Sep 21 07:16:34.499345: FIPS Product: YES Sep 21 07:16:34.499373: FIPS Kernel: NO Sep 21 07:16:34.499375: FIPS Mode: NO Sep 21 07:16:34.499377: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:16:34.499505: Initializing NSS Sep 21 07:16:34.499508: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:16:34.528636: NSS initialized Sep 21 07:16:34.528646: NSS crypto library initialized Sep 21 07:16:34.528648: FIPS HMAC integrity support [enabled] Sep 21 07:16:34.528649: FIPS mode disabled for pluto daemon Sep 21 07:16:34.573360: FIPS HMAC integrity verification self-test FAILED Sep 21 07:16:34.573470: libcap-ng support [enabled] Sep 21 07:16:34.573482: Linux audit support [enabled] Sep 21 07:16:34.573509: Linux audit activated Sep 21 07:16:34.573514: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:15315 Sep 21 07:16:34.573516: core dump dir: /tmp Sep 21 07:16:34.573519: secrets file: /etc/ipsec.secrets Sep 21 07:16:34.573521: leak-detective disabled Sep 21 07:16:34.573523: NSS crypto [enabled] Sep 21 07:16:34.573525: XAUTH PAM support [enabled] Sep 21 07:16:34.573596: | libevent is using pluto's memory allocator Sep 21 07:16:34.573606: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:16:34.573619: | libevent_malloc: new ptr-libevent@0x558c07398000 size 40 Sep 21 07:16:34.573622: | libevent_malloc: new ptr-libevent@0x558c07398030 size 40 Sep 21 07:16:34.573625: | libevent_malloc: new ptr-libevent@0x558c07399320 size 40 Sep 21 07:16:34.573628: | creating event base Sep 21 07:16:34.573631: | libevent_malloc: new ptr-libevent@0x558c073992e0 size 56 Sep 21 07:16:34.573634: | libevent_malloc: new ptr-libevent@0x558c07399350 size 664 Sep 21 07:16:34.573644: | libevent_malloc: new ptr-libevent@0x558c073995f0 size 24 Sep 21 07:16:34.573648: | libevent_malloc: new ptr-libevent@0x558c0738add0 size 384 Sep 21 07:16:34.573659: | libevent_malloc: new ptr-libevent@0x558c07399610 size 16 Sep 21 07:16:34.573661: | libevent_malloc: new ptr-libevent@0x558c07399630 size 40 Sep 21 07:16:34.573664: | libevent_malloc: new ptr-libevent@0x558c07399660 size 48 Sep 21 07:16:34.573671: | libevent_realloc: new ptr-libevent@0x558c0731b370 size 256 Sep 21 07:16:34.573673: | libevent_malloc: new ptr-libevent@0x558c073996a0 size 16 Sep 21 07:16:34.573679: | libevent_free: release ptr-libevent@0x558c073992e0 Sep 21 07:16:34.573682: | libevent initialized Sep 21 07:16:34.573686: | libevent_realloc: new ptr-libevent@0x558c073996c0 size 64 Sep 21 07:16:34.573689: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:16:34.573704: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:16:34.573707: NAT-Traversal support [enabled] Sep 21 07:16:34.573710: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:16:34.573715: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:16:34.573723: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:16:34.573762: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:16:34.573767: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:16:34.573770: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:16:34.573830: Encryption algorithms: Sep 21 07:16:34.573844: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:16:34.573849: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:16:34.573853: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:16:34.573857: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:16:34.573860: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:16:34.573869: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:16:34.573873: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:16:34.573877: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:16:34.573881: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:16:34.573885: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:16:34.573888: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:16:34.573892: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:16:34.573895: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:16:34.573899: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:16:34.573903: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:16:34.573906: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:16:34.573910: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:16:34.573917: Hash algorithms: Sep 21 07:16:34.573920: MD5 IKEv1: IKE IKEv2: Sep 21 07:16:34.573923: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:16:34.573926: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:16:34.573929: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:16:34.573932: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:16:34.573945: PRF algorithms: Sep 21 07:16:34.573949: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:16:34.573952: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:16:34.573955: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:16:34.573959: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:16:34.573961: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:16:34.573965: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:16:34.573989: Integrity algorithms: Sep 21 07:16:34.573993: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:16:34.573997: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:16:34.574001: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:16:34.574005: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:16:34.574008: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:16:34.574011: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:16:34.574015: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:16:34.574018: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:16:34.574021: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:16:34.574033: DH algorithms: Sep 21 07:16:34.574037: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:16:34.574039: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:16:34.574042: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:16:34.574047: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:16:34.574050: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:16:34.574052: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:16:34.574055: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:16:34.574058: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:16:34.574061: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:16:34.574064: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:16:34.574067: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:16:34.574069: testing CAMELLIA_CBC: Sep 21 07:16:34.574072: Camellia: 16 bytes with 128-bit key Sep 21 07:16:34.574287: Camellia: 16 bytes with 128-bit key Sep 21 07:16:34.574320: Camellia: 16 bytes with 256-bit key Sep 21 07:16:34.574352: Camellia: 16 bytes with 256-bit key Sep 21 07:16:34.574380: testing AES_GCM_16: Sep 21 07:16:34.574384: empty string Sep 21 07:16:34.574412: one block Sep 21 07:16:34.574435: two blocks Sep 21 07:16:34.574459: two blocks with associated data Sep 21 07:16:34.574483: testing AES_CTR: Sep 21 07:16:34.574486: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:16:34.574513: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:16:34.574542: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:16:34.574573: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:16:34.574601: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:16:34.574632: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:16:34.574660: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:16:34.574687: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:16:34.574714: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:16:34.574741: testing AES_CBC: Sep 21 07:16:34.574745: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:16:34.574763: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:16:34.574780: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:16:34.574814: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:16:34.574856: testing AES_XCBC: Sep 21 07:16:34.574860: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:16:34.574979: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:16:34.575113: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:16:34.575239: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:16:34.575368: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:16:34.575492: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:16:34.575618: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:16:34.575911: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:16:34.576032: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:16:34.576119: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:16:34.576261: testing HMAC_MD5: Sep 21 07:16:34.576263: RFC 2104: MD5_HMAC test 1 Sep 21 07:16:34.576375: RFC 2104: MD5_HMAC test 2 Sep 21 07:16:34.576468: RFC 2104: MD5_HMAC test 3 Sep 21 07:16:34.576583: 8 CPU cores online Sep 21 07:16:34.576586: starting up 7 crypto helpers Sep 21 07:16:34.576613: started thread for crypto helper 0 Sep 21 07:16:34.576617: | starting up helper thread 0 Sep 21 07:16:34.576632: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:16:34.576634: | crypto helper 0 waiting (nothing to do) Sep 21 07:16:34.576642: started thread for crypto helper 1 Sep 21 07:16:34.576661: started thread for crypto helper 2 Sep 21 07:16:34.576664: | starting up helper thread 2 Sep 21 07:16:34.576675: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:16:34.576678: | crypto helper 2 waiting (nothing to do) Sep 21 07:16:34.576687: started thread for crypto helper 3 Sep 21 07:16:34.576689: | starting up helper thread 3 Sep 21 07:16:34.576700: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:16:34.576703: | crypto helper 3 waiting (nothing to do) Sep 21 07:16:34.576712: started thread for crypto helper 4 Sep 21 07:16:34.576726: started thread for crypto helper 5 Sep 21 07:16:34.576728: | starting up helper thread 5 Sep 21 07:16:34.576738: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:16:34.576741: | crypto helper 5 waiting (nothing to do) Sep 21 07:16:34.576751: started thread for crypto helper 6 Sep 21 07:16:34.576753: | starting up helper thread 6 Sep 21 07:16:34.576757: | checking IKEv1 state table Sep 21 07:16:34.576671: | starting up helper thread 1 Sep 21 07:16:34.576763: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:16:34.576782: | crypto helper 6 waiting (nothing to do) Sep 21 07:16:34.576770: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:34.576797: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:16:34.576799: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:34.576800: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:16:34.576802: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:16:34.576803: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:16:34.576805: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:34.576806: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:34.576807: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:16:34.576808: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:16:34.576822: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:16:34.576825: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:34.576828: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:34.576817: | crypto helper 1 waiting (nothing to do) Sep 21 07:16:34.576831: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:16:34.576838: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:34.576840: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:34.576841: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:34.576843: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:16:34.576844: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:34.576846: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:34.576847: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:34.576848: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:16:34.576850: | -> UNDEFINED EVENT_NULL Sep 21 07:16:34.576852: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:16:34.576853: | -> UNDEFINED EVENT_NULL Sep 21 07:16:34.576854: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:34.576856: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:16:34.576857: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:34.576859: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:34.576860: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:34.576862: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:16:34.576863: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:34.576864: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:34.576866: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:16:34.576867: | -> UNDEFINED EVENT_NULL Sep 21 07:16:34.576869: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:16:34.576870: | -> UNDEFINED EVENT_NULL Sep 21 07:16:34.576872: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:16:34.576873: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:16:34.576875: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:16:34.576876: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:16:34.576878: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:16:34.576882: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:16:34.576883: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:16:34.576885: | -> UNDEFINED EVENT_NULL Sep 21 07:16:34.576886: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:16:34.576888: | -> UNDEFINED EVENT_NULL Sep 21 07:16:34.576889: | INFO: category: informational flags: 0: Sep 21 07:16:34.576891: | -> UNDEFINED EVENT_NULL Sep 21 07:16:34.576892: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:16:34.576894: | -> UNDEFINED EVENT_NULL Sep 21 07:16:34.576895: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:16:34.576896: | -> XAUTH_R1 EVENT_NULL Sep 21 07:16:34.576898: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:16:34.576899: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:34.576901: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:16:34.576902: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:16:34.576904: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:16:34.576905: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:16:34.576907: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:16:34.576908: | -> UNDEFINED EVENT_NULL Sep 21 07:16:34.576910: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:16:34.576911: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:34.576913: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:16:34.576914: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:16:34.576916: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:16:34.576917: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:16:34.576922: | checking IKEv2 state table Sep 21 07:16:34.576926: | PARENT_I0: category: ignore flags: 0: Sep 21 07:16:34.576928: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:16:34.576930: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:34.576931: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:16:34.576933: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:16:34.576935: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:16:34.576937: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:16:34.576938: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:16:34.576940: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:16:34.576941: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:16:34.576943: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:16:34.576945: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:16:34.576946: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:16:34.576948: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:16:34.576949: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:16:34.576951: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:16:34.576952: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:34.576954: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:16:34.576955: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:16:34.576957: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:16:34.576959: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:16:34.576960: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:16:34.576962: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:16:34.576963: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:16:34.576965: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:16:34.576968: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:16:34.576969: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:16:34.576971: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:16:34.576972: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:16:34.576974: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:16:34.576976: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:16:34.576977: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:34.576979: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:16:34.576981: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:16:34.576982: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:16:34.576984: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:16:34.576986: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:16:34.576987: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:16:34.576989: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:16:34.576991: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:16:34.576992: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:34.576994: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:16:34.576996: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:16:34.576997: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:16:34.576999: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:16:34.577000: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:16:34.577002: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:16:34.577053: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:16:34.577110: | Hard-wiring algorithms Sep 21 07:16:34.577114: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:16:34.577118: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:16:34.577120: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:16:34.577122: | adding 3DES_CBC to kernel algorithm db Sep 21 07:16:34.577124: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:16:34.577127: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:16:34.577129: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:16:34.577131: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:16:34.577133: | adding AES_CTR to kernel algorithm db Sep 21 07:16:34.577135: | adding AES_CBC to kernel algorithm db Sep 21 07:16:34.577138: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:16:34.577140: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:16:34.577143: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:16:34.577145: | adding NULL to kernel algorithm db Sep 21 07:16:34.577148: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:16:34.577150: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:16:34.577152: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:16:34.577154: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:16:34.577157: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:16:34.577159: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:16:34.577162: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:16:34.577164: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:16:34.577166: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:16:34.577168: | adding NONE to kernel algorithm db Sep 21 07:16:34.577188: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:16:34.577194: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:16:34.577196: | setup kernel fd callback Sep 21 07:16:34.577201: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x558c0739ed60 Sep 21 07:16:34.577205: | libevent_malloc: new ptr-libevent@0x558c073aaf00 size 128 Sep 21 07:16:34.577208: | libevent_malloc: new ptr-libevent@0x558c0739e040 size 16 Sep 21 07:16:34.577214: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x558c0739ed20 Sep 21 07:16:34.577219: | libevent_malloc: new ptr-libevent@0x558c073aaf90 size 128 Sep 21 07:16:34.577221: | libevent_malloc: new ptr-libevent@0x558c0739e060 size 16 Sep 21 07:16:34.577382: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:16:34.577389: selinux support is enabled. Sep 21 07:16:34.577458: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:16:34.577588: | unbound context created - setting debug level to 5 Sep 21 07:16:34.577610: | /etc/hosts lookups activated Sep 21 07:16:34.577622: | /etc/resolv.conf usage activated Sep 21 07:16:34.577656: | outgoing-port-avoid set 0-65535 Sep 21 07:16:34.577673: | outgoing-port-permit set 32768-60999 Sep 21 07:16:34.577674: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:16:34.577676: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:16:34.577678: | Setting up events, loop start Sep 21 07:16:34.577680: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x558c073992e0 Sep 21 07:16:34.577682: | libevent_malloc: new ptr-libevent@0x558c073b5500 size 128 Sep 21 07:16:34.577684: | libevent_malloc: new ptr-libevent@0x558c073b5590 size 16 Sep 21 07:16:34.577689: | libevent_realloc: new ptr-libevent@0x558c073195b0 size 256 Sep 21 07:16:34.577691: | libevent_malloc: new ptr-libevent@0x558c073b55b0 size 8 Sep 21 07:16:34.577693: | libevent_realloc: new ptr-libevent@0x558c073aa280 size 144 Sep 21 07:16:34.577694: | libevent_malloc: new ptr-libevent@0x558c073b55d0 size 152 Sep 21 07:16:34.577697: | libevent_malloc: new ptr-libevent@0x558c073b5670 size 16 Sep 21 07:16:34.577699: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:16:34.577701: | libevent_malloc: new ptr-libevent@0x558c073b5690 size 8 Sep 21 07:16:34.577703: | libevent_malloc: new ptr-libevent@0x558c073b56b0 size 152 Sep 21 07:16:34.577704: | signal event handler PLUTO_SIGTERM installed Sep 21 07:16:34.577706: | libevent_malloc: new ptr-libevent@0x558c073b5750 size 8 Sep 21 07:16:34.577707: | libevent_malloc: new ptr-libevent@0x558c073b5770 size 152 Sep 21 07:16:34.577709: | signal event handler PLUTO_SIGHUP installed Sep 21 07:16:34.577711: | libevent_malloc: new ptr-libevent@0x558c073b5810 size 8 Sep 21 07:16:34.577712: | libevent_realloc: release ptr-libevent@0x558c073aa280 Sep 21 07:16:34.577714: | libevent_realloc: new ptr-libevent@0x558c073b5830 size 256 Sep 21 07:16:34.577716: | libevent_malloc: new ptr-libevent@0x558c073aa280 size 152 Sep 21 07:16:34.577717: | signal event handler PLUTO_SIGSYS installed Sep 21 07:16:34.577990: | starting up helper thread 4 Sep 21 07:16:34.578007: | created addconn helper (pid:15386) using fork+execve Sep 21 07:16:34.578019: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:16:34.578021: | forked child 15386 Sep 21 07:16:34.578031: | crypto helper 4 waiting (nothing to do) Sep 21 07:16:34.578061: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:34.578077: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:34.578082: listening for IKE messages Sep 21 07:16:34.578126: | Inspecting interface lo Sep 21 07:16:34.578134: | found lo with address 127.0.0.1 Sep 21 07:16:34.578142: | Inspecting interface eth0 Sep 21 07:16:34.578152: | found eth0 with address 192.0.3.254 Sep 21 07:16:34.578155: | Inspecting interface eth1 Sep 21 07:16:34.578159: | found eth1 with address 192.1.3.33 Sep 21 07:16:34.578200: Kernel supports NIC esp-hw-offload Sep 21 07:16:34.578212: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Sep 21 07:16:34.578238: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:34.578245: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:34.578248: adding interface eth1/eth1 192.1.3.33:4500 Sep 21 07:16:34.578272: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Sep 21 07:16:34.578291: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:34.578295: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:34.578297: adding interface eth0/eth0 192.0.3.254:4500 Sep 21 07:16:34.578320: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:16:34.578343: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:34.578346: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:34.578349: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:16:34.578393: | no interfaces to sort Sep 21 07:16:34.578396: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:16:34.578402: | add_fd_read_event_handler: new ethX-pe@0x558c073b5ba0 Sep 21 07:16:34.578404: | libevent_malloc: new ptr-libevent@0x558c073b5be0 size 128 Sep 21 07:16:34.578406: | libevent_malloc: new ptr-libevent@0x558c073b5c70 size 16 Sep 21 07:16:34.578413: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:16:34.578415: | add_fd_read_event_handler: new ethX-pe@0x558c073b5c90 Sep 21 07:16:34.578417: | libevent_malloc: new ptr-libevent@0x558c073b5cd0 size 128 Sep 21 07:16:34.578419: | libevent_malloc: new ptr-libevent@0x558c073b5d60 size 16 Sep 21 07:16:34.578421: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:16:34.578423: | add_fd_read_event_handler: new ethX-pe@0x558c073b5d80 Sep 21 07:16:34.578425: | libevent_malloc: new ptr-libevent@0x558c073b5dc0 size 128 Sep 21 07:16:34.578426: | libevent_malloc: new ptr-libevent@0x558c073b5e50 size 16 Sep 21 07:16:34.578429: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:16:34.578431: | add_fd_read_event_handler: new ethX-pe@0x558c073b5e70 Sep 21 07:16:34.578432: | libevent_malloc: new ptr-libevent@0x558c073b5eb0 size 128 Sep 21 07:16:34.578434: | libevent_malloc: new ptr-libevent@0x558c073b5f40 size 16 Sep 21 07:16:34.578436: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:16:34.578438: | add_fd_read_event_handler: new ethX-pe@0x558c073b5f60 Sep 21 07:16:34.578439: | libevent_malloc: new ptr-libevent@0x558c073b5fa0 size 128 Sep 21 07:16:34.578441: | libevent_malloc: new ptr-libevent@0x558c073b6030 size 16 Sep 21 07:16:34.578444: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:16:34.578445: | add_fd_read_event_handler: new ethX-pe@0x558c073b6050 Sep 21 07:16:34.578447: | libevent_malloc: new ptr-libevent@0x558c073b6090 size 128 Sep 21 07:16:34.578449: | libevent_malloc: new ptr-libevent@0x558c073b6120 size 16 Sep 21 07:16:34.578451: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:16:34.578455: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:34.578457: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:34.578471: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:34.578488: | saving Modulus Sep 21 07:16:34.578491: | saving PublicExponent Sep 21 07:16:34.578493: | ignoring PrivateExponent Sep 21 07:16:34.578495: | ignoring Prime1 Sep 21 07:16:34.578497: | ignoring Prime2 Sep 21 07:16:34.578500: | ignoring Exponent1 Sep 21 07:16:34.578503: | ignoring Exponent2 Sep 21 07:16:34.578505: | ignoring Coefficient Sep 21 07:16:34.578507: | ignoring CKAIDNSS Sep 21 07:16:34.578541: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:34.578543: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:16:34.578546: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:16:34.578552: | certs and keys locked by 'process_secret' Sep 21 07:16:34.578554: | certs and keys unlocked by 'process_secret' Sep 21 07:16:34.578559: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:34.578566: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:34.578575: | spent 0.512 milliseconds in whack Sep 21 07:16:34.622907: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:34.622931: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:34.622935: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:34.622938: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:34.622940: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:34.622944: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:34.622951: | Added new connection north-east with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:34.622954: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:16:34.623009: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:16:34.623013: | from whack: got --esp= Sep 21 07:16:34.623051: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:16:34.623056: | counting wild cards for @north is 0 Sep 21 07:16:34.623060: | counting wild cards for @east is 0 Sep 21 07:16:34.623072: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:16:34.623076: | new hp@0x558c07382610 Sep 21 07:16:34.623080: added connection description "north-east" Sep 21 07:16:34.623090: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:34.623101: | 192.0.3.254/32===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:16:34.623109: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:34.623116: | spent 0.217 milliseconds in whack Sep 21 07:16:34.623145: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:34.623154: add keyid @north Sep 21 07:16:34.623158: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Sep 21 07:16:34.623160: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Sep 21 07:16:34.623163: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Sep 21 07:16:34.623165: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Sep 21 07:16:34.623167: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Sep 21 07:16:34.623169: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Sep 21 07:16:34.623172: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Sep 21 07:16:34.623174: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Sep 21 07:16:34.623176: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Sep 21 07:16:34.623179: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Sep 21 07:16:34.623181: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Sep 21 07:16:34.623183: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Sep 21 07:16:34.623186: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Sep 21 07:16:34.623188: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Sep 21 07:16:34.623190: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Sep 21 07:16:34.623192: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Sep 21 07:16:34.623195: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Sep 21 07:16:34.623197: | add pubkey c7 5e a5 99 Sep 21 07:16:34.623219: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:34.623228: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:16:34.623235: | keyid: *AQPl33O2P Sep 21 07:16:34.623237: | n e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Sep 21 07:16:34.623240: | n 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Sep 21 07:16:34.623242: | n 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Sep 21 07:16:34.623244: | n 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Sep 21 07:16:34.623247: | n b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Sep 21 07:16:34.623249: | n 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Sep 21 07:16:34.623251: | n 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Sep 21 07:16:34.623253: | n 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Sep 21 07:16:34.623256: | n 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Sep 21 07:16:34.623258: | n 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Sep 21 07:16:34.623260: | n 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Sep 21 07:16:34.623263: | n 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Sep 21 07:16:34.623265: | n 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Sep 21 07:16:34.623267: | n 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Sep 21 07:16:34.623269: | n 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Sep 21 07:16:34.623272: | n d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Sep 21 07:16:34.623274: | n 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Sep 21 07:16:34.623276: | n a5 99 Sep 21 07:16:34.623278: | e 03 Sep 21 07:16:34.623280: | CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:34.623283: | CKAID 88 aa 7c 5d Sep 21 07:16:34.623290: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:34.623294: | spent 0.154 milliseconds in whack Sep 21 07:16:34.623322: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:34.623330: add keyid @east Sep 21 07:16:34.623333: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:16:34.623335: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:16:34.623338: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:16:34.623340: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:16:34.623342: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:16:34.623345: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:16:34.623347: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:16:34.623349: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:16:34.623351: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:16:34.623354: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:16:34.623356: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:16:34.623358: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:16:34.623360: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:16:34.623363: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:16:34.623365: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:16:34.623367: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:16:34.623370: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:16:34.623372: | add pubkey 51 51 48 ef Sep 21 07:16:34.623383: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:16:34.623385: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:16:34.623389: | keyid: *AQO9bJbr3 Sep 21 07:16:34.623391: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:16:34.623394: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:16:34.623396: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:16:34.623398: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:16:34.623403: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:16:34.623406: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:16:34.623408: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:16:34.623410: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:16:34.623413: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:16:34.623415: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:16:34.623417: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:16:34.623420: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:16:34.623422: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:16:34.623424: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:16:34.623426: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:16:34.623429: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:16:34.623431: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:16:34.623433: | n 48 ef Sep 21 07:16:34.623435: | e 03 Sep 21 07:16:34.623438: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:16:34.623440: | CKAID 8a 82 25 f1 Sep 21 07:16:34.623447: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:34.623451: | spent 0.133 milliseconds in whack Sep 21 07:16:34.623475: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:34.623485: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:34.623489: listening for IKE messages Sep 21 07:16:34.623522: | Inspecting interface lo Sep 21 07:16:34.623528: | found lo with address 127.0.0.1 Sep 21 07:16:34.623531: | Inspecting interface eth0 Sep 21 07:16:34.623535: | found eth0 with address 192.0.3.254 Sep 21 07:16:34.623537: | Inspecting interface eth1 Sep 21 07:16:34.623541: | found eth1 with address 192.1.3.33 Sep 21 07:16:34.623597: | no interfaces to sort Sep 21 07:16:34.623604: | libevent_free: release ptr-libevent@0x558c073b5be0 Sep 21 07:16:34.623607: | free_event_entry: release EVENT_NULL-pe@0x558c073b5ba0 Sep 21 07:16:34.623610: | add_fd_read_event_handler: new ethX-pe@0x558c073b5ba0 Sep 21 07:16:34.623613: | libevent_malloc: new ptr-libevent@0x558c073b5be0 size 128 Sep 21 07:16:34.623620: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:16:34.623624: | libevent_free: release ptr-libevent@0x558c073b5cd0 Sep 21 07:16:34.623626: | free_event_entry: release EVENT_NULL-pe@0x558c073b5c90 Sep 21 07:16:34.623628: | add_fd_read_event_handler: new ethX-pe@0x558c073b5c90 Sep 21 07:16:34.623631: | libevent_malloc: new ptr-libevent@0x558c073b5cd0 size 128 Sep 21 07:16:34.623636: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:16:34.623639: | libevent_free: release ptr-libevent@0x558c073b5dc0 Sep 21 07:16:34.623642: | free_event_entry: release EVENT_NULL-pe@0x558c073b5d80 Sep 21 07:16:34.623644: | add_fd_read_event_handler: new ethX-pe@0x558c073b5d80 Sep 21 07:16:34.623646: | libevent_malloc: new ptr-libevent@0x558c073b5dc0 size 128 Sep 21 07:16:34.623651: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:16:34.623655: | libevent_free: release ptr-libevent@0x558c073b5eb0 Sep 21 07:16:34.623657: | free_event_entry: release EVENT_NULL-pe@0x558c073b5e70 Sep 21 07:16:34.623660: | add_fd_read_event_handler: new ethX-pe@0x558c073b5e70 Sep 21 07:16:34.623662: | libevent_malloc: new ptr-libevent@0x558c073b5eb0 size 128 Sep 21 07:16:34.623667: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:16:34.623670: | libevent_free: release ptr-libevent@0x558c073b5fa0 Sep 21 07:16:34.623672: | free_event_entry: release EVENT_NULL-pe@0x558c073b5f60 Sep 21 07:16:34.623675: | add_fd_read_event_handler: new ethX-pe@0x558c073b5f60 Sep 21 07:16:34.623677: | libevent_malloc: new ptr-libevent@0x558c073b5fa0 size 128 Sep 21 07:16:34.623682: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:16:34.623688: | libevent_free: release ptr-libevent@0x558c073b6090 Sep 21 07:16:34.623690: | free_event_entry: release EVENT_NULL-pe@0x558c073b6050 Sep 21 07:16:34.623693: | add_fd_read_event_handler: new ethX-pe@0x558c073b6050 Sep 21 07:16:34.623696: | libevent_malloc: new ptr-libevent@0x558c073b6090 size 128 Sep 21 07:16:34.623700: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:16:34.623703: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:34.623705: forgetting secrets Sep 21 07:16:34.623712: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:34.623725: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:34.623740: | saving Modulus Sep 21 07:16:34.623743: | saving PublicExponent Sep 21 07:16:34.623747: | ignoring PrivateExponent Sep 21 07:16:34.623750: | ignoring Prime1 Sep 21 07:16:34.623753: | ignoring Prime2 Sep 21 07:16:34.623756: | ignoring Exponent1 Sep 21 07:16:34.623759: | ignoring Exponent2 Sep 21 07:16:34.623762: | ignoring Coefficient Sep 21 07:16:34.623765: | ignoring CKAIDNSS Sep 21 07:16:34.623776: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:16:34.623778: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:16:34.623782: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:16:34.623801: | certs and keys locked by 'process_secret' Sep 21 07:16:34.623803: | certs and keys unlocked by 'process_secret' Sep 21 07:16:34.623808: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:34.623815: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:34.623820: | spent 0.34 milliseconds in whack Sep 21 07:16:34.623842: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:34.623850: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:34.623854: | start processing: connection "north-east" (in whack_route_connection() at rcv_whack.c:106) Sep 21 07:16:34.623858: | could_route called for north-east (kind=CK_PERMANENT) Sep 21 07:16:34.623860: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:34.623863: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:16:34.623865: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:16:34.623871: | route owner of "north-east" unrouted: NULL; eroute owner: NULL Sep 21 07:16:34.623874: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:16:34.623876: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:34.623879: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:16:34.623881: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:16:34.623884: | route owner of "north-east" unrouted: NULL; eroute owner: NULL Sep 21 07:16:34.623887: | route_and_eroute with c: north-east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0 Sep 21 07:16:34.623894: | shunt_eroute() called for connection 'north-east' to 'add' for rt_kind 'prospective erouted' using protoports 192.0.3.254/32:0 --0->- 192.0.2.0/24:0 Sep 21 07:16:34.623899: | netlink_shunt_eroute for proto 0, and source 192.0.3.254/32:0 dest 192.0.2.0/24:0 Sep 21 07:16:34.623902: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:16:34.623909: | IPsec Sa SPD priority set to 1040359 Sep 21 07:16:34.623956: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:16:34.623959: | route_and_eroute: firewall_notified: true Sep 21 07:16:34.623962: | running updown command "ipsec _updown" for verb prepare Sep 21 07:16:34.623964: | command executing prepare-client Sep 21 07:16:34.623990: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_ Sep 21 07:16:34.624000: | popen cmd is 1028 chars long Sep 21 07:16:34.624003: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL: Sep 21 07:16:34.624006: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_: Sep 21 07:16:34.624008: | cmd( 160):ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' P: Sep 21 07:16:34.624011: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Sep 21 07:16:34.624013: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Sep 21 07:16:34.624016: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Sep 21 07:16:34.624018: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:16:34.624021: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: Sep 21 07:16:34.624023: | cmd( 640):ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIN: Sep 21 07:16:34.624026: | cmd( 720):D='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO: Sep 21 07:16:34.624028: | cmd( 800):='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO: Sep 21 07:16:34.624031: | cmd( 880):_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_RO: Sep 21 07:16:34.624033: | cmd( 960):UTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:16:34.634391: | running updown command "ipsec _updown" for verb route Sep 21 07:16:34.634415: | command executing route-client Sep 21 07:16:34.634435: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0 Sep 21 07:16:34.634438: | popen cmd is 1026 chars long Sep 21 07:16:34.634440: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUT: Sep 21 07:16:34.634441: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID: Sep 21 07:16:34.634443: | cmd( 160):='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLU: Sep 21 07:16:34.634444: | cmd( 240):TO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUT: Sep 21 07:16:34.634446: | cmd( 320):O_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@: Sep 21 07:16:34.634447: | cmd( 400):east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_P: Sep 21 07:16:34.634453: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Sep 21 07:16:34.634455: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN: Sep 21 07:16:34.634456: | cmd( 640):CRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND=: Sep 21 07:16:34.634458: | cmd( 720):'CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=': Sep 21 07:16:34.634459: | cmd( 800):0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_C: Sep 21 07:16:34.634461: | cmd( 880):FG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUT: Sep 21 07:16:34.634462: | cmd( 960):ING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:16:34.648386: | stop processing: connection "north-east" (in whack_route_connection() at rcv_whack.c:116) Sep 21 07:16:34.648420: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:34.648427: | spent 0.491 milliseconds in whack Sep 21 07:16:34.648437: | processing signal PLUTO_SIGCHLD Sep 21 07:16:34.648441: | waitpid returned nothing left to do (all child processes are busy) Sep 21 07:16:34.648444: | spent 0.00419 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:34.648445: | processing signal PLUTO_SIGCHLD Sep 21 07:16:34.648448: | waitpid returned nothing left to do (all child processes are busy) Sep 21 07:16:34.648450: | spent 0.00227 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:34.648989: | processing signal PLUTO_SIGCHLD Sep 21 07:16:34.649001: | waitpid returned pid 15386 (exited with status 0) Sep 21 07:16:34.649004: | reaped addconn helper child (status 0) Sep 21 07:16:34.649008: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:34.649011: | spent 0.0134 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:34.815665: | kernel_process_msg_cb process netlink message Sep 21 07:16:34.815690: | netlink_get: XFRM_MSG_ACQUIRE message Sep 21 07:16:34.815693: | xfrm netlink msg len 376 Sep 21 07:16:34.815696: | xfrm acquire rtattribute type 5 Sep 21 07:16:34.815698: | xfrm acquire rtattribute type 16 Sep 21 07:16:34.815711: | add bare shunt 0x558c073b61a0 192.0.3.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:16:34.815717: initiate on demand from 192.0.3.254:8 to 192.0.2.254:0 proto=1 because: acquire Sep 21 07:16:34.815722: | find_connection: looking for policy for connection: 192.0.3.254:1/8 -> 192.0.2.254:1/0 Sep 21 07:16:34.815725: | FOR_EACH_CONNECTION_... in find_connection_for_clients Sep 21 07:16:34.815730: | find_connection: conn "north-east" has compatible peers: 192.0.3.254/32:0 -> 192.0.2.0/24:0 [pri: 33603594] Sep 21 07:16:34.815733: | find_connection: first OK "north-east" [pri:33603594]{0x558c073b6920} (child none) Sep 21 07:16:34.815735: | find_connection: concluding with "north-east" [pri:33603594]{0x558c073b6920} kind=CK_PERMANENT Sep 21 07:16:34.815738: | assign hold, routing was prospective erouted, needs to be erouted HOLD Sep 21 07:16:34.815740: | assign_holdpass() need broad(er) shunt Sep 21 07:16:34.815743: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:16:34.815749: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.3.254/32:0 --0-> 192.0.2.0/24:0 => %hold>%hold (raw_eroute) Sep 21 07:16:34.815751: | netlink_raw_eroute: SPI_HOLD implemented as no-op Sep 21 07:16:34.815754: | raw_eroute result=success Sep 21 07:16:34.815756: | assign_holdpass() eroute_connection() done Sep 21 07:16:34.815757: | fiddle_bare_shunt called Sep 21 07:16:34.815760: | fiddle_bare_shunt with transport_proto 1 Sep 21 07:16:34.815762: | removing specific host-to-host bare shunt Sep 21 07:16:34.815766: | delete narrow %hold eroute 192.0.3.254/32:8 --1-> 192.0.2.254/32:0 => %hold (raw_eroute) Sep 21 07:16:34.815768: | netlink_raw_eroute: SPI_PASS Sep 21 07:16:34.815793: | raw_eroute result=success Sep 21 07:16:34.815800: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Sep 21 07:16:34.815814: | delete bare shunt 0x558c073b61a0 192.0.3.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:16:34.815817: assign_holdpass() delete_bare_shunt() failed Sep 21 07:16:34.815819: initiate_ondemand_body() failed to install negotiation_shunt, Sep 21 07:16:34.815822: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:34.815839: | creating state object #1 at 0x558c073b7e20 Sep 21 07:16:34.815842: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:16:34.815850: | pstats #1 ikev2.ike started Sep 21 07:16:34.815853: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:16:34.815857: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:16:34.815862: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:34.815871: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:34.815874: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:16:34.815878: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-east" IKE SA #1 "north-east" Sep 21 07:16:34.815882: "north-east" #1: initiating v2 parent SA Sep 21 07:16:34.815885: | constructing local IKE proposals for north-east (IKE SA initiator selecting KE) Sep 21 07:16:34.815891: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:34.815899: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:34.815902: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:34.815907: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:34.815910: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:34.815915: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:34.815918: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:34.815922: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:34.815931: "north-east": constructed local IKE proposals for north-east (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:34.815938: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:16:34.815941: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x558c073b8c90 Sep 21 07:16:34.815944: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:16:34.815948: | libevent_malloc: new ptr-libevent@0x558c073b8cd0 size 128 Sep 21 07:16:34.815963: | #1 spent 0.24 milliseconds in ikev2_parent_outI1() Sep 21 07:16:34.815968: | crypto helper 0 resuming Sep 21 07:16:34.815974: | RESET processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:34.815984: | crypto helper 0 starting work-order 1 for state #1 Sep 21 07:16:34.815992: | initiate on demand using RSASIG from 192.0.3.254 to 192.0.2.254 Sep 21 07:16:34.815996: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:16:34.816000: | spent 0.306 milliseconds in kernel message Sep 21 07:16:34.816856: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.00086 seconds Sep 21 07:16:34.816868: | (#1) spent 0.861 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:16:34.816871: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Sep 21 07:16:34.816873: | scheduling resume sending helper answer for #1 Sep 21 07:16:34.816876: | libevent_malloc: new ptr-libevent@0x7f61e4006900 size 128 Sep 21 07:16:34.816884: | crypto helper 0 waiting (nothing to do) Sep 21 07:16:34.816893: | processing resume sending helper answer for #1 Sep 21 07:16:34.816901: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:34.816904: | crypto helper 0 replies to request ID 1 Sep 21 07:16:34.816907: | calling continuation function 0x558c0553c630 Sep 21 07:16:34.816909: | ikev2_parent_outI1_continue for #1 Sep 21 07:16:34.816943: | **emit ISAKMP Message: Sep 21 07:16:34.816945: | initiator cookie: Sep 21 07:16:34.816948: | c4 a3 64 8b a9 6c c7 86 Sep 21 07:16:34.816950: | responder cookie: Sep 21 07:16:34.816952: | 00 00 00 00 00 00 00 00 Sep 21 07:16:34.816954: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:34.816957: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:34.816959: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:34.816962: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:34.816964: | Message ID: 0 (0x0) Sep 21 07:16:34.816967: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:34.816980: | using existing local IKE proposals for connection north-east (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:34.816983: | Emitting ikev2_proposals ... Sep 21 07:16:34.816985: | ***emit IKEv2 Security Association Payload: Sep 21 07:16:34.816988: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.816990: | flags: none (0x0) Sep 21 07:16:34.816993: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:34.816995: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:34.816998: | discarding INTEG=NONE Sep 21 07:16:34.817000: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:34.817003: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:34.817005: | prop #: 1 (0x1) Sep 21 07:16:34.817007: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:34.817009: | spi size: 0 (0x0) Sep 21 07:16:34.817011: | # transforms: 11 (0xb) Sep 21 07:16:34.817014: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:34.817021: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817024: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817026: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:34.817028: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:34.817031: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817033: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:34.817036: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:34.817038: | length/value: 256 (0x100) Sep 21 07:16:34.817040: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:34.817043: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817045: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817047: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:34.817049: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:34.817052: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817054: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817056: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817059: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817061: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817063: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:34.817065: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:34.817067: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817070: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817072: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817074: | discarding INTEG=NONE Sep 21 07:16:34.817076: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817078: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817080: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817082: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:34.817085: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817087: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817089: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817091: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817093: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817095: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817097: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:34.817100: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817102: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817104: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817106: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817108: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817110: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817113: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:34.817115: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817119: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817121: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817123: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817125: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817127: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817130: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:34.817132: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817134: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817137: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817139: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817141: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817143: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817145: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:34.817147: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817150: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817152: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817154: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817156: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817158: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817160: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:34.817163: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817165: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817167: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817169: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817171: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817173: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817175: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:34.817178: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817180: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817182: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817184: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817186: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:34.817188: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817191: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:34.817193: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817195: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817198: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817200: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:34.817202: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:34.817204: | discarding INTEG=NONE Sep 21 07:16:34.817208: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:34.817210: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:34.817212: | prop #: 2 (0x2) Sep 21 07:16:34.817214: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:34.817216: | spi size: 0 (0x0) Sep 21 07:16:34.817218: | # transforms: 11 (0xb) Sep 21 07:16:34.817221: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:34.817223: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:34.817225: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817227: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817230: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:34.817232: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:34.817234: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817236: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:34.817238: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:34.817241: | length/value: 128 (0x80) Sep 21 07:16:34.817243: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:34.817245: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817247: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817249: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:34.817251: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:34.817254: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817256: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817258: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817260: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817262: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817264: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:34.817267: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:34.817269: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817271: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817274: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817275: | discarding INTEG=NONE Sep 21 07:16:34.817277: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817280: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817282: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817284: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:34.817286: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817289: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817291: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817293: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817295: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817297: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817299: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:34.817301: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817304: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817307: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817309: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817311: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817313: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817315: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:34.817318: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817320: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817322: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817324: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817326: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817328: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817330: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:34.817333: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817335: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817338: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817340: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817342: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817344: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817346: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:34.817348: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817351: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817353: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817355: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817357: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817359: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817361: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:34.817363: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817366: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817368: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817370: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817372: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817374: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817376: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:34.817379: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817381: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817383: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817385: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817387: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:34.817389: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817391: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:34.817394: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817397: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817400: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817402: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:34.817404: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:34.817406: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:34.817408: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:34.817410: | prop #: 3 (0x3) Sep 21 07:16:34.817412: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:34.817414: | spi size: 0 (0x0) Sep 21 07:16:34.817416: | # transforms: 13 (0xd) Sep 21 07:16:34.817419: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:34.817421: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:34.817423: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817425: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817428: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:34.817430: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:34.817432: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817434: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:34.817436: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:34.817438: | length/value: 256 (0x100) Sep 21 07:16:34.817440: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:34.817443: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817445: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817447: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:34.817449: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:34.817451: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817454: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817456: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817458: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817460: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817462: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:34.817464: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:34.817466: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817469: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817471: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817473: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817475: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817477: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:34.817479: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:34.817482: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817484: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817487: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817489: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817491: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817493: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:34.817496: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:34.817498: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817500: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817503: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817505: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817507: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817509: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817511: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:34.817513: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817516: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817518: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817520: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817522: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817524: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817526: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:34.817528: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817531: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817533: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817535: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817537: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817539: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817541: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:34.817544: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817546: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817548: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817550: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817552: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817554: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817556: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:34.817559: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817561: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817563: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817565: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817567: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817569: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817572: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:34.817574: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817578: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817580: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817582: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817584: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817586: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817588: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:34.817590: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817593: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817595: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817597: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817599: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817601: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817603: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:34.817606: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817608: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817610: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817612: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817614: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:34.817616: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817618: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:34.817621: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817623: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817625: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817627: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:34.817630: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:34.817632: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:34.817634: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:34.817636: | prop #: 4 (0x4) Sep 21 07:16:34.817638: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:34.817640: | spi size: 0 (0x0) Sep 21 07:16:34.817642: | # transforms: 13 (0xd) Sep 21 07:16:34.817644: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:34.817647: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:34.817649: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817651: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817653: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:34.817655: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:34.817657: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817660: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:34.817662: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:34.817664: | length/value: 128 (0x80) Sep 21 07:16:34.817666: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:34.817668: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817671: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817673: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:34.817675: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:34.817678: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817680: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817682: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817684: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817686: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817689: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:34.817691: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:34.817693: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817696: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817698: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817700: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817702: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817704: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:34.817706: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:34.817708: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817711: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817713: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817715: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817717: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817719: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:34.817721: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:34.817724: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817726: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817728: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817730: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817732: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817734: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817736: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:34.817739: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817741: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817743: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817746: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817748: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817750: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817752: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:34.817754: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817756: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817760: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817762: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817764: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817766: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817768: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:34.817770: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817773: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817775: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817777: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817779: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817781: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817790: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:34.817796: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817799: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817801: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817803: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817805: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817807: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817809: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:34.817811: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817814: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817816: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817818: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817820: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817822: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817824: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:34.817827: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817829: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817831: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817833: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817835: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817837: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817839: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:34.817842: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817844: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817846: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817848: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.817851: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:34.817853: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.817855: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:34.817857: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.817861: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.817863: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.817865: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:34.817868: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:34.817870: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:16:34.817872: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:34.817875: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:16:34.817877: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.817879: | flags: none (0x0) Sep 21 07:16:34.817881: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:34.817884: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:34.817886: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:34.817890: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:34.817892: | ikev2 g^x 3c 88 5d 0e 73 7b f7 45 45 c6 bf 63 01 6a 78 f5 Sep 21 07:16:34.817894: | ikev2 g^x 9d dd 81 87 23 5e 2c d1 98 3b 01 81 7e d1 d4 83 Sep 21 07:16:34.817896: | ikev2 g^x 3c e8 40 e0 ff 5c b9 04 ac 8e dc 08 5f 26 dc 1b Sep 21 07:16:34.817898: | ikev2 g^x 09 73 c3 83 5b e4 5e 3b 7c 45 45 96 ca 39 f8 a2 Sep 21 07:16:34.817900: | ikev2 g^x 1b fe e8 d8 a1 0d 71 39 24 38 04 6a a4 dc 2c ba Sep 21 07:16:34.817902: | ikev2 g^x 1f b0 12 49 b1 8e 54 67 92 43 a3 7f e5 7e 2f e8 Sep 21 07:16:34.817904: | ikev2 g^x 69 9c d9 26 14 50 6d f9 2d d2 f7 e2 26 4b 5c 66 Sep 21 07:16:34.817906: | ikev2 g^x 6a ff d3 14 87 9d 3e f1 8c 9e aa 5b 58 9e ce 95 Sep 21 07:16:34.817908: | ikev2 g^x 60 0e 73 9b 26 6f ce 80 e9 44 b2 45 a7 ce 63 50 Sep 21 07:16:34.817910: | ikev2 g^x c3 64 f1 8a 80 e6 db 2f 60 b6 81 d0 dc 8c 87 80 Sep 21 07:16:34.817912: | ikev2 g^x 4a 6c 9f 87 75 f8 5b 82 91 ee 5e 97 58 7f cc 03 Sep 21 07:16:34.817914: | ikev2 g^x 3b 67 f9 e1 3f 02 97 e1 0e 3e e4 ca 0d 5a b7 04 Sep 21 07:16:34.817916: | ikev2 g^x 6a a5 36 f2 91 f1 52 68 bf 87 25 a2 56 d3 d3 03 Sep 21 07:16:34.817918: | ikev2 g^x 69 ef 1d 5b 1e 71 58 da f4 bb b4 a4 93 c5 fc 95 Sep 21 07:16:34.817920: | ikev2 g^x 5f 91 a4 60 e0 d5 d6 27 97 4a ab ca 81 a1 60 3f Sep 21 07:16:34.817922: | ikev2 g^x 65 75 33 f2 90 8a 11 78 ae bd a7 44 c5 3d af 05 Sep 21 07:16:34.817924: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:16:34.817926: | ***emit IKEv2 Nonce Payload: Sep 21 07:16:34.817928: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:34.817930: | flags: none (0x0) Sep 21 07:16:34.817933: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:16:34.817936: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:34.817938: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:34.817940: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:34.817943: | IKEv2 nonce 47 bf 44 63 e1 cc bc 39 9a 16 25 ee 3c 16 dd b0 Sep 21 07:16:34.817945: | IKEv2 nonce b9 7b 39 46 2a 5c 7e 7c 36 2d fa 1e e6 e7 7e ce Sep 21 07:16:34.817947: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:34.817949: | Adding a v2N Payload Sep 21 07:16:34.817951: | ***emit IKEv2 Notify Payload: Sep 21 07:16:34.817953: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.817955: | flags: none (0x0) Sep 21 07:16:34.817959: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:34.817961: | SPI size: 0 (0x0) Sep 21 07:16:34.817963: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:34.817966: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:34.817968: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:34.817970: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:16:34.817973: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:16:34.817975: | natd_hash: rcookie is zero Sep 21 07:16:34.817985: | natd_hash: hasher=0x558c056127a0(20) Sep 21 07:16:34.817988: | natd_hash: icookie= c4 a3 64 8b a9 6c c7 86 Sep 21 07:16:34.817990: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:34.817992: | natd_hash: ip= c0 01 03 21 Sep 21 07:16:34.817994: | natd_hash: port= 01 f4 Sep 21 07:16:34.817996: | natd_hash: hash= fc ad 11 80 97 96 f7 f9 e4 20 f1 23 90 7b 2b 4b Sep 21 07:16:34.817998: | natd_hash: hash= b2 2f b4 44 Sep 21 07:16:34.818000: | Adding a v2N Payload Sep 21 07:16:34.818002: | ***emit IKEv2 Notify Payload: Sep 21 07:16:34.818004: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.818006: | flags: none (0x0) Sep 21 07:16:34.818009: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:34.818011: | SPI size: 0 (0x0) Sep 21 07:16:34.818013: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:34.818015: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:34.818018: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:34.818020: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:34.818022: | Notify data fc ad 11 80 97 96 f7 f9 e4 20 f1 23 90 7b 2b 4b Sep 21 07:16:34.818024: | Notify data b2 2f b4 44 Sep 21 07:16:34.818026: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:34.818028: | natd_hash: rcookie is zero Sep 21 07:16:34.818033: | natd_hash: hasher=0x558c056127a0(20) Sep 21 07:16:34.818036: | natd_hash: icookie= c4 a3 64 8b a9 6c c7 86 Sep 21 07:16:34.818038: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:34.818040: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:34.818041: | natd_hash: port= 01 f4 Sep 21 07:16:34.818044: | natd_hash: hash= 3c cc e7 fb f2 9e 02 95 7a 56 35 db 5c 2e 76 22 Sep 21 07:16:34.818045: | natd_hash: hash= 66 c1 59 40 Sep 21 07:16:34.818047: | Adding a v2N Payload Sep 21 07:16:34.818049: | ***emit IKEv2 Notify Payload: Sep 21 07:16:34.818051: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.818053: | flags: none (0x0) Sep 21 07:16:34.818055: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:34.818057: | SPI size: 0 (0x0) Sep 21 07:16:34.818060: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:34.818062: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:34.818064: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:34.818067: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:34.818069: | Notify data 3c cc e7 fb f2 9e 02 95 7a 56 35 db 5c 2e 76 22 Sep 21 07:16:34.818071: | Notify data 66 c1 59 40 Sep 21 07:16:34.818073: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:34.818075: | emitting length of ISAKMP Message: 828 Sep 21 07:16:34.818082: | stop processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:16:34.818099: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:34.818103: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:16:34.818108: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:16:34.818110: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:16:34.818113: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:16:34.818115: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:16:34.818120: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:34.818123: "north-east" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:34.818127: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:16:34.818152: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:34.818159: | c4 a3 64 8b a9 6c c7 86 00 00 00 00 00 00 00 00 Sep 21 07:16:34.818162: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:16:34.818165: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:16:34.818167: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:16:34.818169: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:16:34.818171: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:16:34.818173: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:16:34.818175: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:16:34.818177: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:16:34.818179: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:16:34.818181: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:16:34.818183: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:16:34.818185: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:16:34.818187: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:16:34.818189: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:16:34.818191: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:16:34.818193: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:16:34.818195: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:16:34.818197: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:16:34.818199: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:16:34.818201: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:16:34.818203: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:16:34.818205: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:16:34.818207: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:16:34.818209: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:16:34.818211: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:16:34.818213: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:16:34.818215: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:16:34.818216: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:16:34.818218: | 28 00 01 08 00 0e 00 00 3c 88 5d 0e 73 7b f7 45 Sep 21 07:16:34.818220: | 45 c6 bf 63 01 6a 78 f5 9d dd 81 87 23 5e 2c d1 Sep 21 07:16:34.818222: | 98 3b 01 81 7e d1 d4 83 3c e8 40 e0 ff 5c b9 04 Sep 21 07:16:34.818224: | ac 8e dc 08 5f 26 dc 1b 09 73 c3 83 5b e4 5e 3b Sep 21 07:16:34.818226: | 7c 45 45 96 ca 39 f8 a2 1b fe e8 d8 a1 0d 71 39 Sep 21 07:16:34.818228: | 24 38 04 6a a4 dc 2c ba 1f b0 12 49 b1 8e 54 67 Sep 21 07:16:34.818230: | 92 43 a3 7f e5 7e 2f e8 69 9c d9 26 14 50 6d f9 Sep 21 07:16:34.818232: | 2d d2 f7 e2 26 4b 5c 66 6a ff d3 14 87 9d 3e f1 Sep 21 07:16:34.818234: | 8c 9e aa 5b 58 9e ce 95 60 0e 73 9b 26 6f ce 80 Sep 21 07:16:34.818236: | e9 44 b2 45 a7 ce 63 50 c3 64 f1 8a 80 e6 db 2f Sep 21 07:16:34.818238: | 60 b6 81 d0 dc 8c 87 80 4a 6c 9f 87 75 f8 5b 82 Sep 21 07:16:34.818240: | 91 ee 5e 97 58 7f cc 03 3b 67 f9 e1 3f 02 97 e1 Sep 21 07:16:34.818244: | 0e 3e e4 ca 0d 5a b7 04 6a a5 36 f2 91 f1 52 68 Sep 21 07:16:34.818246: | bf 87 25 a2 56 d3 d3 03 69 ef 1d 5b 1e 71 58 da Sep 21 07:16:34.818248: | f4 bb b4 a4 93 c5 fc 95 5f 91 a4 60 e0 d5 d6 27 Sep 21 07:16:34.818250: | 97 4a ab ca 81 a1 60 3f 65 75 33 f2 90 8a 11 78 Sep 21 07:16:34.818252: | ae bd a7 44 c5 3d af 05 29 00 00 24 47 bf 44 63 Sep 21 07:16:34.818254: | e1 cc bc 39 9a 16 25 ee 3c 16 dd b0 b9 7b 39 46 Sep 21 07:16:34.818256: | 2a 5c 7e 7c 36 2d fa 1e e6 e7 7e ce 29 00 00 08 Sep 21 07:16:34.818258: | 00 00 40 2e 29 00 00 1c 00 00 40 04 fc ad 11 80 Sep 21 07:16:34.818260: | 97 96 f7 f9 e4 20 f1 23 90 7b 2b 4b b2 2f b4 44 Sep 21 07:16:34.818262: | 00 00 00 1c 00 00 40 05 3c cc e7 fb f2 9e 02 95 Sep 21 07:16:34.818264: | 7a 56 35 db 5c 2e 76 22 66 c1 59 40 Sep 21 07:16:34.818342: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:34.818348: | libevent_free: release ptr-libevent@0x558c073b8cd0 Sep 21 07:16:34.818350: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x558c073b8c90 Sep 21 07:16:34.818353: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:16:34.818356: | event_schedule: new EVENT_RETRANSMIT-pe@0x558c073b8c90 Sep 21 07:16:34.818360: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:16:34.818363: | libevent_malloc: new ptr-libevent@0x558c073b88e0 size 128 Sep 21 07:16:34.818368: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48841.18662 Sep 21 07:16:34.818371: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:16:34.818376: | #1 spent 1.4 milliseconds in resume sending helper answer Sep 21 07:16:34.818381: | stop processing: state #1 connection "north-east" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:34.818383: | libevent_free: release ptr-libevent@0x7f61e4006900 Sep 21 07:16:34.821268: | spent 0.00295 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:34.821291: | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:34.821295: | c4 a3 64 8b a9 6c c7 86 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:34.821297: | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 Sep 21 07:16:34.821299: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:16:34.821301: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:16:34.821303: | 04 00 00 0e 28 00 01 08 00 0e 00 00 d4 05 d4 96 Sep 21 07:16:34.821305: | 21 18 75 56 e8 c7 6c 06 6b c9 66 ac 51 4c 4d 36 Sep 21 07:16:34.821307: | 95 f1 83 0c a4 1d a6 bf cd 1e 38 40 27 bd cb 3a Sep 21 07:16:34.821309: | 57 37 93 99 d9 16 73 67 89 3c 2a 32 e7 8e 52 55 Sep 21 07:16:34.821311: | b8 cf 4b 28 b6 9e a8 99 c2 17 ad 6c 0b a4 c6 85 Sep 21 07:16:34.821313: | 44 40 72 1b 17 77 0f c9 b7 14 5a 57 65 e3 9a f1 Sep 21 07:16:34.821315: | 19 d4 02 d1 cd ae e4 df e2 1d 7d 49 44 c5 8a 32 Sep 21 07:16:34.821317: | 5e 1b 3e 28 2b 6a c1 89 43 e0 ad 28 92 69 a4 9f Sep 21 07:16:34.821319: | 53 44 0b 43 00 66 92 bc ce c3 83 cd 36 75 86 f0 Sep 21 07:16:34.821321: | 21 61 f3 b9 d8 ae c9 19 0d 19 d6 f8 22 ad 61 25 Sep 21 07:16:34.821322: | ef 3a b6 1b fa 56 50 f0 09 15 fd da 82 65 78 2c Sep 21 07:16:34.821324: | e1 c6 40 77 35 ea 8a a3 74 6b e2 c7 89 c3 95 d8 Sep 21 07:16:34.821326: | 43 13 50 ee d9 d5 ba 53 e6 b9 88 bd 53 61 57 e4 Sep 21 07:16:34.821328: | b2 99 cb 9a a0 5d 58 81 9c fe c7 4c 5a 30 67 e9 Sep 21 07:16:34.821330: | 42 19 f3 48 cb d3 d7 8c 34 67 3a 24 5c d9 8b 2c Sep 21 07:16:34.821332: | 48 33 25 d9 d7 2a a6 ea 2d 37 8b 48 06 db 46 20 Sep 21 07:16:34.821334: | 5b 1d a7 5a cf a7 8a b3 bf 7e 98 22 29 00 00 24 Sep 21 07:16:34.821336: | 3d 61 19 51 f4 a4 c7 32 46 8f 4c 2c 17 a0 3c c7 Sep 21 07:16:34.821338: | bd 5b 06 93 6d f8 c4 d4 f0 2e a0 63 40 f4 93 f7 Sep 21 07:16:34.821342: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:16:34.821345: | 3b 68 49 56 ad a2 3e e9 df 7a 13 9c 19 1b c0 fc Sep 21 07:16:34.821347: | 64 99 c8 57 26 00 00 1c 00 00 40 05 ce 3d e9 c3 Sep 21 07:16:34.821348: | 2b 3f 11 0b 36 bc f4 51 04 3a 87 40 c0 10 ab 1d Sep 21 07:16:34.821350: | 00 00 00 05 04 Sep 21 07:16:34.821355: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:34.821358: | **parse ISAKMP Message: Sep 21 07:16:34.821360: | initiator cookie: Sep 21 07:16:34.821362: | c4 a3 64 8b a9 6c c7 86 Sep 21 07:16:34.821364: | responder cookie: Sep 21 07:16:34.821366: | 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:34.821369: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:34.821371: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:34.821373: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:34.821376: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:34.821378: | Message ID: 0 (0x0) Sep 21 07:16:34.821380: | length: 437 (0x1b5) Sep 21 07:16:34.821383: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:16:34.821386: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:16:34.821389: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:16:34.821394: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:34.821398: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:34.821400: | #1 is idle Sep 21 07:16:34.821402: | #1 idle Sep 21 07:16:34.821404: | unpacking clear payload Sep 21 07:16:34.821407: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:34.821410: | ***parse IKEv2 Security Association Payload: Sep 21 07:16:34.821412: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:16:34.821414: | flags: none (0x0) Sep 21 07:16:34.821416: | length: 40 (0x28) Sep 21 07:16:34.821418: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:16:34.821420: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:16:34.821423: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:16:34.821425: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:16:34.821427: | flags: none (0x0) Sep 21 07:16:34.821429: | length: 264 (0x108) Sep 21 07:16:34.821431: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:34.821434: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:16:34.821436: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:16:34.821438: | ***parse IKEv2 Nonce Payload: Sep 21 07:16:34.821440: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:34.821442: | flags: none (0x0) Sep 21 07:16:34.821444: | length: 36 (0x24) Sep 21 07:16:34.821446: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:16:34.821448: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:34.821450: | ***parse IKEv2 Notify Payload: Sep 21 07:16:34.821452: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:34.821454: | flags: none (0x0) Sep 21 07:16:34.821456: | length: 8 (0x8) Sep 21 07:16:34.821458: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:34.821460: | SPI size: 0 (0x0) Sep 21 07:16:34.821463: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:34.821465: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:16:34.821467: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:34.821469: | ***parse IKEv2 Notify Payload: Sep 21 07:16:34.821471: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:34.821473: | flags: none (0x0) Sep 21 07:16:34.821475: | length: 28 (0x1c) Sep 21 07:16:34.821477: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:34.821479: | SPI size: 0 (0x0) Sep 21 07:16:34.821481: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:34.821485: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:34.821487: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:34.821489: | ***parse IKEv2 Notify Payload: Sep 21 07:16:34.821491: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Sep 21 07:16:34.821493: | flags: none (0x0) Sep 21 07:16:34.821495: | length: 28 (0x1c) Sep 21 07:16:34.821497: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:34.821499: | SPI size: 0 (0x0) Sep 21 07:16:34.821501: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:34.821503: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:34.821505: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Sep 21 07:16:34.821507: | ***parse IKEv2 Certificate Request Payload: Sep 21 07:16:34.821510: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.821512: | flags: none (0x0) Sep 21 07:16:34.821514: | length: 5 (0x5) Sep 21 07:16:34.821516: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:16:34.821518: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) Sep 21 07:16:34.821521: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:16:34.821526: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:34.821529: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:16:34.821533: | Now let's proceed with state specific processing Sep 21 07:16:34.821536: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:16:34.821540: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:16:34.821554: | using existing local IKE proposals for connection north-east (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:34.821557: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:16:34.821561: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:34.821563: | local proposal 1 type PRF has 2 transforms Sep 21 07:16:34.821565: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:34.821567: | local proposal 1 type DH has 8 transforms Sep 21 07:16:34.821569: | local proposal 1 type ESN has 0 transforms Sep 21 07:16:34.821572: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:16:34.821574: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:34.821577: | local proposal 2 type PRF has 2 transforms Sep 21 07:16:34.821579: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:34.821581: | local proposal 2 type DH has 8 transforms Sep 21 07:16:34.821583: | local proposal 2 type ESN has 0 transforms Sep 21 07:16:34.821585: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:16:34.821587: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:34.821589: | local proposal 3 type PRF has 2 transforms Sep 21 07:16:34.821591: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:34.821594: | local proposal 3 type DH has 8 transforms Sep 21 07:16:34.821596: | local proposal 3 type ESN has 0 transforms Sep 21 07:16:34.821598: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:16:34.821600: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:34.821602: | local proposal 4 type PRF has 2 transforms Sep 21 07:16:34.821604: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:34.821606: | local proposal 4 type DH has 8 transforms Sep 21 07:16:34.821611: | local proposal 4 type ESN has 0 transforms Sep 21 07:16:34.821613: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:16:34.821616: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:34.821618: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:34.821620: | length: 36 (0x24) Sep 21 07:16:34.821622: | prop #: 1 (0x1) Sep 21 07:16:34.821624: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:34.821626: | spi size: 0 (0x0) Sep 21 07:16:34.821628: | # transforms: 3 (0x3) Sep 21 07:16:34.821631: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:16:34.821634: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:34.821636: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.821638: | length: 12 (0xc) Sep 21 07:16:34.821640: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:34.821643: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:34.821645: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:34.821647: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:34.821649: | length/value: 256 (0x100) Sep 21 07:16:34.821653: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:34.821656: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:34.821658: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.821660: | length: 8 (0x8) Sep 21 07:16:34.821662: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:34.821664: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:34.821667: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:16:34.821669: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:34.821671: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:34.821673: | length: 8 (0x8) Sep 21 07:16:34.821675: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:34.821677: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:34.821680: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:16:34.821683: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:16:34.821687: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:16:34.821690: | remote proposal 1 matches local proposal 1 Sep 21 07:16:34.821692: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:16:34.821694: | converting proposal to internal trans attrs Sep 21 07:16:34.821706: | natd_hash: hasher=0x558c056127a0(20) Sep 21 07:16:34.821708: | natd_hash: icookie= c4 a3 64 8b a9 6c c7 86 Sep 21 07:16:34.821710: | natd_hash: rcookie= 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:34.821712: | natd_hash: ip= c0 01 03 21 Sep 21 07:16:34.821714: | natd_hash: port= 01 f4 Sep 21 07:16:34.821717: | natd_hash: hash= ce 3d e9 c3 2b 3f 11 0b 36 bc f4 51 04 3a 87 40 Sep 21 07:16:34.821719: | natd_hash: hash= c0 10 ab 1d Sep 21 07:16:34.821723: | natd_hash: hasher=0x558c056127a0(20) Sep 21 07:16:34.821726: | natd_hash: icookie= c4 a3 64 8b a9 6c c7 86 Sep 21 07:16:34.821728: | natd_hash: rcookie= 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:34.821729: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:34.821731: | natd_hash: port= 01 f4 Sep 21 07:16:34.821734: | natd_hash: hash= 3b 68 49 56 ad a2 3e e9 df 7a 13 9c 19 1b c0 fc Sep 21 07:16:34.821735: | natd_hash: hash= 64 99 c8 57 Sep 21 07:16:34.821738: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:16:34.821741: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:16:34.821744: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:16:34.821748: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:16:34.821751: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:16:34.821756: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:16:34.821759: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:34.821761: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:16:34.821764: | libevent_free: release ptr-libevent@0x558c073b88e0 Sep 21 07:16:34.821767: | free_event_entry: release EVENT_RETRANSMIT-pe@0x558c073b8c90 Sep 21 07:16:34.821769: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x558c073b8c90 Sep 21 07:16:34.821773: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:16:34.821775: | libevent_malloc: new ptr-libevent@0x558c073b88e0 size 128 Sep 21 07:16:34.821791: | #1 spent 0.246 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:16:34.821798: | crypto helper 2 resuming Sep 21 07:16:34.821802: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:34.821810: | crypto helper 2 starting work-order 2 for state #1 Sep 21 07:16:34.821817: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:16:34.821824: | crypto helper 2 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:16:34.821826: | suspending state #1 and saving MD Sep 21 07:16:34.821831: | #1 is busy; has a suspended MD Sep 21 07:16:34.821837: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:34.821842: | "north-east" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:34.821849: | stop processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:34.821856: | #1 spent 0.566 milliseconds in ikev2_process_packet() Sep 21 07:16:34.821862: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:34.821866: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:34.821870: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:34.821875: | spent 0.586 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:34.822889: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:16:34.823447: | crypto helper 2 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001622 seconds Sep 21 07:16:34.823457: | (#1) spent 1.62 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:16:34.823461: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Sep 21 07:16:34.823463: | scheduling resume sending helper answer for #1 Sep 21 07:16:34.823466: | libevent_malloc: new ptr-libevent@0x7f61dc006b90 size 128 Sep 21 07:16:34.823474: | crypto helper 2 waiting (nothing to do) Sep 21 07:16:34.823483: | processing resume sending helper answer for #1 Sep 21 07:16:34.823492: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:34.823495: | crypto helper 2 replies to request ID 2 Sep 21 07:16:34.823498: | calling continuation function 0x558c0553c630 Sep 21 07:16:34.823500: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:16:34.823508: | creating state object #2 at 0x558c073bcf90 Sep 21 07:16:34.823511: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:16:34.823514: | pstats #2 ikev2.child started Sep 21 07:16:34.823517: | duplicating state object #1 "north-east" as #2 for IPSEC SA Sep 21 07:16:34.823521: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:34.823527: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:34.823531: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:16:34.823537: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:34.823540: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:34.823543: | libevent_free: release ptr-libevent@0x558c073b88e0 Sep 21 07:16:34.823545: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x558c073b8c90 Sep 21 07:16:34.823548: | event_schedule: new EVENT_SA_REPLACE-pe@0x558c073b8c90 Sep 21 07:16:34.823551: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:16:34.823554: | libevent_malloc: new ptr-libevent@0x558c073b88e0 size 128 Sep 21 07:16:34.823557: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:16:34.823562: | **emit ISAKMP Message: Sep 21 07:16:34.823565: | initiator cookie: Sep 21 07:16:34.823567: | c4 a3 64 8b a9 6c c7 86 Sep 21 07:16:34.823569: | responder cookie: Sep 21 07:16:34.823571: | 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:34.823574: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:34.823576: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:34.823579: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:34.823581: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:34.823583: | Message ID: 1 (0x1) Sep 21 07:16:34.823586: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:34.823588: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:34.823591: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.823593: | flags: none (0x0) Sep 21 07:16:34.823596: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:34.823598: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:16:34.823601: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:34.823608: | IKEv2 CERT: send a certificate? Sep 21 07:16:34.823610: | IKEv2 CERT: no certificate to send Sep 21 07:16:34.823613: | IDr payload will be sent Sep 21 07:16:34.823628: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:16:34.823631: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.823633: | flags: none (0x0) Sep 21 07:16:34.823636: | ID type: ID_FQDN (0x2) Sep 21 07:16:34.823639: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:16:34.823641: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:34.823644: | emitting 5 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:16:34.823646: | my identity 6e 6f 72 74 68 Sep 21 07:16:34.823648: | emitting length of IKEv2 Identification - Initiator - Payload: 13 Sep 21 07:16:34.823656: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:16:34.823658: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:16:34.823660: | flags: none (0x0) Sep 21 07:16:34.823663: | ID type: ID_FQDN (0x2) Sep 21 07:16:34.823665: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:16:34.823668: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:16:34.823670: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:34.823673: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:16:34.823675: | IDr 65 61 73 74 Sep 21 07:16:34.823677: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:16:34.823681: | not sending INITIAL_CONTACT Sep 21 07:16:34.823684: | ****emit IKEv2 Authentication Payload: Sep 21 07:16:34.823686: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.823688: | flags: none (0x0) Sep 21 07:16:34.823691: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:16:34.823693: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:16:34.823696: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:16:34.823701: | started looking for secret for @north->@east of kind PKK_RSA Sep 21 07:16:34.823704: | actually looking for secret for @north->@east of kind PKK_RSA Sep 21 07:16:34.823707: | line 1: key type PKK_RSA(@north) to type PKK_RSA Sep 21 07:16:34.823710: | 1: compared key (none) to @north / @east -> 002 Sep 21 07:16:34.823713: | 2: compared key (none) to @north / @east -> 002 Sep 21 07:16:34.823715: | line 1: match=002 Sep 21 07:16:34.823718: | match 002 beats previous best_match 000 match=0x558c073ab0e0 (line=1) Sep 21 07:16:34.823720: | concluding with best_match=002 best=0x558c073ab0e0 (lineno=1) Sep 21 07:16:34.828704: | #1 spent 4.94 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Sep 21 07:16:34.828716: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Sep 21 07:16:34.828719: | rsa signature dc be c3 6c 71 5e d3 4c b8 7b 7e 6a 46 3f 99 5a Sep 21 07:16:34.828721: | rsa signature 6f 54 6f 8e 8f d5 fe ba c6 a9 1e 13 d4 c9 ef 1b Sep 21 07:16:34.828723: | rsa signature 77 64 01 59 7a 83 f6 70 6f b0 6c 8a a4 01 1f e8 Sep 21 07:16:34.828726: | rsa signature 1c ae 96 71 17 7b ae a6 ef 96 1d ad ad bc 71 56 Sep 21 07:16:34.828728: | rsa signature 64 d5 a2 1d fc 18 b3 b0 d3 2e 75 fb 2c 61 7d 53 Sep 21 07:16:34.828730: | rsa signature d5 5c 3c 46 c3 44 5b 99 48 5c 65 84 2f c8 8d 5e Sep 21 07:16:34.828732: | rsa signature bd 8c fa da b3 f4 f7 a8 1b 4c 6c da 4b 0d e2 9c Sep 21 07:16:34.828734: | rsa signature 01 39 9c cf 74 e3 ed ac bc 1f 9d a3 92 5c ce e7 Sep 21 07:16:34.828736: | rsa signature d5 99 90 53 1a 4a b3 db e6 78 73 6e a2 fa 6b 02 Sep 21 07:16:34.828738: | rsa signature 06 92 f0 9f b7 bf 03 7d f2 4d 8d ca 91 15 12 75 Sep 21 07:16:34.828740: | rsa signature 55 39 07 bf fd da 9f 59 cb 5f 0f fe 0e fa 52 60 Sep 21 07:16:34.828742: | rsa signature c0 6a 4f 9a b8 1f 34 89 4b 75 b2 f4 1a 96 85 15 Sep 21 07:16:34.828744: | rsa signature a8 81 eb 59 62 29 a4 98 c9 df 3a f8 53 bc 85 b2 Sep 21 07:16:34.828746: | rsa signature e9 c9 b1 d3 b5 59 e4 be 63 0e 88 27 9b 6b ba 8b Sep 21 07:16:34.828748: | rsa signature 33 cb db cb 51 28 0d ff b3 df d2 8e 67 0d ef 16 Sep 21 07:16:34.828750: | rsa signature 06 8c 07 5b fa 54 99 f6 fc 5a 8a 34 3a 7f 88 88 Sep 21 07:16:34.828752: | rsa signature 9f 52 b0 f8 f2 a1 d9 d9 8b b6 43 9f 66 72 83 4e Sep 21 07:16:34.828754: | rsa signature 50 f9 Sep 21 07:16:34.828758: | #1 spent 5.03 milliseconds in ikev2_calculate_rsa_hash() Sep 21 07:16:34.828760: | emitting length of IKEv2 Authentication Payload: 282 Sep 21 07:16:34.828763: | getting first pending from state #1 Sep 21 07:16:34.828781: | netlink_get_spi: allocated 0xb960a51e for esp.0@192.1.3.33 Sep 21 07:16:34.828793: | constructing ESP/AH proposals with all DH removed for north-east (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:16:34.828799: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:16:34.828804: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:16:34.828806: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:16:34.828810: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:16:34.828813: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:34.828816: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:34.828822: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:34.828825: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:34.828832: "north-east": constructed local ESP/AH proposals for north-east (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:34.828835: | Emitting ikev2_proposals ... Sep 21 07:16:34.828837: | ****emit IKEv2 Security Association Payload: Sep 21 07:16:34.828840: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.828842: | flags: none (0x0) Sep 21 07:16:34.828846: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:34.828848: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:34.828851: | discarding INTEG=NONE Sep 21 07:16:34.828853: | discarding DH=NONE Sep 21 07:16:34.828855: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:34.828857: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:34.828860: | prop #: 1 (0x1) Sep 21 07:16:34.828862: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:34.828864: | spi size: 4 (0x4) Sep 21 07:16:34.828866: | # transforms: 2 (0x2) Sep 21 07:16:34.828868: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:34.828871: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:34.828873: | our spi b9 60 a5 1e Sep 21 07:16:34.828875: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.828878: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.828880: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:34.828882: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:34.828885: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.828887: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:34.828890: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:34.828892: | length/value: 256 (0x100) Sep 21 07:16:34.828894: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:34.828896: | discarding INTEG=NONE Sep 21 07:16:34.828898: | discarding DH=NONE Sep 21 07:16:34.828900: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.828902: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:34.828905: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:34.828907: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:34.828909: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.828912: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.828914: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.828916: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:16:34.828919: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:34.828921: | discarding INTEG=NONE Sep 21 07:16:34.828923: | discarding DH=NONE Sep 21 07:16:34.828925: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:34.828927: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:34.828929: | prop #: 2 (0x2) Sep 21 07:16:34.828935: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:34.828937: | spi size: 4 (0x4) Sep 21 07:16:34.828939: | # transforms: 2 (0x2) Sep 21 07:16:34.828942: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:34.828944: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:34.828947: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:34.828949: | our spi b9 60 a5 1e Sep 21 07:16:34.828951: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.828953: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.828955: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:34.828957: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:34.828960: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.828962: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:34.828964: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:34.828966: | length/value: 128 (0x80) Sep 21 07:16:34.828968: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:34.828970: | discarding INTEG=NONE Sep 21 07:16:34.828972: | discarding DH=NONE Sep 21 07:16:34.828974: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.828976: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:34.828978: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:34.828980: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:34.828983: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.828985: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.828988: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.828990: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:16:34.828992: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:34.828994: | discarding DH=NONE Sep 21 07:16:34.828996: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:34.828998: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:34.829000: | prop #: 3 (0x3) Sep 21 07:16:34.829002: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:34.829004: | spi size: 4 (0x4) Sep 21 07:16:34.829006: | # transforms: 4 (0x4) Sep 21 07:16:34.829009: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:34.829011: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:34.829014: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:34.829016: | our spi b9 60 a5 1e Sep 21 07:16:34.829018: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.829020: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.829022: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:34.829024: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:34.829026: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.829028: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:34.829031: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:34.829033: | length/value: 256 (0x100) Sep 21 07:16:34.829035: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:34.829037: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.829040: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.829042: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:34.829044: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:34.829047: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.829049: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.829052: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.829054: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.829056: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.829058: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:34.829060: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:34.829062: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.829065: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.829067: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.829069: | discarding DH=NONE Sep 21 07:16:34.829071: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.829073: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:34.829075: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:34.829077: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:34.829080: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.829082: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.829084: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.829086: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:16:34.829089: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:34.829091: | discarding DH=NONE Sep 21 07:16:34.829093: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:34.829095: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:34.829097: | prop #: 4 (0x4) Sep 21 07:16:34.829099: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:34.829101: | spi size: 4 (0x4) Sep 21 07:16:34.829103: | # transforms: 4 (0x4) Sep 21 07:16:34.829105: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:34.829108: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:34.829110: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:34.829112: | our spi b9 60 a5 1e Sep 21 07:16:34.829114: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.829116: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.829118: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:34.829120: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:34.829123: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.829125: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:34.829127: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:34.829129: | length/value: 128 (0x80) Sep 21 07:16:34.829131: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:34.829133: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.829135: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.829138: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:34.829141: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:34.829143: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.829146: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.829148: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.829150: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.829152: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.829154: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:34.829156: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:34.829159: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.829161: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.829163: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.829165: | discarding DH=NONE Sep 21 07:16:34.829167: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:34.829169: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:34.829171: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:34.829173: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:34.829176: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.829178: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:34.829180: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:34.829182: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:16:34.829185: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:34.829187: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:16:34.829189: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:34.829193: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:34.829195: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.829197: | flags: none (0x0) Sep 21 07:16:34.829199: | number of TS: 1 (0x1) Sep 21 07:16:34.829202: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:16:34.829205: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:34.829207: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:34.829209: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:34.829211: | IP Protocol ID: 0 (0x0) Sep 21 07:16:34.829213: | start port: 0 (0x0) Sep 21 07:16:34.829215: | end port: 65535 (0xffff) Sep 21 07:16:34.829218: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:34.829220: | IP start c0 00 03 fe Sep 21 07:16:34.829222: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:34.829224: | IP end c0 00 03 fe Sep 21 07:16:34.829227: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:34.829229: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:16:34.829231: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:34.829233: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.829235: | flags: none (0x0) Sep 21 07:16:34.829237: | number of TS: 1 (0x1) Sep 21 07:16:34.829240: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:16:34.829244: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:34.829246: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:34.829248: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:34.829250: | IP Protocol ID: 0 (0x0) Sep 21 07:16:34.829252: | start port: 0 (0x0) Sep 21 07:16:34.829254: | end port: 65535 (0xffff) Sep 21 07:16:34.829256: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:34.829258: | IP start c0 00 02 00 Sep 21 07:16:34.829260: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:34.829262: | IP end c0 00 02 ff Sep 21 07:16:34.829264: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:34.829266: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:16:34.829269: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:16:34.829271: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:16:34.829274: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:34.829277: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:34.829279: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:34.829282: | emitting length of IKEv2 Encryption Payload: 548 Sep 21 07:16:34.829284: | emitting length of ISAKMP Message: 576 Sep 21 07:16:34.829287: | **parse ISAKMP Message: Sep 21 07:16:34.829289: | initiator cookie: Sep 21 07:16:34.829291: | c4 a3 64 8b a9 6c c7 86 Sep 21 07:16:34.829293: | responder cookie: Sep 21 07:16:34.829295: | 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:34.829297: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:34.829300: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:34.829302: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:34.829304: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:34.829306: | Message ID: 1 (0x1) Sep 21 07:16:34.829308: | length: 576 (0x240) Sep 21 07:16:34.829311: | **parse IKEv2 Encryption Payload: Sep 21 07:16:34.829313: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:16:34.829315: | flags: none (0x0) Sep 21 07:16:34.829317: | length: 548 (0x224) Sep 21 07:16:34.829319: | **emit ISAKMP Message: Sep 21 07:16:34.829321: | initiator cookie: Sep 21 07:16:34.829323: | c4 a3 64 8b a9 6c c7 86 Sep 21 07:16:34.829325: | responder cookie: Sep 21 07:16:34.829327: | 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:34.829329: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:34.829331: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:34.829333: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:34.829335: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:34.829337: | Message ID: 1 (0x1) Sep 21 07:16:34.829340: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:34.829342: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:16:34.829345: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:16:34.829347: | flags: none (0x0) Sep 21 07:16:34.829349: | fragment number: 1 (0x1) Sep 21 07:16:34.829351: | total fragments: 2 (0x2) Sep 21 07:16:34.829353: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Sep 21 07:16:34.829356: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:16:34.829358: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:16:34.829361: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:16:34.829366: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:16:34.829370: | cleartext fragment 24 00 00 0d 02 00 00 00 6e 6f 72 74 68 27 00 00 Sep 21 07:16:34.829372: | cleartext fragment 0c 02 00 00 00 65 61 73 74 21 00 01 1a 01 00 00 Sep 21 07:16:34.829374: | cleartext fragment 00 dc be c3 6c 71 5e d3 4c b8 7b 7e 6a 46 3f 99 Sep 21 07:16:34.829376: | cleartext fragment 5a 6f 54 6f 8e 8f d5 fe ba c6 a9 1e 13 d4 c9 ef Sep 21 07:16:34.829378: | cleartext fragment 1b 77 64 01 59 7a 83 f6 70 6f b0 6c 8a a4 01 1f Sep 21 07:16:34.829380: | cleartext fragment e8 1c ae 96 71 17 7b ae a6 ef 96 1d ad ad bc 71 Sep 21 07:16:34.829382: | cleartext fragment 56 64 d5 a2 1d fc 18 b3 b0 d3 2e 75 fb 2c 61 7d Sep 21 07:16:34.829384: | cleartext fragment 53 d5 5c 3c 46 c3 44 5b 99 48 5c 65 84 2f c8 8d Sep 21 07:16:34.829386: | cleartext fragment 5e bd 8c fa da b3 f4 f7 a8 1b 4c 6c da 4b 0d e2 Sep 21 07:16:34.829388: | cleartext fragment 9c 01 39 9c cf 74 e3 ed ac bc 1f 9d a3 92 5c ce Sep 21 07:16:34.829390: | cleartext fragment e7 d5 99 90 53 1a 4a b3 db e6 78 73 6e a2 fa 6b Sep 21 07:16:34.829392: | cleartext fragment 02 06 92 f0 9f b7 bf 03 7d f2 4d 8d ca 91 15 12 Sep 21 07:16:34.829395: | cleartext fragment 75 55 39 07 bf fd da 9f 59 cb 5f 0f fe 0e fa 52 Sep 21 07:16:34.829397: | cleartext fragment 60 c0 6a 4f 9a b8 1f 34 89 4b 75 b2 f4 1a 96 85 Sep 21 07:16:34.829399: | cleartext fragment 15 a8 81 eb 59 62 29 a4 98 c9 df 3a f8 53 bc 85 Sep 21 07:16:34.829401: | cleartext fragment b2 e9 c9 b1 d3 b5 59 e4 be 63 0e 88 27 9b 6b ba Sep 21 07:16:34.829403: | cleartext fragment 8b 33 cb db cb 51 28 0d ff b3 df d2 8e 67 0d ef Sep 21 07:16:34.829405: | cleartext fragment 16 06 8c 07 5b fa 54 99 f6 fc 5a 8a 34 3a 7f 88 Sep 21 07:16:34.829407: | cleartext fragment 88 9f 52 b0 f8 f2 a1 d9 d9 8b b6 43 9f 66 72 83 Sep 21 07:16:34.829409: | cleartext fragment 4e 50 f9 2c 00 00 a4 02 00 00 20 01 03 04 02 b9 Sep 21 07:16:34.829411: | cleartext fragment 60 a5 1e 03 00 00 0c 01 00 00 14 80 0e 01 00 00 Sep 21 07:16:34.829413: | cleartext fragment 00 00 08 05 00 00 00 02 00 00 20 02 03 04 02 b9 Sep 21 07:16:34.829415: | cleartext fragment 60 a5 1e 03 00 00 0c 01 00 00 14 80 0e 00 80 00 Sep 21 07:16:34.829417: | cleartext fragment 00 00 08 05 00 00 00 02 00 00 30 03 03 04 04 b9 Sep 21 07:16:34.829419: | cleartext fragment 60 a5 1e 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 Sep 21 07:16:34.829421: | cleartext fragment 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 Sep 21 07:16:34.829423: | cleartext fragment 00 00 08 05 00 00 00 00 00 00 30 04 03 04 04 b9 Sep 21 07:16:34.829425: | cleartext fragment 60 a5 1e 03 00 00 0c 01 00 00 0c 80 0e 00 80 03 Sep 21 07:16:34.829427: | cleartext fragment 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 Sep 21 07:16:34.829429: | cleartext fragment 00 00 08 05 00 00 00 2d 00 00 18 01 00 00 Sep 21 07:16:34.829431: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:34.829434: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:16:34.829436: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:16:34.829439: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:16:34.829441: | emitting length of ISAKMP Message: 539 Sep 21 07:16:34.829451: | **emit ISAKMP Message: Sep 21 07:16:34.829453: | initiator cookie: Sep 21 07:16:34.829455: | c4 a3 64 8b a9 6c c7 86 Sep 21 07:16:34.829457: | responder cookie: Sep 21 07:16:34.829459: | 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:34.829461: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:34.829463: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:34.829465: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:34.829468: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:34.829470: | Message ID: 1 (0x1) Sep 21 07:16:34.829472: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:34.829475: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:16:34.829478: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.829480: | flags: none (0x0) Sep 21 07:16:34.829482: | fragment number: 2 (0x2) Sep 21 07:16:34.829484: | total fragments: 2 (0x2) Sep 21 07:16:34.829486: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:16:34.829489: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:16:34.829491: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:16:34.829494: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:16:34.829498: | emitting 41 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:16:34.829501: | cleartext fragment 00 07 00 00 10 00 00 ff ff c0 00 03 fe c0 00 03 Sep 21 07:16:34.829503: | cleartext fragment fe 00 00 00 18 01 00 00 00 07 00 00 10 00 00 ff Sep 21 07:16:34.829505: | cleartext fragment ff c0 00 02 00 c0 00 02 ff Sep 21 07:16:34.829507: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:34.829509: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:16:34.829512: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:16:34.829514: | emitting length of IKEv2 Encrypted Fragment: 74 Sep 21 07:16:34.829516: | emitting length of ISAKMP Message: 102 Sep 21 07:16:34.829524: | suspend processing: state #1 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:34.829529: | start processing: state #2 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:34.829533: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:16:34.829535: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:16:34.829538: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:16:34.829541: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:16:34.829545: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:16:34.829549: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:16:34.829553: "north-east" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:16:34.829557: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:16:34.829559: | sending fragments ... Sep 21 07:16:34.829564: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:34.829566: | c4 a3 64 8b a9 6c c7 86 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:34.829569: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Sep 21 07:16:34.829571: | 00 01 00 02 46 b1 f7 ba 30 28 f8 5b 11 1a 57 ee Sep 21 07:16:34.829572: | ad bf 52 2f 31 e0 64 e5 96 be 58 0f 39 13 6b f4 Sep 21 07:16:34.829574: | 04 b4 e4 0f 20 ba da ff 83 3c ee 9f c7 b6 a7 c2 Sep 21 07:16:34.829576: | 14 79 98 9e 81 07 d4 93 3a 30 9e 51 f7 4a d5 1a Sep 21 07:16:34.829578: | ca 67 2e 04 b5 e7 af 72 c1 f7 bd b6 51 a0 8d 9d Sep 21 07:16:34.829580: | 6e 39 66 aa ae 7d 06 bc 2e 7d c8 c3 52 24 38 ea Sep 21 07:16:34.829582: | f5 91 00 3c eb 94 be 1c 3a a9 dc 00 6e 17 f5 99 Sep 21 07:16:34.829584: | 35 b0 66 0a 37 63 aa f3 5b f3 90 25 84 c8 dd ae Sep 21 07:16:34.829586: | e9 ca d8 19 fc 94 c0 42 72 00 5a 7f 56 9d 39 86 Sep 21 07:16:34.829588: | d8 9b f6 33 d9 f0 11 a5 7b 74 14 93 58 77 2e b8 Sep 21 07:16:34.829592: | 22 b8 44 a6 47 31 dc 47 2c 09 e9 89 d1 26 86 3c Sep 21 07:16:34.829594: | 19 70 64 33 ca cd cb 10 43 bd f5 5d 41 5d a5 1f Sep 21 07:16:34.829596: | a7 c9 31 d1 84 d7 7f d2 09 a9 38 77 fa 28 d2 92 Sep 21 07:16:34.829598: | ad c4 a5 60 0a 3b fb ba c5 cb 1c 70 79 11 31 36 Sep 21 07:16:34.829599: | ec c4 11 24 2d 70 bf 41 ee 66 08 e0 2c 98 d3 22 Sep 21 07:16:34.829601: | cc 5d af 1a 0b b7 13 4d 85 4d 61 d8 0e cf e1 8c Sep 21 07:16:34.829603: | c2 89 4b cd 16 59 35 14 8f 45 15 6b 9e ec e8 5d Sep 21 07:16:34.829605: | 50 64 bb 79 92 13 9d 50 2d cd 8d e8 af 65 2d de Sep 21 07:16:34.829607: | 0d 43 f5 5f 05 f1 4f 0f 95 0b 29 fc 1f 1e 28 9f Sep 21 07:16:34.829609: | d6 de a0 9f 88 a1 13 8b 5d 23 86 09 70 0a 9b a1 Sep 21 07:16:34.829611: | 34 4a fc 1b da f6 c0 be af fa 9b a6 c6 b5 54 a8 Sep 21 07:16:34.829613: | 94 63 dd 86 c8 ff d3 57 35 87 6f 0b 2f b7 34 4f Sep 21 07:16:34.829615: | 89 82 0e 36 e3 96 17 98 53 1f ac 39 24 62 ae 21 Sep 21 07:16:34.829617: | 42 64 9d 17 c0 da 54 61 59 4d 12 d4 95 87 45 8e Sep 21 07:16:34.829619: | 32 0f c5 a7 05 fe a8 15 87 b4 26 dd c4 06 05 40 Sep 21 07:16:34.829621: | 19 32 eb d6 1d f4 55 14 22 f5 f9 92 09 22 70 d1 Sep 21 07:16:34.829623: | 50 13 c5 09 c3 45 7f ac cd 0d 53 07 52 58 72 27 Sep 21 07:16:34.829625: | 12 a3 96 e9 ac 55 cd 9e fd f6 01 aa b9 6e 9b 6e Sep 21 07:16:34.829627: | 82 7d 45 f6 e5 ea 53 5a c5 8e 9a c9 5d 58 bf 8f Sep 21 07:16:34.829629: | 2d 40 6f 1a 5e 73 a5 37 13 f6 67 5a 64 5c fd d9 Sep 21 07:16:34.829631: | 25 88 4c 2c a3 07 cf c2 d5 82 d6 36 d9 ff f6 39 Sep 21 07:16:34.829633: | fc aa e3 82 99 b4 da 3f 1a dd ce Sep 21 07:16:34.829670: | sending 102 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:34.829673: | c4 a3 64 8b a9 6c c7 86 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:34.829675: | 35 20 23 08 00 00 00 01 00 00 00 66 00 00 00 4a Sep 21 07:16:34.829677: | 00 02 00 02 26 a7 9e 33 1f 9e 62 ed 7f 9d 6c e1 Sep 21 07:16:34.829679: | 80 1d 31 8f 24 4c e0 fa 91 a4 7c 43 5c fe 7d 74 Sep 21 07:16:34.829681: | 07 52 52 99 95 46 9f dd 7f 43 e3 7e a4 a0 bd 69 Sep 21 07:16:34.829683: | 02 2b 1f dc 77 9e 8d cb 12 f9 cf df 85 02 17 a2 Sep 21 07:16:34.829685: | ef 64 fa 37 cf 6f Sep 21 07:16:34.829697: | sent 2 fragments Sep 21 07:16:34.829700: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:16:34.829704: | event_schedule: new EVENT_RETRANSMIT-pe@0x558c073ba520 Sep 21 07:16:34.829707: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Sep 21 07:16:34.829710: | libevent_malloc: new ptr-libevent@0x7f61e4006900 size 128 Sep 21 07:16:34.829715: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48841.197968 Sep 21 07:16:34.829719: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:16:34.829724: | #1 spent 6.17 milliseconds in resume sending helper answer Sep 21 07:16:34.829728: | stop processing: state #2 connection "north-east" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:34.829731: | libevent_free: release ptr-libevent@0x7f61dc006b90 Sep 21 07:16:34.854052: | spent 0.00418 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:34.854082: | *received 435 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:34.854087: | c4 a3 64 8b a9 6c c7 86 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:34.854091: | 2e 20 23 20 00 00 00 01 00 00 01 b3 24 00 01 97 Sep 21 07:16:34.854095: | 75 1b 0d 39 0a 1f 64 f0 55 b1 e8 71 30 e5 e4 a9 Sep 21 07:16:34.854098: | 4e 50 93 c5 d6 69 b0 0f bd 34 ac ac 15 00 cd d2 Sep 21 07:16:34.854102: | a2 17 0f 72 00 d8 04 b0 f2 2b c3 dd 69 69 7f 54 Sep 21 07:16:34.854105: | 8f 95 97 1b 9a e5 5b 92 8a e9 6f e0 c7 41 d8 e2 Sep 21 07:16:34.854109: | 21 12 ba dc b3 ef 80 66 91 6a a4 cc d6 cc 71 36 Sep 21 07:16:34.854115: | 4f 88 c7 0e f1 62 cc e4 60 d5 66 db 41 23 f4 6f Sep 21 07:16:34.854119: | 6d 0e 11 80 7a 6f a5 ba ca a4 05 86 dd 93 1e f1 Sep 21 07:16:34.854122: | 05 be da bf 29 e0 ca 9e 29 6c 5c 9b 63 bd 86 72 Sep 21 07:16:34.854126: | 60 a0 3c 62 0c 51 8c 0c fa 35 75 86 d2 b6 ff 9a Sep 21 07:16:34.854129: | 59 81 2e af 97 2f 14 b5 37 a4 78 b9 98 a0 78 3e Sep 21 07:16:34.854132: | e9 22 71 2d e9 9c b8 0d bf 83 9e 94 15 70 af ca Sep 21 07:16:34.854136: | 78 2f 22 bf 04 72 3b ed 74 09 f5 69 36 66 6b ec Sep 21 07:16:34.854139: | 50 8a ec ae 51 33 76 e9 ee 2a 43 a1 ef 17 00 18 Sep 21 07:16:34.854142: | 0a 02 ae 9d 2f 40 24 07 43 fb 96 6d 60 ec a4 72 Sep 21 07:16:34.854146: | c0 0e 47 a4 68 5b 10 c9 e9 09 1a 60 88 a4 2e 64 Sep 21 07:16:34.854149: | 45 6e e4 fc 89 c5 ec 5f 8a 89 a3 2e 66 52 75 e8 Sep 21 07:16:34.854152: | e6 46 d1 1b 14 82 84 29 5d 2c 14 06 59 90 03 95 Sep 21 07:16:34.854156: | 06 d1 e9 05 d2 59 88 0f 53 17 85 ea 34 13 a0 3c Sep 21 07:16:34.854159: | bc 9d b2 68 14 af 17 da 53 5f 50 ad 6d 13 da d3 Sep 21 07:16:34.854163: | d5 de ab 8d 4f 8a 05 2a 35 21 98 31 b2 ef 36 fb Sep 21 07:16:34.854166: | b7 77 56 c0 2c 08 25 10 09 ca ed 4d 1b 77 c9 b4 Sep 21 07:16:34.854169: | 2f d5 e9 78 f4 0b 3f 16 04 79 ae 51 0d 4e 8c 54 Sep 21 07:16:34.854173: | e7 1c 8c f4 7d 85 93 d2 26 02 77 71 b6 27 2c 5c Sep 21 07:16:34.854176: | 88 31 ae 03 a1 1f 88 41 0d ee 88 61 48 90 f1 d1 Sep 21 07:16:34.854179: | e1 b6 d0 0a 4d 76 96 ea 7a d2 c1 9b 73 3e c4 b9 Sep 21 07:16:34.854183: | e5 85 af Sep 21 07:16:34.854190: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:34.854195: | **parse ISAKMP Message: Sep 21 07:16:34.854199: | initiator cookie: Sep 21 07:16:34.854202: | c4 a3 64 8b a9 6c c7 86 Sep 21 07:16:34.854206: | responder cookie: Sep 21 07:16:34.854209: | 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:34.854213: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:34.854217: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:34.854221: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:34.854225: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:34.854229: | Message ID: 1 (0x1) Sep 21 07:16:34.854232: | length: 435 (0x1b3) Sep 21 07:16:34.854237: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:34.854242: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:16:34.854248: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:16:34.854256: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:34.854261: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:16:34.854268: | suspend processing: state #1 connection "north-east" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:34.854275: | start processing: state #2 connection "north-east" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:34.854279: | #2 is idle Sep 21 07:16:34.854283: | #2 idle Sep 21 07:16:34.854286: | unpacking clear payload Sep 21 07:16:34.854290: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:34.854294: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:34.854298: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:16:34.854302: | flags: none (0x0) Sep 21 07:16:34.854305: | length: 407 (0x197) Sep 21 07:16:34.854309: | processing payload: ISAKMP_NEXT_v2SK (len=403) Sep 21 07:16:34.854313: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:16:34.854333: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:16:34.854338: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:16:34.854342: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:16:34.854346: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:16:34.854349: | flags: none (0x0) Sep 21 07:16:34.854355: | length: 12 (0xc) Sep 21 07:16:34.854359: | ID type: ID_FQDN (0x2) Sep 21 07:16:34.854363: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:16:34.854366: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:16:34.854370: | **parse IKEv2 Authentication Payload: Sep 21 07:16:34.854374: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:34.854377: | flags: none (0x0) Sep 21 07:16:34.854381: | length: 282 (0x11a) Sep 21 07:16:34.854384: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:16:34.854388: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Sep 21 07:16:34.854391: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:34.854395: | **parse IKEv2 Security Association Payload: Sep 21 07:16:34.854398: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:16:34.854402: | flags: none (0x0) Sep 21 07:16:34.854405: | length: 36 (0x24) Sep 21 07:16:34.854409: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:16:34.854412: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:16:34.854416: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:34.854420: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:16:34.854423: | flags: none (0x0) Sep 21 07:16:34.854426: | length: 24 (0x18) Sep 21 07:16:34.854430: | number of TS: 1 (0x1) Sep 21 07:16:34.854433: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:16:34.854437: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:16:34.854441: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:34.854444: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:34.854448: | flags: none (0x0) Sep 21 07:16:34.854451: | length: 24 (0x18) Sep 21 07:16:34.854454: | number of TS: 1 (0x1) Sep 21 07:16:34.854458: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:16:34.854462: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:16:34.854466: | Now let's proceed with state specific processing Sep 21 07:16:34.854469: | calling processor Initiator: process IKE_AUTH response Sep 21 07:16:34.854476: | offered CA: '%none' Sep 21 07:16:34.854482: "north-east" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:16:34.854522: | verifying AUTH payload Sep 21 07:16:34.854542: | required RSA CA is '%any' Sep 21 07:16:34.854548: | checking RSA keyid '@east' for match with '@east' Sep 21 07:16:34.854552: | RSA key issuer CA is '%any' Sep 21 07:16:34.854642: | an RSA Sig check passed with *AQO9bJbr3 [preloaded keys] Sep 21 07:16:34.854651: | #1 spent 0.0921 milliseconds in try_all_keys() trying a pubkey Sep 21 07:16:34.854656: "north-east" #2: Authenticated using RSA Sep 21 07:16:34.854661: | #1 spent 0.132 milliseconds in ikev2_verify_rsa_hash() Sep 21 07:16:34.854666: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:16:34.854673: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:16:34.854677: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:16:34.854682: | libevent_free: release ptr-libevent@0x558c073b88e0 Sep 21 07:16:34.854687: | free_event_entry: release EVENT_SA_REPLACE-pe@0x558c073b8c90 Sep 21 07:16:34.854691: | event_schedule: new EVENT_SA_REKEY-pe@0x558c073b8c90 Sep 21 07:16:34.854696: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:16:34.854700: | libevent_malloc: new ptr-libevent@0x558c073b88e0 size 128 Sep 21 07:16:34.854825: | pstats #1 ikev2.ike established Sep 21 07:16:34.854836: | TSi: parsing 1 traffic selectors Sep 21 07:16:34.854840: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:34.854844: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:34.854847: | IP Protocol ID: 0 (0x0) Sep 21 07:16:34.854850: | length: 16 (0x10) Sep 21 07:16:34.854854: | start port: 0 (0x0) Sep 21 07:16:34.854857: | end port: 65535 (0xffff) Sep 21 07:16:34.854861: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:34.854864: | TS low c0 00 03 fe Sep 21 07:16:34.854871: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:34.854874: | TS high c0 00 03 fe Sep 21 07:16:34.854878: | TSi: parsed 1 traffic selectors Sep 21 07:16:34.854881: | TSr: parsing 1 traffic selectors Sep 21 07:16:34.854885: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:34.854888: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:34.854892: | IP Protocol ID: 0 (0x0) Sep 21 07:16:34.854895: | length: 16 (0x10) Sep 21 07:16:34.854898: | start port: 0 (0x0) Sep 21 07:16:34.854901: | end port: 65535 (0xffff) Sep 21 07:16:34.854905: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:34.854908: | TS low c0 00 02 00 Sep 21 07:16:34.854911: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:34.854914: | TS high c0 00 02 ff Sep 21 07:16:34.854918: | TSr: parsed 1 traffic selectors Sep 21 07:16:34.854926: | evaluating our conn="north-east" I=192.0.3.254/32:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:16:34.854934: | TSi[0] .net=192.0.3.254-192.0.3.254 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:34.854944: | match address end->client=192.0.3.254/32 == TSi[0]net=192.0.3.254-192.0.3.254: YES fitness 32 Sep 21 07:16:34.854948: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:16:34.854952: | TSi[0] port match: YES fitness 65536 Sep 21 07:16:34.854956: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:16:34.854961: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:34.854967: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:34.854976: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:16:34.854980: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:16:34.854984: | TSr[0] port match: YES fitness 65536 Sep 21 07:16:34.854987: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:16:34.854991: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:34.854995: | best fit so far: TSi[0] TSr[0] Sep 21 07:16:34.854998: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:16:34.855001: | printing contents struct traffic_selector Sep 21 07:16:34.855004: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:34.855007: | ipprotoid: 0 Sep 21 07:16:34.855010: | port range: 0-65535 Sep 21 07:16:34.855016: | ip range: 192.0.3.254-192.0.3.254 Sep 21 07:16:34.855019: | printing contents struct traffic_selector Sep 21 07:16:34.855022: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:34.855026: | ipprotoid: 0 Sep 21 07:16:34.855029: | port range: 0-65535 Sep 21 07:16:34.855034: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:16:34.855052: | using existing local ESP/AH proposals for north-east (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:34.855058: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:16:34.855063: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:34.855067: | local proposal 1 type PRF has 0 transforms Sep 21 07:16:34.855071: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:34.855074: | local proposal 1 type DH has 1 transforms Sep 21 07:16:34.855077: | local proposal 1 type ESN has 1 transforms Sep 21 07:16:34.855082: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:16:34.855085: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:34.855089: | local proposal 2 type PRF has 0 transforms Sep 21 07:16:34.855092: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:34.855095: | local proposal 2 type DH has 1 transforms Sep 21 07:16:34.855099: | local proposal 2 type ESN has 1 transforms Sep 21 07:16:34.855105: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:16:34.855108: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:34.855112: | local proposal 3 type PRF has 0 transforms Sep 21 07:16:34.855115: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:34.855118: | local proposal 3 type DH has 1 transforms Sep 21 07:16:34.855122: | local proposal 3 type ESN has 1 transforms Sep 21 07:16:34.855126: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:16:34.855129: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:34.855133: | local proposal 4 type PRF has 0 transforms Sep 21 07:16:34.855136: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:34.855139: | local proposal 4 type DH has 1 transforms Sep 21 07:16:34.855143: | local proposal 4 type ESN has 1 transforms Sep 21 07:16:34.855147: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:16:34.855151: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:34.855155: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:34.855158: | length: 32 (0x20) Sep 21 07:16:34.855161: | prop #: 1 (0x1) Sep 21 07:16:34.855165: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:34.855168: | spi size: 4 (0x4) Sep 21 07:16:34.855171: | # transforms: 2 (0x2) Sep 21 07:16:34.855176: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:16:34.855179: | remote SPI 65 45 f4 c9 Sep 21 07:16:34.855184: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:16:34.855188: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:34.855191: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:34.855195: | length: 12 (0xc) Sep 21 07:16:34.855198: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:34.855202: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:34.855206: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:34.855209: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:34.855213: | length/value: 256 (0x100) Sep 21 07:16:34.855219: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:34.855223: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:34.855227: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:34.855230: | length: 8 (0x8) Sep 21 07:16:34.855234: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:34.855237: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:34.855242: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:16:34.855247: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:16:34.855254: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:16:34.855257: | remote proposal 1 matches local proposal 1 Sep 21 07:16:34.855261: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:16:34.855268: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=6545f4c9;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:16:34.855272: | converting proposal to internal trans attrs Sep 21 07:16:34.855279: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:16:34.855502: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:16:34.855508: | could_route called for north-east (kind=CK_PERMANENT) Sep 21 07:16:34.855511: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:34.855516: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:16:34.855520: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:16:34.855525: | route owner of "north-east" prospective erouted: self; eroute owner: self Sep 21 07:16:34.855530: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:34.855538: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:34.855542: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:34.855546: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:34.855552: | setting IPsec SA replay-window to 32 Sep 21 07:16:34.855556: | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1 Sep 21 07:16:34.855560: | netlink: enabling tunnel mode Sep 21 07:16:34.855564: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:34.855568: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:34.855669: | netlink response for Add SA esp.6545f4c9@192.1.2.23 included non-error error Sep 21 07:16:34.855675: | set up outgoing SA, ref=0/0 Sep 21 07:16:34.855679: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:34.855683: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:34.855687: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:34.855690: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:34.855696: | setting IPsec SA replay-window to 32 Sep 21 07:16:34.855699: | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1 Sep 21 07:16:34.855703: | netlink: enabling tunnel mode Sep 21 07:16:34.855706: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:34.855710: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:34.855781: | netlink response for Add SA esp.b960a51e@192.1.3.33 included non-error error Sep 21 07:16:34.855798: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:16:34.855809: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.254/32:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:34.855813: | IPsec Sa SPD priority set to 1040359 Sep 21 07:16:34.855880: | raw_eroute result=success Sep 21 07:16:34.855885: | set up incoming SA, ref=0/0 Sep 21 07:16:34.855888: | sr for #2: prospective erouted Sep 21 07:16:34.855892: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:16:34.855895: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:34.855900: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:16:34.855903: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:16:34.855908: | route owner of "north-east" prospective erouted: self; eroute owner: self Sep 21 07:16:34.855913: | route_and_eroute with c: north-east (next: none) ero:north-east esr:{(nil)} ro:north-east rosr:{(nil)} and state: #2 Sep 21 07:16:34.855917: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:16:34.855929: | eroute_connection replace eroute 192.0.3.254/32:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Sep 21 07:16:34.855933: | IPsec Sa SPD priority set to 1040359 Sep 21 07:16:34.855967: | raw_eroute result=success Sep 21 07:16:34.855972: | running updown command "ipsec _updown" for verb up Sep 21 07:16:34.855976: | command executing up-client Sep 21 07:16:34.856013: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6545f4 Sep 21 07:16:34.856023: | popen cmd is 1036 chars long Sep 21 07:16:34.856028: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_I: Sep 21 07:16:34.856032: | cmd( 80):NTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@: Sep 21 07:16:34.856035: | cmd( 160):north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_: Sep 21 07:16:34.856039: | cmd( 240):MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_S: Sep 21 07:16:34.856043: | cmd( 320):A_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east: Sep 21 07:16:34.856046: | cmd( 400):' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_: Sep 21 07:16:34.856050: | cmd( 480):CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PE: Sep 21 07:16:34.856053: | cmd( 560):ER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYP: Sep 21 07:16:34.856057: | cmd( 640):T+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_: Sep 21 07:16:34.856060: | cmd( 720):PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' P: Sep 21 07:16:34.856064: | cmd( 800):LUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_S: Sep 21 07:16:34.856068: | cmd( 880):ERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING=: Sep 21 07:16:34.856071: | cmd( 960):'no' VTI_SHARED='no' SPI_IN=0x6545f4c9 SPI_OUT=0xb960a51e ipsec _updown 2>&1: Sep 21 07:16:34.866907: | route_and_eroute: firewall_notified: true Sep 21 07:16:34.866924: | route_and_eroute: instance "north-east", setting eroute_owner {spd=0x558c073b6a70,sr=0x558c073b6a70} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:16:34.867019: | #1 spent 0.752 milliseconds in install_ipsec_sa() Sep 21 07:16:34.867028: | inR2: instance north-east[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:16:34.867033: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:34.867038: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:16:34.867045: | libevent_free: release ptr-libevent@0x7f61e4006900 Sep 21 07:16:34.867049: | free_event_entry: release EVENT_RETRANSMIT-pe@0x558c073ba520 Sep 21 07:16:34.867056: | #2 spent 1.81 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:16:34.867066: | [RE]START processing: state #2 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:34.867072: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:16:34.867077: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:16:34.867082: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:16:34.867086: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:16:34.867094: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:16:34.867102: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:34.867107: | pstats #2 ikev2.child established Sep 21 07:16:34.867118: "north-east" #2: negotiated connection [192.0.3.254-192.0.3.254:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:16:34.867125: | NAT-T: encaps is 'auto' Sep 21 07:16:34.867132: "north-east" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x6545f4c9 <0xb960a51e xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:16:34.867137: | releasing whack for #2 (sock=fd@-1) Sep 21 07:16:34.867141: | releasing whack and unpending for parent #1 Sep 21 07:16:34.867145: | unpending state #1 connection "north-east" Sep 21 07:16:34.867156: | delete from pending Child SA with 192.1.2.23 "north-east" Sep 21 07:16:34.867161: | removing pending policy for no connection {0x558c07319f50} Sep 21 07:16:34.867168: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:16:34.867173: | event_schedule: new EVENT_SA_REKEY-pe@0x558c073ba520 Sep 21 07:16:34.867178: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:16:34.867183: | libevent_malloc: new ptr-libevent@0x7f61e4006900 size 128 Sep 21 07:16:34.867192: | stop processing: state #2 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:34.867200: | #1 spent 2.36 milliseconds in ikev2_process_packet() Sep 21 07:16:34.867206: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:34.867212: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:34.867216: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:34.867223: | spent 2.38 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:34.867238: | processing signal PLUTO_SIGCHLD Sep 21 07:16:34.867245: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:34.867251: | spent 0.0063 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:35.933696: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:35.933720: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:16:35.933725: | FOR_EACH_STATE_... in sort_states Sep 21 07:16:35.933733: | get_sa_info esp.b960a51e@192.1.3.33 Sep 21 07:16:35.933750: | get_sa_info esp.6545f4c9@192.1.2.23 Sep 21 07:16:35.933769: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:35.933778: | spent 0.089 milliseconds in whack Sep 21 07:16:39.504519: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:39.504539: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:16:39.504543: | FOR_EACH_STATE_... in sort_states Sep 21 07:16:39.504551: | get_sa_info esp.b960a51e@192.1.3.33 Sep 21 07:16:39.504566: | get_sa_info esp.6545f4c9@192.1.2.23 Sep 21 07:16:39.504583: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:39.504589: | spent 0.078 milliseconds in whack Sep 21 07:16:42.406047: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:42.406340: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:42.406346: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:42.406414: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:16:42.406417: | FOR_EACH_STATE_... in sort_states Sep 21 07:16:42.406429: | get_sa_info esp.b960a51e@192.1.3.33 Sep 21 07:16:42.406445: | get_sa_info esp.6545f4c9@192.1.2.23 Sep 21 07:16:42.406466: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:42.406477: | spent 0.436 milliseconds in whack Sep 21 07:16:43.170736: | spent 0.00271 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:43.170757: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:43.170761: | c4 a3 64 8b a9 6c c7 86 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:43.170764: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:16:43.170767: | 86 6c f8 2a 95 01 e0 70 d8 a5 4d 9a 83 84 fd a5 Sep 21 07:16:43.170770: | 62 b9 19 c8 ac 7e 04 aa f4 01 41 2e 40 68 f8 75 Sep 21 07:16:43.170772: | 79 21 3a f1 5f Sep 21 07:16:43.170777: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:43.170781: | **parse ISAKMP Message: Sep 21 07:16:43.170790: | initiator cookie: Sep 21 07:16:43.170793: | c4 a3 64 8b a9 6c c7 86 Sep 21 07:16:43.170795: | responder cookie: Sep 21 07:16:43.170798: | 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:43.170801: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:43.170807: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:43.170810: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:43.170812: | flags: none (0x0) Sep 21 07:16:43.170815: | Message ID: 0 (0x0) Sep 21 07:16:43.170818: | length: 69 (0x45) Sep 21 07:16:43.170821: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:16:43.170825: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:16:43.170830: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:16:43.170838: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:43.170842: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:16:43.170848: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:16:43.170852: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:16:43.170858: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Sep 21 07:16:43.170861: | unpacking clear payload Sep 21 07:16:43.170865: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:43.170868: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:43.170871: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:16:43.170874: | flags: none (0x0) Sep 21 07:16:43.170877: | length: 41 (0x29) Sep 21 07:16:43.170881: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:16:43.170887: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:16:43.170891: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:16:43.170908: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:16:43.170912: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:16:43.170916: | **parse IKEv2 Delete Payload: Sep 21 07:16:43.170919: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:43.170921: | flags: none (0x0) Sep 21 07:16:43.170924: | length: 12 (0xc) Sep 21 07:16:43.170927: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:43.170930: | SPI size: 4 (0x4) Sep 21 07:16:43.170933: | number of SPIs: 1 (0x1) Sep 21 07:16:43.170936: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:16:43.170939: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:16:43.170942: | Now let's proceed with state specific processing Sep 21 07:16:43.170945: | calling processor I3: INFORMATIONAL Request Sep 21 07:16:43.170949: | an informational request should send a response Sep 21 07:16:43.170955: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:16:43.170958: | **emit ISAKMP Message: Sep 21 07:16:43.170961: | initiator cookie: Sep 21 07:16:43.170963: | c4 a3 64 8b a9 6c c7 86 Sep 21 07:16:43.170966: | responder cookie: Sep 21 07:16:43.170969: | 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:43.170972: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:43.170975: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:43.170978: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:43.170982: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:16:43.170985: | Message ID: 0 (0x0) Sep 21 07:16:43.170989: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:43.170992: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:43.170996: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:43.170998: | flags: none (0x0) Sep 21 07:16:43.171003: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:43.171007: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:43.171013: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:43.171020: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:16:43.171023: | SPI 65 45 f4 c9 Sep 21 07:16:43.171025: | delete PROTO_v2_ESP SA(0x6545f4c9) Sep 21 07:16:43.171029: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:16:43.171033: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:16:43.171036: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x6545f4c9) Sep 21 07:16:43.171040: "north-east" #1: received Delete SA payload: delete IPsec State #2 now Sep 21 07:16:43.171043: | pstats #2 ikev2.child deleted completed Sep 21 07:16:43.171048: | #2 spent 1.81 milliseconds in total Sep 21 07:16:43.171054: | suspend processing: state #1 connection "north-east" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:43.171059: | start processing: state #2 connection "north-east" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:43.171063: "north-east" #2: deleting other state #2 (STATE_V2_IPSEC_I) aged 8.347s and NOT sending notification Sep 21 07:16:43.171067: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:16:43.171072: | get_sa_info esp.6545f4c9@192.1.2.23 Sep 21 07:16:43.171084: | get_sa_info esp.b960a51e@192.1.3.33 Sep 21 07:16:43.171093: "north-east" #2: ESP traffic information: in=336B out=336B Sep 21 07:16:43.171098: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:16:43.171101: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:16:43.171106: | libevent_free: release ptr-libevent@0x7f61e4006900 Sep 21 07:16:43.171109: | free_event_entry: release EVENT_SA_REKEY-pe@0x558c073ba520 Sep 21 07:16:43.171164: | running updown command "ipsec _updown" for verb down Sep 21 07:16:43.171169: | command executing down-client Sep 21 07:16:43.171205: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050194' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Sep 21 07:16:43.171211: | popen cmd is 1047 chars long Sep 21 07:16:43.171215: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO: Sep 21 07:16:43.171218: | cmd( 80):_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID=: Sep 21 07:16:43.171222: | cmd( 160):'@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUT: Sep 21 07:16:43.171225: | cmd( 240):O_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO: Sep 21 07:16:43.171229: | cmd( 320):_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@ea: Sep 21 07:16:43.171232: | cmd( 400):st' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEE: Sep 21 07:16:43.171236: | cmd( 480):R_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_: Sep 21 07:16:43.171239: | cmd( 560):PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050194' PLUTO_CONN_POLICY='RS: Sep 21 07:16:43.171242: | cmd( 640):ASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CON: Sep 21 07:16:43.171248: | cmd( 720):N_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_: Sep 21 07:16:43.171252: | cmd( 800):CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' : Sep 21 07:16:43.171255: | cmd( 880):PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' V: Sep 21 07:16:43.171258: | cmd( 960):TI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6545f4c9 SPI_OUT=0xb960a51e ipsec _updo: Sep 21 07:16:43.171261: | cmd(1040):wn 2>&1: Sep 21 07:16:43.186258: | shunt_eroute() called for connection 'north-east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.254/32:0 --0->- 192.0.2.0/24:0 Sep 21 07:16:43.186279: | netlink_shunt_eroute for proto 0, and source 192.0.3.254/32:0 dest 192.0.2.0/24:0 Sep 21 07:16:43.186283: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:16:43.186287: | IPsec Sa SPD priority set to 1040359 Sep 21 07:16:43.186499: | delete esp.6545f4c9@192.1.2.23 Sep 21 07:16:43.186636: | netlink response for Del SA esp.6545f4c9@192.1.2.23 included non-error error Sep 21 07:16:43.186643: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:16:43.186651: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.254/32:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:43.186891: | raw_eroute result=success Sep 21 07:16:43.186901: | delete esp.b960a51e@192.1.3.33 Sep 21 07:16:43.187026: | netlink response for Del SA esp.b960a51e@192.1.3.33 included non-error error Sep 21 07:16:43.187035: | in connection_discard for connection north-east Sep 21 07:16:43.187038: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:16:43.187043: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:16:43.187051: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:43.187056: | resume processing: state #1 connection "north-east" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:43.187063: | ****emit IKEv2 Delete Payload: Sep 21 07:16:43.187066: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:43.187069: | flags: none (0x0) Sep 21 07:16:43.187072: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:43.187074: | SPI size: 4 (0x4) Sep 21 07:16:43.187076: | number of SPIs: 1 (0x1) Sep 21 07:16:43.187080: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:16:43.187083: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:43.187086: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:16:43.187089: | local SPIs b9 60 a5 1e Sep 21 07:16:43.187091: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:16:43.187095: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:43.187098: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:43.187101: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:43.187104: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:16:43.187106: | emitting length of ISAKMP Message: 69 Sep 21 07:16:43.187130: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:43.187133: | c4 a3 64 8b a9 6c c7 86 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:43.187136: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:16:43.187138: | 5f b3 3c b4 2c 8e a8 b2 d1 14 b2 bb 6e 78 32 1f Sep 21 07:16:43.187141: | f1 87 b8 39 fe 99 b2 09 bd 32 87 6a 99 e5 ff 45 Sep 21 07:16:43.187143: | 05 88 e1 07 ac Sep 21 07:16:43.187192: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:16:43.187201: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:16:43.187210: | #1 spent 0.778 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:16:43.187216: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:43.187220: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:16:43.187223: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:16:43.187228: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:16:43.187232: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:43.187236: "north-east" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:16:43.187241: | stop processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:43.187246: | #1 spent 1.01 milliseconds in ikev2_process_packet() Sep 21 07:16:43.187251: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:43.187254: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:43.187257: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:43.187261: | spent 1.03 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:43.187274: | processing signal PLUTO_SIGCHLD Sep 21 07:16:43.187278: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:43.187282: | spent 0.00431 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:43.199522: | spent 0.00265 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:43.199543: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:43.199546: | c4 a3 64 8b a9 6c c7 86 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:43.199549: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Sep 21 07:16:43.199551: | d1 fa 88 42 b2 19 8f a0 6b d4 44 a1 42 28 1a e4 Sep 21 07:16:43.199553: | 16 3d ec 77 d3 e4 79 24 65 d5 71 36 a7 0c 17 3a Sep 21 07:16:43.199555: | fe Sep 21 07:16:43.199559: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:43.199562: | **parse ISAKMP Message: Sep 21 07:16:43.199565: | initiator cookie: Sep 21 07:16:43.199567: | c4 a3 64 8b a9 6c c7 86 Sep 21 07:16:43.199569: | responder cookie: Sep 21 07:16:43.199571: | 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:43.199574: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:43.199576: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:43.199578: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:43.199581: | flags: none (0x0) Sep 21 07:16:43.199583: | Message ID: 1 (0x1) Sep 21 07:16:43.199586: | length: 65 (0x41) Sep 21 07:16:43.199589: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:16:43.199592: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:16:43.199596: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:16:43.199602: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:43.199605: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:16:43.199610: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:16:43.199613: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:16:43.199617: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Sep 21 07:16:43.199622: | unpacking clear payload Sep 21 07:16:43.199624: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:43.199627: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:43.199630: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:16:43.199634: | flags: none (0x0) Sep 21 07:16:43.199638: | length: 37 (0x25) Sep 21 07:16:43.199642: | processing payload: ISAKMP_NEXT_v2SK (len=33) Sep 21 07:16:43.199648: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:16:43.199651: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:16:43.199670: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:16:43.199676: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:16:43.199680: | **parse IKEv2 Delete Payload: Sep 21 07:16:43.199683: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:43.199686: | flags: none (0x0) Sep 21 07:16:43.199689: | length: 8 (0x8) Sep 21 07:16:43.199692: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:16:43.199694: | SPI size: 0 (0x0) Sep 21 07:16:43.199697: | number of SPIs: 0 (0x0) Sep 21 07:16:43.199700: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:16:43.199703: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:16:43.199706: | Now let's proceed with state specific processing Sep 21 07:16:43.199709: | calling processor I3: INFORMATIONAL Request Sep 21 07:16:43.199714: | an informational request should send a response Sep 21 07:16:43.199719: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:16:43.199726: | **emit ISAKMP Message: Sep 21 07:16:43.199729: | initiator cookie: Sep 21 07:16:43.199732: | c4 a3 64 8b a9 6c c7 86 Sep 21 07:16:43.199734: | responder cookie: Sep 21 07:16:43.199736: | 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:43.199739: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:43.199742: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:43.199744: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:43.199748: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:16:43.199750: | Message ID: 1 (0x1) Sep 21 07:16:43.199753: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:43.199756: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:43.199759: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:43.199761: | flags: none (0x0) Sep 21 07:16:43.199764: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:43.199768: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:43.199771: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:43.199777: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:43.199781: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:43.199801: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:43.199806: | emitting length of IKEv2 Encryption Payload: 29 Sep 21 07:16:43.199809: | emitting length of ISAKMP Message: 57 Sep 21 07:16:43.199823: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:43.199826: | c4 a3 64 8b a9 6c c7 86 5b 9f ab 95 b4 b9 19 d3 Sep 21 07:16:43.199829: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Sep 21 07:16:43.199831: | 2a 9a 97 6e 2a ad ac bc e4 0a 96 a3 c7 df 44 c9 Sep 21 07:16:43.199834: | 91 83 c5 4b 12 77 d9 8b 69 Sep 21 07:16:43.199865: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:16:43.199877: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:16:43.199880: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:16:43.199884: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:16:43.199887: | pstats #1 ikev2.ike deleted completed Sep 21 07:16:43.199892: | #1 spent 14.2 milliseconds in total Sep 21 07:16:43.199897: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:43.199901: "north-east" #1: deleting state (STATE_IKESA_DEL) aged 8.384s and NOT sending notification Sep 21 07:16:43.199905: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:16:43.200588: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:16:43.200597: | libevent_free: release ptr-libevent@0x558c073b88e0 Sep 21 07:16:43.200602: | free_event_entry: release EVENT_SA_REKEY-pe@0x558c073b8c90 Sep 21 07:16:43.200605: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:16:43.200608: | in connection_discard for connection north-east Sep 21 07:16:43.200611: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:16:43.200615: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:16:43.200619: | unreference key: 0x558c073196c0 @east cnt 2-- Sep 21 07:16:43.200636: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:43.200652: | in statetime_stop() and could not find #1 Sep 21 07:16:43.200656: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:43.200660: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Sep 21 07:16:43.200663: | STF_OK but no state object remains Sep 21 07:16:43.200666: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:43.200669: | in statetime_stop() and could not find #1 Sep 21 07:16:43.200673: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:43.200677: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:43.200679: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:43.200685: | spent 0.504 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:43.698149: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:43.698165: shutting down Sep 21 07:16:43.698172: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:16:43.698174: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:16:43.698180: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:43.698185: forgetting secrets Sep 21 07:16:43.698190: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:43.698193: | unreference key: 0x558c073196c0 @east cnt 1-- Sep 21 07:16:43.698196: | unreference key: 0x558c073108f0 @north cnt 1-- Sep 21 07:16:43.698201: | start processing: connection "north-east" (in delete_connection() at connections.c:189) Sep 21 07:16:43.698204: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:16:43.698206: | pass 0 Sep 21 07:16:43.698209: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:43.698210: | pass 1 Sep 21 07:16:43.698213: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:43.698219: | shunt_eroute() called for connection 'north-east' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.254/32:0 --0->- 192.0.2.0/24:0 Sep 21 07:16:43.698224: | netlink_shunt_eroute for proto 0, and source 192.0.3.254/32:0 dest 192.0.2.0/24:0 Sep 21 07:16:43.698227: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:16:43.698270: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:16:43.698285: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:43.698290: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:16:43.698293: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:16:43.698297: | route owner of "north-east" unrouted: NULL Sep 21 07:16:43.698300: | running updown command "ipsec _updown" for verb unroute Sep 21 07:16:43.698303: | command executing unroute-client Sep 21 07:16:43.698334: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_ Sep 21 07:16:43.698337: | popen cmd is 1028 chars long Sep 21 07:16:43.698339: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL: Sep 21 07:16:43.698341: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_: Sep 21 07:16:43.698342: | cmd( 160):ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' P: Sep 21 07:16:43.698344: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Sep 21 07:16:43.698346: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Sep 21 07:16:43.698347: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Sep 21 07:16:43.698349: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:16:43.698350: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: Sep 21 07:16:43.698352: | cmd( 640):ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIN: Sep 21 07:16:43.698353: | cmd( 720):D='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO: Sep 21 07:16:43.698355: | cmd( 800):='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO: Sep 21 07:16:43.698356: | cmd( 880):_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_RO: Sep 21 07:16:43.698358: | cmd( 960):UTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:16:43.718478: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718497: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718500: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718503: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718506: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718515: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718528: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718540: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718553: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718566: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718579: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718595: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718604: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718613: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718622: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718631: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718641: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718650: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718660: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718669: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718936: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718945: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.718954: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:43.727107: | free hp@0x558c07382610 Sep 21 07:16:43.727122: | flush revival: connection 'north-east' wasn't on the list Sep 21 07:16:43.727125: | stop processing: connection "north-east" (in discard_connection() at connections.c:249) Sep 21 07:16:43.727131: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:16:43.727133: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:16:43.727143: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:16:43.727146: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:16:43.727148: shutting down interface eth0/eth0 192.0.3.254:4500 Sep 21 07:16:43.727150: shutting down interface eth0/eth0 192.0.3.254:500 Sep 21 07:16:43.727152: shutting down interface eth1/eth1 192.1.3.33:4500 Sep 21 07:16:43.727154: shutting down interface eth1/eth1 192.1.3.33:500 Sep 21 07:16:43.727157: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:16:43.727164: | libevent_free: release ptr-libevent@0x558c073b5be0 Sep 21 07:16:43.727166: | free_event_entry: release EVENT_NULL-pe@0x558c073b5ba0 Sep 21 07:16:43.727174: | libevent_free: release ptr-libevent@0x558c073b5cd0 Sep 21 07:16:43.727176: | free_event_entry: release EVENT_NULL-pe@0x558c073b5c90 Sep 21 07:16:43.727180: | libevent_free: release ptr-libevent@0x558c073b5dc0 Sep 21 07:16:43.727182: | free_event_entry: release EVENT_NULL-pe@0x558c073b5d80 Sep 21 07:16:43.727186: | libevent_free: release ptr-libevent@0x558c073b5eb0 Sep 21 07:16:43.727188: | free_event_entry: release EVENT_NULL-pe@0x558c073b5e70 Sep 21 07:16:43.727192: | libevent_free: release ptr-libevent@0x558c073b5fa0 Sep 21 07:16:43.727194: | free_event_entry: release EVENT_NULL-pe@0x558c073b5f60 Sep 21 07:16:43.727198: | libevent_free: release ptr-libevent@0x558c073b6090 Sep 21 07:16:43.727199: | free_event_entry: release EVENT_NULL-pe@0x558c073b6050 Sep 21 07:16:43.727203: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:16:43.727566: | libevent_free: release ptr-libevent@0x558c073b5500 Sep 21 07:16:43.727570: | free_event_entry: release EVENT_NULL-pe@0x558c073992e0 Sep 21 07:16:43.727573: | libevent_free: release ptr-libevent@0x558c073aaf90 Sep 21 07:16:43.727574: | free_event_entry: release EVENT_NULL-pe@0x558c0739ed20 Sep 21 07:16:43.727577: | libevent_free: release ptr-libevent@0x558c073aaf00 Sep 21 07:16:43.727578: | free_event_entry: release EVENT_NULL-pe@0x558c0739ed60 Sep 21 07:16:43.727580: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:16:43.727582: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:16:43.727584: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:16:43.727585: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:16:43.727586: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:16:43.727591: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:16:43.727592: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:16:43.727594: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:16:43.727595: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:16:43.727599: | libevent_free: release ptr-libevent@0x558c073b55d0 Sep 21 07:16:43.727600: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:16:43.727603: | libevent_free: release ptr-libevent@0x558c073b56b0 Sep 21 07:16:43.727604: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:16:43.727606: | libevent_free: release ptr-libevent@0x558c073b5770 Sep 21 07:16:43.727607: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:16:43.727609: | libevent_free: release ptr-libevent@0x558c073aa280 Sep 21 07:16:43.727611: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:16:43.727612: | releasing event base Sep 21 07:16:43.727621: | libevent_free: release ptr-libevent@0x558c073b5830 Sep 21 07:16:43.727623: | libevent_free: release ptr-libevent@0x558c0738add0 Sep 21 07:16:43.727626: | libevent_free: release ptr-libevent@0x558c073995f0 Sep 21 07:16:43.727627: | libevent_free: release ptr-libevent@0x558c073996c0 Sep 21 07:16:43.727628: | libevent_free: release ptr-libevent@0x558c07399610 Sep 21 07:16:43.727630: | libevent_free: release ptr-libevent@0x558c073b5590 Sep 21 07:16:43.727632: | libevent_free: release ptr-libevent@0x558c073b5670 Sep 21 07:16:43.727633: | libevent_free: release ptr-libevent@0x558c073996a0 Sep 21 07:16:43.727635: | libevent_free: release ptr-libevent@0x558c0739e040 Sep 21 07:16:43.727636: | libevent_free: release ptr-libevent@0x558c0739e060 Sep 21 07:16:43.727637: | libevent_free: release ptr-libevent@0x558c073b6120 Sep 21 07:16:43.727639: | libevent_free: release ptr-libevent@0x558c073b6030 Sep 21 07:16:43.727640: | libevent_free: release ptr-libevent@0x558c073b5f40 Sep 21 07:16:43.727642: | libevent_free: release ptr-libevent@0x558c073b5e50 Sep 21 07:16:43.727643: | libevent_free: release ptr-libevent@0x558c073b5d60 Sep 21 07:16:43.727644: | libevent_free: release ptr-libevent@0x558c073b5c70 Sep 21 07:16:43.727646: | libevent_free: release ptr-libevent@0x558c0731b370 Sep 21 07:16:43.727647: | libevent_free: release ptr-libevent@0x558c073b5750 Sep 21 07:16:43.727649: | libevent_free: release ptr-libevent@0x558c073b5690 Sep 21 07:16:43.727650: | libevent_free: release ptr-libevent@0x558c073b55b0 Sep 21 07:16:43.727651: | libevent_free: release ptr-libevent@0x558c073b5810 Sep 21 07:16:43.727653: | libevent_free: release ptr-libevent@0x558c073195b0 Sep 21 07:16:43.727655: | libevent_free: release ptr-libevent@0x558c07399630 Sep 21 07:16:43.727656: | libevent_free: release ptr-libevent@0x558c07399660 Sep 21 07:16:43.727658: | libevent_free: release ptr-libevent@0x558c07399350 Sep 21 07:16:43.727659: | releasing global libevent data Sep 21 07:16:43.727661: | libevent_free: release ptr-libevent@0x558c07398000 Sep 21 07:16:43.727663: | libevent_free: release ptr-libevent@0x558c07398030 Sep 21 07:16:43.727665: | libevent_free: release ptr-libevent@0x558c07399320