:31.398546: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:16:31.398556: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:16:31.398557: NAT-Traversal support [enabled] Sep 21 07:16:31.398559: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:16:31.398563: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:16:31.398566: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:16:31.398593: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:16:31.398596: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:16:31.398598: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:16:31.398633: Encryption algorithms: Sep 21 07:16:31.398637: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:16:31.398639: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:16:31.398642: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:16:31.398644: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:16:31.398646: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:16:31.398655: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:16:31.398659: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:16:31.398663: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:16:31.398666: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:16:31.398669: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:16:31.398672: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:16:31.398676: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:16:31.398679: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:16:31.398682: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:16:31.398686: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:16:31.398689: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:16:31.398692: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:16:31.398703: Hash algorithms: Sep 21 07:16:31.398706: MD5 IKEv1: IKE IKEv2: Sep 21 07:16:31.398708: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:16:31.398712: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:16:31.398714: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:16:31.398717: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:16:31.398730: PRF algorithms: Sep 21 07:16:31.398733: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:16:31.398736: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:16:31.398740: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:16:31.398743: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:16:31.398746: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:16:31.398749: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:16:31.398774: Integrity algorithms: Sep 21 07:16:31.398778: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:16:31.398781: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:16:31.398794: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:16:31.398799: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:16:31.398803: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:16:31.398806: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:16:31.398809: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:16:31.398812: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:16:31.398815: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:16:31.398829: DH algorithms: Sep 21 07:16:31.398832: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:16:31.398835: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:16:31.398838: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:16:31.398844: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:16:31.398847: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:16:31.398850: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:16:31.398853: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:16:31.398856: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:16:31.398859: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:16:31.398862: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:16:31.398865: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:16:31.398868: testing CAMELLIA_CBC: Sep 21 07:16:31.398870: Camellia: 16 bytes with 128-bit key Sep 21 07:16:31.398998: Camellia: 16 bytes with 128-bit key Sep 21 07:16:31.399031: Camellia: 16 bytes with 256-bit key Sep 21 07:16:31.399063: Camellia: 16 bytes with 256-bit key Sep 21 07:16:31.399094: testing AES_GCM_16: Sep 21 07:16:31.399098: empty string Sep 21 07:16:31.399128: one block Sep 21 07:16:31.399159: two blocks Sep 21 07:16:31.399187: two blocks with associated data Sep 21 07:16:31.399215: testing AES_CTR: Sep 21 07:16:31.399219: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:16:31.399247: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:16:31.399277: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:16:31.399303: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:16:31.399320: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:16:31.399336: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:16:31.399353: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:16:31.399368: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:16:31.399384: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:16:31.399400: testing AES_CBC: Sep 21 07:16:31.399402: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:16:31.399418: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:16:31.399436: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:16:31.399453: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:16:31.399475: testing AES_XCBC: Sep 21 07:16:31.399477: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:16:31.399558: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:16:31.399636: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:16:31.399719: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:16:31.399905: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:16:31.399985: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:16:31.400084: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:16:31.400332: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:16:31.400411: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:16:31.400494: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:16:31.400638: testing HMAC_MD5: Sep 21 07:16:31.400641: RFC 2104: MD5_HMAC test 1 Sep 21 07:16:31.400750: RFC 2104: MD5_HMAC test 2 Sep 21 07:16:31.400861: RFC 2104: MD5_HMAC test 3 Sep 21 07:16:31.400977: 8 CPU cores online Sep 21 07:16:31.400980: starting up 7 crypto helpers Sep 21 07:16:31.401005: started thread for crypto helper 0 Sep 21 07:16:31.401020: started thread for crypto helper 1 Sep 21 07:16:31.401037: started thread for crypto helper 2 Sep 21 07:16:31.401042: | starting up helper thread 2 Sep 21 07:16:31.401054: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:16:31.401066: | crypto helper 2 waiting (nothing to do) Sep 21 07:16:31.401060: | starting up helper thread 3 Sep 21 07:16:31.401079: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:16:31.401056: started thread for crypto helper 3 Sep 21 07:16:31.401142: started thread for crypto helper 4 Sep 21 07:16:31.401081: | crypto helper 3 waiting (nothing to do) Sep 21 07:16:31.401173: started thread for crypto helper 5 Sep 21 07:16:31.401206: started thread for crypto helper 6 Sep 21 07:16:31.401214: | checking IKEv1 state table Sep 21 07:16:31.401221: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:31.401224: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:16:31.401227: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:31.401229: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:16:31.401246: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:16:31.401248: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:16:31.401251: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:31.401253: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:31.401255: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:16:31.401256: | starting up helper thread 6 Sep 21 07:16:31.401258: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:16:31.401267: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:16:31.401271: | crypto helper 6 waiting (nothing to do) Sep 21 07:16:31.401262: | starting up helper thread 4 Sep 21 07:16:31.401285: | starting up helper thread 0 Sep 21 07:16:31.401291: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:16:31.401298: | crypto helper 4 waiting (nothing to do) Sep 21 07:16:31.401293: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:16:31.401316: | crypto helper 0 waiting (nothing to do) Sep 21 07:16:31.401278: | starting up helper thread 1 Sep 21 07:16:31.401271: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:31.401299: | starting up helper thread 5 Sep 21 07:16:31.401378: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:16:31.401385: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:31.401397: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:16:31.401411: | crypto helper 1 waiting (nothing to do) Sep 21 07:16:31.401407: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:16:31.401415: | crypto helper 5 waiting (nothing to do) Sep 21 07:16:31.401424: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:31.401433: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:31.401436: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:31.401439: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:16:31.401441: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:31.401443: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:31.401446: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:31.401448: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:16:31.401451: | -> UNDEFINED EVENT_NULL Sep 21 07:16:31.401453: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:16:31.401455: | -> UNDEFINED EVENT_NULL Sep 21 07:16:31.401458: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:31.401460: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:16:31.401463: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:31.401465: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:31.401467: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:31.401470: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:16:31.401472: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:31.401474: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:31.401477: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:16:31.401479: | -> UNDEFINED EVENT_NULL Sep 21 07:16:31.401481: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:16:31.401484: | -> UNDEFINED EVENT_NULL Sep 21 07:16:31.401486: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:16:31.401492: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:16:31.401495: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:16:31.401497: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:16:31.401500: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:16:31.401502: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:16:31.401505: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:16:31.401507: | -> UNDEFINED EVENT_NULL Sep 21 07:16:31.401509: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:16:31.401512: | -> UNDEFINED EVENT_NULL Sep 21 07:16:31.401514: | INFO: category: informational flags: 0: Sep 21 07:16:31.401516: | -> UNDEFINED EVENT_NULL Sep 21 07:16:31.401519: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:16:31.401521: | -> UNDEFINED EVENT_NULL Sep 21 07:16:31.401524: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:16:31.401526: | -> XAUTH_R1 EVENT_NULL Sep 21 07:16:31.401529: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:16:31.401531: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:31.401533: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:16:31.401536: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:16:31.401538: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:16:31.401540: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:16:31.401543: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:16:31.401545: | -> UNDEFINED EVENT_NULL Sep 21 07:16:31.401548: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:16:31.401550: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:31.401552: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:16:31.401555: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:16:31.401557: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:16:31.401559: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:16:31.401566: | checking IKEv2 state table Sep 21 07:16:31.401572: | PARENT_I0: category: ignore flags: 0: Sep 21 07:16:31.401575: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:16:31.401577: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:31.401580: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:16:31.401583: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:16:31.401586: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:16:31.401588: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:16:31.401591: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:16:31.401593: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:16:31.401596: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:16:31.401598: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:16:31.401601: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:16:31.401604: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:16:31.401606: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:16:31.401609: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:16:31.401611: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:16:31.401614: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:31.401616: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:16:31.401619: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:16:31.401622: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:16:31.401624: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:16:31.401627: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:16:31.401631: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:16:31.401634: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:16:31.401636: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:16:31.401639: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:16:31.401641: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:16:31.401644: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:16:31.401647: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:16:31.401649: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:16:31.401652: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:16:31.401655: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:31.401657: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:16:31.401660: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:16:31.401663: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:16:31.401665: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:16:31.401668: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:16:31.401671: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:16:31.401673: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:16:31.401676: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:16:31.401679: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:31.401682: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:16:31.401684: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:16:31.401687: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:16:31.401690: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:16:31.401692: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:16:31.401695: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:16:31.401746: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:16:31.401818: | Hard-wiring algorithms Sep 21 07:16:31.401825: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:16:31.401829: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:16:31.401831: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:16:31.401834: | adding 3DES_CBC to kernel algorithm db Sep 21 07:16:31.401836: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:16:31.401838: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:16:31.401841: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:16:31.401843: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:16:31.401845: | adding AES_CTR to kernel algorithm db Sep 21 07:16:31.401847: | adding AES_CBC to kernel algorithm db Sep 21 07:16:31.401850: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:16:31.401852: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:16:31.401854: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:16:31.401857: | adding NULL to kernel algorithm db Sep 21 07:16:31.401859: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:16:31.401861: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:16:31.401864: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:16:31.401866: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:16:31.401868: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:16:31.401871: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:16:31.401874: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:16:31.401876: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:16:31.401878: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:16:31.401880: | adding NONE to kernel algorithm db Sep 21 07:16:31.401903: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:16:31.401909: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:16:31.401911: | setup kernel fd callback Sep 21 07:16:31.401914: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x564f7d3de050 Sep 21 07:16:31.401917: | libevent_malloc: new ptr-libevent@0x564f7d3e9df0 size 128 Sep 21 07:16:31.401920: | libevent_malloc: new ptr-libevent@0x564f7d3d8860 size 16 Sep 21 07:16:31.401927: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x564f7d3de010 Sep 21 07:16:31.401929: | libevent_malloc: new ptr-libevent@0x564f7d3e9e80 size 128 Sep 21 07:16:31.401932: | libevent_malloc: new ptr-libevent@0x564f7d3dcfd0 size 16 Sep 21 07:16:31.402181: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:16:31.402189: selinux support is enabled. Sep 21 07:16:31.402265: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:16:31.402437: | unbound context created - setting debug level to 5 Sep 21 07:16:31.402467: | /etc/hosts lookups activated Sep 21 07:16:31.402479: | /etc/resolv.conf usage activated Sep 21 07:16:31.402542: | outgoing-port-avoid set 0-65535 Sep 21 07:16:31.402576: | outgoing-port-permit set 32768-60999 Sep 21 07:16:31.402579: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:16:31.402582: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:16:31.402585: | Setting up events, loop start Sep 21 07:16:31.402588: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x564f7d3d80b0 Sep 21 07:16:31.402591: | libevent_malloc: new ptr-libevent@0x564f7d3f43f0 size 128 Sep 21 07:16:31.402594: | libevent_malloc: new ptr-libevent@0x564f7d3f4480 size 16 Sep 21 07:16:31.402600: | libevent_realloc: new ptr-libevent@0x564f7d3f44a0 size 256 Sep 21 07:16:31.402602: | libevent_malloc: new ptr-libevent@0x564f7d3f45b0 size 8 Sep 21 07:16:31.402605: | libevent_realloc: new ptr-libevent@0x564f7d3e9170 size 144 Sep 21 07:16:31.402608: | libevent_malloc: new ptr-libevent@0x564f7d3f45d0 size 152 Sep 21 07:16:31.402611: | libevent_malloc: new ptr-libevent@0x564f7d3f4670 size 16 Sep 21 07:16:31.402615: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:16:31.402618: | libevent_malloc: new ptr-libevent@0x564f7d3f4690 size 8 Sep 21 07:16:31.402620: | libevent_malloc: new ptr-libevent@0x564f7d3f46b0 size 152 Sep 21 07:16:31.402623: | signal event handler PLUTO_SIGTERM installed Sep 21 07:16:31.402626: | libevent_malloc: new ptr-libevent@0x564f7d3f4750 size 8 Sep 21 07:16:31.402628: | libevent_malloc: new ptr-libevent@0x564f7d3f4770 size 152 Sep 21 07:16:31.402631: | signal event handler PLUTO_SIGHUP installed Sep 21 07:16:31.402633: | libevent_malloc: new ptr-libevent@0x564f7d3f4810 size 8 Sep 21 07:16:31.402636: | libevent_realloc: release ptr-libevent@0x564f7d3e9170 Sep 21 07:16:31.402639: | libevent_realloc: new ptr-libevent@0x564f7d3f4830 size 256 Sep 21 07:16:31.402641: | libevent_malloc: new ptr-libevent@0x564f7d3e9170 size 152 Sep 21 07:16:31.402644: | signal event handler PLUTO_SIGSYS installed Sep 21 07:16:31.402973: | created addconn helper (pid:12840) using fork+execve Sep 21 07:16:31.402988: | forked child 12840 Sep 21 07:16:31.403028: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:31.403044: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:31.403051: listening for IKE messages Sep 21 07:16:31.404760: | Inspecting interface lo Sep 21 07:16:31.404773: | found lo with address 127.0.0.1 Sep 21 07:16:31.404776: | Inspecting interface eth0 Sep 21 07:16:31.404779: | found eth0 with address 192.1.3.209 Sep 21 07:16:31.404877: Kernel supports NIC esp-hw-offload Sep 21 07:16:31.404893: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.1.3.209:500 Sep 21 07:16:31.404979: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:31.404985: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:31.404994: adding interface eth0/eth0 192.1.3.209:4500 Sep 21 07:16:31.405025: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:16:31.405049: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:31.405053: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:31.405056: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:16:31.405106: | no interfaces to sort Sep 21 07:16:31.405110: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:16:31.405116: | add_fd_read_event_handler: new ethX-pe@0x564f7d3dd7b0 Sep 21 07:16:31.405120: | libevent_malloc: new ptr-libevent@0x564f7d3f4b30 size 128 Sep 21 07:16:31.405124: | libevent_malloc: new ptr-libevent@0x564f7d3f4bc0 size 16 Sep 21 07:16:31.405131: | setup callback for interface lo 127.0.0.1:4500 fd 20 Sep 21 07:16:31.405134: | add_fd_read_event_handler: new ethX-pe@0x564f7d3f4be0 Sep 21 07:16:31.405137: | libevent_malloc: new ptr-libevent@0x564f7d3f4c20 size 128 Sep 21 07:16:31.405140: | libevent_malloc: new ptr-libevent@0x564f7d3f4cb0 size 16 Sep 21 07:16:31.405144: | setup callback for interface lo 127.0.0.1:500 fd 19 Sep 21 07:16:31.405147: | add_fd_read_event_handler: new ethX-pe@0x564f7d3f4cd0 Sep 21 07:16:31.405150: | libevent_malloc: new ptr-libevent@0x564f7d3f4d10 size 128 Sep 21 07:16:31.405152: | libevent_malloc: new ptr-libevent@0x564f7d3f4da0 size 16 Sep 21 07:16:31.405157: | setup callback for interface eth0 192.1.3.209:4500 fd 18 Sep 21 07:16:31.405159: | add_fd_read_event_handler: new ethX-pe@0x564f7d3f4dc0 Sep 21 07:16:31.405162: | libevent_malloc: new ptr-libevent@0x564f7d3f4e00 size 128 Sep 21 07:16:31.405164: | libevent_malloc: new ptr-libevent@0x564f7d3f4e90 size 16 Sep 21 07:16:31.405169: | setup callback for interface eth0 192.1.3.209:500 fd 17 Sep 21 07:16:31.405173: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:31.405175: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:31.405194: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:31.405214: | saving Modulus Sep 21 07:16:31.405221: | saving PublicExponent Sep 21 07:16:31.405265: | computed rsa CKAID 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 Sep 21 07:16:31.405267: | computed rsa CKAID 59 b0 ef 45 Sep 21 07:16:31.405271: loaded private key for keyid: PKK_RSA:AQPHFfpyJ Sep 21 07:16:31.405276: | certs and keys locked by 'process_secret' Sep 21 07:16:31.405281: | certs and keys unlocked by 'process_secret' Sep 21 07:16:31.405286: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:31.405294: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:31.405302: | spent 0.704 milliseconds in whack Sep 21 07:16:31.435651: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:31.435667: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:31.435671: listening for IKE messages Sep 21 07:16:31.446056: | Inspecting interface lo Sep 21 07:16:31.446072: | found lo with address 127.0.0.1 Sep 21 07:16:31.446075: | Inspecting interface eth0 Sep 21 07:16:31.446079: | found eth0 with address 192.1.3.209 Sep 21 07:16:31.446269: | no interfaces to sort Sep 21 07:16:31.446283: | libevent_free: release ptr-libevent@0x564f7d3f4b30 Sep 21 07:16:31.446286: | free_event_entry: release EVENT_NULL-pe@0x564f7d3dd7b0 Sep 21 07:16:31.446289: | add_fd_read_event_handler: new ethX-pe@0x564f7d3dd7b0 Sep 21 07:16:31.446292: | libevent_malloc: new ptr-libevent@0x564f7d3f4b30 size 128 Sep 21 07:16:31.446299: | setup callback for interface lo 127.0.0.1:4500 fd 20 Sep 21 07:16:31.446302: | libevent_free: release ptr-libevent@0x564f7d3f4c20 Sep 21 07:16:31.446304: | free_event_entry: release EVENT_NULL-pe@0x564f7d3f4be0 Sep 21 07:16:31.446306: | add_fd_read_event_handler: new ethX-pe@0x564f7d3f4be0 Sep 21 07:16:31.446308: | libevent_malloc: new ptr-libevent@0x564f7d3f4c20 size 128 Sep 21 07:16:31.446312: | setup callback for interface lo 127.0.0.1:500 fd 19 Sep 21 07:16:31.446320: | libevent_free: release ptr-libevent@0x564f7d3f4d10 Sep 21 07:16:31.446322: | free_event_entry: release EVENT_NULL-pe@0x564f7d3f4cd0 Sep 21 07:16:31.446324: | add_fd_read_event_handler: new ethX-pe@0x564f7d3f4cd0 Sep 21 07:16:31.446326: | libevent_malloc: new ptr-libevent@0x564f7d3f4d10 size 128 Sep 21 07:16:31.446331: | setup callback for interface eth0 192.1.3.209:4500 fd 18 Sep 21 07:16:31.446334: | libevent_free: release ptr-libevent@0x564f7d3f4e00 Sep 21 07:16:31.446336: | free_event_entry: release EVENT_NULL-pe@0x564f7d3f4dc0 Sep 21 07:16:31.446338: | add_fd_read_event_handler: new ethX-pe@0x564f7d3f4dc0 Sep 21 07:16:31.446339: | libevent_malloc: new ptr-libevent@0x564f7d3f4e00 size 128 Sep 21 07:16:31.446344: | setup callback for interface eth0 192.1.3.209:500 fd 17 Sep 21 07:16:31.446347: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:31.446350: forgetting secrets Sep 21 07:16:31.446362: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:31.446377: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:31.446394: | saving Modulus Sep 21 07:16:31.446397: | saving PublicExponent Sep 21 07:16:31.446419: | computed rsa CKAID 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 Sep 21 07:16:31.446422: | computed rsa CKAID 59 b0 ef 45 Sep 21 07:16:31.446425: loaded private key for keyid: PKK_RSA:AQPHFfpyJ Sep 21 07:16:31.446430: | certs and keys locked by 'process_secret' Sep 21 07:16:31.446433: | certs and keys unlocked by 'process_secret' Sep 21 07:16:31.446438: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:31.446447: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:31.446454: | spent 0.342 milliseconds in whack Sep 21 07:16:31.447332: | processing signal PLUTO_SIGCHLD Sep 21 07:16:31.447350: | waitpid returned pid 12840 (exited with status 0) Sep 21 07:16:31.447355: | reaped addconn helper child (status 0) Sep 21 07:16:31.447360: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:31.447365: | spent 0.0189 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:31.508583: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:31.508602: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:31.508605: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:31.508607: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:31.508608: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:31.508611: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:31.508617: | Added new connection road-eastnet with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:31.508619: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:16:31.508657: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:16:31.508660: | from whack: got --esp= Sep 21 07:16:31.508681: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:16:31.508685: | counting wild cards for @road is 0 Sep 21 07:16:31.508687: | counting wild cards for @east is 0 Sep 21 07:16:31.508693: | connect_to_host_pair: 192.1.3.209:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:16:31.508695: | new hp@0x564f7d3d6310 Sep 21 07:16:31.508698: added connection description "road-eastnet" Sep 21 07:16:31.508706: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:31.508714: | 192.1.3.209[@road]---192.1.3.254...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:16:31.508726: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:31.508732: | spent 0.156 milliseconds in whack Sep 21 07:16:31.508758: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:31.508765: add keyid @road Sep 21 07:16:31.508767: | add pubkey 01 03 c7 15 fa 72 27 70 a4 e1 f3 0a 70 21 f9 0c Sep 21 07:16:31.508769: | add pubkey 3f e2 65 12 87 d9 fd 12 cb af d4 e0 c2 e3 dd 77 Sep 21 07:16:31.508770: | add pubkey a0 ef aa c7 d6 a2 b2 30 f2 64 b0 c5 e6 c7 a7 27 Sep 21 07:16:31.508771: | add pubkey 17 54 7a 8e 32 c9 ac fd bf 8f b3 33 b9 74 74 73 Sep 21 07:16:31.508773: | add pubkey dd 23 83 11 53 d6 d4 91 0e 36 7e 67 fc 89 1e 48 Sep 21 07:16:31.508774: | add pubkey ac e9 da 2e 66 9d 6e 4f e2 98 a7 dc 41 b3 a4 37 Sep 21 07:16:31.508776: | add pubkey f5 07 a9 9c 23 69 83 54 87 7b ea 00 a7 5b ab 2d Sep 21 07:16:31.508777: | add pubkey 41 34 d1 a3 17 1e a7 64 2d 7f ff 45 7a 5d 85 5c Sep 21 07:16:31.508779: | add pubkey 73 dd 63 e7 40 ad eb 71 e6 5f 21 43 80 f5 23 4c Sep 21 07:16:31.508780: | add pubkey 3d 4a 11 2c ca 9a d6 79 c5 c2 51 6e af c3 6e 99 Sep 21 07:16:31.508781: | add pubkey f5 26 1c 67 ee 8a 3e 30 4b c1 93 a7 92 34 36 8c Sep 21 07:16:31.508786: | add pubkey bf e6 d0 d3 fe 78 0b 0a 64 04 44 ca 8c 83 fd f1 Sep 21 07:16:31.508790: | add pubkey 2e b5 00 76 61 a6 de f1 59 67 2b 6d c2 57 e0 f2 Sep 21 07:16:31.508791: | add pubkey 7d 6b 9f d3 46 41 8c 31 c2 fd c4 60 72 08 3b bb Sep 21 07:16:31.508793: | add pubkey 56 fb 01 fc 1d 57 4e cf 7c 0f c4 6f 72 6f 2a 0e Sep 21 07:16:31.508794: | add pubkey f3 30 db a0 80 f9 70 cc bb 07 a9 f9 d7 76 99 63 Sep 21 07:16:31.508795: | add pubkey 4b 6a 0f 1a 37 95 cb 9b ea 17 f7 55 62 6b 8a 83 Sep 21 07:16:31.508797: | add pubkey 05 ff 43 78 57 dd bd 08 85 9c f1 62 35 6e 69 c7 Sep 21 07:16:31.508798: | add pubkey 04 0b 4b c4 1b d2 38 89 8c de 56 d0 c8 2c 51 54 Sep 21 07:16:31.508800: | add pubkey 32 1b 7d 27 dc cd 37 7a 4e cb 1a ec d2 ce 48 ed Sep 21 07:16:31.508801: | add pubkey 43 48 9c 8a fc 30 9f b1 57 1c a9 98 e5 84 93 6c Sep 21 07:16:31.508803: | add pubkey da 4d cc 95 e3 f5 f2 a5 b3 9d 70 ae 24 8d 08 3b Sep 21 07:16:31.508804: | add pubkey 0f 8c e9 5a a5 f0 4d 9c 3c 2f 7f bc 10 95 34 1c Sep 21 07:16:31.508805: | add pubkey 96 74 29 fc ab fb 8f 4b 71 aa 0b 26 b5 f0 32 98 Sep 21 07:16:31.508807: | add pubkey 90 6a fd 31 f5 ab Sep 21 07:16:31.508824: | computed rsa CKAID 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 Sep 21 07:16:31.508825: | computed rsa CKAID 59 b0 ef 45 Sep 21 07:16:31.508829: | keyid: *AQPHFfpyJ Sep 21 07:16:31.508831: | n c7 15 fa 72 27 70 a4 e1 f3 0a 70 21 f9 0c 3f e2 Sep 21 07:16:31.508832: | n 65 12 87 d9 fd 12 cb af d4 e0 c2 e3 dd 77 a0 ef Sep 21 07:16:31.508834: | n aa c7 d6 a2 b2 30 f2 64 b0 c5 e6 c7 a7 27 17 54 Sep 21 07:16:31.508835: | n 7a 8e 32 c9 ac fd bf 8f b3 33 b9 74 74 73 dd 23 Sep 21 07:16:31.508837: | n 83 11 53 d6 d4 91 0e 36 7e 67 fc 89 1e 48 ac e9 Sep 21 07:16:31.508838: | n da 2e 66 9d 6e 4f e2 98 a7 dc 41 b3 a4 37 f5 07 Sep 21 07:16:31.508839: | n a9 9c 23 69 83 54 87 7b ea 00 a7 5b ab 2d 41 34 Sep 21 07:16:31.508841: | n d1 a3 17 1e a7 64 2d 7f ff 45 7a 5d 85 5c 73 dd Sep 21 07:16:31.508842: | n 63 e7 40 ad eb 71 e6 5f 21 43 80 f5 23 4c 3d 4a Sep 21 07:16:31.508844: | n 11 2c ca 9a d6 79 c5 c2 51 6e af c3 6e 99 f5 26 Sep 21 07:16:31.508845: | n 1c 67 ee 8a 3e 30 4b c1 93 a7 92 34 36 8c bf e6 Sep 21 07:16:31.508846: | n d0 d3 fe 78 0b 0a 64 04 44 ca 8c 83 fd f1 2e b5 Sep 21 07:16:31.508848: | n 00 76 61 a6 de f1 59 67 2b 6d c2 57 e0 f2 7d 6b Sep 21 07:16:31.508849: | n 9f d3 46 41 8c 31 c2 fd c4 60 72 08 3b bb 56 fb Sep 21 07:16:31.508851: | n 01 fc 1d 57 4e cf 7c 0f c4 6f 72 6f 2a 0e f3 30 Sep 21 07:16:31.508852: | n db a0 80 f9 70 cc bb 07 a9 f9 d7 76 99 63 4b 6a Sep 21 07:16:31.508856: | n 0f 1a 37 95 cb 9b ea 17 f7 55 62 6b 8a 83 05 ff Sep 21 07:16:31.508857: | n 43 78 57 dd bd 08 85 9c f1 62 35 6e 69 c7 04 0b Sep 21 07:16:31.508859: | n 4b c4 1b d2 38 89 8c de 56 d0 c8 2c 51 54 32 1b Sep 21 07:16:31.508860: | n 7d 27 dc cd 37 7a 4e cb 1a ec d2 ce 48 ed 43 48 Sep 21 07:16:31.508861: | n 9c 8a fc 30 9f b1 57 1c a9 98 e5 84 93 6c da 4d Sep 21 07:16:31.508863: | n cc 95 e3 f5 f2 a5 b3 9d 70 ae 24 8d 08 3b 0f 8c Sep 21 07:16:31.508864: | n e9 5a a5 f0 4d 9c 3c 2f 7f bc 10 95 34 1c 96 74 Sep 21 07:16:31.508866: | n 29 fc ab fb 8f 4b 71 aa 0b 26 b5 f0 32 98 90 6a Sep 21 07:16:31.508867: | n fd 31 f5 ab Sep 21 07:16:31.508868: | e 03 Sep 21 07:16:31.508870: | CKAID 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 Sep 21 07:16:31.508871: | CKAID 59 b0 ef 45 Sep 21 07:16:31.508877: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:31.508880: | spent 0.122 milliseconds in whack Sep 21 07:16:31.508951: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:31.508963: add keyid @east Sep 21 07:16:31.508966: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:16:31.508968: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:16:31.508969: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:16:31.508971: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:16:31.508972: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:16:31.508973: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:16:31.508975: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:16:31.508976: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:16:31.508978: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:16:31.508979: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:16:31.508980: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:16:31.508982: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:16:31.508983: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:16:31.508985: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:16:31.508986: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:16:31.508987: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:16:31.508989: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:16:31.508990: | add pubkey 51 51 48 ef Sep 21 07:16:31.509011: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:16:31.509012: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:16:31.509015: | keyid: *AQO9bJbr3 Sep 21 07:16:31.509017: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:16:31.509018: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:16:31.509019: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:16:31.509021: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:16:31.509022: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:16:31.509024: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:16:31.509025: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:16:31.509026: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:16:31.509028: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:16:31.509029: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:16:31.509030: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:16:31.509032: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:16:31.509033: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:16:31.509034: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:16:31.509039: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:16:31.509040: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:16:31.509041: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:16:31.509043: | n 48 ef Sep 21 07:16:31.509044: | e 03 Sep 21 07:16:31.509046: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:16:31.509047: | CKAID 8a 82 25 f1 Sep 21 07:16:31.509054: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:31.509072: | spent 0.127 milliseconds in whack Sep 21 07:16:31.620781: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:31.620806: | dup_any(fd@16) -> fd@21 (in whack_process() at rcv_whack.c:590) Sep 21 07:16:31.620810: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:31.620814: | start processing: connection "road-eastnet" (in initiate_a_connection() at initiate.c:186) Sep 21 07:16:31.620816: | connection 'road-eastnet' +POLICY_UP Sep 21 07:16:31.620818: | dup_any(fd@21) -> fd@22 (in initiate_a_connection() at initiate.c:342) Sep 21 07:16:31.620820: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:31.620836: | creating state object #1 at 0x564f7d3f6aa0 Sep 21 07:16:31.620839: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:16:31.620845: | pstats #1 ikev2.ike started Sep 21 07:16:31.620847: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:16:31.620850: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:16:31.620854: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:31.620859: | suspend processing: connection "road-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:31.620863: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:31.620866: | dup_any(fd@22) -> fd@23 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:16:31.620868: | Queuing pending IPsec SA negotiating with 192.1.2.23 "road-eastnet" IKE SA #1 "road-eastnet" Sep 21 07:16:31.620872: "road-eastnet" #1: initiating v2 parent SA Sep 21 07:16:31.620879: | constructing local IKE proposals for road-eastnet (IKE SA initiator selecting KE) Sep 21 07:16:31.620885: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:31.620892: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:31.620894: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:31.620897: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:31.620900: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:31.620903: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:31.620905: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:31.620908: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:31.620916: "road-eastnet": constructed local IKE proposals for road-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:31.620929: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:16:31.620932: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564f7d3f9150 Sep 21 07:16:31.620935: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:16:31.620939: | libevent_malloc: new ptr-libevent@0x564f7d3f9190 size 128 Sep 21 07:16:31.620952: | #1 spent 0.136 milliseconds in ikev2_parent_outI1() Sep 21 07:16:31.620954: | crypto helper 2 resuming Sep 21 07:16:31.620955: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:31.620963: | crypto helper 2 starting work-order 1 for state #1 Sep 21 07:16:31.620970: | RESET processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:31.620974: | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:16:31.620974: | RESET processing: connection "road-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:31.620980: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:16:31.620984: | close_any(fd@21) (in initiate_connection() at initiate.c:372) Sep 21 07:16:31.620988: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:31.620992: | spent 0.213 milliseconds in whack Sep 21 07:16:31.621574: | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000602 seconds Sep 21 07:16:31.621580: | (#1) spent 0.606 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:16:31.621582: | crypto helper 2 sending results from work-order 1 for state #1 to event queue Sep 21 07:16:31.621584: | scheduling resume sending helper answer for #1 Sep 21 07:16:31.621586: | libevent_malloc: new ptr-libevent@0x7f2a44006900 size 128 Sep 21 07:16:31.621592: | crypto helper 2 waiting (nothing to do) Sep 21 07:16:31.621598: | processing resume sending helper answer for #1 Sep 21 07:16:31.621603: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:31.621606: | crypto helper 2 replies to request ID 1 Sep 21 07:16:31.621608: | calling continuation function 0x564f7c7a0630 Sep 21 07:16:31.621609: | ikev2_parent_outI1_continue for #1 Sep 21 07:16:31.621634: | **emit ISAKMP Message: Sep 21 07:16:31.621636: | initiator cookie: Sep 21 07:16:31.621637: | 13 d0 47 f3 31 7a 68 cd Sep 21 07:16:31.621639: | responder cookie: Sep 21 07:16:31.621640: | 00 00 00 00 00 00 00 00 Sep 21 07:16:31.621642: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:31.621644: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:31.621646: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:31.621648: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:31.621649: | Message ID: 0 (0x0) Sep 21 07:16:31.621651: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:31.621660: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:31.621665: | Emitting ikev2_proposals ... Sep 21 07:16:31.621667: | ***emit IKEv2 Security Association Payload: Sep 21 07:16:31.621669: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:31.621671: | flags: none (0x0) Sep 21 07:16:31.621673: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:31.621675: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:31.621676: | discarding INTEG=NONE Sep 21 07:16:31.621678: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:31.621680: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:31.621681: | prop #: 1 (0x1) Sep 21 07:16:31.621683: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:31.621684: | spi size: 0 (0x0) Sep 21 07:16:31.621686: | # transforms: 11 (0xb) Sep 21 07:16:31.621687: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:31.621689: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621691: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621692: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:31.621694: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:31.621696: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621698: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:31.621699: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:31.621701: | length/value: 256 (0x100) Sep 21 07:16:31.621703: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:31.621704: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621706: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621707: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:31.621709: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:31.621711: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621712: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621714: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621715: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621717: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621718: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:31.621720: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:31.621722: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621723: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621725: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621726: | discarding INTEG=NONE Sep 21 07:16:31.621728: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621729: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621731: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.621732: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:31.621734: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621736: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621738: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621740: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621741: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621743: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.621744: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:31.621746: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621748: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621749: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621750: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621752: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621753: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.621755: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:31.621757: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621758: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621760: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621761: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621763: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621764: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.621766: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:31.621767: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621769: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621771: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621772: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621773: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621775: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.621776: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:31.621778: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621780: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621781: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621789: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621794: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621795: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.621797: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:31.621799: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621801: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621802: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621804: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621805: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621807: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.621808: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:31.621810: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621813: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621814: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621816: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621817: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:31.621819: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.621820: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:31.621822: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621824: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621825: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621827: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:31.621829: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:31.621830: | discarding INTEG=NONE Sep 21 07:16:31.621832: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:31.621833: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:31.621835: | prop #: 2 (0x2) Sep 21 07:16:31.621836: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:31.621838: | spi size: 0 (0x0) Sep 21 07:16:31.621839: | # transforms: 11 (0xb) Sep 21 07:16:31.621841: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:31.621843: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:31.621845: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621846: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621848: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:31.621849: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:31.621851: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621852: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:31.621854: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:31.621855: | length/value: 128 (0x80) Sep 21 07:16:31.621857: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:31.621859: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621860: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621861: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:31.621863: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:31.621865: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621866: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621868: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621869: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621871: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621872: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:31.621874: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:31.621876: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621877: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621882: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621884: | discarding INTEG=NONE Sep 21 07:16:31.621885: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621886: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621888: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.621889: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:31.621891: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621893: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621894: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621896: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621897: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621899: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.621900: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:31.621902: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621904: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621905: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621907: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621908: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621910: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.621911: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:31.621913: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621915: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621916: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621918: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621919: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621920: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.621922: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:31.621924: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621925: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621927: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621928: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621930: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621931: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.621933: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:31.621935: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621936: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621938: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621939: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621941: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621942: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.621944: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:31.621945: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621948: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621950: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621951: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621952: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621954: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.621955: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:31.621957: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621959: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621960: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621962: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621963: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:31.621965: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.621966: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:31.621968: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621970: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621971: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.621973: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:31.621975: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:31.621976: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:31.621978: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:31.621979: | prop #: 3 (0x3) Sep 21 07:16:31.621981: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:31.621982: | spi size: 0 (0x0) Sep 21 07:16:31.621983: | # transforms: 13 (0xd) Sep 21 07:16:31.621985: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:31.621987: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:31.621989: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.621990: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.621992: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:31.621993: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:31.621995: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.621996: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:31.621998: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:31.621999: | length/value: 256 (0x100) Sep 21 07:16:31.622001: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:31.622002: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622004: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622005: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:31.622007: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:31.622008: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622010: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622012: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622014: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622015: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622017: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:31.622018: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:31.622020: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622022: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622023: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622025: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622026: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622028: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:31.622029: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:31.622031: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622033: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622034: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622036: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622037: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622039: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:31.622040: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:31.622042: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622044: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622045: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622047: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622048: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622050: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.622051: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:31.622053: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622055: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622056: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622058: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622059: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622061: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.622062: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:31.622064: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622066: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622067: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622069: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622070: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622071: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.622073: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:31.622075: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622076: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622079: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622080: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622082: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622083: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.622085: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:31.622087: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622088: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622095: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622101: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622104: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622106: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.622108: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:31.622112: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622116: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622119: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622122: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622123: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622125: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.622126: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:31.622130: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622131: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622133: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622134: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622136: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622137: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.622139: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:31.622141: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622142: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622144: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622146: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622147: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:31.622148: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.622150: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:31.622152: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622153: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622155: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622157: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:31.622158: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:31.622160: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:31.622163: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:31.622165: | prop #: 4 (0x4) Sep 21 07:16:31.622166: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:31.622168: | spi size: 0 (0x0) Sep 21 07:16:31.622169: | # transforms: 13 (0xd) Sep 21 07:16:31.622171: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:31.622173: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:31.622175: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622176: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622178: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:31.622179: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:31.622181: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622182: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:31.622184: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:31.622185: | length/value: 128 (0x80) Sep 21 07:16:31.622187: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:31.622188: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622190: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622191: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:31.622193: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:31.622195: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622196: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622198: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622199: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622201: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622202: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:31.622204: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:31.622206: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622207: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622209: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622210: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622212: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622213: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:31.622215: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:31.622217: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622218: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622220: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622221: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622223: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622224: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:31.622226: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:31.622228: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622229: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622232: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622233: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622235: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622236: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.622238: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:31.622240: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622241: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622243: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622244: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622246: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622247: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.622249: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:31.622251: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622252: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622254: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622255: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622257: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622258: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.622260: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:31.622261: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622263: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622265: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622266: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622268: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622269: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.622271: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:31.622272: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622274: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622276: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622277: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622279: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622280: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.622282: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:31.622283: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622285: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622287: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622288: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622290: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622291: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.622293: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:31.622294: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622299: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622300: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622302: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622303: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622305: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.622306: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:31.622308: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622310: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622311: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622313: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.622314: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:31.622316: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.622317: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:31.622319: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.622321: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.622322: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.622324: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:31.622325: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:31.622327: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:16:31.622329: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:31.622330: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:16:31.622332: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:31.622333: | flags: none (0x0) Sep 21 07:16:31.622335: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:31.622337: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:31.622339: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:31.622341: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:31.622343: | ikev2 g^x 7e 20 7e ba f4 2a 0a 70 47 5d 34 e3 7b 05 06 21 Sep 21 07:16:31.622344: | ikev2 g^x f3 8b 47 b7 25 f1 2e 74 0b ac 69 a1 70 17 e3 15 Sep 21 07:16:31.622346: | ikev2 g^x c2 4a fb 70 61 e6 cc 64 56 63 5f 65 9d 26 78 c8 Sep 21 07:16:31.622347: | ikev2 g^x a6 59 90 60 76 ed 5e c0 7a 39 16 77 84 af d0 9a Sep 21 07:16:31.622349: | ikev2 g^x c3 1a 78 fe 24 9d eb ae 8e d7 0d 35 76 7b 22 20 Sep 21 07:16:31.622350: | ikev2 g^x f3 92 e6 43 3d ff c2 20 d4 ae 71 0d 64 8c c2 55 Sep 21 07:16:31.622351: | ikev2 g^x c6 08 72 17 54 3d d4 e0 1e 3a 25 f9 b1 36 1b d5 Sep 21 07:16:31.622353: | ikev2 g^x 8a de 23 ab a1 a2 4e 6b 83 4f d8 d8 a5 b3 d1 61 Sep 21 07:16:31.622354: | ikev2 g^x 85 b3 ab 7d 86 12 18 86 31 e5 5f 02 9b fb 10 46 Sep 21 07:16:31.622356: | ikev2 g^x 24 f5 25 56 6b e2 42 01 61 4f 93 f6 0f 0d 88 ba Sep 21 07:16:31.622357: | ikev2 g^x bf 6a 67 b5 eb 04 c2 e3 e6 b2 62 4d b4 25 49 c6 Sep 21 07:16:31.622358: | ikev2 g^x 75 08 eb d9 30 2b 05 62 92 fe e1 2a 0e 76 66 80 Sep 21 07:16:31.622360: | ikev2 g^x d3 a5 64 3c b8 72 13 a2 64 c1 ca c7 46 57 dd d5 Sep 21 07:16:31.622361: | ikev2 g^x e9 88 f4 88 1f 84 b3 20 0a 4c 52 9f e6 a7 26 b1 Sep 21 07:16:31.622363: | ikev2 g^x cb 46 90 2f a6 2f 06 b2 58 2e dd 60 23 86 e5 50 Sep 21 07:16:31.622365: | ikev2 g^x 7b 3c b8 34 3b 10 7d 89 ed a0 91 37 48 85 fd 0d Sep 21 07:16:31.622367: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:16:31.622368: | ***emit IKEv2 Nonce Payload: Sep 21 07:16:31.622370: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:31.622371: | flags: none (0x0) Sep 21 07:16:31.622373: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:16:31.622375: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:31.622377: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:31.622379: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:31.622380: | IKEv2 nonce 9c 9e 67 ab aa 02 d3 b2 44 b5 f5 c8 2f 32 4d 4b Sep 21 07:16:31.622382: | IKEv2 nonce 02 df 73 7b 84 8c 06 4e 0e 3a 3f 54 ef af 8b 81 Sep 21 07:16:31.622383: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:31.622385: | Adding a v2N Payload Sep 21 07:16:31.622386: | ***emit IKEv2 Notify Payload: Sep 21 07:16:31.622388: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:31.622389: | flags: none (0x0) Sep 21 07:16:31.622391: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:31.622392: | SPI size: 0 (0x0) Sep 21 07:16:31.622394: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:31.622396: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:31.622398: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:31.622399: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:16:31.622401: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:16:31.622403: | natd_hash: rcookie is zero Sep 21 07:16:31.622413: | natd_hash: hasher=0x564f7c8767a0(20) Sep 21 07:16:31.622414: | natd_hash: icookie= 13 d0 47 f3 31 7a 68 cd Sep 21 07:16:31.622416: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:31.622417: | natd_hash: ip= c0 01 03 d1 Sep 21 07:16:31.622419: | natd_hash: port= 01 f4 Sep 21 07:16:31.622420: | natd_hash: hash= 22 ae 85 aa 43 e3 bd 7c eb 93 77 22 0f d2 af f2 Sep 21 07:16:31.622422: | natd_hash: hash= b3 7f 0d d9 Sep 21 07:16:31.622423: | Adding a v2N Payload Sep 21 07:16:31.622425: | ***emit IKEv2 Notify Payload: Sep 21 07:16:31.622426: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:31.622428: | flags: none (0x0) Sep 21 07:16:31.622429: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:31.622431: | SPI size: 0 (0x0) Sep 21 07:16:31.622432: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:31.622434: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:31.622436: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:31.622438: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:31.622439: | Notify data 22 ae 85 aa 43 e3 bd 7c eb 93 77 22 0f d2 af f2 Sep 21 07:16:31.622440: | Notify data b3 7f 0d d9 Sep 21 07:16:31.622442: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:31.622443: | natd_hash: rcookie is zero Sep 21 07:16:31.622447: | natd_hash: hasher=0x564f7c8767a0(20) Sep 21 07:16:31.622449: | natd_hash: icookie= 13 d0 47 f3 31 7a 68 cd Sep 21 07:16:31.622450: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:31.622452: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:31.622453: | natd_hash: port= 01 f4 Sep 21 07:16:31.622454: | natd_hash: hash= 01 ea b7 77 ae b2 cf b7 b8 17 ce 5e 41 79 50 67 Sep 21 07:16:31.622456: | natd_hash: hash= 60 40 b7 c3 Sep 21 07:16:31.622457: | Adding a v2N Payload Sep 21 07:16:31.622460: | ***emit IKEv2 Notify Payload: Sep 21 07:16:31.622461: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:31.622463: | flags: none (0x0) Sep 21 07:16:31.622464: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:31.622465: | SPI size: 0 (0x0) Sep 21 07:16:31.622467: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:31.622469: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:31.622471: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:31.622472: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:31.622474: | Notify data 01 ea b7 77 ae b2 cf b7 b8 17 ce 5e 41 79 50 67 Sep 21 07:16:31.622475: | Notify data 60 40 b7 c3 Sep 21 07:16:31.622477: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:31.622478: | emitting length of ISAKMP Message: 828 Sep 21 07:16:31.622483: | stop processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:16:31.622490: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:31.622492: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:16:31.622494: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:16:31.622497: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:16:31.622498: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:16:31.622500: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:16:31.622503: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:31.622505: "road-eastnet" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:31.622512: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) Sep 21 07:16:31.622519: | sending 828 bytes for STATE_PARENT_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:31.622521: | 13 d0 47 f3 31 7a 68 cd 00 00 00 00 00 00 00 00 Sep 21 07:16:31.622523: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:16:31.622524: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:16:31.622525: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:16:31.622527: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:16:31.622528: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:16:31.622530: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:16:31.622531: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:16:31.622532: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:16:31.622534: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:16:31.622535: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:16:31.622537: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:16:31.622538: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:16:31.622539: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:16:31.622541: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:16:31.622542: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:16:31.622544: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:16:31.622545: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:16:31.622547: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:16:31.622548: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:16:31.622549: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:16:31.622551: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:16:31.622553: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:16:31.622557: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:16:31.622559: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:16:31.622560: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:16:31.622561: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:16:31.622563: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:16:31.622564: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:16:31.622566: | 28 00 01 08 00 0e 00 00 7e 20 7e ba f4 2a 0a 70 Sep 21 07:16:31.622567: | 47 5d 34 e3 7b 05 06 21 f3 8b 47 b7 25 f1 2e 74 Sep 21 07:16:31.622568: | 0b ac 69 a1 70 17 e3 15 c2 4a fb 70 61 e6 cc 64 Sep 21 07:16:31.622570: | 56 63 5f 65 9d 26 78 c8 a6 59 90 60 76 ed 5e c0 Sep 21 07:16:31.622571: | 7a 39 16 77 84 af d0 9a c3 1a 78 fe 24 9d eb ae Sep 21 07:16:31.622573: | 8e d7 0d 35 76 7b 22 20 f3 92 e6 43 3d ff c2 20 Sep 21 07:16:31.622574: | d4 ae 71 0d 64 8c c2 55 c6 08 72 17 54 3d d4 e0 Sep 21 07:16:31.622575: | 1e 3a 25 f9 b1 36 1b d5 8a de 23 ab a1 a2 4e 6b Sep 21 07:16:31.622577: | 83 4f d8 d8 a5 b3 d1 61 85 b3 ab 7d 86 12 18 86 Sep 21 07:16:31.622578: | 31 e5 5f 02 9b fb 10 46 24 f5 25 56 6b e2 42 01 Sep 21 07:16:31.622580: | 61 4f 93 f6 0f 0d 88 ba bf 6a 67 b5 eb 04 c2 e3 Sep 21 07:16:31.622581: | e6 b2 62 4d b4 25 49 c6 75 08 eb d9 30 2b 05 62 Sep 21 07:16:31.622582: | 92 fe e1 2a 0e 76 66 80 d3 a5 64 3c b8 72 13 a2 Sep 21 07:16:31.622584: | 64 c1 ca c7 46 57 dd d5 e9 88 f4 88 1f 84 b3 20 Sep 21 07:16:31.622585: | 0a 4c 52 9f e6 a7 26 b1 cb 46 90 2f a6 2f 06 b2 Sep 21 07:16:31.622587: | 58 2e dd 60 23 86 e5 50 7b 3c b8 34 3b 10 7d 89 Sep 21 07:16:31.622588: | ed a0 91 37 48 85 fd 0d 29 00 00 24 9c 9e 67 ab Sep 21 07:16:31.622589: | aa 02 d3 b2 44 b5 f5 c8 2f 32 4d 4b 02 df 73 7b Sep 21 07:16:31.622591: | 84 8c 06 4e 0e 3a 3f 54 ef af 8b 81 29 00 00 08 Sep 21 07:16:31.622592: | 00 00 40 2e 29 00 00 1c 00 00 40 04 22 ae 85 aa Sep 21 07:16:31.622594: | 43 e3 bd 7c eb 93 77 22 0f d2 af f2 b3 7f 0d d9 Sep 21 07:16:31.622595: | 00 00 00 1c 00 00 40 05 01 ea b7 77 ae b2 cf b7 Sep 21 07:16:31.622596: | b8 17 ce 5e 41 79 50 67 60 40 b7 c3 Sep 21 07:16:31.622670: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:31.622674: | libevent_free: release ptr-libevent@0x564f7d3f9190 Sep 21 07:16:31.622676: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564f7d3f9150 Sep 21 07:16:31.622678: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=25000ms Sep 21 07:16:31.622680: | event_schedule: new EVENT_RETRANSMIT-pe@0x564f7d3f9150 Sep 21 07:16:31.622683: | inserting event EVENT_RETRANSMIT, timeout in 25 seconds for #1 Sep 21 07:16:31.622684: | libevent_malloc: new ptr-libevent@0x564f7d3f9190 size 128 Sep 21 07:16:31.622688: | #1 STATE_PARENT_I1: retransmits: first event in 25 seconds; timeout in 107 seconds; limit of 12 retransmits; current time is 48837.990945 Sep 21 07:16:31.622690: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:16:31.622693: | #1 spent 1.02 milliseconds in resume sending helper answer Sep 21 07:16:31.622697: | stop processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:31.622699: | libevent_free: release ptr-libevent@0x7f2a44006900 Sep 21 07:16:31.624428: | spent 0.00196 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:31.624442: | *received 437 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) Sep 21 07:16:31.624444: | 13 d0 47 f3 31 7a 68 cd 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:31.624446: | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 Sep 21 07:16:31.624447: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:16:31.624449: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:16:31.624450: | 04 00 00 0e 28 00 01 08 00 0e 00 00 7f 0c c2 8e Sep 21 07:16:31.624451: | 1d ba 5f c5 b7 9d 40 57 74 50 ed 0c 53 56 ec 22 Sep 21 07:16:31.624455: | 72 26 58 f7 79 e6 13 f9 05 54 7f a5 86 4b bf 14 Sep 21 07:16:31.624457: | 8f 07 39 af 7c 1b cb d2 cb b2 ae 2d 8b a1 b7 e5 Sep 21 07:16:31.624458: | ca c4 2b 69 d3 f7 6b 27 f3 75 4a 7a 88 13 9f ee Sep 21 07:16:31.624460: | 3d e0 a7 bd 33 52 3d b2 cd 89 7f ce ae b6 56 fa Sep 21 07:16:31.624461: | cd 56 69 41 2e 67 1d 2e d6 fb ec f9 30 6e 72 e6 Sep 21 07:16:31.624463: | ea 86 7c ed fc 01 f2 68 8d 9e 2d 89 f0 41 67 47 Sep 21 07:16:31.624464: | 78 16 62 13 ae 2c 8b 5c 6b 6a 5e a0 4b 7a c0 70 Sep 21 07:16:31.624465: | 20 7e b6 41 9f a5 26 02 dd 35 f6 00 bc 95 09 29 Sep 21 07:16:31.624467: | 66 ee 7c 9c d9 30 27 d2 8c e8 1a 34 d3 c3 88 7e Sep 21 07:16:31.624468: | d2 2e 07 5b 6b e1 66 19 7f 8b 34 eb 0b 81 bd 46 Sep 21 07:16:31.624470: | c7 d9 5d 6e 47 77 43 2c ba 5c 0f 88 f2 3e 4c 63 Sep 21 07:16:31.624471: | 0a 26 de 28 10 db 0a 96 b5 66 49 6c 1b 97 d9 aa Sep 21 07:16:31.624472: | 88 da 85 a4 bb 69 b2 2a 6e 5d 52 48 20 e7 7c 6d Sep 21 07:16:31.624474: | c2 6c 65 1f 63 eb 68 be 2c 4c af 62 ab ec 1d 95 Sep 21 07:16:31.624475: | a1 92 cb 4d f2 10 f7 b0 72 2a 64 e9 29 00 00 24 Sep 21 07:16:31.624477: | 40 79 c6 62 de 4c a8 55 6f 0e 97 a1 96 69 5d 44 Sep 21 07:16:31.624478: | a5 95 05 8a 9c f6 ae df ec 8f b5 71 80 ec c1 64 Sep 21 07:16:31.624479: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:16:31.624481: | 12 4c f5 21 11 e3 5d b3 05 66 3e c9 49 d1 18 2d Sep 21 07:16:31.624482: | 0b 8f 8f cc 26 00 00 1c 00 00 40 05 78 02 2c d3 Sep 21 07:16:31.624484: | 11 ae 80 d0 cc 10 77 34 e8 f5 3e 5c a9 aa 33 c8 Sep 21 07:16:31.624485: | 00 00 00 05 04 Sep 21 07:16:31.624488: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:31.624490: | **parse ISAKMP Message: Sep 21 07:16:31.624492: | initiator cookie: Sep 21 07:16:31.624493: | 13 d0 47 f3 31 7a 68 cd Sep 21 07:16:31.624495: | responder cookie: Sep 21 07:16:31.624496: | 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:31.624498: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:31.624500: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:31.624501: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:31.624503: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:31.624505: | Message ID: 0 (0x0) Sep 21 07:16:31.624506: | length: 437 (0x1b5) Sep 21 07:16:31.624508: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:16:31.624510: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:16:31.624512: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:16:31.624516: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:31.624519: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:31.624521: | #1 is idle Sep 21 07:16:31.624522: | #1 idle Sep 21 07:16:31.624524: | unpacking clear payload Sep 21 07:16:31.624525: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:31.624527: | ***parse IKEv2 Security Association Payload: Sep 21 07:16:31.624529: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:16:31.624530: | flags: none (0x0) Sep 21 07:16:31.624532: | length: 40 (0x28) Sep 21 07:16:31.624533: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:16:31.624535: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:16:31.624537: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:16:31.624538: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:16:31.624540: | flags: none (0x0) Sep 21 07:16:31.624541: | length: 264 (0x108) Sep 21 07:16:31.624543: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:31.624544: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:16:31.624546: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:16:31.624548: | ***parse IKEv2 Nonce Payload: Sep 21 07:16:31.624550: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:31.624551: | flags: none (0x0) Sep 21 07:16:31.624553: | length: 36 (0x24) Sep 21 07:16:31.624554: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:16:31.624555: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:31.624557: | ***parse IKEv2 Notify Payload: Sep 21 07:16:31.624559: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:31.624560: | flags: none (0x0) Sep 21 07:16:31.624561: | length: 8 (0x8) Sep 21 07:16:31.624563: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:31.624564: | SPI size: 0 (0x0) Sep 21 07:16:31.624566: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:31.624568: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:16:31.624569: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:31.624571: | ***parse IKEv2 Notify Payload: Sep 21 07:16:31.624572: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:31.624573: | flags: none (0x0) Sep 21 07:16:31.624575: | length: 28 (0x1c) Sep 21 07:16:31.624576: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:31.624578: | SPI size: 0 (0x0) Sep 21 07:16:31.624579: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:31.624581: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:31.624582: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:31.624584: | ***parse IKEv2 Notify Payload: Sep 21 07:16:31.624585: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Sep 21 07:16:31.624587: | flags: none (0x0) Sep 21 07:16:31.624588: | length: 28 (0x1c) Sep 21 07:16:31.624589: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:31.624591: | SPI size: 0 (0x0) Sep 21 07:16:31.624592: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:31.624594: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:31.624595: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Sep 21 07:16:31.624597: | ***parse IKEv2 Certificate Request Payload: Sep 21 07:16:31.624599: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:31.624600: | flags: none (0x0) Sep 21 07:16:31.624601: | length: 5 (0x5) Sep 21 07:16:31.624603: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:16:31.624605: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) Sep 21 07:16:31.624606: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:16:31.624610: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:31.624612: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:16:31.624614: | Now let's proceed with state specific processing Sep 21 07:16:31.624615: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:16:31.624618: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:16:31.624628: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:31.624630: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:16:31.624632: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:31.624634: | local proposal 1 type PRF has 2 transforms Sep 21 07:16:31.624635: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:31.624638: | local proposal 1 type DH has 8 transforms Sep 21 07:16:31.624640: | local proposal 1 type ESN has 0 transforms Sep 21 07:16:31.624642: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:16:31.624644: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:31.624645: | local proposal 2 type PRF has 2 transforms Sep 21 07:16:31.624647: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:31.624648: | local proposal 2 type DH has 8 transforms Sep 21 07:16:31.624650: | local proposal 2 type ESN has 0 transforms Sep 21 07:16:31.624651: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:16:31.624653: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:31.624654: | local proposal 3 type PRF has 2 transforms Sep 21 07:16:31.624656: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:31.624657: | local proposal 3 type DH has 8 transforms Sep 21 07:16:31.624659: | local proposal 3 type ESN has 0 transforms Sep 21 07:16:31.624661: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:16:31.624662: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:31.624664: | local proposal 4 type PRF has 2 transforms Sep 21 07:16:31.624665: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:31.624667: | local proposal 4 type DH has 8 transforms Sep 21 07:16:31.624668: | local proposal 4 type ESN has 0 transforms Sep 21 07:16:31.624670: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:16:31.624672: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:31.624673: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:31.624675: | length: 36 (0x24) Sep 21 07:16:31.624676: | prop #: 1 (0x1) Sep 21 07:16:31.624678: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:31.624679: | spi size: 0 (0x0) Sep 21 07:16:31.624681: | # transforms: 3 (0x3) Sep 21 07:16:31.624683: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:16:31.624685: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:31.624686: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.624688: | length: 12 (0xc) Sep 21 07:16:31.624689: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:31.624691: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:31.624692: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:31.624694: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:31.624696: | length/value: 256 (0x100) Sep 21 07:16:31.624698: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:31.624700: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:31.624702: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.624703: | length: 8 (0x8) Sep 21 07:16:31.624704: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:31.624706: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:31.624708: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:16:31.624710: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:31.624711: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:31.624713: | length: 8 (0x8) Sep 21 07:16:31.624714: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:31.624716: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:31.624718: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:16:31.624720: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:16:31.624723: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:16:31.624724: | remote proposal 1 matches local proposal 1 Sep 21 07:16:31.624726: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:16:31.624728: | converting proposal to internal trans attrs Sep 21 07:16:31.624736: | natd_hash: hasher=0x564f7c8767a0(20) Sep 21 07:16:31.624738: | natd_hash: icookie= 13 d0 47 f3 31 7a 68 cd Sep 21 07:16:31.624740: | natd_hash: rcookie= 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:31.624741: | natd_hash: ip= c0 01 03 d1 Sep 21 07:16:31.624743: | natd_hash: port= 01 f4 Sep 21 07:16:31.624744: | natd_hash: hash= 78 02 2c d3 11 ae 80 d0 cc 10 77 34 e8 f5 3e 5c Sep 21 07:16:31.624746: | natd_hash: hash= a9 aa 33 c8 Sep 21 07:16:31.624749: | natd_hash: hasher=0x564f7c8767a0(20) Sep 21 07:16:31.624751: | natd_hash: icookie= 13 d0 47 f3 31 7a 68 cd Sep 21 07:16:31.624752: | natd_hash: rcookie= 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:31.624754: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:31.624755: | natd_hash: port= 01 f4 Sep 21 07:16:31.624756: | natd_hash: hash= 12 4c f5 21 11 e3 5d b3 05 66 3e c9 49 d1 18 2d Sep 21 07:16:31.624758: | natd_hash: hash= 0b 8f 8f cc Sep 21 07:16:31.624759: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:16:31.624761: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:16:31.624762: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:16:31.624764: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:16:31.624769: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:16:31.624771: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:16:31.624773: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:31.624775: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:16:31.624777: | libevent_free: release ptr-libevent@0x564f7d3f9190 Sep 21 07:16:31.624779: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564f7d3f9150 Sep 21 07:16:31.624780: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564f7d3f9150 Sep 21 07:16:31.624786: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:16:31.624789: | libevent_malloc: new ptr-libevent@0x564f7d3f9190 size 128 Sep 21 07:16:31.624797: | #1 spent 0.176 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:16:31.624800: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:31.624802: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:16:31.624804: | suspending state #1 and saving MD Sep 21 07:16:31.624806: | #1 is busy; has a suspended MD Sep 21 07:16:31.624808: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:31.624810: | "road-eastnet" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:31.624816: | stop processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:31.624820: | #1 spent 0.38 milliseconds in ikev2_process_packet() Sep 21 07:16:31.624822: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:31.624822: | crypto helper 3 resuming Sep 21 07:16:31.624831: | crypto helper 3 starting work-order 2 for state #1 Sep 21 07:16:31.624834: | crypto helper 3 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:16:31.624825: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:31.624842: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:31.624845: | spent 0.401 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:31.625482: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:16:31.625758: | crypto helper 3 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.000923 seconds Sep 21 07:16:31.625764: | (#1) spent 0.927 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:16:31.625768: | crypto helper 3 sending results from work-order 2 for state #1 to event queue Sep 21 07:16:31.625770: | scheduling resume sending helper answer for #1 Sep 21 07:16:31.625772: | libevent_malloc: new ptr-libevent@0x7f2a3c006b90 size 128 Sep 21 07:16:31.625777: | crypto helper 3 waiting (nothing to do) Sep 21 07:16:31.625792: | processing resume sending helper answer for #1 Sep 21 07:16:31.625805: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:31.625809: | crypto helper 3 replies to request ID 2 Sep 21 07:16:31.625812: | calling continuation function 0x564f7c7a0630 Sep 21 07:16:31.625816: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:16:31.625823: | creating state object #2 at 0x564f7d3fb9f0 Sep 21 07:16:31.625826: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:16:31.625829: | pstats #2 ikev2.child started Sep 21 07:16:31.625832: | duplicating state object #1 "road-eastnet" as #2 for IPSEC SA Sep 21 07:16:31.625837: | #2 setting local endpoint to 192.1.3.209:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:31.625843: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:31.625848: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:16:31.625852: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:31.625855: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:31.625858: | libevent_free: release ptr-libevent@0x564f7d3f9190 Sep 21 07:16:31.625861: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564f7d3f9150 Sep 21 07:16:31.625864: | event_schedule: new EVENT_SA_REPLACE-pe@0x564f7d3f9150 Sep 21 07:16:31.625867: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:16:31.625870: | libevent_malloc: new ptr-libevent@0x564f7d3f9190 size 128 Sep 21 07:16:31.625873: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:16:31.625879: | **emit ISAKMP Message: Sep 21 07:16:31.625882: | initiator cookie: Sep 21 07:16:31.625884: | 13 d0 47 f3 31 7a 68 cd Sep 21 07:16:31.625886: | responder cookie: Sep 21 07:16:31.625888: | 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:31.625891: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:31.625893: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:31.625895: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:31.625898: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:31.625900: | Message ID: 1 (0x1) Sep 21 07:16:31.625903: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:31.625906: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:31.625908: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:31.625910: | flags: none (0x0) Sep 21 07:16:31.625913: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:31.625916: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:16:31.625919: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:31.625925: | IKEv2 CERT: send a certificate? Sep 21 07:16:31.625927: | IKEv2 CERT: no certificate to send Sep 21 07:16:31.625930: | IDr payload will be sent Sep 21 07:16:31.625947: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:16:31.625950: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:31.625952: | flags: none (0x0) Sep 21 07:16:31.625954: | ID type: ID_FQDN (0x2) Sep 21 07:16:31.625957: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:16:31.625963: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:31.625966: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:16:31.625968: | my identity 72 6f 61 64 Sep 21 07:16:31.625971: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Sep 21 07:16:31.625979: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:16:31.625982: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:16:31.625985: | flags: none (0x0) Sep 21 07:16:31.625987: | ID type: ID_FQDN (0x2) Sep 21 07:16:31.625990: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:16:31.625993: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:16:31.625996: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:31.625998: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:16:31.626001: | IDr 65 61 73 74 Sep 21 07:16:31.626003: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:16:31.626005: | not sending INITIAL_CONTACT Sep 21 07:16:31.626008: | ****emit IKEv2 Authentication Payload: Sep 21 07:16:31.626011: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:31.626013: | flags: none (0x0) Sep 21 07:16:31.626016: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:16:31.626019: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:16:31.626021: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:16:31.626027: | started looking for secret for @road->@east of kind PKK_RSA Sep 21 07:16:31.626030: | actually looking for secret for @road->@east of kind PKK_RSA Sep 21 07:16:31.626033: | line 1: key type PKK_RSA(@road) to type PKK_RSA Sep 21 07:16:31.626036: | 1: compared key (none) to @road / @east -> 002 Sep 21 07:16:31.626040: | 2: compared key (none) to @road / @east -> 002 Sep 21 07:16:31.626042: | line 1: match=002 Sep 21 07:16:31.626045: | match 002 beats previous best_match 000 match=0x564f7d3e9fd0 (line=1) Sep 21 07:16:31.626047: | concluding with best_match=002 best=0x564f7d3e9fd0 (lineno=1) Sep 21 07:16:31.632378: | #1 spent 6.27 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Sep 21 07:16:31.632388: | emitting 388 raw bytes of rsa signature into IKEv2 Authentication Payload Sep 21 07:16:31.632390: | rsa signature 82 7e 6d 11 81 fc f2 f7 21 e7 c2 ef 8a c5 68 0d Sep 21 07:16:31.632392: | rsa signature 89 ce 83 81 97 9c 18 9f 06 9c ca c5 e8 73 86 81 Sep 21 07:16:31.632394: | rsa signature 99 d2 81 79 e5 13 99 60 c8 12 9b 58 50 3c 7a 8e Sep 21 07:16:31.632395: | rsa signature 97 9b 5a 74 a9 55 17 ce 76 d6 ba d9 54 c0 6c ec Sep 21 07:16:31.632396: | rsa signature df a6 d5 de 78 74 e3 53 68 50 8d 75 6a 06 89 2a Sep 21 07:16:31.632398: | rsa signature a0 ae ac 39 46 d3 22 69 a8 fd 49 fc 1f 50 b3 05 Sep 21 07:16:31.632399: | rsa signature 85 e7 69 4c e2 bc 15 7e 43 15 c3 db a7 c3 97 07 Sep 21 07:16:31.632401: | rsa signature 54 1b e6 c0 e0 b1 49 34 11 83 6e 14 02 20 9b 54 Sep 21 07:16:31.632402: | rsa signature 6e 4b 12 6b 33 37 fb 39 ae 0f c1 b4 61 1f 2b d6 Sep 21 07:16:31.632404: | rsa signature bb 19 e9 2f d8 59 47 98 3d 13 fb cd 6f 6e dc 3f Sep 21 07:16:31.632405: | rsa signature 41 63 49 f6 b4 31 52 cd 30 35 fd ef 5a 2d 8a b6 Sep 21 07:16:31.632406: | rsa signature 0f 02 d5 15 69 72 2a cf 90 87 d8 e4 a7 08 51 11 Sep 21 07:16:31.632408: | rsa signature 1e 37 a4 79 fb 2f bb 66 6d 7a 2a eb 19 8a 37 ec Sep 21 07:16:31.632412: | rsa signature b0 b6 e5 e6 c4 33 8a 3c 35 56 1d 18 87 4d ad ac Sep 21 07:16:31.632414: | rsa signature ba be 52 10 ac c4 0e f6 2a ff b4 f7 ad 22 ad 24 Sep 21 07:16:31.632415: | rsa signature dc b1 e0 db 3e 56 8b 3b e0 1e 9e 34 a3 e1 1e 58 Sep 21 07:16:31.632417: | rsa signature 70 93 b1 1f 00 61 d4 a2 5d cf 85 ed 29 ca 15 ed Sep 21 07:16:31.632418: | rsa signature 8d 9b 54 41 b4 a0 09 19 ff 2c 03 dc e4 d2 2f ee Sep 21 07:16:31.632420: | rsa signature e1 d6 5d 68 f2 42 c9 2f 29 37 4c 41 d2 0a c3 12 Sep 21 07:16:31.632421: | rsa signature 47 ff c0 97 dc a4 47 b7 03 74 13 60 0f 5a f7 12 Sep 21 07:16:31.632422: | rsa signature ea 91 f5 5d 6f 5e c7 f6 d4 4b bc c2 e1 17 81 41 Sep 21 07:16:31.632424: | rsa signature 7e 44 3d bc e4 47 bb 83 5f e7 81 4a 4e d2 85 69 Sep 21 07:16:31.632425: | rsa signature 40 5b 02 17 a7 76 75 c5 94 2b ac 13 85 0c 6b 23 Sep 21 07:16:31.632427: | rsa signature c1 7e 9a c1 0c 75 a9 ef a5 77 f6 48 80 93 bb cc Sep 21 07:16:31.632428: | rsa signature 78 bc 8a 63 Sep 21 07:16:31.632431: | #1 spent 6.37 milliseconds in ikev2_calculate_rsa_hash() Sep 21 07:16:31.632433: | emitting length of IKEv2 Authentication Payload: 396 Sep 21 07:16:31.632435: | getting first pending from state #1 Sep 21 07:16:31.632449: | netlink_get_spi: allocated 0x6fefe9d0 for esp.0@192.1.3.209 Sep 21 07:16:31.632452: | constructing ESP/AH proposals with all DH removed for road-eastnet (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:16:31.632456: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:16:31.632461: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:16:31.632462: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:16:31.632465: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:16:31.632467: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:31.632470: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:31.632471: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:31.632474: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:31.632479: "road-eastnet": constructed local ESP/AH proposals for road-eastnet (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:31.632486: | Emitting ikev2_proposals ... Sep 21 07:16:31.632488: | ****emit IKEv2 Security Association Payload: Sep 21 07:16:31.632490: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:31.632492: | flags: none (0x0) Sep 21 07:16:31.632495: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:31.632497: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:31.632499: | discarding INTEG=NONE Sep 21 07:16:31.632500: | discarding DH=NONE Sep 21 07:16:31.632501: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:31.632503: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:31.632505: | prop #: 1 (0x1) Sep 21 07:16:31.632506: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:31.632508: | spi size: 4 (0x4) Sep 21 07:16:31.632509: | # transforms: 2 (0x2) Sep 21 07:16:31.632511: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:31.632513: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:31.632515: | our spi 6f ef e9 d0 Sep 21 07:16:31.632518: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.632520: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.632522: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:31.632523: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:31.632525: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.632527: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:31.632529: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:31.632530: | length/value: 256 (0x100) Sep 21 07:16:31.632532: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:31.632534: | discarding INTEG=NONE Sep 21 07:16:31.632536: | discarding DH=NONE Sep 21 07:16:31.632538: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.632540: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:31.632542: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:31.632544: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:31.632547: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.632549: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.632551: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.632553: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:16:31.632556: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:31.632558: | discarding INTEG=NONE Sep 21 07:16:31.632560: | discarding DH=NONE Sep 21 07:16:31.632562: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:31.632564: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:31.632566: | prop #: 2 (0x2) Sep 21 07:16:31.632568: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:31.632570: | spi size: 4 (0x4) Sep 21 07:16:31.632572: | # transforms: 2 (0x2) Sep 21 07:16:31.632574: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:31.632577: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:31.632579: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:31.632582: | our spi 6f ef e9 d0 Sep 21 07:16:31.632584: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.632586: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.632588: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:31.632590: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:31.632593: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.632595: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:31.632597: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:31.632599: | length/value: 128 (0x80) Sep 21 07:16:31.632602: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:31.632604: | discarding INTEG=NONE Sep 21 07:16:31.632605: | discarding DH=NONE Sep 21 07:16:31.632607: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.632610: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:31.632612: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:31.632614: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:31.632616: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.632619: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.632623: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.632625: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:16:31.632627: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:31.632629: | discarding DH=NONE Sep 21 07:16:31.632632: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:31.632634: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:31.632636: | prop #: 3 (0x3) Sep 21 07:16:31.632638: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:31.632640: | spi size: 4 (0x4) Sep 21 07:16:31.632642: | # transforms: 4 (0x4) Sep 21 07:16:31.632645: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:31.632647: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:31.632650: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:31.632652: | our spi 6f ef e9 d0 Sep 21 07:16:31.632654: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.632657: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.632659: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:31.632661: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:31.632663: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.632665: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:31.632668: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:31.632670: | length/value: 256 (0x100) Sep 21 07:16:31.632672: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:31.632674: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.632676: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.632678: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:31.632681: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:31.632683: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.632686: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.632688: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.632690: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.632693: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.632694: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:31.632696: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:31.632698: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.632699: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.632701: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.632702: | discarding DH=NONE Sep 21 07:16:31.632704: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.632705: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:31.632707: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:31.632708: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:31.632710: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.632712: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.632713: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.632716: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:16:31.632718: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:31.632719: | discarding DH=NONE Sep 21 07:16:31.632721: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:31.632722: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:31.632724: | prop #: 4 (0x4) Sep 21 07:16:31.632725: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:31.632727: | spi size: 4 (0x4) Sep 21 07:16:31.632728: | # transforms: 4 (0x4) Sep 21 07:16:31.632730: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:31.632732: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:31.632733: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:31.632735: | our spi 6f ef e9 d0 Sep 21 07:16:31.632736: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.632738: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.632739: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:31.632741: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:31.632742: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.632744: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:31.632746: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:31.632747: | length/value: 128 (0x80) Sep 21 07:16:31.632749: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:31.632750: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.632751: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.632753: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:31.632754: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:31.632756: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.632758: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.632759: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.632761: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.632762: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.632764: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:31.632765: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:31.632767: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.632769: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.632770: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.632772: | discarding DH=NONE Sep 21 07:16:31.632773: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:31.632774: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:31.632776: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:31.632777: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:31.632779: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.632781: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:31.632786: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:31.632788: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:16:31.632792: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:31.632793: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:16:31.632795: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:31.632798: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:31.632799: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:31.632801: | flags: none (0x0) Sep 21 07:16:31.632803: | number of TS: 1 (0x1) Sep 21 07:16:31.632805: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:16:31.632806: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:31.632808: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:31.632812: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:31.632813: | IP Protocol ID: 0 (0x0) Sep 21 07:16:31.632815: | start port: 0 (0x0) Sep 21 07:16:31.632816: | end port: 65535 (0xffff) Sep 21 07:16:31.632818: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:31.632820: | IP start c0 01 03 d1 Sep 21 07:16:31.632821: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:31.632823: | IP end c0 01 03 d1 Sep 21 07:16:31.632824: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:31.632826: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:16:31.632827: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:31.632829: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:31.632830: | flags: none (0x0) Sep 21 07:16:31.632832: | number of TS: 1 (0x1) Sep 21 07:16:31.632834: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:16:31.632836: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:31.632837: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:31.632839: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:31.632841: | IP Protocol ID: 0 (0x0) Sep 21 07:16:31.632844: | start port: 0 (0x0) Sep 21 07:16:31.632845: | end port: 65535 (0xffff) Sep 21 07:16:31.632848: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:31.632850: | IP start c0 00 02 00 Sep 21 07:16:31.632852: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:31.632854: | IP end c0 00 02 ff Sep 21 07:16:31.632856: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:31.632858: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:16:31.632860: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:16:31.632863: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:16:31.632865: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:31.632868: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:31.632871: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:31.632874: | emitting length of IKEv2 Encryption Payload: 661 Sep 21 07:16:31.632876: | emitting length of ISAKMP Message: 689 Sep 21 07:16:31.632880: | **parse ISAKMP Message: Sep 21 07:16:31.632883: | initiator cookie: Sep 21 07:16:31.632885: | 13 d0 47 f3 31 7a 68 cd Sep 21 07:16:31.632887: | responder cookie: Sep 21 07:16:31.632889: | 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:31.632891: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:31.632893: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:31.632898: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:31.632900: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:31.632902: | Message ID: 1 (0x1) Sep 21 07:16:31.632903: | length: 689 (0x2b1) Sep 21 07:16:31.632905: | **parse IKEv2 Encryption Payload: Sep 21 07:16:31.632906: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:16:31.632908: | flags: none (0x0) Sep 21 07:16:31.632909: | length: 661 (0x295) Sep 21 07:16:31.632911: | **emit ISAKMP Message: Sep 21 07:16:31.632912: | initiator cookie: Sep 21 07:16:31.632913: | 13 d0 47 f3 31 7a 68 cd Sep 21 07:16:31.632915: | responder cookie: Sep 21 07:16:31.632916: | 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:31.632918: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:31.632919: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:31.632921: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:31.632922: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:31.632924: | Message ID: 1 (0x1) Sep 21 07:16:31.632925: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:31.632927: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:16:31.632929: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:16:31.632930: | flags: none (0x0) Sep 21 07:16:31.632932: | fragment number: 1 (0x1) Sep 21 07:16:31.632933: | total fragments: 2 (0x2) Sep 21 07:16:31.632935: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Sep 21 07:16:31.632937: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:16:31.632939: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:16:31.632941: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:16:31.632947: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:16:31.632948: | cleartext fragment 24 00 00 0c 02 00 00 00 72 6f 61 64 27 00 00 0c Sep 21 07:16:31.632950: | cleartext fragment 02 00 00 00 65 61 73 74 21 00 01 8c 01 00 00 00 Sep 21 07:16:31.632951: | cleartext fragment 82 7e 6d 11 81 fc f2 f7 21 e7 c2 ef 8a c5 68 0d Sep 21 07:16:31.632953: | cleartext fragment 89 ce 83 81 97 9c 18 9f 06 9c ca c5 e8 73 86 81 Sep 21 07:16:31.632954: | cleartext fragment 99 d2 81 79 e5 13 99 60 c8 12 9b 58 50 3c 7a 8e Sep 21 07:16:31.632956: | cleartext fragment 97 9b 5a 74 a9 55 17 ce 76 d6 ba d9 54 c0 6c ec Sep 21 07:16:31.632957: | cleartext fragment df a6 d5 de 78 74 e3 53 68 50 8d 75 6a 06 89 2a Sep 21 07:16:31.632958: | cleartext fragment a0 ae ac 39 46 d3 22 69 a8 fd 49 fc 1f 50 b3 05 Sep 21 07:16:31.632960: | cleartext fragment 85 e7 69 4c e2 bc 15 7e 43 15 c3 db a7 c3 97 07 Sep 21 07:16:31.632961: | cleartext fragment 54 1b e6 c0 e0 b1 49 34 11 83 6e 14 02 20 9b 54 Sep 21 07:16:31.632963: | cleartext fragment 6e 4b 12 6b 33 37 fb 39 ae 0f c1 b4 61 1f 2b d6 Sep 21 07:16:31.632964: | cleartext fragment bb 19 e9 2f d8 59 47 98 3d 13 fb cd 6f 6e dc 3f Sep 21 07:16:31.632966: | cleartext fragment 41 63 49 f6 b4 31 52 cd 30 35 fd ef 5a 2d 8a b6 Sep 21 07:16:31.632967: | cleartext fragment 0f 02 d5 15 69 72 2a cf 90 87 d8 e4 a7 08 51 11 Sep 21 07:16:31.632969: | cleartext fragment 1e 37 a4 79 fb 2f bb 66 6d 7a 2a eb 19 8a 37 ec Sep 21 07:16:31.632970: | cleartext fragment b0 b6 e5 e6 c4 33 8a 3c 35 56 1d 18 87 4d ad ac Sep 21 07:16:31.632971: | cleartext fragment ba be 52 10 ac c4 0e f6 2a ff b4 f7 ad 22 ad 24 Sep 21 07:16:31.632973: | cleartext fragment dc b1 e0 db 3e 56 8b 3b e0 1e 9e 34 a3 e1 1e 58 Sep 21 07:16:31.632974: | cleartext fragment 70 93 b1 1f 00 61 d4 a2 5d cf 85 ed 29 ca 15 ed Sep 21 07:16:31.632976: | cleartext fragment 8d 9b 54 41 b4 a0 09 19 ff 2c 03 dc e4 d2 2f ee Sep 21 07:16:31.632977: | cleartext fragment e1 d6 5d 68 f2 42 c9 2f 29 37 4c 41 d2 0a c3 12 Sep 21 07:16:31.632980: | cleartext fragment 47 ff c0 97 dc a4 47 b7 03 74 13 60 0f 5a f7 12 Sep 21 07:16:31.632981: | cleartext fragment ea 91 f5 5d 6f 5e c7 f6 d4 4b bc c2 e1 17 81 41 Sep 21 07:16:31.632983: | cleartext fragment 7e 44 3d bc e4 47 bb 83 5f e7 81 4a 4e d2 85 69 Sep 21 07:16:31.632984: | cleartext fragment 40 5b 02 17 a7 76 75 c5 94 2b ac 13 85 0c 6b 23 Sep 21 07:16:31.632986: | cleartext fragment c1 7e 9a c1 0c 75 a9 ef a5 77 f6 48 80 93 bb cc Sep 21 07:16:31.632987: | cleartext fragment 78 bc 8a 63 2c 00 00 a4 02 00 00 20 01 03 04 02 Sep 21 07:16:31.632989: | cleartext fragment 6f ef e9 d0 03 00 00 0c 01 00 00 14 80 0e 01 00 Sep 21 07:16:31.632990: | cleartext fragment 00 00 00 08 05 00 00 00 02 00 00 20 02 03 04 02 Sep 21 07:16:31.632991: | cleartext fragment 6f ef e9 d0 03 00 00 0c 01 00 00 14 80 0e Sep 21 07:16:31.632993: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:31.632995: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:16:31.632997: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:16:31.632998: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:16:31.633000: | emitting length of ISAKMP Message: 539 Sep 21 07:16:31.633009: | **emit ISAKMP Message: Sep 21 07:16:31.633011: | initiator cookie: Sep 21 07:16:31.633012: | 13 d0 47 f3 31 7a 68 cd Sep 21 07:16:31.633014: | responder cookie: Sep 21 07:16:31.633015: | 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:31.633016: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:31.633018: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:31.633020: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:31.633021: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:31.633023: | Message ID: 1 (0x1) Sep 21 07:16:31.633024: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:31.633026: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:16:31.633027: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:31.633029: | flags: none (0x0) Sep 21 07:16:31.633030: | fragment number: 2 (0x2) Sep 21 07:16:31.633032: | total fragments: 2 (0x2) Sep 21 07:16:31.633033: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:16:31.633035: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:16:31.633037: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:16:31.633039: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:16:31.633041: | emitting 154 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:16:31.633042: | cleartext fragment 00 80 00 00 00 08 05 00 00 00 02 00 00 30 03 03 Sep 21 07:16:31.633044: | cleartext fragment 04 04 6f ef e9 d0 03 00 00 0c 01 00 00 0c 80 0e Sep 21 07:16:31.633045: | cleartext fragment 01 00 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 Sep 21 07:16:31.633046: | cleartext fragment 00 0c 00 00 00 08 05 00 00 00 00 00 00 30 04 03 Sep 21 07:16:31.633048: | cleartext fragment 04 04 6f ef e9 d0 03 00 00 0c 01 00 00 0c 80 0e Sep 21 07:16:31.633049: | cleartext fragment 00 80 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 Sep 21 07:16:31.633051: | cleartext fragment 00 0c 00 00 00 08 05 00 00 00 2d 00 00 18 01 00 Sep 21 07:16:31.633052: | cleartext fragment 00 00 07 00 00 10 00 00 ff ff c0 01 03 d1 c0 01 Sep 21 07:16:31.633054: | cleartext fragment 03 d1 00 00 00 18 01 00 00 00 07 00 00 10 00 00 Sep 21 07:16:31.633055: | cleartext fragment ff ff c0 00 02 00 c0 00 02 ff Sep 21 07:16:31.633057: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:31.633058: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:16:31.633061: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:16:31.633062: | emitting length of IKEv2 Encrypted Fragment: 187 Sep 21 07:16:31.633064: | emitting length of ISAKMP Message: 215 Sep 21 07:16:31.633071: | suspend processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:31.633074: | start processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:31.633077: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:16:31.633079: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:16:31.633082: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:16:31.633083: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:16:31.633087: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:16:31.633090: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:16:31.633093: "road-eastnet" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:16:31.633101: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) Sep 21 07:16:31.633102: | sending fragments ... Sep 21 07:16:31.633106: | sending 539 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:31.633108: | 13 d0 47 f3 31 7a 68 cd 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:31.633109: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Sep 21 07:16:31.633111: | 00 01 00 02 be ab 05 6c b2 68 5a c9 f0 2c e1 cc Sep 21 07:16:31.633112: | 17 7f 24 57 92 25 a5 be 53 46 3d af b6 13 54 63 Sep 21 07:16:31.633113: | 21 83 af 7a c4 a1 34 02 8c 1f 2b b9 ba 4b fc 42 Sep 21 07:16:31.633115: | a8 16 4f ba 22 e9 16 40 1e af 49 53 e9 8b a2 38 Sep 21 07:16:31.633116: | 6d 7d ff 6c 07 e3 0e 6d ff 0f ed c8 0a 1e 4e a5 Sep 21 07:16:31.633117: | 4f 94 cc 5d 0b e0 3d af d3 b1 a0 8a 00 20 23 13 Sep 21 07:16:31.633119: | 74 6d 5e f1 32 f5 6d 7b 77 2f a4 87 8a 8d 5f 16 Sep 21 07:16:31.633120: | 7b 35 f3 54 01 5d 61 32 f2 89 58 a2 b0 d0 4a 9b Sep 21 07:16:31.633122: | fe a3 52 e4 ba d0 d7 48 af ea ce 32 93 06 a7 e5 Sep 21 07:16:31.633123: | f0 9b 58 75 c6 17 b8 e0 f5 67 a1 cd 84 2f 84 be Sep 21 07:16:31.633124: | 11 b2 ab f2 34 34 38 84 49 7c d4 eb 05 2e 8e 1b Sep 21 07:16:31.633126: | f8 52 25 9b 81 6f cc fd c0 ab d6 98 21 9f 6a a4 Sep 21 07:16:31.633127: | 02 b2 f2 cc 1b 78 5c 49 07 00 24 2c b3 a2 e4 bc Sep 21 07:16:31.633129: | e7 c8 84 e9 5f c5 38 d7 bc 0f cd 0c c2 5d 19 96 Sep 21 07:16:31.633130: | fb 46 a0 68 57 bc 86 3a 2b 7e 2a 2c b4 4e 02 94 Sep 21 07:16:31.633131: | 9f fe f5 bf d3 03 50 9d 4e 35 d3 f2 11 24 fa b7 Sep 21 07:16:31.633133: | ac 36 20 6b 5b 8f 81 b6 3f fa a5 68 a8 dd 4c 7c Sep 21 07:16:31.633134: | 2c 1e 52 ff b7 6a 4d df 79 76 9b a8 c9 b5 fa fd Sep 21 07:16:31.633135: | 8f f2 99 b8 8b f8 d6 45 3c 91 14 38 70 8a 18 fb Sep 21 07:16:31.633137: | 49 8c cf 3a dd 5d 1b c4 76 16 2a e1 72 dd c0 f9 Sep 21 07:16:31.633139: | 0e 1d cf a5 f9 fa 97 1f c8 9e 4d fb 4f 56 79 36 Sep 21 07:16:31.633141: | 83 ef 0f a0 c9 ce 96 7d 42 c6 2a ca 81 50 b6 dd Sep 21 07:16:31.633143: | ac 29 29 25 5d c0 07 49 59 29 ef 34 42 71 d7 58 Sep 21 07:16:31.633145: | 1a 66 b8 3d 2e 2e 0f ad d2 59 68 8c 90 67 06 6e Sep 21 07:16:31.633147: | 53 bc 26 c6 80 7b 52 e6 be 26 17 ef 7c 12 19 d8 Sep 21 07:16:31.633149: | 15 00 85 5b 97 f3 8f 24 11 8a 4a 80 6f 66 83 1c Sep 21 07:16:31.633151: | 46 f1 e2 e4 eb 30 55 9e 94 c8 7e 87 d5 fb ee c9 Sep 21 07:16:31.633155: | 50 bb f0 ee 70 85 66 4e 57 fa 6d 04 b9 1a d8 73 Sep 21 07:16:31.633157: | 20 6c 07 e4 82 f6 04 a9 c5 fd 56 22 b5 cc aa ae Sep 21 07:16:31.633159: | 6b 00 21 d0 67 c4 8f d5 4e b3 07 c7 e1 e8 e4 1a Sep 21 07:16:31.633161: | 4f 3c 26 88 d2 72 a2 2f a0 62 66 c1 ab 16 81 93 Sep 21 07:16:31.633163: | 3c 5c e1 95 47 17 f6 0d c2 41 0a Sep 21 07:16:31.633206: | sending 215 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:31.633210: | 13 d0 47 f3 31 7a 68 cd 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:31.633213: | 35 20 23 08 00 00 00 01 00 00 00 d7 00 00 00 bb Sep 21 07:16:31.633215: | 00 02 00 02 ea d9 b8 85 d2 49 9b c9 1e ad 75 9e Sep 21 07:16:31.633217: | e4 ae 67 a9 6f a2 2f 00 58 4a a0 3c f4 b1 03 ee Sep 21 07:16:31.633219: | fa 3f 7f 5b 14 17 8d 81 30 88 14 bc a0 6a 8a 3a Sep 21 07:16:31.633221: | 0a d1 e7 d7 00 ae 74 76 bc 6b 1b 99 71 c9 cb 3d Sep 21 07:16:31.633223: | 3d c7 25 c9 e7 c1 9c 01 d2 a5 81 85 79 8a 4c 35 Sep 21 07:16:31.633224: | bc 18 c5 4d 4e c5 8f 28 8a 5b 7b 99 58 b9 2a f3 Sep 21 07:16:31.633225: | 5d b6 72 32 c3 8d f7 66 de d1 0f 01 0b 67 da 47 Sep 21 07:16:31.633227: | 01 97 89 30 48 97 88 65 c3 80 29 80 4f 4a f3 98 Sep 21 07:16:31.633228: | 95 0c 78 01 cc 0c f5 98 5c a8 9f e0 8c 4b 73 78 Sep 21 07:16:31.633230: | c8 c7 3d 14 ad 0b 82 31 03 63 1a b2 42 7f fe 95 Sep 21 07:16:31.633231: | 54 d8 59 35 48 0d b7 6b b2 7d 0f 7e 66 91 96 ee Sep 21 07:16:31.633232: | c7 41 c5 94 69 ae cb Sep 21 07:16:31.633244: | sent 2 fragments Sep 21 07:16:31.633247: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=25000ms Sep 21 07:16:31.633249: | event_schedule: new EVENT_RETRANSMIT-pe@0x564f7d3fd700 Sep 21 07:16:31.633252: | inserting event EVENT_RETRANSMIT, timeout in 25 seconds for #2 Sep 21 07:16:31.633255: | libevent_malloc: new ptr-libevent@0x7f2a44006900 size 128 Sep 21 07:16:31.633259: | #2 STATE_PARENT_I2: retransmits: first event in 25 seconds; timeout in 107 seconds; limit of 12 retransmits; current time is 48838.001514 Sep 21 07:16:31.633262: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:16:31.633266: | #1 spent 7.39 milliseconds in resume sending helper answer Sep 21 07:16:31.633269: | stop processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:31.633272: | libevent_free: release ptr-libevent@0x7f2a3c006b90 Sep 21 07:16:31.679681: | spent 0.00314 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:31.679704: | *received 435 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) Sep 21 07:16:31.679708: | 13 d0 47 f3 31 7a 68 cd 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:31.679710: | 2e 20 23 20 00 00 00 01 00 00 01 b3 24 00 01 97 Sep 21 07:16:31.679712: | 22 83 d1 28 59 41 01 97 e7 1e 66 21 20 11 c5 91 Sep 21 07:16:31.679714: | 77 0b 5e f2 cf 98 8e 7d a4 04 c9 e9 55 ba a5 54 Sep 21 07:16:31.679716: | 50 4d 0a 17 8c 4e 2b b6 c6 ce 37 d6 6a 9c f8 d0 Sep 21 07:16:31.679718: | f6 d4 d4 bf a8 59 da 71 11 15 50 46 3d 86 65 5e Sep 21 07:16:31.679720: | 9d 22 51 f5 3f e4 7c 8c a0 5c 82 12 f0 dd 7e bb Sep 21 07:16:31.679722: | 94 8c f6 93 ab 1f e7 f6 61 4e e6 cc 63 62 cd 28 Sep 21 07:16:31.679724: | bf de fa 1f 09 9f 75 b1 e6 ee 6e c1 ca 78 27 86 Sep 21 07:16:31.679726: | ee 29 38 0c 9f b6 19 42 74 20 0b 12 4a e9 a2 3a Sep 21 07:16:31.679728: | d5 f0 33 b4 c1 e3 88 df 84 d4 39 8b 27 7b 60 2a Sep 21 07:16:31.679730: | 8a 63 e4 8c a5 39 64 cc 8c 74 9c 05 f3 ca 9c ee Sep 21 07:16:31.679732: | 0b bb ab 36 70 14 fa b5 dc 13 7a 0a 75 a2 7e ae Sep 21 07:16:31.679734: | 52 ec 31 5a 4a 23 1f ba f0 bc 75 f0 53 46 9d 49 Sep 21 07:16:31.679737: | 5f 22 c7 5d 1e f7 ca 6e 6d 0b 3b b3 d7 e7 a3 ce Sep 21 07:16:31.679739: | bc d2 01 fb 3f f4 a5 c8 f9 31 1c d3 61 4b 1d 68 Sep 21 07:16:31.679741: | 44 7c 58 a5 32 9a 0a 8b 76 8f 2a 02 1a a7 f7 3a Sep 21 07:16:31.679746: | 9b e5 31 50 3b 57 78 e3 fd d2 10 2f cf be 65 99 Sep 21 07:16:31.679749: | 1e 20 f2 1d 11 6d ed 5a ac 86 70 c0 82 8c f2 e0 Sep 21 07:16:31.679751: | de 00 09 b7 02 f0 7b 55 a1 dc a6 b8 0a a6 1d 16 Sep 21 07:16:31.679754: | 5b 58 e6 30 6d cb 43 84 e8 bf 05 f4 28 76 10 2d Sep 21 07:16:31.679756: | 4e 5f 62 33 12 b3 80 7b 29 00 98 45 16 b1 eb 56 Sep 21 07:16:31.679758: | 2a c4 2f b5 61 c0 cb 34 0c 6e c9 cd e7 99 f0 c7 Sep 21 07:16:31.679760: | d5 17 2f 21 6d d6 cb ac 29 05 d1 e8 ec b1 1e 33 Sep 21 07:16:31.679762: | 6f 08 27 f5 fd 10 a3 c6 1d 8c 86 19 f0 a8 1e 4b Sep 21 07:16:31.679764: | 93 a3 d9 c1 41 7b 46 e8 bf 42 88 15 48 b9 74 aa Sep 21 07:16:31.679766: | 5c 59 b8 a1 eb 3d b5 3c 81 82 38 09 6b 99 12 5a Sep 21 07:16:31.679768: | 34 f2 0e Sep 21 07:16:31.679774: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:31.679777: | **parse ISAKMP Message: Sep 21 07:16:31.679780: | initiator cookie: Sep 21 07:16:31.679782: | 13 d0 47 f3 31 7a 68 cd Sep 21 07:16:31.679791: | responder cookie: Sep 21 07:16:31.679793: | 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:31.679796: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:31.679799: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:31.679801: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:31.679804: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:31.679806: | Message ID: 1 (0x1) Sep 21 07:16:31.679808: | length: 435 (0x1b3) Sep 21 07:16:31.679811: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:31.679815: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:16:31.679819: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:16:31.679825: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:31.679829: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:16:31.679833: | suspend processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:31.679837: | start processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:31.679840: | #2 is idle Sep 21 07:16:31.679843: | #2 idle Sep 21 07:16:31.679845: | unpacking clear payload Sep 21 07:16:31.679847: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:31.679850: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:31.679853: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:16:31.679855: | flags: none (0x0) Sep 21 07:16:31.679858: | length: 407 (0x197) Sep 21 07:16:31.679860: | processing payload: ISAKMP_NEXT_v2SK (len=403) Sep 21 07:16:31.679863: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:16:31.679881: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:16:31.679884: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:16:31.679888: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:16:31.679890: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:16:31.679893: | flags: none (0x0) Sep 21 07:16:31.679895: | length: 12 (0xc) Sep 21 07:16:31.679898: | ID type: ID_FQDN (0x2) Sep 21 07:16:31.679900: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:16:31.679903: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:16:31.679906: | **parse IKEv2 Authentication Payload: Sep 21 07:16:31.679909: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:31.679911: | flags: none (0x0) Sep 21 07:16:31.679914: | length: 282 (0x11a) Sep 21 07:16:31.679916: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:16:31.679918: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Sep 21 07:16:31.679921: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:31.679923: | **parse IKEv2 Security Association Payload: Sep 21 07:16:31.679925: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:16:31.679930: | flags: none (0x0) Sep 21 07:16:31.679932: | length: 36 (0x24) Sep 21 07:16:31.679935: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:16:31.679937: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:16:31.679940: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:31.679942: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:16:31.679944: | flags: none (0x0) Sep 21 07:16:31.679947: | length: 24 (0x18) Sep 21 07:16:31.679949: | number of TS: 1 (0x1) Sep 21 07:16:31.679951: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:16:31.679954: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:16:31.679956: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:31.679958: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:31.679960: | flags: none (0x0) Sep 21 07:16:31.679963: | length: 24 (0x18) Sep 21 07:16:31.679965: | number of TS: 1 (0x1) Sep 21 07:16:31.679967: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:16:31.679970: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:16:31.679972: | Now let's proceed with state specific processing Sep 21 07:16:31.679975: | calling processor Initiator: process IKE_AUTH response Sep 21 07:16:31.679981: | offered CA: '%none' Sep 21 07:16:31.679985: "road-eastnet" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:16:31.680023: | verifying AUTH payload Sep 21 07:16:31.680039: | required RSA CA is '%any' Sep 21 07:16:31.680044: | checking RSA keyid '@east' for match with '@east' Sep 21 07:16:31.680047: | RSA key issuer CA is '%any' Sep 21 07:16:31.680112: | an RSA Sig check passed with *AQO9bJbr3 [preloaded keys] Sep 21 07:16:31.680119: | #1 spent 0.0665 milliseconds in try_all_keys() trying a pubkey Sep 21 07:16:31.680123: "road-eastnet" #2: Authenticated using RSA Sep 21 07:16:31.680130: | #1 spent 0.102 milliseconds in ikev2_verify_rsa_hash() Sep 21 07:16:31.680134: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:16:31.680139: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:16:31.680142: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:16:31.680147: | libevent_free: release ptr-libevent@0x564f7d3f9190 Sep 21 07:16:31.680150: | free_event_entry: release EVENT_SA_REPLACE-pe@0x564f7d3f9150 Sep 21 07:16:31.680153: | event_schedule: new EVENT_SA_REKEY-pe@0x564f7d3f9150 Sep 21 07:16:31.680156: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:16:31.680160: | libevent_malloc: new ptr-libevent@0x564f7d3f9190 size 128 Sep 21 07:16:31.680253: | pstats #1 ikev2.ike established Sep 21 07:16:31.680259: | TSi: parsing 1 traffic selectors Sep 21 07:16:31.680263: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:31.680266: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:31.680269: | IP Protocol ID: 0 (0x0) Sep 21 07:16:31.680272: | length: 16 (0x10) Sep 21 07:16:31.680274: | start port: 0 (0x0) Sep 21 07:16:31.680276: | end port: 65535 (0xffff) Sep 21 07:16:31.680279: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:31.680281: | TS low c0 01 03 d1 Sep 21 07:16:31.680284: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:31.680286: | TS high c0 01 03 d1 Sep 21 07:16:31.680289: | TSi: parsed 1 traffic selectors Sep 21 07:16:31.680291: | TSr: parsing 1 traffic selectors Sep 21 07:16:31.680294: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:31.680296: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:31.680298: | IP Protocol ID: 0 (0x0) Sep 21 07:16:31.680301: | length: 16 (0x10) Sep 21 07:16:31.680303: | start port: 0 (0x0) Sep 21 07:16:31.680305: | end port: 65535 (0xffff) Sep 21 07:16:31.680308: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:31.680309: | TS low c0 00 02 00 Sep 21 07:16:31.680312: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:31.680315: | TS high c0 00 02 ff Sep 21 07:16:31.680318: | TSr: parsed 1 traffic selectors Sep 21 07:16:31.680324: | evaluating our conn="road-eastnet" I=192.1.3.209/32:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:16:31.680329: | TSi[0] .net=192.1.3.209-192.1.3.209 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:31.680336: | match address end->client=192.1.3.209/32 == TSi[0]net=192.1.3.209-192.1.3.209: YES fitness 32 Sep 21 07:16:31.680339: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:16:31.680341: | TSi[0] port match: YES fitness 65536 Sep 21 07:16:31.680344: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:16:31.680347: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:31.680351: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:31.680356: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:16:31.680358: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:16:31.680361: | TSr[0] port match: YES fitness 65536 Sep 21 07:16:31.680363: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:16:31.680366: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:31.680368: | best fit so far: TSi[0] TSr[0] Sep 21 07:16:31.680370: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:16:31.680372: | printing contents struct traffic_selector Sep 21 07:16:31.680375: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:31.680377: | ipprotoid: 0 Sep 21 07:16:31.680379: | port range: 0-65535 Sep 21 07:16:31.680382: | ip range: 192.1.3.209-192.1.3.209 Sep 21 07:16:31.680384: | printing contents struct traffic_selector Sep 21 07:16:31.680386: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:31.680389: | ipprotoid: 0 Sep 21 07:16:31.680391: | port range: 0-65535 Sep 21 07:16:31.680394: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:16:31.680408: | using existing local ESP/AH proposals for road-eastnet (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:31.680411: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:16:31.680415: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:31.680418: | local proposal 1 type PRF has 0 transforms Sep 21 07:16:31.680420: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:31.680423: | local proposal 1 type DH has 1 transforms Sep 21 07:16:31.680425: | local proposal 1 type ESN has 1 transforms Sep 21 07:16:31.680428: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:16:31.680431: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:31.680433: | local proposal 2 type PRF has 0 transforms Sep 21 07:16:31.680435: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:31.680438: | local proposal 2 type DH has 1 transforms Sep 21 07:16:31.680440: | local proposal 2 type ESN has 1 transforms Sep 21 07:16:31.680442: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:16:31.680445: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:31.680447: | local proposal 3 type PRF has 0 transforms Sep 21 07:16:31.680449: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:31.680451: | local proposal 3 type DH has 1 transforms Sep 21 07:16:31.680454: | local proposal 3 type ESN has 1 transforms Sep 21 07:16:31.680457: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:16:31.680459: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:31.680461: | local proposal 4 type PRF has 0 transforms Sep 21 07:16:31.680464: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:31.680468: | local proposal 4 type DH has 1 transforms Sep 21 07:16:31.680470: | local proposal 4 type ESN has 1 transforms Sep 21 07:16:31.680473: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:16:31.680476: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:31.680479: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:31.680481: | length: 32 (0x20) Sep 21 07:16:31.680484: | prop #: 1 (0x1) Sep 21 07:16:31.680486: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:31.680489: | spi size: 4 (0x4) Sep 21 07:16:31.680491: | # transforms: 2 (0x2) Sep 21 07:16:31.680494: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:16:31.680496: | remote SPI db eb 89 c0 Sep 21 07:16:31.680499: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:16:31.680502: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:31.680505: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:31.680507: | length: 12 (0xc) Sep 21 07:16:31.680510: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:31.680512: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:31.680514: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:31.680517: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:31.680520: | length/value: 256 (0x100) Sep 21 07:16:31.680524: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:31.680527: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:31.680529: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:31.680531: | length: 8 (0x8) Sep 21 07:16:31.680534: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:31.680537: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:31.680540: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:16:31.680544: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:16:31.680548: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:16:31.680551: | remote proposal 1 matches local proposal 1 Sep 21 07:16:31.680553: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:16:31.680558: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=dbeb89c0;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:16:31.680561: | converting proposal to internal trans attrs Sep 21 07:16:31.680567: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:16:31.680745: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:16:31.680750: | could_route called for road-eastnet (kind=CK_PERMANENT) Sep 21 07:16:31.680753: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:31.680756: | conn road-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:16:31.680758: | conn road-eastnet mark 0/00000000, 0/00000000 Sep 21 07:16:31.680765: | route owner of "road-eastnet" unrouted: NULL; eroute owner: NULL Sep 21 07:16:31.680768: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:31.680772: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:31.680775: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:31.680777: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:31.680782: | setting IPsec SA replay-window to 32 Sep 21 07:16:31.680795: | NIC esp-hw-offload not for connection 'road-eastnet' not available on interface eth0 Sep 21 07:16:31.680799: | netlink: enabling tunnel mode Sep 21 07:16:31.680802: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:31.680805: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:31.680886: | netlink response for Add SA esp.dbeb89c0@192.1.2.23 included non-error error Sep 21 07:16:31.680893: | set up outgoing SA, ref=0/0 Sep 21 07:16:31.680896: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:31.680899: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:31.680902: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:31.680904: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:31.680908: | setting IPsec SA replay-window to 32 Sep 21 07:16:31.680911: | NIC esp-hw-offload not for connection 'road-eastnet' not available on interface eth0 Sep 21 07:16:31.680913: | netlink: enabling tunnel mode Sep 21 07:16:31.680916: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:31.680919: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:31.680967: | netlink response for Add SA esp.6fefe9d0@192.1.3.209 included non-error error Sep 21 07:16:31.680972: | priority calculation of connection "road-eastnet" is 0xfdfe7 Sep 21 07:16:31.680979: | add inbound eroute 192.0.2.0/24:0 --0-> 192.1.3.209/32:0 => tun.10000@192.1.3.209 (raw_eroute) Sep 21 07:16:31.680982: | IPsec Sa SPD priority set to 1040359 Sep 21 07:16:31.681030: | raw_eroute result=success Sep 21 07:16:31.681034: | set up incoming SA, ref=0/0 Sep 21 07:16:31.681036: | sr for #2: unrouted Sep 21 07:16:31.681039: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:16:31.681042: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:31.681045: | conn road-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:16:31.681047: | conn road-eastnet mark 0/00000000, 0/00000000 Sep 21 07:16:31.681051: | route owner of "road-eastnet" unrouted: NULL; eroute owner: NULL Sep 21 07:16:31.681054: | route_and_eroute with c: road-eastnet (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:16:31.681057: | priority calculation of connection "road-eastnet" is 0xfdfe7 Sep 21 07:16:31.681064: | eroute_connection add eroute 192.1.3.209/32:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:16:31.681067: | IPsec Sa SPD priority set to 1040359 Sep 21 07:16:31.681090: | raw_eroute result=success Sep 21 07:16:31.681094: | running updown command "ipsec _updown" for verb up Sep 21 07:16:31.681097: | command executing up-host Sep 21 07:16:31.681123: | executing up-host: PLUTO_VERB='up-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdbeb Sep 21 07:16:31.681127: | popen cmd is 1040 chars long Sep 21 07:16:31.681130: | cmd( 0):PLUTO_VERB='up-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_I: Sep 21 07:16:31.681132: | cmd( 80):NTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID=: Sep 21 07:16:31.681135: | cmd( 160):'@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO: Sep 21 07:16:31.681138: | cmd( 240):_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_: Sep 21 07:16:31.681140: | cmd( 320):SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@eas: Sep 21 07:16:31.681142: | cmd( 400):t' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER: Sep 21 07:16:31.681147: | cmd( 480):_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_P: Sep 21 07:16:31.681150: | cmd( 560):EER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRY: Sep 21 07:16:31.681152: | cmd( 640):PT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND=: Sep 21 07:16:31.681155: | cmd( 720):'CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=': Sep 21 07:16:31.681157: | cmd( 800):0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_C: Sep 21 07:16:31.681160: | cmd( 880):FG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUT: Sep 21 07:16:31.681162: | cmd( 960):ING='no' VTI_SHARED='no' SPI_IN=0xdbeb89c0 SPI_OUT=0x6fefe9d0 ipsec _updown 2>&1: Sep 21 07:16:31.688192: | route_and_eroute: firewall_notified: true Sep 21 07:16:31.688216: | running updown command "ipsec _updown" for verb prepare Sep 21 07:16:31.688219: | command executing prepare-host Sep 21 07:16:31.688244: | executing prepare-host: PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI Sep 21 07:16:31.688247: | popen cmd is 1045 chars long Sep 21 07:16:31.688250: | cmd( 0):PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PL: Sep 21 07:16:31.688253: | cmd( 80):UTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_M: Sep 21 07:16:31.688255: | cmd( 160):Y_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' : Sep 21 07:16:31.688257: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Sep 21 07:16:31.688260: | cmd( 320):LUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Sep 21 07:16:31.688262: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Sep 21 07:16:31.688264: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:16:31.688266: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: Sep 21 07:16:31.688269: | cmd( 640):ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_: Sep 21 07:16:31.688271: | cmd( 720):KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CI: Sep 21 07:16:31.688273: | cmd( 800):SCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PL: Sep 21 07:16:31.688275: | cmd( 880):UTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI: Sep 21 07:16:31.688278: | cmd( 960):_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdbeb89c0 SPI_OUT=0x6fefe9d0 ipsec _updown: Sep 21 07:16:31.688280: | cmd(1040): 2>&1: Sep 21 07:16:31.696544: | running updown command "ipsec _updown" for verb route Sep 21 07:16:31.696555: | command executing route-host Sep 21 07:16:31.696576: | executing route-host: PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN= Sep 21 07:16:31.696580: | popen cmd is 1043 chars long Sep 21 07:16:31.696582: | cmd( 0):PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUT: Sep 21 07:16:31.696584: | cmd( 80):O_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_: Sep 21 07:16:31.696585: | cmd( 160):ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PL: Sep 21 07:16:31.696587: | cmd( 240):UTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Sep 21 07:16:31.696588: | cmd( 320):TO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@: Sep 21 07:16:31.696590: | cmd( 400):east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_P: Sep 21 07:16:31.696592: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Sep 21 07:16:31.696593: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN: Sep 21 07:16:31.696595: | cmd( 640):CRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KI: Sep 21 07:16:31.696596: | cmd( 720):ND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISC: Sep 21 07:16:31.696598: | cmd( 800):O='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUT: Sep 21 07:16:31.696599: | cmd( 880):O_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_R: Sep 21 07:16:31.696601: | cmd( 960):OUTING='no' VTI_SHARED='no' SPI_IN=0xdbeb89c0 SPI_OUT=0x6fefe9d0 ipsec _updown 2: Sep 21 07:16:31.696602: | cmd(1040):>&1: Sep 21 07:16:31.705370: | route_and_eroute: instance "road-eastnet", setting eroute_owner {spd=0x564f7d3f59b0,sr=0x564f7d3f59b0} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:16:31.705434: | #1 spent 0.859 milliseconds in install_ipsec_sa() Sep 21 07:16:31.705439: | inR2: instance road-eastnet[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:16:31.705441: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:31.705443: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:16:31.705447: | libevent_free: release ptr-libevent@0x7f2a44006900 Sep 21 07:16:31.705449: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564f7d3fd700 Sep 21 07:16:31.705453: | #2 spent 1.64 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:16:31.705459: | [RE]START processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:31.705464: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:16:31.705485: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:16:31.705489: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:16:31.705505: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:16:31.705511: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:16:31.705517: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:31.705526: | pstats #2 ikev2.child established Sep 21 07:16:31.705534: "road-eastnet" #2: negotiated connection [192.1.3.209-192.1.3.209:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:16:31.705545: | NAT-T: encaps is 'auto' Sep 21 07:16:31.705563: "road-eastnet" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xdbeb89c0 <0x6fefe9d0 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:16:31.705568: | releasing whack for #2 (sock=fd@23) Sep 21 07:16:31.705572: | close_any(fd@23) (in release_whack() at state.c:654) Sep 21 07:16:31.705575: | releasing whack and unpending for parent #1 Sep 21 07:16:31.705578: | unpending state #1 connection "road-eastnet" Sep 21 07:16:31.705596: | delete from pending Child SA with 192.1.2.23 "road-eastnet" Sep 21 07:16:31.705599: | removing pending policy for no connection {0x564f7d3a6530} Sep 21 07:16:31.705619: | close_any(fd@22) (in release_whack() at state.c:654) Sep 21 07:16:31.705624: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:16:31.705628: | event_schedule: new EVENT_SA_REKEY-pe@0x564f7d3fd670 Sep 21 07:16:31.705632: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:16:31.705636: | libevent_malloc: new ptr-libevent@0x7f2a44006900 size 128 Sep 21 07:16:31.705643: | stop processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:31.705648: | #1 spent 2.12 milliseconds in ikev2_process_packet() Sep 21 07:16:31.705653: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:31.705657: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:31.705660: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:31.705665: | spent 2.13 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:31.705675: | processing signal PLUTO_SIGCHLD Sep 21 07:16:31.705680: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:31.705684: | spent 0.00436 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:31.705690: | processing signal PLUTO_SIGCHLD Sep 21 07:16:31.705694: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:31.705698: | spent 0.00408 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:31.705701: | processing signal PLUTO_SIGCHLD Sep 21 07:16:31.705704: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:31.705708: | spent 0.00341 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:34.909959: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:34.909995: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:16:34.910002: | FOR_EACH_STATE_... in sort_states Sep 21 07:16:34.910013: | get_sa_info esp.6fefe9d0@192.1.3.209 Sep 21 07:16:34.910038: | get_sa_info esp.dbeb89c0@192.1.2.23 Sep 21 07:16:34.910064: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:34.910074: | spent 0.125 milliseconds in whack Sep 21 07:16:35.972873: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:35.973059: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:35.973065: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:35.973126: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:16:35.973129: | FOR_EACH_STATE_... in sort_states Sep 21 07:16:35.973141: | get_sa_info esp.6fefe9d0@192.1.3.209 Sep 21 07:16:35.973156: | get_sa_info esp.dbeb89c0@192.1.2.23 Sep 21 07:16:35.973175: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:35.973181: | spent 0.316 milliseconds in whack Sep 21 07:16:36.787179: | spent 0.00266 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:36.787201: | *received 69 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) Sep 21 07:16:36.787209: | 13 d0 47 f3 31 7a 68 cd 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:36.787212: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:16:36.787214: | 59 f1 e3 80 a1 a7 b0 ef 2c 82 17 ca ce 76 8c 55 Sep 21 07:16:36.787216: | ad 17 7d da 49 ac 74 23 95 f5 fa 32 e9 0e 90 fc Sep 21 07:16:36.787218: | 81 6e 33 3b b4 Sep 21 07:16:36.787223: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:36.787227: | **parse ISAKMP Message: Sep 21 07:16:36.787229: | initiator cookie: Sep 21 07:16:36.787232: | 13 d0 47 f3 31 7a 68 cd Sep 21 07:16:36.787234: | responder cookie: Sep 21 07:16:36.787236: | 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:36.787239: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:36.787242: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:36.787245: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:36.787247: | flags: none (0x0) Sep 21 07:16:36.787250: | Message ID: 0 (0x0) Sep 21 07:16:36.787252: | length: 69 (0x45) Sep 21 07:16:36.787255: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:16:36.787258: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:16:36.787263: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:16:36.787270: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:36.787273: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:16:36.787278: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:16:36.787281: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:16:36.787285: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Sep 21 07:16:36.787288: | unpacking clear payload Sep 21 07:16:36.787290: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:36.787293: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:36.787296: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:16:36.787298: | flags: none (0x0) Sep 21 07:16:36.787301: | length: 41 (0x29) Sep 21 07:16:36.787303: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:16:36.787308: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:16:36.787311: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:16:36.787328: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:16:36.787331: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:16:36.787334: | **parse IKEv2 Delete Payload: Sep 21 07:16:36.787337: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:36.787339: | flags: none (0x0) Sep 21 07:16:36.787342: | length: 12 (0xc) Sep 21 07:16:36.787344: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:36.787347: | SPI size: 4 (0x4) Sep 21 07:16:36.787349: | number of SPIs: 1 (0x1) Sep 21 07:16:36.787351: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:16:36.787354: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:16:36.787356: | Now let's proceed with state specific processing Sep 21 07:16:36.787359: | calling processor I3: INFORMATIONAL Request Sep 21 07:16:36.787362: | an informational request should send a response Sep 21 07:16:36.787367: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:16:36.787371: | **emit ISAKMP Message: Sep 21 07:16:36.787374: | initiator cookie: Sep 21 07:16:36.787376: | 13 d0 47 f3 31 7a 68 cd Sep 21 07:16:36.787379: | responder cookie: Sep 21 07:16:36.787381: | 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:36.787383: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:36.787386: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:36.787390: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:36.787393: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:16:36.787396: | Message ID: 0 (0x0) Sep 21 07:16:36.787399: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:36.787402: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:36.787404: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:36.787407: | flags: none (0x0) Sep 21 07:16:36.787410: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:36.787413: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:36.787416: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:36.787422: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:16:36.787425: | SPI db eb 89 c0 Sep 21 07:16:36.787427: | delete PROTO_v2_ESP SA(0xdbeb89c0) Sep 21 07:16:36.787431: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:16:36.787434: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:16:36.787437: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xdbeb89c0) Sep 21 07:16:36.787440: "road-eastnet" #1: received Delete SA payload: replace IPsec State #2 now Sep 21 07:16:36.787443: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:16:36.787447: | libevent_free: release ptr-libevent@0x7f2a44006900 Sep 21 07:16:36.787450: | free_event_entry: release EVENT_SA_REKEY-pe@0x564f7d3fd670 Sep 21 07:16:36.787453: | event_schedule: new EVENT_SA_REPLACE-pe@0x564f7d3fd670 Sep 21 07:16:36.787457: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Sep 21 07:16:36.787460: | libevent_malloc: new ptr-libevent@0x7f2a44006900 size 128 Sep 21 07:16:36.787463: | ****emit IKEv2 Delete Payload: Sep 21 07:16:36.787466: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:36.787469: | flags: none (0x0) Sep 21 07:16:36.787471: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:36.787473: | SPI size: 4 (0x4) Sep 21 07:16:36.787476: | number of SPIs: 1 (0x1) Sep 21 07:16:36.787479: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:16:36.787482: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:36.787485: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:16:36.787487: | local SPIs 6f ef e9 d0 Sep 21 07:16:36.787490: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:16:36.787492: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:36.787495: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:36.787498: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:36.787501: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:16:36.787504: | emitting length of ISAKMP Message: 69 Sep 21 07:16:36.787520: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:36.787523: | 13 d0 47 f3 31 7a 68 cd 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:36.787526: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:16:36.787528: | 7c 37 8f 42 56 6b 6c bc 5a 1d 74 45 19 49 61 09 Sep 21 07:16:36.787530: | ef 33 06 08 f1 95 9f d0 4d e6 99 b0 90 13 f6 93 Sep 21 07:16:36.787532: | ab ed 54 30 f0 Sep 21 07:16:36.787559: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:16:36.787565: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:16:36.787576: | #1 spent 0.198 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:16:36.787581: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:36.787585: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:16:36.787588: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:16:36.787593: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:16:36.787598: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:36.787601: "road-eastnet" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:16:36.787606: | stop processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:36.787611: | #1 spent 0.405 milliseconds in ikev2_process_packet() Sep 21 07:16:36.787615: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:36.787619: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:36.787621: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:36.787625: | spent 0.42 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:36.787633: | timer_event_cb: processing event@0x564f7d3fd670 Sep 21 07:16:36.787636: | handling event EVENT_SA_REPLACE for child state #2 Sep 21 07:16:36.787641: | start processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:36.787645: | picked newest_ipsec_sa #2 for #2 Sep 21 07:16:36.787647: | replacing stale CHILD SA Sep 21 07:16:36.787651: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:16:36.787654: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:36.787657: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:16:36.787661: | creating state object #3 at 0x564f7d3fae40 Sep 21 07:16:36.787664: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:16:36.787671: | pstats #3 ikev2.child started Sep 21 07:16:36.787674: | duplicating state object #1 "road-eastnet" as #3 for IPSEC SA Sep 21 07:16:36.787679: | #3 setting local endpoint to 192.1.3.209:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:36.787685: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:36.787691: | suspend processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:36.787696: | start processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:36.787699: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:16:36.787703: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:16:36.787707: | constructing ESP/AH proposals with default DH MODP2048 for road-eastnet (ESP/AH initiator emitting proposals) Sep 21 07:16:36.787711: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:16:36.787718: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:16:36.787721: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:16:36.787725: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:16:36.787729: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:36.787733: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:36.787738: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:36.787742: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:36.787750: "road-eastnet": constructed local ESP/AH proposals for road-eastnet (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:36.787757: | #3 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Sep 21 07:16:36.787760: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x564f7d3ff4e0 Sep 21 07:16:36.787764: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Sep 21 07:16:36.787767: | libevent_malloc: new ptr-libevent@0x564f7d3feb80 size 128 Sep 21 07:16:36.787772: | RESET processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:16:36.787775: | event_schedule: new EVENT_SA_EXPIRE-pe@0x564f7d3fd300 Sep 21 07:16:36.787778: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Sep 21 07:16:36.787781: | libevent_malloc: new ptr-libevent@0x564f7d3fec10 size 128 Sep 21 07:16:36.787788: | libevent_free: release ptr-libevent@0x7f2a44006900 Sep 21 07:16:36.787793: | free_event_entry: release EVENT_SA_REPLACE-pe@0x564f7d3fd670 Sep 21 07:16:36.787798: | #2 spent 0.161 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:16:36.787801: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:16:36.787806: | timer_event_cb: processing event@0x564f7d3ff4e0 Sep 21 07:16:36.787808: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Sep 21 07:16:36.787812: | start processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:36.787816: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Sep 21 07:16:36.787819: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564f7d3fd670 Sep 21 07:16:36.787822: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:16:36.787825: | libevent_malloc: new ptr-libevent@0x7f2a44006900 size 128 Sep 21 07:16:36.787831: | libevent_free: release ptr-libevent@0x564f7d3feb80 Sep 21 07:16:36.787834: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x564f7d3ff4e0 Sep 21 07:16:36.787838: | #3 spent 0.0315 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:16:36.787842: | stop processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:16:36.787845: | timer_event_cb: processing event@0x564f7d3fd300 Sep 21 07:16:36.787848: | handling event EVENT_SA_EXPIRE for child state #2 Sep 21 07:16:36.787852: | start processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:36.787855: | picked newest_ipsec_sa #2 for #2 Sep 21 07:16:36.787858: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:16:36.787860: | pstats #2 ikev2.child re-failed exchange-timeout Sep 21 07:16:36.787862: | pstats #2 ikev2.child deleted completed Sep 21 07:16:36.787865: | #2 spent 1.8 milliseconds in total Sep 21 07:16:36.787870: | [RE]START processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:36.787873: "road-eastnet" #2: deleting state (STATE_V2_IPSEC_I) aged 5.162s and NOT sending notification Sep 21 07:16:36.787876: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:16:36.787881: | get_sa_info esp.dbeb89c0@192.1.2.23 Sep 21 07:16:36.787893: | get_sa_info esp.6fefe9d0@192.1.3.209 Sep 21 07:16:36.787901: "road-eastnet" #2: ESP traffic information: in=336B out=336B Sep 21 07:16:36.787908: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:16:36.787968: | crypto helper 6 resuming Sep 21 07:16:36.787975: | crypto helper 6 starting work-order 3 for state #3 Sep 21 07:16:36.787979: | crypto helper 6 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Sep 21 07:16:36.788908: | crypto helper 6 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.000928 seconds Sep 21 07:16:36.788918: | (#3) spent 0.934 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:16:36.788922: | crypto helper 6 sending results from work-order 3 for state #3 to event queue Sep 21 07:16:36.788925: | scheduling resume sending helper answer for #3 Sep 21 07:16:36.788928: | libevent_malloc: new ptr-libevent@0x7f2a40006900 size 128 Sep 21 07:16:36.788934: | crypto helper 6 waiting (nothing to do) Sep 21 07:16:36.789059: | running updown command "ipsec _updown" for verb down Sep 21 07:16:36.789065: | command executing down-host Sep 21 07:16:36.789092: | executing down-host: PLUTO_VERB='down-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050191' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Sep 21 07:16:36.789097: | popen cmd is 1051 chars long Sep 21 07:16:36.789100: | cmd( 0):PLUTO_VERB='down-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO: Sep 21 07:16:36.789102: | cmd( 80):_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_I: Sep 21 07:16:36.789105: | cmd( 160):D='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLU: Sep 21 07:16:36.789108: | cmd( 240):TO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUT: Sep 21 07:16:36.789110: | cmd( 320):O_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@e: Sep 21 07:16:36.789113: | cmd( 400):ast' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PE: Sep 21 07:16:36.789115: | cmd( 480):ER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: Sep 21 07:16:36.789118: | cmd( 560):_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050191' PLUTO_CONN_POLICY='R: Sep 21 07:16:36.789121: | cmd( 640):SASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Sep 21 07:16:36.789123: | cmd( 720):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Sep 21 07:16:36.789126: | cmd( 800):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Sep 21 07:16:36.789128: | cmd( 880):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Sep 21 07:16:36.789131: | cmd( 960):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdbeb89c0 SPI_OUT=0x6fefe9d0 ipsec _: Sep 21 07:16:36.789133: | cmd(1040):updown 2>&1: Sep 21 07:16:36.815069: | shunt_eroute() called for connection 'road-eastnet' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.1.3.209/32:0 --0->- 192.0.2.0/24:0 Sep 21 07:16:36.815083: | netlink_shunt_eroute for proto 0, and source 192.1.3.209/32:0 dest 192.0.2.0/24:0 Sep 21 07:16:36.815091: | priority calculation of connection "road-eastnet" is 0xfdfe7 Sep 21 07:16:36.815095: | IPsec Sa SPD priority set to 1040359 Sep 21 07:16:36.815327: | delete esp.dbeb89c0@192.1.2.23 Sep 21 07:16:36.815475: | netlink response for Del SA esp.dbeb89c0@192.1.2.23 included non-error error Sep 21 07:16:36.815482: | priority calculation of connection "road-eastnet" is 0xfdfe7 Sep 21 07:16:36.815491: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.1.3.209/32:0 => unk255.10000@192.1.3.209 (raw_eroute) Sep 21 07:16:36.816018: | raw_eroute result=success Sep 21 07:16:36.816029: | delete esp.6fefe9d0@192.1.3.209 Sep 21 07:16:36.816575: | netlink response for Del SA esp.6fefe9d0@192.1.3.209 included non-error error Sep 21 07:16:36.816583: | in connection_discard for connection road-eastnet Sep 21 07:16:36.816587: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:16:36.816591: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:16:36.816599: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:36.816606: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:16:36.816609: | can't expire unused IKE SA #1; it has the child #3 Sep 21 07:16:36.816615: | libevent_free: release ptr-libevent@0x564f7d3fec10 Sep 21 07:16:36.816618: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x564f7d3fd300 Sep 21 07:16:36.816621: | in statetime_stop() and could not find #2 Sep 21 07:16:36.816624: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:16:36.816638: | processing resume sending helper answer for #3 Sep 21 07:16:36.816644: | start processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:36.816649: | crypto helper 6 replies to request ID 3 Sep 21 07:16:36.816652: | calling continuation function 0x564f7c7a0630 Sep 21 07:16:36.816656: | ikev2_child_outI_continue for #3 STATE_V2_REKEY_CHILD_I0 Sep 21 07:16:36.816660: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:36.816663: | libevent_free: release ptr-libevent@0x7f2a44006900 Sep 21 07:16:36.816666: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564f7d3fd670 Sep 21 07:16:36.816669: | event_schedule: new EVENT_SA_REPLACE-pe@0x564f7d3fcf60 Sep 21 07:16:36.816673: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Sep 21 07:16:36.816676: | libevent_malloc: new ptr-libevent@0x7f2a44006900 size 128 Sep 21 07:16:36.816682: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:36.816685: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:16:36.816688: | libevent_malloc: new ptr-libevent@0x564f7d3fec10 size 128 Sep 21 07:16:36.816694: | [RE]START processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:36.816698: | #3 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Sep 21 07:16:36.816701: | suspending state #3 and saving MD Sep 21 07:16:36.816704: | #3 is busy; has a suspended MD Sep 21 07:16:36.816708: | [RE]START processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:36.816712: | "road-eastnet" #3 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:36.816715: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Sep 21 07:16:36.816722: | #3 spent 0.07 milliseconds in resume sending helper answer Sep 21 07:16:36.816726: | stop processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:36.816730: | libevent_free: release ptr-libevent@0x7f2a40006900 Sep 21 07:16:36.816733: | processing signal PLUTO_SIGCHLD Sep 21 07:16:36.816738: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:36.816745: | spent 0.00812 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:36.816750: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:16:36.816755: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:16:36.816760: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:36.816765: | suspend processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:16:36.816770: | start processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:16:36.816777: | **emit ISAKMP Message: Sep 21 07:16:36.816779: | initiator cookie: Sep 21 07:16:36.816782: | 13 d0 47 f3 31 7a 68 cd Sep 21 07:16:36.816791: | responder cookie: Sep 21 07:16:36.816794: | 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:36.816797: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:36.816799: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:36.816802: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:16:36.816805: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:36.816807: | Message ID: 2 (0x2) Sep 21 07:16:36.816810: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:36.816814: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:36.816816: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:36.816819: | flags: none (0x0) Sep 21 07:16:36.816822: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:36.816825: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:16:36.816828: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:36.816852: | netlink_get_spi: allocated 0x61b8d9f7 for esp.0@192.1.3.209 Sep 21 07:16:36.816856: | Emitting ikev2_proposals ... Sep 21 07:16:36.816858: | ****emit IKEv2 Security Association Payload: Sep 21 07:16:36.816861: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:36.816863: | flags: none (0x0) Sep 21 07:16:36.816867: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:36.816869: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:36.816872: | discarding INTEG=NONE Sep 21 07:16:36.816875: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:36.816878: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:36.816880: | prop #: 1 (0x1) Sep 21 07:16:36.816883: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:36.816885: | spi size: 4 (0x4) Sep 21 07:16:36.816887: | # transforms: 3 (0x3) Sep 21 07:16:36.816890: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:36.816894: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:36.816896: | our spi 61 b8 d9 f7 Sep 21 07:16:36.816898: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.816901: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.816903: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:36.816907: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:36.816910: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.816912: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:36.816915: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:36.816918: | length/value: 256 (0x100) Sep 21 07:16:36.816920: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:36.816925: | discarding INTEG=NONE Sep 21 07:16:36.816927: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.816930: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.816932: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.816935: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:36.816938: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.816941: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.816944: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.816946: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.816948: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:36.816951: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:36.816953: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:36.816956: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.816959: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.816961: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.816964: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:16:36.816967: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:36.816969: | discarding INTEG=NONE Sep 21 07:16:36.816972: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:36.816974: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:36.816976: | prop #: 2 (0x2) Sep 21 07:16:36.816979: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:36.816981: | spi size: 4 (0x4) Sep 21 07:16:36.816983: | # transforms: 3 (0x3) Sep 21 07:16:36.816986: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:36.816989: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:36.816992: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:36.816994: | our spi 61 b8 d9 f7 Sep 21 07:16:36.816997: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.816999: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817002: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:36.817004: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:36.817007: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.817010: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:36.817012: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:36.817014: | length/value: 128 (0x80) Sep 21 07:16:36.817017: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:36.817019: | discarding INTEG=NONE Sep 21 07:16:36.817021: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.817024: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817026: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.817028: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:36.817031: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817034: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.817037: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.817041: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.817043: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:36.817046: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:36.817048: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:36.817051: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817053: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.817056: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.817058: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:16:36.817061: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:36.817063: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:36.817066: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:36.817068: | prop #: 3 (0x3) Sep 21 07:16:36.817071: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:36.817073: | spi size: 4 (0x4) Sep 21 07:16:36.817075: | # transforms: 5 (0x5) Sep 21 07:16:36.817078: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:36.817081: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:36.817084: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:36.817086: | our spi 61 b8 d9 f7 Sep 21 07:16:36.817088: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.817090: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817093: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:36.817095: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:36.817098: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.817101: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:36.817103: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:36.817105: | length/value: 256 (0x100) Sep 21 07:16:36.817108: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:36.817110: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.817113: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817115: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:36.817117: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:36.817120: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817123: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.817125: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.817128: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.817130: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817133: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:36.817135: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:36.817138: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817141: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.817143: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.817146: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.817148: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817152: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.817154: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:36.817157: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817160: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.817163: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.817165: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.817167: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:36.817170: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:36.817172: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:36.817175: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817178: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.817180: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.817183: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:16:36.817185: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:36.817188: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:36.817190: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:36.817192: | prop #: 4 (0x4) Sep 21 07:16:36.817195: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:36.817197: | spi size: 4 (0x4) Sep 21 07:16:36.817199: | # transforms: 5 (0x5) Sep 21 07:16:36.817203: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:36.817205: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:36.817208: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:36.817210: | our spi 61 b8 d9 f7 Sep 21 07:16:36.817213: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.817215: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817217: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:36.817220: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:36.817222: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.817225: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:36.817227: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:36.817230: | length/value: 128 (0x80) Sep 21 07:16:36.817232: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:36.817235: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.817237: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817239: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:36.817242: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:36.817245: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817247: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.817250: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.817252: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.817254: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817257: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:36.817259: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:36.817262: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817266: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.817269: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.817272: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.817274: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817276: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.817278: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:36.817281: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817284: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.817286: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.817289: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.817291: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:36.817294: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:36.817296: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:36.817299: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.817302: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.817304: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.817306: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:16:36.817309: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:36.817311: | emitting length of IKEv2 Security Association Payload: 196 Sep 21 07:16:36.817314: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:36.817317: "road-eastnet" #3: CHILD SA to rekey #2 vanished abort this exchange Sep 21 07:16:36.817320: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Sep 21 07:16:36.817325: | [RE]START processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:36.817329: | #3 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Sep 21 07:16:36.818158: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Sep 21 07:16:36.818170: | stop processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:16:36.818176: | resume processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:16:36.818182: | #1 spent 0.654 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:16:36.818186: | stop processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:16:36.818190: | libevent_free: release ptr-libevent@0x564f7d3fec10 Sep 21 07:16:36.824829: | spent 0.00299 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:36.824850: | *received 65 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) Sep 21 07:16:36.824854: | 13 d0 47 f3 31 7a 68 cd 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:36.824857: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Sep 21 07:16:36.824859: | 6d bd ac a9 99 a1 ab fe 9f 30 d1 4b c9 5a 17 99 Sep 21 07:16:36.824861: | 02 c4 b4 56 ec 2f bf 9f 48 fd dd d4 24 96 d5 a2 Sep 21 07:16:36.824864: | 9f Sep 21 07:16:36.824869: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:36.824872: | **parse ISAKMP Message: Sep 21 07:16:36.824877: | initiator cookie: Sep 21 07:16:36.824880: | 13 d0 47 f3 31 7a 68 cd Sep 21 07:16:36.824882: | responder cookie: Sep 21 07:16:36.824884: | 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:36.824887: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:36.824890: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:36.824892: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:36.824895: | flags: none (0x0) Sep 21 07:16:36.824897: | Message ID: 1 (0x1) Sep 21 07:16:36.824900: | length: 65 (0x41) Sep 21 07:16:36.824902: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:16:36.824906: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:16:36.824910: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:16:36.824917: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:36.824921: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:16:36.824925: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:16:36.824929: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:16:36.824933: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Sep 21 07:16:36.824936: | unpacking clear payload Sep 21 07:16:36.824938: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:36.824941: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:36.824944: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:16:36.824946: | flags: none (0x0) Sep 21 07:16:36.824948: | length: 37 (0x25) Sep 21 07:16:36.824951: | processing payload: ISAKMP_NEXT_v2SK (len=33) Sep 21 07:16:36.824955: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:16:36.824959: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:16:36.824975: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:16:36.824979: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:16:36.824982: | **parse IKEv2 Delete Payload: Sep 21 07:16:36.824984: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:36.824987: | flags: none (0x0) Sep 21 07:16:36.824989: | length: 8 (0x8) Sep 21 07:16:36.824991: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:16:36.824994: | SPI size: 0 (0x0) Sep 21 07:16:36.824996: | number of SPIs: 0 (0x0) Sep 21 07:16:36.824999: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:16:36.825002: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:16:36.825004: | Now let's proceed with state specific processing Sep 21 07:16:36.825006: | calling processor I3: INFORMATIONAL Request Sep 21 07:16:36.825010: | an informational request should send a response Sep 21 07:16:36.825015: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:16:36.825018: | **emit ISAKMP Message: Sep 21 07:16:36.825021: | initiator cookie: Sep 21 07:16:36.825023: | 13 d0 47 f3 31 7a 68 cd Sep 21 07:16:36.825025: | responder cookie: Sep 21 07:16:36.825028: | 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:36.825030: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:36.825033: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:36.825035: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:36.825038: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:16:36.825041: | Message ID: 1 (0x1) Sep 21 07:16:36.825044: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:36.825047: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:36.825049: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:36.825051: | flags: none (0x0) Sep 21 07:16:36.825057: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:36.825060: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:36.825063: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:36.825069: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:36.825073: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:36.825076: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:36.825078: | emitting length of IKEv2 Encryption Payload: 29 Sep 21 07:16:36.825081: | emitting length of ISAKMP Message: 57 Sep 21 07:16:36.825093: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:36.825097: | 13 d0 47 f3 31 7a 68 cd 56 4d 60 68 f3 29 5a 78 Sep 21 07:16:36.825099: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Sep 21 07:16:36.825101: | b1 35 61 3f b7 5b 32 d2 fe 6f 15 49 b3 3d ed 0d Sep 21 07:16:36.825104: | 4e cf 4a 88 bf 94 1f 64 f1 Sep 21 07:16:36.825131: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:16:36.825137: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:16:36.825142: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:16:36.825145: | pstats #3 ikev2.child deleted other Sep 21 07:16:36.825149: | #3 spent 1.04 milliseconds in total Sep 21 07:16:36.825154: | suspend processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:36.825159: | start processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:36.825163: "road-eastnet" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.037s and NOT sending notification Sep 21 07:16:36.825166: | child state #3: CHILDSA_DEL(informational) => delete Sep 21 07:16:36.825169: | state #3 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:16:36.825173: | libevent_free: release ptr-libevent@0x7f2a44006900 Sep 21 07:16:36.825177: | free_event_entry: release EVENT_SA_REPLACE-pe@0x564f7d3fcf60 Sep 21 07:16:36.825180: | priority calculation of connection "road-eastnet" is 0xfdfe7 Sep 21 07:16:36.825188: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.1.3.209/32:0 => unk255.10000@192.1.3.209 (raw_eroute) Sep 21 07:16:36.825202: | raw_eroute result=success Sep 21 07:16:36.825206: | in connection_discard for connection road-eastnet Sep 21 07:16:36.825209: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Sep 21 07:16:36.825212: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:16:36.825225: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:36.825231: | resume processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:36.825236: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:16:36.825239: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:16:36.825242: | pstats #1 ikev2.ike deleted completed Sep 21 07:16:36.825246: | #1 spent 13.6 milliseconds in total Sep 21 07:16:36.825250: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:36.825254: "road-eastnet" #1: deleting state (STATE_IKESA_DEL) aged 5.204s and NOT sending notification Sep 21 07:16:36.825257: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:16:36.825318: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:16:36.825326: | libevent_free: release ptr-libevent@0x564f7d3f9190 Sep 21 07:16:36.825330: | free_event_entry: release EVENT_SA_REKEY-pe@0x564f7d3f9150 Sep 21 07:16:36.825332: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:16:36.825335: | picked newest_isakmp_sa #0 for #1 Sep 21 07:16:36.825338: "road-eastnet" #1: deleting IKE SA for connection 'road-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:16:36.825341: | add revival: connection 'road-eastnet' added to the list and scheduled for 0 seconds Sep 21 07:16:36.825344: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:16:36.825349: | in connection_discard for connection road-eastnet Sep 21 07:16:36.825351: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:16:36.825354: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:16:36.825358: | unreference key: 0x564f7d3f6960 @east cnt 2-- Sep 21 07:16:36.825369: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:36.825385: | in statetime_stop() and could not find #1 Sep 21 07:16:36.825389: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:36.825394: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Sep 21 07:16:36.825396: | STF_OK but no state object remains Sep 21 07:16:36.825399: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:36.825402: | in statetime_stop() and could not find #1 Sep 21 07:16:36.825406: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:36.825409: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:36.825411: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:36.825416: | spent 0.555 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:36.825598: | processing global timer EVENT_REVIVE_CONNS Sep 21 07:16:36.825605: Initiating connection road-eastnet which received a Delete/Notify but must remain up per local policy Sep 21 07:16:36.825609: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:36.825613: | start processing: connection "road-eastnet" (in initiate_a_connection() at initiate.c:186) Sep 21 07:16:36.825616: | connection 'road-eastnet' +POLICY_UP Sep 21 07:16:36.825619: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:16:36.825621: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:36.825634: | creating state object #4 at 0x564f7d3f6aa0 Sep 21 07:16:36.825638: | State DB: adding IKEv2 state #4 in UNDEFINED Sep 21 07:16:36.825644: | pstats #4 ikev2.ike started Sep 21 07:16:36.825647: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:16:36.825650: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:16:36.825655: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:36.825661: | suspend processing: connection "road-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:36.825666: | start processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:36.825669: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:16:36.825674: | Queuing pending IPsec SA negotiating with 192.1.2.23 "road-eastnet" IKE SA #4 "road-eastnet" Sep 21 07:16:36.825678: "road-eastnet" #4: initiating v2 parent SA Sep 21 07:16:36.825695: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:36.825703: | adding ikev2_outI1 KE work-order 4 for state #4 Sep 21 07:16:36.825707: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f2a40002b20 Sep 21 07:16:36.825710: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:16:36.825714: | libevent_malloc: new ptr-libevent@0x564f7d3f9190 size 128 Sep 21 07:16:36.825724: | #4 spent 0.107 milliseconds in ikev2_parent_outI1() Sep 21 07:16:36.825729: | RESET processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:36.825732: | RESET processing: connection "road-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:36.825735: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:16:36.825740: | spent 0.131 milliseconds in global timer EVENT_REVIVE_CONNS Sep 21 07:16:36.825754: | crypto helper 4 resuming Sep 21 07:16:36.825760: | crypto helper 4 starting work-order 4 for state #4 Sep 21 07:16:36.825764: | crypto helper 4 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Sep 21 07:16:36.827960: | crypto helper 4 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.002193 seconds Sep 21 07:16:36.827979: | (#4) spent 0.968 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Sep 21 07:16:36.827982: | crypto helper 4 sending results from work-order 4 for state #4 to event queue Sep 21 07:16:36.827986: | scheduling resume sending helper answer for #4 Sep 21 07:16:36.827990: | libevent_malloc: new ptr-libevent@0x7f2a34006900 size 128 Sep 21 07:16:36.827999: | crypto helper 4 waiting (nothing to do) Sep 21 07:16:36.828217: | processing resume sending helper answer for #4 Sep 21 07:16:36.828229: | start processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:36.828234: | crypto helper 4 replies to request ID 4 Sep 21 07:16:36.828237: | calling continuation function 0x564f7c7a0630 Sep 21 07:16:36.828240: | ikev2_parent_outI1_continue for #4 Sep 21 07:16:36.828246: | **emit ISAKMP Message: Sep 21 07:16:36.828249: | initiator cookie: Sep 21 07:16:36.828251: | d3 c7 41 19 d0 f7 a0 67 Sep 21 07:16:36.828253: | responder cookie: Sep 21 07:16:36.828255: | 00 00 00 00 00 00 00 00 Sep 21 07:16:36.828258: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:36.828261: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:36.828263: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:36.828266: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:36.828269: | Message ID: 0 (0x0) Sep 21 07:16:36.828272: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:36.828290: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:36.828294: | Emitting ikev2_proposals ... Sep 21 07:16:36.828297: | ***emit IKEv2 Security Association Payload: Sep 21 07:16:36.828304: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:36.828307: | flags: none (0x0) Sep 21 07:16:36.828311: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:36.828314: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:36.828317: | discarding INTEG=NONE Sep 21 07:16:36.828319: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:36.828322: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:36.828324: | prop #: 1 (0x1) Sep 21 07:16:36.828327: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:36.828329: | spi size: 0 (0x0) Sep 21 07:16:36.828331: | # transforms: 11 (0xb) Sep 21 07:16:36.828334: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:36.828337: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828340: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828342: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:36.828345: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:36.828348: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828351: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:36.828354: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:36.828356: | length/value: 256 (0x100) Sep 21 07:16:36.828359: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:36.828361: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828364: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828366: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:36.828369: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:36.828372: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828374: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828377: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828380: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828382: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828385: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:36.828387: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:36.828390: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828393: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828395: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828397: | discarding INTEG=NONE Sep 21 07:16:36.828399: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828402: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828404: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828407: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:36.828410: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828412: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828415: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828418: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828420: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828422: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828427: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:36.828430: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828432: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828435: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828437: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828440: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828442: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828445: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:36.828447: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828450: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828453: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828455: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828458: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828460: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828462: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:36.828465: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828468: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828471: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828473: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828475: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828478: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828480: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:36.828483: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828485: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828488: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828491: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828493: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828495: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828498: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:36.828501: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828503: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828506: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828508: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828511: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828513: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828515: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:36.828518: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828521: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828524: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828528: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828530: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:36.828533: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828535: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:36.828538: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828541: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828544: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828546: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:36.828549: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:36.828551: | discarding INTEG=NONE Sep 21 07:16:36.828553: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:36.828556: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:36.828558: | prop #: 2 (0x2) Sep 21 07:16:36.828561: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:36.828563: | spi size: 0 (0x0) Sep 21 07:16:36.828565: | # transforms: 11 (0xb) Sep 21 07:16:36.828568: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:36.828571: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:36.828574: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828576: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828578: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:36.828580: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:36.828583: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828586: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:36.828588: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:36.828591: | length/value: 128 (0x80) Sep 21 07:16:36.828593: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:36.828596: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828598: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828601: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:36.828603: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:36.828606: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828609: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828611: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828614: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828616: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828618: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:36.828621: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:36.828624: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828626: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828629: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828631: | discarding INTEG=NONE Sep 21 07:16:36.828634: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828636: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828638: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828643: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:36.828645: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828648: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828651: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828653: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828656: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828658: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828660: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:36.828663: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828666: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828669: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828671: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828673: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828676: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828678: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:36.828681: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828684: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828686: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828688: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828691: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828693: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828696: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:36.828699: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828702: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828704: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828706: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828709: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828711: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828714: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:36.828716: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828719: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828722: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828724: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828726: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828729: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828731: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:36.828734: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828737: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828740: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828742: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828746: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828748: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828751: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:36.828754: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828756: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828759: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828761: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828764: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:36.828766: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828769: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:36.828772: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828774: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828777: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828779: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:36.828782: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:36.828795: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:36.828798: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:36.828800: | prop #: 3 (0x3) Sep 21 07:16:36.828803: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:36.828805: | spi size: 0 (0x0) Sep 21 07:16:36.828807: | # transforms: 13 (0xd) Sep 21 07:16:36.828810: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:36.828813: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:36.828816: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828818: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828820: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:36.828823: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:36.828825: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828828: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:36.828830: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:36.828833: | length/value: 256 (0x100) Sep 21 07:16:36.828835: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:36.828838: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828840: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828843: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:36.828845: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:36.828848: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828851: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828853: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828856: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828858: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828861: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:36.828863: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:36.828866: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828870: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828873: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828875: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828878: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828880: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:36.828883: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:36.828886: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828889: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828891: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828894: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828896: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828898: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:36.828901: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:36.828904: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828906: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828909: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828911: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828913: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828916: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828918: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:36.828922: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828924: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828927: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828929: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828932: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828934: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828936: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:36.828939: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828942: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828944: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828947: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828949: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828951: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828954: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:36.828957: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828960: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828962: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828964: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828967: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828971: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828973: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:36.828976: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828979: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828982: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.828984: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.828986: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828989: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.828991: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:36.828994: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.828997: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.828999: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.829002: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.829004: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829006: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.829009: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:36.829011: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829014: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.829017: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.829019: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.829021: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829024: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.829026: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:36.829029: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829032: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.829034: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.829037: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.829039: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:36.829041: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.829044: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:36.829046: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829049: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.829052: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.829054: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:36.829057: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:36.829060: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:36.829062: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:36.829065: | prop #: 4 (0x4) Sep 21 07:16:36.829067: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:36.829069: | spi size: 0 (0x0) Sep 21 07:16:36.829072: | # transforms: 13 (0xd) Sep 21 07:16:36.829074: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:36.829079: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:36.829081: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.829084: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829086: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:36.829089: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:36.829091: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.829094: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:36.829097: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:36.829099: | length/value: 128 (0x80) Sep 21 07:16:36.829101: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:36.829104: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.829106: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829109: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:36.829111: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:36.829114: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829117: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.829119: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.829121: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.829124: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829126: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:36.829129: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:36.829132: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829135: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.829137: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.829139: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.829142: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829144: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:36.829147: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:36.829149: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829152: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.829155: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.829157: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.829159: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829162: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:36.829164: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:36.829167: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829170: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.829173: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.829175: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.829177: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829180: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.829182: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:36.829186: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829189: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.829192: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.829194: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.829197: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829199: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.829202: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:36.829204: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829207: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.829210: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.829212: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.829214: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829217: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.829219: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:36.829222: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829225: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.829227: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.829230: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.829232: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829235: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.829237: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:36.829240: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829242: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.829245: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.829247: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.829250: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829252: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.829254: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:36.829257: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829260: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.829262: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.829265: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.829267: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829270: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.829272: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:36.829275: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829278: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.829281: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.829283: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.829285: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829289: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.829292: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:36.829295: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829297: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.829300: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.829302: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:36.829305: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:36.829307: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:36.829309: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:36.829312: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:36.829315: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:36.829318: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:36.829320: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:36.829323: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:36.829325: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:16:36.829328: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:36.829330: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:16:36.829333: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:36.829335: | flags: none (0x0) Sep 21 07:16:36.829338: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:36.829341: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:36.829344: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:36.829347: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:36.829350: | ikev2 g^x 35 d8 9e 91 04 cf a5 1c 2c 8d ec b2 42 90 90 ae Sep 21 07:16:36.829352: | ikev2 g^x fc 6a a4 92 8b d1 ca b3 22 db 7d 8d 8d 5d 78 69 Sep 21 07:16:36.829354: | ikev2 g^x 3b 3e 0c 6c 59 5c db 37 f9 2d e6 ea 9c ba 2b c7 Sep 21 07:16:36.829357: | ikev2 g^x ae a3 3f cc 19 49 d6 07 5b cc 73 15 f0 37 76 15 Sep 21 07:16:36.829359: | ikev2 g^x 47 5c 4b 8d 39 f0 f1 65 13 73 ad 2e 56 8d 37 2d Sep 21 07:16:36.829361: | ikev2 g^x 94 15 e7 58 29 b7 61 2f 0d 16 a2 8d 7d ea 43 9b Sep 21 07:16:36.829363: | ikev2 g^x 35 8e 82 8d c9 44 b5 4c 5d 5a b7 60 c0 87 d0 b4 Sep 21 07:16:36.829366: | ikev2 g^x d6 16 39 fa 42 56 80 b4 20 33 1e 18 2a 21 ac c0 Sep 21 07:16:36.829368: | ikev2 g^x 14 a7 b8 8e f5 93 0c d9 2e 1e cb 3f ae 70 41 d8 Sep 21 07:16:36.829370: | ikev2 g^x 8d b1 0a c4 9e 2a 8b a7 42 5d 80 42 e9 db 7d d0 Sep 21 07:16:36.829373: | ikev2 g^x f4 a7 a8 7f aa 4f e0 c9 01 93 cb 9c 0e c1 81 57 Sep 21 07:16:36.829375: | ikev2 g^x 66 c4 d2 e2 56 da 0b d7 dd 99 bc d7 bf b6 3f d0 Sep 21 07:16:36.829377: | ikev2 g^x f8 23 a8 95 18 22 cd cf d5 9e fd fb bc f9 6e fb Sep 21 07:16:36.829379: | ikev2 g^x e7 dc fb 53 27 89 6f 75 bd d5 fe ac 44 14 6c 6e Sep 21 07:16:36.829382: | ikev2 g^x 57 35 9a 58 09 f3 87 05 60 2c a9 80 c5 d0 a2 05 Sep 21 07:16:36.829384: | ikev2 g^x 59 cc 9b 13 00 c1 8d 80 4c 29 31 3e cf b5 b6 0f Sep 21 07:16:36.829386: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:16:36.829389: | ***emit IKEv2 Nonce Payload: Sep 21 07:16:36.829391: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:36.829394: | flags: none (0x0) Sep 21 07:16:36.829398: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:16:36.829402: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:36.829404: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:36.829408: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:36.829410: | IKEv2 nonce 49 11 13 ec eb d9 48 e4 a4 1a 60 0f 22 77 ad bd Sep 21 07:16:36.829413: | IKEv2 nonce 30 88 53 17 94 d4 45 e9 2d fd ac 90 83 e9 4a df Sep 21 07:16:36.829415: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:36.829417: | Adding a v2N Payload Sep 21 07:16:36.829420: | ***emit IKEv2 Notify Payload: Sep 21 07:16:36.829422: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:36.829425: | flags: none (0x0) Sep 21 07:16:36.829427: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:36.829429: | SPI size: 0 (0x0) Sep 21 07:16:36.829432: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:36.829435: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:36.829438: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:36.829441: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:16:36.829445: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:16:36.829447: | natd_hash: rcookie is zero Sep 21 07:16:36.829465: | natd_hash: hasher=0x564f7c8767a0(20) Sep 21 07:16:36.829469: | natd_hash: icookie= d3 c7 41 19 d0 f7 a0 67 Sep 21 07:16:36.829471: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:36.829474: | natd_hash: ip= c0 01 03 d1 Sep 21 07:16:36.829476: | natd_hash: port= 01 f4 Sep 21 07:16:36.829478: | natd_hash: hash= 7a d9 fb f2 45 b5 cd e1 6e 05 29 e0 0d 83 da f8 Sep 21 07:16:36.829480: | natd_hash: hash= 19 bb 8b dd Sep 21 07:16:36.829483: | Adding a v2N Payload Sep 21 07:16:36.829485: | ***emit IKEv2 Notify Payload: Sep 21 07:16:36.829487: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:36.829490: | flags: none (0x0) Sep 21 07:16:36.829492: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:36.829494: | SPI size: 0 (0x0) Sep 21 07:16:36.829497: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:36.829500: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:36.829503: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:36.829506: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:36.829508: | Notify data 7a d9 fb f2 45 b5 cd e1 6e 05 29 e0 0d 83 da f8 Sep 21 07:16:36.829511: | Notify data 19 bb 8b dd Sep 21 07:16:36.829513: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:36.829516: | natd_hash: rcookie is zero Sep 21 07:16:36.829523: | natd_hash: hasher=0x564f7c8767a0(20) Sep 21 07:16:36.829526: | natd_hash: icookie= d3 c7 41 19 d0 f7 a0 67 Sep 21 07:16:36.829528: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:36.829530: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:36.829532: | natd_hash: port= 01 f4 Sep 21 07:16:36.829535: | natd_hash: hash= d5 0f 5f 44 70 53 0d a6 f2 73 bc 65 fb 48 91 76 Sep 21 07:16:36.829537: | natd_hash: hash= 2c db a4 47 Sep 21 07:16:36.829539: | Adding a v2N Payload Sep 21 07:16:36.829541: | ***emit IKEv2 Notify Payload: Sep 21 07:16:36.829544: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:36.829546: | flags: none (0x0) Sep 21 07:16:36.829549: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:36.829551: | SPI size: 0 (0x0) Sep 21 07:16:36.829554: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:36.829558: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:36.829561: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:36.829564: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:36.829566: | Notify data d5 0f 5f 44 70 53 0d a6 f2 73 bc 65 fb 48 91 76 Sep 21 07:16:36.829568: | Notify data 2c db a4 47 Sep 21 07:16:36.829571: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:36.829573: | emitting length of ISAKMP Message: 828 Sep 21 07:16:36.829581: | stop processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:16:36.829588: | start processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:36.829592: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:16:36.829595: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:16:36.829598: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:16:36.829601: | Message ID: updating counters for #4 to 4294967295 after switching state Sep 21 07:16:36.829604: | Message ID: IKE #4 skipping update_recv as MD is fake Sep 21 07:16:36.829609: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:36.829613: "road-eastnet" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:36.829618: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) Sep 21 07:16:36.829624: | sending 828 bytes for STATE_PARENT_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #4) Sep 21 07:16:36.829627: | d3 c7 41 19 d0 f7 a0 67 00 00 00 00 00 00 00 00 Sep 21 07:16:36.829629: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:16:36.829631: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:16:36.829634: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:16:36.829636: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:16:36.829638: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:16:36.829640: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:16:36.829642: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:16:36.829645: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:16:36.829647: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:16:36.829649: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:16:36.829652: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:16:36.829654: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:16:36.829656: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:16:36.829658: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:16:36.829660: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:16:36.829663: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:16:36.829665: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:16:36.829667: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:16:36.829669: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:16:36.829672: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:16:36.829674: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:16:36.829676: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:16:36.829678: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:16:36.829680: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:16:36.829683: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:16:36.829685: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:16:36.829687: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:16:36.829691: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:16:36.829693: | 28 00 01 08 00 0e 00 00 35 d8 9e 91 04 cf a5 1c Sep 21 07:16:36.829696: | 2c 8d ec b2 42 90 90 ae fc 6a a4 92 8b d1 ca b3 Sep 21 07:16:36.829698: | 22 db 7d 8d 8d 5d 78 69 3b 3e 0c 6c 59 5c db 37 Sep 21 07:16:36.829700: | f9 2d e6 ea 9c ba 2b c7 ae a3 3f cc 19 49 d6 07 Sep 21 07:16:36.829702: | 5b cc 73 15 f0 37 76 15 47 5c 4b 8d 39 f0 f1 65 Sep 21 07:16:36.829704: | 13 73 ad 2e 56 8d 37 2d 94 15 e7 58 29 b7 61 2f Sep 21 07:16:36.829706: | 0d 16 a2 8d 7d ea 43 9b 35 8e 82 8d c9 44 b5 4c Sep 21 07:16:36.829709: | 5d 5a b7 60 c0 87 d0 b4 d6 16 39 fa 42 56 80 b4 Sep 21 07:16:36.829711: | 20 33 1e 18 2a 21 ac c0 14 a7 b8 8e f5 93 0c d9 Sep 21 07:16:36.829713: | 2e 1e cb 3f ae 70 41 d8 8d b1 0a c4 9e 2a 8b a7 Sep 21 07:16:36.829715: | 42 5d 80 42 e9 db 7d d0 f4 a7 a8 7f aa 4f e0 c9 Sep 21 07:16:36.829718: | 01 93 cb 9c 0e c1 81 57 66 c4 d2 e2 56 da 0b d7 Sep 21 07:16:36.829720: | dd 99 bc d7 bf b6 3f d0 f8 23 a8 95 18 22 cd cf Sep 21 07:16:36.829722: | d5 9e fd fb bc f9 6e fb e7 dc fb 53 27 89 6f 75 Sep 21 07:16:36.829724: | bd d5 fe ac 44 14 6c 6e 57 35 9a 58 09 f3 87 05 Sep 21 07:16:36.829726: | 60 2c a9 80 c5 d0 a2 05 59 cc 9b 13 00 c1 8d 80 Sep 21 07:16:36.829729: | 4c 29 31 3e cf b5 b6 0f 29 00 00 24 49 11 13 ec Sep 21 07:16:36.829731: | eb d9 48 e4 a4 1a 60 0f 22 77 ad bd 30 88 53 17 Sep 21 07:16:36.829733: | 94 d4 45 e9 2d fd ac 90 83 e9 4a df 29 00 00 08 Sep 21 07:16:36.829735: | 00 00 40 2e 29 00 00 1c 00 00 40 04 7a d9 fb f2 Sep 21 07:16:36.829737: | 45 b5 cd e1 6e 05 29 e0 0d 83 da f8 19 bb 8b dd Sep 21 07:16:36.829740: | 00 00 00 1c 00 00 40 05 d5 0f 5f 44 70 53 0d a6 Sep 21 07:16:36.829742: | f2 73 bc 65 fb 48 91 76 2c db a4 47 Sep 21 07:16:36.829773: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:36.829779: | libevent_free: release ptr-libevent@0x564f7d3f9190 Sep 21 07:16:36.829786: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f2a40002b20 Sep 21 07:16:36.829792: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=25000ms Sep 21 07:16:36.829795: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f2a40002b20 Sep 21 07:16:36.829798: | inserting event EVENT_RETRANSMIT, timeout in 25 seconds for #4 Sep 21 07:16:36.829802: | libevent_malloc: new ptr-libevent@0x564f7d3f9190 size 128 Sep 21 07:16:36.829807: | #4 STATE_PARENT_I1: retransmits: first event in 25 seconds; timeout in 107 seconds; limit of 12 retransmits; current time is 48843.198059 Sep 21 07:16:36.829810: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Sep 21 07:16:36.829816: | #4 spent 1.56 milliseconds in resume sending helper answer Sep 21 07:16:36.829820: | stop processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:36.829823: | libevent_free: release ptr-libevent@0x7f2a34006900 Sep 21 07:16:38.122380: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:38.122409: shutting down Sep 21 07:16:38.122418: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:16:38.122422: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:16:38.122429: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:38.122431: forgetting secrets Sep 21 07:16:38.122438: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:38.122442: | unreference key: 0x564f7d3f6960 @east cnt 1-- Sep 21 07:16:38.122446: | unreference key: 0x564f7d3f6570 @road cnt 1-- Sep 21 07:16:38.122451: | start processing: connection "road-eastnet" (in delete_connection() at connections.c:189) Sep 21 07:16:38.122455: | removing pending policy for no connection {0x564f7d3a6530} Sep 21 07:16:38.122458: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:16:38.122464: | pass 0 Sep 21 07:16:38.122467: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:38.122470: | state #4 Sep 21 07:16:38.122474: | suspend processing: connection "road-eastnet" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:16:38.122481: | start processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:16:38.122484: | pstats #4 ikev2.ike deleted other Sep 21 07:16:38.122490: | #4 spent 2.63 milliseconds in total Sep 21 07:16:38.122495: | [RE]START processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:38.122499: "road-eastnet" #4: deleting state (STATE_PARENT_I1) aged 1.296s and NOT sending notification Sep 21 07:16:38.122503: | parent state #4: PARENT_I1(half-open IKE SA) => delete Sep 21 07:16:38.122506: | state #4 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:38.122509: | #4 STATE_PARENT_I1: retransmits: cleared Sep 21 07:16:38.122514: | libevent_free: release ptr-libevent@0x564f7d3f9190 Sep 21 07:16:38.122518: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f2a40002b20 Sep 21 07:16:38.122521: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:16:38.122524: | picked newest_isakmp_sa #0 for #4 Sep 21 07:16:38.122527: "road-eastnet" #4: deleting IKE SA for connection 'road-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:16:38.122531: | add revival: connection 'road-eastnet' added to the list and scheduled for 5 seconds Sep 21 07:16:38.122534: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Sep 21 07:16:38.122541: | stop processing: connection "road-eastnet" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:16:38.122544: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:16:38.122547: | in connection_discard for connection road-eastnet Sep 21 07:16:38.122549: | State DB: deleting IKEv2 state #4 in PARENT_I1 Sep 21 07:16:38.122554: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:16:38.122574: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:38.122579: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:16:38.122581: | pass 1 Sep 21 07:16:38.122584: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:38.122590: | shunt_eroute() called for connection 'road-eastnet' to 'delete' for rt_kind 'unrouted' using protoports 192.1.3.209/32:0 --0->- 192.0.2.0/24:0 Sep 21 07:16:38.122596: | netlink_shunt_eroute for proto 0, and source 192.1.3.209/32:0 dest 192.0.2.0/24:0 Sep 21 07:16:38.122600: | priority calculation of connection "road-eastnet" is 0xfdfe7 Sep 21 07:16:38.122650: | priority calculation of connection "road-eastnet" is 0xfdfe7 Sep 21 07:16:38.122661: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:38.122664: | conn road-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:16:38.122667: | conn road-eastnet mark 0/00000000, 0/00000000 Sep 21 07:16:38.122670: | route owner of "road-eastnet" unrouted: NULL Sep 21 07:16:38.122673: | running updown command "ipsec _updown" for verb unroute Sep 21 07:16:38.122676: | command executing unroute-host Sep 21 07:16:38.122705: | executing unroute-host: PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Sep 21 07:16:38.122711: | popen cmd is 1032 chars long Sep 21 07:16:38.122714: | cmd( 0):PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PL: Sep 21 07:16:38.122716: | cmd( 80):UTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_M: Sep 21 07:16:38.122719: | cmd( 160):Y_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' : Sep 21 07:16:38.122721: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Sep 21 07:16:38.122724: | cmd( 320):LUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Sep 21 07:16:38.122726: | cmd( 400):='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUT: Sep 21 07:16:38.122729: | cmd( 480):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Sep 21 07:16:38.122731: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG: Sep 21 07:16:38.122734: | cmd( 640):+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Sep 21 07:16:38.122736: | cmd( 720):_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C: Sep 21 07:16:38.122739: | cmd( 800):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P: Sep 21 07:16:38.122741: | cmd( 880):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT: Sep 21 07:16:38.122744: | cmd( 960):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:16:38.463553: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:16:38.463605: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:16:38.463636: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:16:38.463665: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:16:38.463694: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:16:38.463724: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:16:38.463756: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:16:38.463789: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:16:38.463822: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:16:38.463851: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:16:38.463881: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:16:38.463913: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:16:38.464330: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:16:38.464360: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:16:38.464390: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:16:38.591110: | free hp@0x564f7d3d6310 Sep 21 07:16:38.591128: | flush revival: connection 'road-eastnet' revival flushed Sep 21 07:16:38.591132: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:16:38.591141: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:16:38.591144: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:16:38.591155: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:16:38.591159: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:16:38.591162: shutting down interface eth0/eth0 192.1.3.209:4500 Sep 21 07:16:38.591164: shutting down interface eth0/eth0 192.1.3.209:500 Sep 21 07:16:38.591168: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:16:38.591176: | libevent_free: release ptr-libevent@0x564f7d3f4b30 Sep 21 07:16:38.591180: | free_event_entry: release EVENT_NULL-pe@0x564f7d3dd7b0 Sep 21 07:16:38.591194: | libevent_free: release ptr-libevent@0x564f7d3f4c20 Sep 21 07:16:38.591197: | free_event_entry: release EVENT_NULL-pe@0x564f7d3f4be0 Sep 21 07:16:38.591203: | libevent_free: release ptr-libevent@0x564f7d3f4d10 Sep 21 07:16:38.591206: | free_event_entry: release EVENT_NULL-pe@0x564f7d3f4cd0 Sep 21 07:16:38.591211: | libevent_free: release ptr-libevent@0x564f7d3f4e00 Sep 21 07:16:38.591214: | free_event_entry: release EVENT_NULL-pe@0x564f7d3f4dc0 Sep 21 07:16:38.591219: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:16:38.591751: | libevent_free: release ptr-libevent@0x564f7d3f43f0 Sep 21 07:16:38.591758: | free_event_entry: release EVENT_NULL-pe@0x564f7d3d80b0 Sep 21 07:16:38.591763: | libevent_free: release ptr-libevent@0x564f7d3e9e80 Sep 21 07:16:38.591767: | free_event_entry: release EVENT_NULL-pe@0x564f7d3de010 Sep 21 07:16:38.591771: | libevent_free: release ptr-libevent@0x564f7d3e9df0 Sep 21 07:16:38.591773: | free_event_entry: release EVENT_NULL-pe@0x564f7d3de050 Sep 21 07:16:38.591777: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:16:38.591779: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:16:38.591781: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:16:38.591789: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:16:38.591792: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:16:38.591795: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:16:38.591797: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:16:38.591799: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:16:38.591801: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:16:38.591806: | libevent_free: release ptr-libevent@0x564f7d3f45d0 Sep 21 07:16:38.591809: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:16:38.591812: | libevent_free: release ptr-libevent@0x564f7d3f46b0 Sep 21 07:16:38.591814: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:16:38.591817: | libevent_free: release ptr-libevent@0x564f7d3f4770 Sep 21 07:16:38.591819: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:16:38.591822: | libevent_free: release ptr-libevent@0x564f7d3e9170 Sep 21 07:16:38.591825: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:16:38.591827: | releasing event base Sep 21 07:16:38.591839: | libevent_free: release ptr-libevent@0x564f7d3f4830 Sep 21 07:16:38.591842: | libevent_free: release ptr-libevent@0x564f7d3ad1f0 Sep 21 07:16:38.591845: | libevent_free: release ptr-libevent@0x564f7d3d83c0 Sep 21 07:16:38.591848: | libevent_free: release ptr-libevent@0x564f7d3d85a0 Sep 21 07:16:38.591850: | libevent_free: release ptr-libevent@0x564f7d3d83e0 Sep 21 07:16:38.591853: | libevent_free: release ptr-libevent@0x564f7d3f4480 Sep 21 07:16:38.591855: | libevent_free: release ptr-libevent@0x564f7d3f4670 Sep 21 07:16:38.591857: | libevent_free: release ptr-libevent@0x564f7d3d8580 Sep 21 07:16:38.591860: | libevent_free: release ptr-libevent@0x564f7d3d8860 Sep 21 07:16:38.591862: | libevent_free: release ptr-libevent@0x564f7d3dcfd0 Sep 21 07:16:38.591864: | libevent_free: release ptr-libevent@0x564f7d3f4e90 Sep 21 07:16:38.591867: | libevent_free: release ptr-libevent@0x564f7d3f4da0 Sep 21 07:16:38.591869: | libevent_free: release ptr-libevent@0x564f7d3f4cb0 Sep 21 07:16:38.591871: | libevent_free: release ptr-libevent@0x564f7d3f4bc0 Sep 21 07:16:38.591873: | libevent_free: release ptr-libevent@0x564f7d3d8470 Sep 21 07:16:38.591876: | libevent_free: release ptr-libevent@0x564f7d3f4750 Sep 21 07:16:38.591878: | libevent_free: release ptr-libevent@0x564f7d3f4690 Sep 21 07:16:38.591880: | libevent_free: release ptr-libevent@0x564f7d3f45b0 Sep 21 07:16:38.591883: | libevent_free: release ptr-libevent@0x564f7d3f4810 Sep 21 07:16:38.591885: | libevent_free: release ptr-libevent@0x564f7d3f44a0 Sep 21 07:16:38.591888: | libevent_free: release ptr-libevent@0x564f7d3d8400 Sep 21 07:16:38.591890: | libevent_free: release ptr-libevent@0x564f7d3d8430 Sep 21 07:16:38.591895: | libevent_free: release ptr-libevent@0x564f7d3d8120 Sep 21 07:16:38.591897: | releasing global libevent data Sep 21 07:16:38.591900: | libevent_free: release ptr-libevent@0x564f7d3d63c0 Sep 21 07:16:38.591903: | libevent_free: release ptr-libevent@0x564f7d3d63f0 Sep 21 07:16:38.591906: | libevent_free: release ptr-libevent@0x564f7d3d80f0