Sep 21 07:16:36.986389: FIPS Product: YES Sep 21 07:16:36.986430: FIPS Kernel: NO Sep 21 07:16:36.986433: FIPS Mode: NO Sep 21 07:16:36.986436: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:16:36.986596: Initializing NSS Sep 21 07:16:36.986601: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:16:37.038400: NSS initialized Sep 21 07:16:37.038413: NSS crypto library initialized Sep 21 07:16:37.038416: FIPS HMAC integrity support [enabled] Sep 21 07:16:37.038419: FIPS mode disabled for pluto daemon Sep 21 07:16:37.112190: FIPS HMAC integrity verification self-test FAILED Sep 21 07:16:37.112301: libcap-ng support [enabled] Sep 21 07:16:37.112310: Linux audit support [enabled] Sep 21 07:16:37.114836: Linux audit activated Sep 21 07:16:37.114860: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:17351 Sep 21 07:16:37.114865: core dump dir: /tmp Sep 21 07:16:37.114867: secrets file: /etc/ipsec.secrets Sep 21 07:16:37.114869: leak-detective disabled Sep 21 07:16:37.114871: NSS crypto [enabled] Sep 21 07:16:37.114873: XAUTH PAM support [enabled] Sep 21 07:16:37.114949: | libevent is using pluto's memory allocator Sep 21 07:16:37.114955: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:16:37.114968: | libevent_malloc: new ptr-libevent@0x55cee7712ea0 size 40 Sep 21 07:16:37.114974: | libevent_malloc: new ptr-libevent@0x55cee7712ed0 size 40 Sep 21 07:16:37.114977: | libevent_malloc: new ptr-libevent@0x55cee7714480 size 40 Sep 21 07:16:37.114980: | creating event base Sep 21 07:16:37.114982: | libevent_malloc: new ptr-libevent@0x55cee7714bd0 size 56 Sep 21 07:16:37.114985: | libevent_malloc: new ptr-libevent@0x55cee7714c10 size 664 Sep 21 07:16:37.114998: | libevent_malloc: new ptr-libevent@0x55cee7714eb0 size 24 Sep 21 07:16:37.115002: | libevent_malloc: new ptr-libevent@0x55cee76ea420 size 384 Sep 21 07:16:37.115012: | libevent_malloc: new ptr-libevent@0x55cee7714ed0 size 16 Sep 21 07:16:37.115014: | libevent_malloc: new ptr-libevent@0x55cee7714ef0 size 40 Sep 21 07:16:37.115017: | libevent_malloc: new ptr-libevent@0x55cee7714f20 size 48 Sep 21 07:16:37.115024: | libevent_realloc: new ptr-libevent@0x55cee7714f60 size 256 Sep 21 07:16:37.115027: | libevent_malloc: new ptr-libevent@0x55cee7715070 size 16 Sep 21 07:16:37.115032: | libevent_free: release ptr-libevent@0x55cee7714bd0 Sep 21 07:16:37.115035: | libevent initialized Sep 21 07:16:37.115039: | libevent_realloc: new ptr-libevent@0x55cee7715090 size 64 Sep 21 07:16:37.115045: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:16:37.115062: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:16:37.115064: NAT-Traversal support [enabled] Sep 21 07:16:37.115067: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:16:37.115073: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:16:37.115076: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:16:37.115111: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:16:37.115114: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:16:37.115117: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:16:37.115167: Encryption algorithms: Sep 21 07:16:37.115176: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:16:37.115180: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:16:37.115184: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:16:37.115187: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:16:37.115190: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:16:37.115200: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:16:37.115204: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:16:37.115208: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:16:37.115211: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:16:37.115215: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:16:37.115218: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:16:37.115222: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:16:37.115226: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:16:37.115229: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:16:37.115233: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:16:37.115235: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:16:37.115239: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:16:37.115246: Hash algorithms: Sep 21 07:16:37.115249: MD5 IKEv1: IKE IKEv2: Sep 21 07:16:37.115252: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:16:37.115255: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:16:37.115258: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:16:37.115261: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:16:37.115273: PRF algorithms: Sep 21 07:16:37.115276: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:16:37.115280: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:16:37.115283: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:16:37.115286: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:16:37.115289: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:16:37.115292: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:16:37.115317: Integrity algorithms: Sep 21 07:16:37.115320: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:16:37.115324: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:16:37.115328: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:16:37.115332: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:16:37.115336: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:16:37.115339: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:16:37.115342: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:16:37.115345: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:16:37.115348: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:16:37.115360: DH algorithms: Sep 21 07:16:37.115363: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:16:37.115366: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:16:37.115369: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:16:37.115374: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:16:37.115377: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:16:37.115380: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:16:37.115382: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:16:37.115385: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:16:37.115389: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:16:37.115392: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:16:37.115394: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:16:37.115397: testing CAMELLIA_CBC: Sep 21 07:16:37.115399: Camellia: 16 bytes with 128-bit key Sep 21 07:16:37.115520: Camellia: 16 bytes with 128-bit key Sep 21 07:16:37.115549: Camellia: 16 bytes with 256-bit key Sep 21 07:16:37.115578: Camellia: 16 bytes with 256-bit key Sep 21 07:16:37.115604: testing AES_GCM_16: Sep 21 07:16:37.115607: empty string Sep 21 07:16:37.115634: one block Sep 21 07:16:37.115658: two blocks Sep 21 07:16:37.115684: two blocks with associated data Sep 21 07:16:37.115709: testing AES_CTR: Sep 21 07:16:37.115712: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:16:37.115738: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:16:37.115765: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:16:37.115798: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:16:37.115826: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:16:37.115852: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:16:37.115877: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:16:37.115902: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:16:37.115929: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:16:37.115956: testing AES_CBC: Sep 21 07:16:37.115958: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:16:37.115985: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:16:37.116013: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:16:37.116042: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:16:37.116076: testing AES_XCBC: Sep 21 07:16:37.116078: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:16:37.116197: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:16:37.116325: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:16:37.116448: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:16:37.116573: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:16:37.116701: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:16:37.116907: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:16:37.117208: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:16:37.117335: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:16:37.117473: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:16:37.117709: testing HMAC_MD5: Sep 21 07:16:37.117712: RFC 2104: MD5_HMAC test 1 Sep 21 07:16:37.117889: RFC 2104: MD5_HMAC test 2 Sep 21 07:16:37.118046: RFC 2104: MD5_HMAC test 3 Sep 21 07:16:37.118616: 8 CPU cores online Sep 21 07:16:37.118622: starting up 7 crypto helpers Sep 21 07:16:37.118666: started thread for crypto helper 0 Sep 21 07:16:37.118687: started thread for crypto helper 1 Sep 21 07:16:37.118705: started thread for crypto helper 2 Sep 21 07:16:37.118722: started thread for crypto helper 3 Sep 21 07:16:37.118739: started thread for crypto helper 4 Sep 21 07:16:37.118756: started thread for crypto helper 5 Sep 21 07:16:37.118777: started thread for crypto helper 6 Sep 21 07:16:37.118788: | checking IKEv1 state table Sep 21 07:16:37.118797: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:37.118800: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:16:37.118803: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:37.118805: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:16:37.118808: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:16:37.118810: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:16:37.118813: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:37.118815: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:37.118817: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:16:37.118820: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:16:37.118822: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:37.118824: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:37.118827: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:16:37.118829: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:37.118831: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:37.118834: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:37.118836: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:16:37.118838: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:37.118841: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:37.118843: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:37.118845: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:16:37.118848: | -> UNDEFINED EVENT_NULL Sep 21 07:16:37.118850: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:16:37.118853: | -> UNDEFINED EVENT_NULL Sep 21 07:16:37.118855: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:37.118857: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:16:37.118860: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:37.118862: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:37.118865: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:37.118867: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:16:37.118869: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:37.118872: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:37.118874: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:16:37.118877: | -> UNDEFINED EVENT_NULL Sep 21 07:16:37.118879: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:16:37.118881: | -> UNDEFINED EVENT_NULL Sep 21 07:16:37.118884: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:16:37.118886: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:16:37.118889: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:16:37.118891: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:16:37.118894: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:16:37.118896: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:16:37.118899: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:16:37.118901: | -> UNDEFINED EVENT_NULL Sep 21 07:16:37.118904: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:16:37.118906: | -> UNDEFINED EVENT_NULL Sep 21 07:16:37.118909: | INFO: category: informational flags: 0: Sep 21 07:16:37.118911: | -> UNDEFINED EVENT_NULL Sep 21 07:16:37.118913: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:16:37.118916: | -> UNDEFINED EVENT_NULL Sep 21 07:16:37.118918: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:16:37.118920: | -> XAUTH_R1 EVENT_NULL Sep 21 07:16:37.118923: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:16:37.118925: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:37.118928: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:16:37.118930: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:16:37.118933: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:16:37.118935: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:16:37.118938: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:16:37.118940: | -> UNDEFINED EVENT_NULL Sep 21 07:16:37.118943: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:16:37.118947: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:37.118950: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:16:37.118952: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:16:37.118955: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:16:37.118957: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:16:37.118963: | checking IKEv2 state table Sep 21 07:16:37.118968: | PARENT_I0: category: ignore flags: 0: Sep 21 07:16:37.118971: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:16:37.118974: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:37.118977: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:16:37.118979: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:16:37.118982: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:16:37.118985: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:16:37.118988: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:16:37.118990: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:16:37.118993: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:16:37.118995: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:16:37.118998: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:16:37.119001: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:16:37.119003: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:16:37.119006: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:16:37.119008: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:16:37.119011: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:37.119014: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:16:37.119016: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:16:37.119019: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:16:37.119022: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:16:37.119024: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:16:37.119027: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:16:37.119029: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:16:37.119032: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:16:37.119034: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:16:37.119037: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:16:37.119040: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:16:37.119042: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:16:37.119045: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:16:37.119048: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:16:37.119050: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:37.119053: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:16:37.119056: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:16:37.119058: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:16:37.119061: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:16:37.119064: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:16:37.119067: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:16:37.119069: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:16:37.119074: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:16:37.119077: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:37.119080: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:16:37.119082: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:16:37.119085: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:16:37.119088: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:16:37.119090: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:16:37.119093: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:16:37.119143: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:16:37.119203: | Hard-wiring algorithms Sep 21 07:16:37.119206: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:16:37.119210: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:16:37.119212: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:16:37.119215: | adding 3DES_CBC to kernel algorithm db Sep 21 07:16:37.119217: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:16:37.119219: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:16:37.119222: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:16:37.119224: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:16:37.119226: | adding AES_CTR to kernel algorithm db Sep 21 07:16:37.119229: | adding AES_CBC to kernel algorithm db Sep 21 07:16:37.119231: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:16:37.119233: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:16:37.119236: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:16:37.119238: | adding NULL to kernel algorithm db Sep 21 07:16:37.119241: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:16:37.119243: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:16:37.119245: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:16:37.119248: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:16:37.119250: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:16:37.119253: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:16:37.119255: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:16:37.119257: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:16:37.119260: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:16:37.119262: | adding NONE to kernel algorithm db Sep 21 07:16:37.119281: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:16:37.119288: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:16:37.119290: | setup kernel fd callback Sep 21 07:16:37.119293: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55cee771abf0 Sep 21 07:16:37.119297: | libevent_malloc: new ptr-libevent@0x55cee7726990 size 128 Sep 21 07:16:37.119300: | libevent_malloc: new ptr-libevent@0x55cee7715280 size 16 Sep 21 07:16:37.119305: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55cee771abb0 Sep 21 07:16:37.119308: | libevent_malloc: new ptr-libevent@0x55cee7726a20 size 128 Sep 21 07:16:37.119311: | libevent_malloc: new ptr-libevent@0x55cee7719b70 size 16 Sep 21 07:16:37.119540: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:16:37.119548: selinux support is enabled. Sep 21 07:16:37.119626: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:16:37.119851: | unbound context created - setting debug level to 5 Sep 21 07:16:37.119885: | /etc/hosts lookups activated Sep 21 07:16:37.119902: | /etc/resolv.conf usage activated Sep 21 07:16:37.119965: | outgoing-port-avoid set 0-65535 Sep 21 07:16:37.119995: | outgoing-port-permit set 32768-60999 Sep 21 07:16:37.119997: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:16:37.120000: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:16:37.120003: | Setting up events, loop start Sep 21 07:16:37.120006: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55cee7714bd0 Sep 21 07:16:37.120012: | libevent_malloc: new ptr-libevent@0x55cee7730f90 size 128 Sep 21 07:16:37.120015: | libevent_malloc: new ptr-libevent@0x55cee7731020 size 16 Sep 21 07:16:37.120021: | libevent_realloc: new ptr-libevent@0x55cee7731040 size 256 Sep 21 07:16:37.120023: | libevent_malloc: new ptr-libevent@0x55cee7731150 size 8 Sep 21 07:16:37.120026: | libevent_realloc: new ptr-libevent@0x55cee7725d10 size 144 Sep 21 07:16:37.120029: | libevent_malloc: new ptr-libevent@0x55cee7731170 size 152 Sep 21 07:16:37.120032: | libevent_malloc: new ptr-libevent@0x55cee7731210 size 16 Sep 21 07:16:37.120036: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:16:37.120039: | libevent_malloc: new ptr-libevent@0x55cee7731230 size 8 Sep 21 07:16:37.120042: | libevent_malloc: new ptr-libevent@0x55cee7731250 size 152 Sep 21 07:16:37.120045: | signal event handler PLUTO_SIGTERM installed Sep 21 07:16:37.120047: | libevent_malloc: new ptr-libevent@0x55cee77312f0 size 8 Sep 21 07:16:37.120050: | libevent_malloc: new ptr-libevent@0x55cee7731310 size 152 Sep 21 07:16:37.120053: | signal event handler PLUTO_SIGHUP installed Sep 21 07:16:37.120055: | libevent_malloc: new ptr-libevent@0x55cee77313b0 size 8 Sep 21 07:16:37.120058: | libevent_realloc: release ptr-libevent@0x55cee7725d10 Sep 21 07:16:37.120060: | libevent_realloc: new ptr-libevent@0x55cee77313d0 size 256 Sep 21 07:16:37.120063: | libevent_malloc: new ptr-libevent@0x55cee7725d10 size 152 Sep 21 07:16:37.120066: | signal event handler PLUTO_SIGSYS installed Sep 21 07:16:37.120422: | created addconn helper (pid:17470) using fork+execve Sep 21 07:16:37.120434: | forked child 17470 Sep 21 07:16:37.132259: | starting up helper thread 1 Sep 21 07:16:37.132279: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:16:37.132289: | crypto helper 1 waiting (nothing to do) Sep 21 07:16:37.132302: | starting up helper thread 3 Sep 21 07:16:37.132309: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:16:37.132312: | crypto helper 3 waiting (nothing to do) Sep 21 07:16:37.133814: | starting up helper thread 0 Sep 21 07:16:37.133829: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:16:37.133833: | crypto helper 0 waiting (nothing to do) Sep 21 07:16:37.133844: | starting up helper thread 2 Sep 21 07:16:37.133850: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:16:37.133853: | crypto helper 2 waiting (nothing to do) Sep 21 07:16:37.133864: | starting up helper thread 4 Sep 21 07:16:37.133877: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:16:37.133880: | crypto helper 4 waiting (nothing to do) Sep 21 07:16:37.133890: | starting up helper thread 6 Sep 21 07:16:37.133895: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:16:37.133898: | crypto helper 6 waiting (nothing to do) Sep 21 07:16:37.133866: | starting up helper thread 5 Sep 21 07:16:37.140893: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:16:37.140899: | crypto helper 5 waiting (nothing to do) Sep 21 07:16:37.168450: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:37.168476: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:37.168485: listening for IKE messages Sep 21 07:16:37.168585: | Inspecting interface lo Sep 21 07:16:37.168592: | found lo with address 127.0.0.1 Sep 21 07:16:37.168596: | Inspecting interface eth0 Sep 21 07:16:37.168600: | found eth0 with address 192.1.3.209 Sep 21 07:16:37.168644: Kernel supports NIC esp-hw-offload Sep 21 07:16:37.168653: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.1.3.209:500 Sep 21 07:16:37.168705: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:37.168709: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:37.168717: adding interface eth0/eth0 192.1.3.209:4500 Sep 21 07:16:37.168742: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:16:37.168761: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:37.168764: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:37.168768: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:16:37.168824: | no interfaces to sort Sep 21 07:16:37.168830: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:16:37.168837: | add_fd_read_event_handler: new ethX-pe@0x55cee771a350 Sep 21 07:16:37.168841: | libevent_malloc: new ptr-libevent@0x55cee77316d0 size 128 Sep 21 07:16:37.168845: | libevent_malloc: new ptr-libevent@0x55cee7731760 size 16 Sep 21 07:16:37.168853: | setup callback for interface lo 127.0.0.1:4500 fd 20 Sep 21 07:16:37.168856: | add_fd_read_event_handler: new ethX-pe@0x55cee7731780 Sep 21 07:16:37.168858: | libevent_malloc: new ptr-libevent@0x55cee77317c0 size 128 Sep 21 07:16:37.168861: | libevent_malloc: new ptr-libevent@0x55cee7731850 size 16 Sep 21 07:16:37.168866: | setup callback for interface lo 127.0.0.1:500 fd 19 Sep 21 07:16:37.168868: | add_fd_read_event_handler: new ethX-pe@0x55cee7731870 Sep 21 07:16:37.168871: | libevent_malloc: new ptr-libevent@0x55cee77318b0 size 128 Sep 21 07:16:37.168874: | libevent_malloc: new ptr-libevent@0x55cee7731940 size 16 Sep 21 07:16:37.168878: | setup callback for interface eth0 192.1.3.209:4500 fd 18 Sep 21 07:16:37.168881: | add_fd_read_event_handler: new ethX-pe@0x55cee7731960 Sep 21 07:16:37.168883: | libevent_malloc: new ptr-libevent@0x55cee77319a0 size 128 Sep 21 07:16:37.168886: | libevent_malloc: new ptr-libevent@0x55cee7731a30 size 16 Sep 21 07:16:37.168890: | setup callback for interface eth0 192.1.3.209:500 fd 17 Sep 21 07:16:37.168895: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:37.168897: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:37.168916: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:37.168925: | id type added to secret(0x55cee7726b70) PKK_PSK: @east Sep 21 07:16:37.168928: | id type added to secret(0x55cee7726b70) PKK_PSK: %any Sep 21 07:16:37.168932: | Processing PSK at line 1: passed Sep 21 07:16:37.168935: | certs and keys locked by 'process_secret' Sep 21 07:16:37.168937: | certs and keys unlocked by 'process_secret' Sep 21 07:16:37.168942: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:37.168948: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:37.168955: | spent 0.503 milliseconds in whack Sep 21 07:16:37.219720: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:37.219757: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:37.219763: listening for IKE messages Sep 21 07:16:37.238665: | Inspecting interface lo Sep 21 07:16:37.238682: | found lo with address 127.0.0.1 Sep 21 07:16:37.238686: | Inspecting interface eth0 Sep 21 07:16:37.238692: | found eth0 with address 192.1.3.209 Sep 21 07:16:37.238750: | no interfaces to sort Sep 21 07:16:37.238760: | libevent_free: release ptr-libevent@0x55cee77316d0 Sep 21 07:16:37.238764: | free_event_entry: release EVENT_NULL-pe@0x55cee771a350 Sep 21 07:16:37.238768: | add_fd_read_event_handler: new ethX-pe@0x55cee771a350 Sep 21 07:16:37.238772: | libevent_malloc: new ptr-libevent@0x55cee77316d0 size 128 Sep 21 07:16:37.238780: | setup callback for interface lo 127.0.0.1:4500 fd 20 Sep 21 07:16:37.239458: | libevent_free: release ptr-libevent@0x55cee77317c0 Sep 21 07:16:37.239466: | free_event_entry: release EVENT_NULL-pe@0x55cee7731780 Sep 21 07:16:37.239470: | add_fd_read_event_handler: new ethX-pe@0x55cee7731780 Sep 21 07:16:37.239474: | libevent_malloc: new ptr-libevent@0x55cee77317c0 size 128 Sep 21 07:16:37.239482: | setup callback for interface lo 127.0.0.1:500 fd 19 Sep 21 07:16:37.239486: | libevent_free: release ptr-libevent@0x55cee77318b0 Sep 21 07:16:37.239493: | free_event_entry: release EVENT_NULL-pe@0x55cee7731870 Sep 21 07:16:37.239497: | add_fd_read_event_handler: new ethX-pe@0x55cee7731870 Sep 21 07:16:37.239501: | libevent_malloc: new ptr-libevent@0x55cee77318b0 size 128 Sep 21 07:16:37.239507: | setup callback for interface eth0 192.1.3.209:4500 fd 18 Sep 21 07:16:37.239511: | libevent_free: release ptr-libevent@0x55cee77319a0 Sep 21 07:16:37.239514: | free_event_entry: release EVENT_NULL-pe@0x55cee7731960 Sep 21 07:16:37.239517: | add_fd_read_event_handler: new ethX-pe@0x55cee7731960 Sep 21 07:16:37.239520: | libevent_malloc: new ptr-libevent@0x55cee77319a0 size 128 Sep 21 07:16:37.239526: | setup callback for interface eth0 192.1.3.209:500 fd 17 Sep 21 07:16:37.239530: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:37.239532: forgetting secrets Sep 21 07:16:37.239543: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:37.239559: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:37.239567: | id type added to secret(0x55cee7726b70) PKK_PSK: @east Sep 21 07:16:37.239571: | id type added to secret(0x55cee7726b70) PKK_PSK: %any Sep 21 07:16:37.239576: | Processing PSK at line 1: passed Sep 21 07:16:37.239579: | certs and keys locked by 'process_secret' Sep 21 07:16:37.239581: | certs and keys unlocked by 'process_secret' Sep 21 07:16:37.239588: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:37.239597: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:37.239604: | spent 0.367 milliseconds in whack Sep 21 07:16:37.240228: | processing signal PLUTO_SIGCHLD Sep 21 07:16:37.240243: | waitpid returned pid 17470 (exited with status 0) Sep 21 07:16:37.240248: | reaped addconn helper child (status 0) Sep 21 07:16:37.240253: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:37.240258: | spent 0.0186 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:37.368040: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:37.368523: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:37.368531: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:37.368535: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:37.368538: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:37.368543: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:37.368553: | Added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:37.368639: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:16:37.368647: | from whack: got --esp= Sep 21 07:16:37.368710: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:16:37.368716: | counting wild cards for (none) is 15 Sep 21 07:16:37.368721: | counting wild cards for @east is 0 Sep 21 07:16:37.368733: | connect_to_host_pair: 192.1.3.209:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:16:37.368736: | new hp@0x55cee77152c0 Sep 21 07:16:37.368742: added connection description "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:16:37.368753: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:37.368768: | 192.0.1.0/24===192.1.3.209---192.1.3.254...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:16:37.368776: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:37.368788: | spent 0.303 milliseconds in whack Sep 21 07:16:37.470904: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:37.471119: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:37.471125: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:37.471190: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:16:37.471201: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:37.471209: | spent 0.306 milliseconds in whack Sep 21 07:16:37.583369: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:37.583392: | old debugging base+cpu-usage + none Sep 21 07:16:37.583396: | base debugging = base+cpu-usage Sep 21 07:16:37.583399: | old impairing none + suppress-retransmits Sep 21 07:16:37.583402: | base impairing = suppress-retransmits Sep 21 07:16:37.583410: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:37.583416: | spent 0.0551 milliseconds in whack Sep 21 07:16:37.907429: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:37.907456: | dup_any(fd@16) -> fd@21 (in whack_process() at rcv_whack.c:590) Sep 21 07:16:37.907460: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:37.907466: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:16:37.907470: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Sep 21 07:16:37.907473: | dup_any(fd@21) -> fd@22 (in initiate_a_connection() at initiate.c:342) Sep 21 07:16:37.907476: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:37.907495: | creating state object #1 at 0x55cee7733130 Sep 21 07:16:37.907499: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:16:37.907507: | pstats #1 ikev2.ike started Sep 21 07:16:37.907511: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:16:37.907515: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:16:37.907521: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:37.907529: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:37.907535: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:37.907538: | dup_any(fd@22) -> fd@23 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:16:37.907543: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #1 "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:16:37.907548: "westnet-eastnet-ipv4-psk-ikev2" #1: initiating v2 parent SA Sep 21 07:16:37.907561: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE) Sep 21 07:16:37.907568: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:37.907577: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:37.907581: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:37.907586: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:37.907591: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:37.907596: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:37.907606: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:37.907611: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:37.907623: "westnet-eastnet-ipv4-psk-ikev2": constructed local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:37.907631: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:16:37.907636: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55cee77357c0 Sep 21 07:16:37.907639: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:16:37.907643: | libevent_malloc: new ptr-libevent@0x55cee7735800 size 128 Sep 21 07:16:37.907657: | #1 spent 0.19 milliseconds in ikev2_parent_outI1() Sep 21 07:16:37.907661: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:37.907666: | RESET processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:37.907669: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:37.907672: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:16:37.907676: | close_any(fd@21) (in initiate_connection() at initiate.c:372) Sep 21 07:16:37.907679: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:37.907681: | crypto helper 1 resuming Sep 21 07:16:37.907694: | crypto helper 1 starting work-order 1 for state #1 Sep 21 07:16:37.907709: | crypto helper 1 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:16:37.908709: | crypto helper 1 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001002 seconds Sep 21 07:16:37.908721: | (#1) spent 1.01 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:16:37.908725: | crypto helper 1 sending results from work-order 1 for state #1 to event queue Sep 21 07:16:37.908728: | scheduling resume sending helper answer for #1 Sep 21 07:16:37.908732: | libevent_malloc: new ptr-libevent@0x7feef4006900 size 128 Sep 21 07:16:37.908738: | crypto helper 1 waiting (nothing to do) Sep 21 07:16:37.907683: | spent 0.258 milliseconds in whack Sep 21 07:16:37.908754: | processing resume sending helper answer for #1 Sep 21 07:16:37.908762: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:37.908766: | crypto helper 1 replies to request ID 1 Sep 21 07:16:37.908768: | calling continuation function 0x55cee6172630 Sep 21 07:16:37.908771: | ikev2_parent_outI1_continue for #1 Sep 21 07:16:37.908805: | **emit ISAKMP Message: Sep 21 07:16:37.908811: | initiator cookie: Sep 21 07:16:37.908814: | e2 89 18 1d 52 8d ca 70 Sep 21 07:16:37.908816: | responder cookie: Sep 21 07:16:37.908818: | 00 00 00 00 00 00 00 00 Sep 21 07:16:37.908821: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:37.908824: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:37.908827: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:37.908830: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:37.908837: | Message ID: 0 (0x0) Sep 21 07:16:37.908840: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:37.908857: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:37.908861: | Emitting ikev2_proposals ... Sep 21 07:16:37.908865: | ***emit IKEv2 Security Association Payload: Sep 21 07:16:37.908868: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:37.908870: | flags: none (0x0) Sep 21 07:16:37.908874: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:37.908877: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:37.908879: | discarding INTEG=NONE Sep 21 07:16:37.908882: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:37.908885: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:37.908887: | prop #: 1 (0x1) Sep 21 07:16:37.908889: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:37.908892: | spi size: 0 (0x0) Sep 21 07:16:37.908894: | # transforms: 11 (0xb) Sep 21 07:16:37.908898: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:37.908901: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.908903: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.908906: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:37.908908: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:37.908911: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.908914: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:37.908917: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:37.908920: | length/value: 256 (0x100) Sep 21 07:16:37.908923: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:37.908925: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.908928: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.908930: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:37.908933: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:37.908936: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.908939: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.908941: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.908944: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.908946: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.908949: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:37.908951: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:37.908954: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.908957: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.908962: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.908965: | discarding INTEG=NONE Sep 21 07:16:37.908967: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.908970: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.908972: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.908974: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:37.908977: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.908980: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.908982: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.908985: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.908987: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.908990: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.908992: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:37.908995: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.908998: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909001: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909003: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909006: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909008: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909010: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:37.909013: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909016: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909019: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909021: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909024: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909026: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909028: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:37.909032: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909034: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909037: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909039: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909042: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909044: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909047: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:37.909049: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909052: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909055: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909057: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909059: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909062: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909064: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:37.909067: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909073: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909075: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909078: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909080: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909083: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909085: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:37.909088: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909090: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909093: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909095: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909098: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:37.909100: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909103: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:37.909106: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909109: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909111: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909114: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:37.909117: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:37.909119: | discarding INTEG=NONE Sep 21 07:16:37.909121: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:37.909124: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:37.909126: | prop #: 2 (0x2) Sep 21 07:16:37.909128: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:37.909131: | spi size: 0 (0x0) Sep 21 07:16:37.909133: | # transforms: 11 (0xb) Sep 21 07:16:37.909137: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:37.909140: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:37.909142: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909145: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909147: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:37.909150: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:37.909152: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909155: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:37.909158: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:37.909160: | length/value: 128 (0x80) Sep 21 07:16:37.909163: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:37.909165: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909167: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909170: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:37.909173: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:37.909176: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909178: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909183: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909186: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909188: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909191: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:37.909193: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:37.909196: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909199: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909201: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909204: | discarding INTEG=NONE Sep 21 07:16:37.909206: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909209: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909211: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909213: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:37.909216: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909219: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909222: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909224: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909226: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909229: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909231: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:37.909234: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909237: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909240: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909242: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909244: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909247: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909249: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:37.909252: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909255: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909257: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909260: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909262: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909265: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909267: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:37.909270: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909273: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909276: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909278: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909281: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909283: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909286: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:37.909288: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909293: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909296: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909299: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909301: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909304: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909306: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:37.909309: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909312: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909314: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909317: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909319: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909322: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909324: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:37.909327: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909330: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909332: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909335: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909337: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:37.909340: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909342: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:37.909345: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909348: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909350: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909353: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:37.909356: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:37.909358: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:37.909361: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:37.909363: | prop #: 3 (0x3) Sep 21 07:16:37.909365: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:37.909368: | spi size: 0 (0x0) Sep 21 07:16:37.909370: | # transforms: 13 (0xd) Sep 21 07:16:37.909373: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:37.909376: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:37.909379: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909381: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909384: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:37.909386: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:37.909389: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909391: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:37.909394: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:37.909396: | length/value: 256 (0x100) Sep 21 07:16:37.909399: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:37.909406: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909408: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909411: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:37.909413: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:37.909416: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909419: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909422: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909424: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909426: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909429: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:37.909431: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:37.909434: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909437: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909439: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909442: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909444: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909447: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:37.909449: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:37.909452: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909455: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909458: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909460: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909462: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909465: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:37.909467: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:37.909470: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909473: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909475: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909478: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909481: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909483: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909485: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:37.909488: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909491: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909494: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909496: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909498: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909501: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909503: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:37.909506: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909509: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909515: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909518: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909520: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909523: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909525: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:37.909528: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909531: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909533: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909536: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909538: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909541: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909543: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:37.909546: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909549: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909552: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909554: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909556: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909559: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909561: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:37.909564: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909567: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909569: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909572: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909574: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909576: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909579: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:37.909582: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909585: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909587: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909589: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909592: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909594: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909597: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:37.909600: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909602: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909605: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909607: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909610: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:37.909612: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909615: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:37.909618: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909622: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909625: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909628: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:37.909630: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:37.909633: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:37.909635: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:37.909637: | prop #: 4 (0x4) Sep 21 07:16:37.909640: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:37.909642: | spi size: 0 (0x0) Sep 21 07:16:37.909644: | # transforms: 13 (0xd) Sep 21 07:16:37.909648: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:37.909651: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:37.909653: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909656: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909658: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:37.909660: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:37.909663: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909666: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:37.909668: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:37.909671: | length/value: 128 (0x80) Sep 21 07:16:37.909673: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:37.909676: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909678: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909680: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:37.909683: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:37.909686: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909689: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909691: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909694: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909696: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909698: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:37.909701: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:37.909704: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909706: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909709: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909711: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909714: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909716: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:37.909719: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:37.909722: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909725: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909727: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909731: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909734: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909736: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:37.909738: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:37.909741: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909744: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909747: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909749: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909751: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909754: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909756: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:37.909759: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909762: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909765: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909767: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909769: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909772: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909774: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:37.909777: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909780: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909789: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909794: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909797: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909799: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909801: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:37.909804: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909807: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909810: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909812: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909814: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909817: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909819: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:37.909822: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909825: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909828: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909830: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909832: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909835: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909837: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:37.909840: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909845: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909848: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909850: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909853: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909855: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909857: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:37.909860: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909863: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909866: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909868: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909871: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909873: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909875: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:37.909878: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909881: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909884: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909886: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.909889: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:37.909891: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.909894: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:37.909897: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.909899: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.909902: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.909905: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:37.909907: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:37.909910: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:16:37.909912: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:37.909915: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:16:37.909918: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:37.909920: | flags: none (0x0) Sep 21 07:16:37.909923: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:37.909926: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:37.909929: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:37.909933: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:37.909935: | ikev2 g^x fb 04 9e 57 3a 91 a0 50 ae 5e d8 13 fb d4 3b f1 Sep 21 07:16:37.909938: | ikev2 g^x de 5b 32 81 85 20 55 08 29 e1 fb d5 04 82 c5 a5 Sep 21 07:16:37.909940: | ikev2 g^x d6 09 49 f6 59 7b de ca 68 2d 85 ca 98 d8 57 3e Sep 21 07:16:37.909942: | ikev2 g^x ab 46 78 51 48 64 96 86 77 bd 85 a9 10 42 16 63 Sep 21 07:16:37.909945: | ikev2 g^x 59 e4 24 37 6a 1e e1 49 96 1e c3 df 57 c1 35 dd Sep 21 07:16:37.909947: | ikev2 g^x 25 2c 1d e0 81 34 51 00 75 16 44 be 22 6e b6 60 Sep 21 07:16:37.909949: | ikev2 g^x fc 76 26 14 97 0f a2 b3 89 a8 3a ae 5f c4 3f e5 Sep 21 07:16:37.909953: | ikev2 g^x 38 8c 26 17 8c e9 fc d9 b5 18 aa 36 40 aa 3b 3e Sep 21 07:16:37.909956: | ikev2 g^x 79 4b c5 de 02 d0 d7 38 bc 8a 88 bb a0 13 b5 1a Sep 21 07:16:37.909958: | ikev2 g^x 64 d7 66 71 84 4f 8d 1e b0 31 72 bc e6 a1 9d 02 Sep 21 07:16:37.909960: | ikev2 g^x f9 1d 48 f2 34 bc 79 68 17 1b c7 6b 74 fc 4b 8d Sep 21 07:16:37.909963: | ikev2 g^x 1d ff 5c f3 63 01 50 94 88 b6 50 41 aa cb 87 d1 Sep 21 07:16:37.909965: | ikev2 g^x 48 16 30 c8 22 34 bc 04 79 34 dc 6e 4a e8 1c 5c Sep 21 07:16:37.909967: | ikev2 g^x 78 9b ea 62 a5 db 3a 1a 41 8e e1 c7 83 dd 09 a1 Sep 21 07:16:37.909970: | ikev2 g^x 5f 12 6e 7b 7b c1 d3 64 ac d6 b1 70 4e d8 ae e2 Sep 21 07:16:37.909972: | ikev2 g^x f8 bc 68 65 02 f0 b5 65 6c 8b e7 05 50 f3 ad e5 Sep 21 07:16:37.909974: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:16:37.909977: | ***emit IKEv2 Nonce Payload: Sep 21 07:16:37.909980: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:37.909982: | flags: none (0x0) Sep 21 07:16:37.909985: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:16:37.909988: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:37.909991: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:37.909994: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:37.909997: | IKEv2 nonce fb 8f 0e 4e bc 5b 54 e7 b4 4f a4 a7 70 f6 27 50 Sep 21 07:16:37.909999: | IKEv2 nonce db c8 36 bc 95 95 80 e4 9d df 1c 12 e8 8c 89 1d Sep 21 07:16:37.910002: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:37.910004: | Adding a v2N Payload Sep 21 07:16:37.910007: | ***emit IKEv2 Notify Payload: Sep 21 07:16:37.910009: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:37.910011: | flags: none (0x0) Sep 21 07:16:37.910014: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:37.910016: | SPI size: 0 (0x0) Sep 21 07:16:37.910019: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:37.910022: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:37.910025: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:37.910028: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:16:37.910031: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:16:37.910034: | natd_hash: rcookie is zero Sep 21 07:16:37.910046: | natd_hash: hasher=0x55cee62487a0(20) Sep 21 07:16:37.910049: | natd_hash: icookie= e2 89 18 1d 52 8d ca 70 Sep 21 07:16:37.910051: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:37.910054: | natd_hash: ip= c0 01 03 d1 Sep 21 07:16:37.910056: | natd_hash: port= 01 f4 Sep 21 07:16:37.910058: | natd_hash: hash= e4 7b a2 62 0e b7 6a a4 0f 3e 51 29 cf fe 01 98 Sep 21 07:16:37.910061: | natd_hash: hash= c3 b0 8a 99 Sep 21 07:16:37.910063: | Adding a v2N Payload Sep 21 07:16:37.910065: | ***emit IKEv2 Notify Payload: Sep 21 07:16:37.910068: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:37.910070: | flags: none (0x0) Sep 21 07:16:37.910073: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:37.910075: | SPI size: 0 (0x0) Sep 21 07:16:37.910078: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:37.910081: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:37.910083: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:37.910086: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:37.910089: | Notify data e4 7b a2 62 0e b7 6a a4 0f 3e 51 29 cf fe 01 98 Sep 21 07:16:37.910093: | Notify data c3 b0 8a 99 Sep 21 07:16:37.910095: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:37.910098: | natd_hash: rcookie is zero Sep 21 07:16:37.910107: | natd_hash: hasher=0x55cee62487a0(20) Sep 21 07:16:37.910110: | natd_hash: icookie= e2 89 18 1d 52 8d ca 70 Sep 21 07:16:37.910112: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:37.910114: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:37.910116: | natd_hash: port= 01 f4 Sep 21 07:16:37.910118: | natd_hash: hash= 11 21 79 0c 5d 5e dc 5c 53 48 27 75 84 00 9a d0 Sep 21 07:16:37.910121: | natd_hash: hash= 28 be e7 3d Sep 21 07:16:37.910123: | Adding a v2N Payload Sep 21 07:16:37.910125: | ***emit IKEv2 Notify Payload: Sep 21 07:16:37.910128: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:37.910130: | flags: none (0x0) Sep 21 07:16:37.910132: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:37.910135: | SPI size: 0 (0x0) Sep 21 07:16:37.910138: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:37.910140: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:37.910143: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:37.910146: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:37.910149: | Notify data 11 21 79 0c 5d 5e dc 5c 53 48 27 75 84 00 9a d0 Sep 21 07:16:37.910151: | Notify data 28 be e7 3d Sep 21 07:16:37.910153: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:37.910156: | emitting length of ISAKMP Message: 828 Sep 21 07:16:37.910165: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:16:37.910175: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:37.910180: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:16:37.910183: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:16:37.910187: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:16:37.910190: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:16:37.910192: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:16:37.910198: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:37.910201: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:37.910213: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) Sep 21 07:16:37.910224: | sending 828 bytes for STATE_PARENT_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:37.910227: | e2 89 18 1d 52 8d ca 70 00 00 00 00 00 00 00 00 Sep 21 07:16:37.910230: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:16:37.910232: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:16:37.910234: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:16:37.910236: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:16:37.910239: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:16:37.910241: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:16:37.910243: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:16:37.910245: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:16:37.910248: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:16:37.910250: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:16:37.910252: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:16:37.910254: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:16:37.910257: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:16:37.910261: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:16:37.910263: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:16:37.910265: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:16:37.910267: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:16:37.910270: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:16:37.910272: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:16:37.910274: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:16:37.910277: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:16:37.910279: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:16:37.910281: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:16:37.910283: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:16:37.910286: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:16:37.910288: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:16:37.910290: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:16:37.910292: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:16:37.910294: | 28 00 01 08 00 0e 00 00 fb 04 9e 57 3a 91 a0 50 Sep 21 07:16:37.910297: | ae 5e d8 13 fb d4 3b f1 de 5b 32 81 85 20 55 08 Sep 21 07:16:37.910299: | 29 e1 fb d5 04 82 c5 a5 d6 09 49 f6 59 7b de ca Sep 21 07:16:37.910301: | 68 2d 85 ca 98 d8 57 3e ab 46 78 51 48 64 96 86 Sep 21 07:16:37.910304: | 77 bd 85 a9 10 42 16 63 59 e4 24 37 6a 1e e1 49 Sep 21 07:16:37.910306: | 96 1e c3 df 57 c1 35 dd 25 2c 1d e0 81 34 51 00 Sep 21 07:16:37.910308: | 75 16 44 be 22 6e b6 60 fc 76 26 14 97 0f a2 b3 Sep 21 07:16:37.910311: | 89 a8 3a ae 5f c4 3f e5 38 8c 26 17 8c e9 fc d9 Sep 21 07:16:37.910313: | b5 18 aa 36 40 aa 3b 3e 79 4b c5 de 02 d0 d7 38 Sep 21 07:16:37.910315: | bc 8a 88 bb a0 13 b5 1a 64 d7 66 71 84 4f 8d 1e Sep 21 07:16:37.910317: | b0 31 72 bc e6 a1 9d 02 f9 1d 48 f2 34 bc 79 68 Sep 21 07:16:37.910319: | 17 1b c7 6b 74 fc 4b 8d 1d ff 5c f3 63 01 50 94 Sep 21 07:16:37.910322: | 88 b6 50 41 aa cb 87 d1 48 16 30 c8 22 34 bc 04 Sep 21 07:16:37.910324: | 79 34 dc 6e 4a e8 1c 5c 78 9b ea 62 a5 db 3a 1a Sep 21 07:16:37.910326: | 41 8e e1 c7 83 dd 09 a1 5f 12 6e 7b 7b c1 d3 64 Sep 21 07:16:37.910328: | ac d6 b1 70 4e d8 ae e2 f8 bc 68 65 02 f0 b5 65 Sep 21 07:16:37.910331: | 6c 8b e7 05 50 f3 ad e5 29 00 00 24 fb 8f 0e 4e Sep 21 07:16:37.910333: | bc 5b 54 e7 b4 4f a4 a7 70 f6 27 50 db c8 36 bc Sep 21 07:16:37.910335: | 95 95 80 e4 9d df 1c 12 e8 8c 89 1d 29 00 00 08 Sep 21 07:16:37.910337: | 00 00 40 2e 29 00 00 1c 00 00 40 04 e4 7b a2 62 Sep 21 07:16:37.910340: | 0e b7 6a a4 0f 3e 51 29 cf fe 01 98 c3 b0 8a 99 Sep 21 07:16:37.910342: | 00 00 00 1c 00 00 40 05 11 21 79 0c 5d 5e dc 5c Sep 21 07:16:37.910344: | 53 48 27 75 84 00 9a d0 28 be e7 3d Sep 21 07:16:37.910437: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:37.910443: | libevent_free: release ptr-libevent@0x55cee7735800 Sep 21 07:16:37.910446: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55cee77357c0 Sep 21 07:16:37.910449: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:16:37.910452: "westnet-eastnet-ipv4-psk-ikev2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:16:37.910458: | event_schedule: new EVENT_RETRANSMIT-pe@0x55cee77357c0 Sep 21 07:16:37.910461: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Sep 21 07:16:37.910464: | libevent_malloc: new ptr-libevent@0x55cee7735800 size 128 Sep 21 07:16:37.910469: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48844.278721 Sep 21 07:16:37.910473: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:16:37.910479: | #1 spent 1.63 milliseconds in resume sending helper answer Sep 21 07:16:37.910486: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:37.910489: | libevent_free: release ptr-libevent@0x7feef4006900 Sep 21 07:16:37.913798: | spent 0.00216 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:37.913817: | *received 432 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) Sep 21 07:16:37.913821: | e2 89 18 1d 52 8d ca 70 77 7a c6 a2 02 ee bc 1f Sep 21 07:16:37.913823: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:16:37.913826: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:16:37.913828: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:16:37.913830: | 04 00 00 0e 28 00 01 08 00 0e 00 00 1b e1 f5 c8 Sep 21 07:16:37.913832: | 08 18 a4 dc 17 b7 ad 2e a8 38 c7 49 71 a7 e4 f0 Sep 21 07:16:37.913835: | 59 79 0d 06 f5 34 fb 26 e4 12 78 5e fd cc 25 e2 Sep 21 07:16:37.913837: | 95 9b 18 1f c6 ef 6d 67 07 01 74 da 62 34 83 69 Sep 21 07:16:37.913839: | 72 0a c1 92 be 01 c3 06 da 15 05 68 ee 1d 74 b0 Sep 21 07:16:37.913841: | c7 61 f1 f2 4b f9 83 06 31 00 dc 24 25 ea 33 87 Sep 21 07:16:37.913844: | 1e a0 32 e8 ac f8 b2 06 c7 a8 85 49 aa 6d 9c 60 Sep 21 07:16:37.913846: | 59 dd 3c f9 7c d6 c0 f2 3d fa e7 41 19 07 b2 a5 Sep 21 07:16:37.913848: | e6 72 d2 9e 31 62 c3 f3 0d 7a 9c 6f ae 59 fe 2b Sep 21 07:16:37.913851: | bb 2c c3 61 45 b8 a9 36 0f c2 c1 ad 28 6b ea 55 Sep 21 07:16:37.913853: | f7 c4 8c 03 6a 66 b7 0f a1 76 dc a6 58 03 08 7c Sep 21 07:16:37.913855: | 1a 78 69 6b ac 0d 78 21 9e 59 24 7b 07 80 53 48 Sep 21 07:16:37.913857: | 34 91 08 25 ed 6a d6 81 bc fc 43 cf 4f fe 82 c2 Sep 21 07:16:37.913860: | 54 25 40 cc e7 56 32 e5 93 12 64 3e da b9 1c c7 Sep 21 07:16:37.913862: | 9b 5c fc ac b8 b5 a3 bf e5 1f aa ba 92 a5 e1 ab Sep 21 07:16:37.913864: | 84 a6 3b 02 e2 e0 32 15 88 2d 52 1e e0 a2 94 41 Sep 21 07:16:37.913866: | 6b 1e 76 d9 cb 76 c7 40 fb cf 5a 5a 29 00 00 24 Sep 21 07:16:37.913868: | 4b 0a ad 8d b6 bb 21 59 84 78 2e 6d c9 ab bb 0e Sep 21 07:16:37.913871: | 3c 78 6d 18 62 ef 1c 91 cc a1 44 17 f5 09 8b ca Sep 21 07:16:37.913873: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:16:37.913875: | 1d 84 4d ac f0 43 98 42 44 3f 4a fc d2 cc f7 c3 Sep 21 07:16:37.913877: | 32 da a5 61 00 00 00 1c 00 00 40 05 e9 16 48 a7 Sep 21 07:16:37.913880: | 38 f8 f3 e1 36 09 d5 fe 52 9f a0 5b 80 44 7c 06 Sep 21 07:16:37.913885: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:37.913888: | **parse ISAKMP Message: Sep 21 07:16:37.913891: | initiator cookie: Sep 21 07:16:37.913893: | e2 89 18 1d 52 8d ca 70 Sep 21 07:16:37.913896: | responder cookie: Sep 21 07:16:37.913898: | 77 7a c6 a2 02 ee bc 1f Sep 21 07:16:37.913901: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:37.913903: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:37.913906: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:37.913909: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:37.913911: | Message ID: 0 (0x0) Sep 21 07:16:37.913914: | length: 432 (0x1b0) Sep 21 07:16:37.913917: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:16:37.913920: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:16:37.913924: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:16:37.913930: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:37.913935: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:37.913938: | #1 is idle Sep 21 07:16:37.913940: | #1 idle Sep 21 07:16:37.913942: | unpacking clear payload Sep 21 07:16:37.913947: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:37.913951: | ***parse IKEv2 Security Association Payload: Sep 21 07:16:37.913953: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:16:37.913956: | flags: none (0x0) Sep 21 07:16:37.913958: | length: 40 (0x28) Sep 21 07:16:37.913961: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:16:37.913963: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:16:37.913966: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:16:37.913969: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:16:37.913971: | flags: none (0x0) Sep 21 07:16:37.913974: | length: 264 (0x108) Sep 21 07:16:37.913976: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:37.913979: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:16:37.913981: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:16:37.913983: | ***parse IKEv2 Nonce Payload: Sep 21 07:16:37.913986: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:37.913989: | flags: none (0x0) Sep 21 07:16:37.913991: | length: 36 (0x24) Sep 21 07:16:37.913993: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:16:37.913996: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:37.913998: | ***parse IKEv2 Notify Payload: Sep 21 07:16:37.914001: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:37.914003: | flags: none (0x0) Sep 21 07:16:37.914006: | length: 8 (0x8) Sep 21 07:16:37.914008: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:37.914010: | SPI size: 0 (0x0) Sep 21 07:16:37.914013: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:37.914016: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:16:37.914018: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:37.914021: | ***parse IKEv2 Notify Payload: Sep 21 07:16:37.914023: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:37.914026: | flags: none (0x0) Sep 21 07:16:37.914028: | length: 28 (0x1c) Sep 21 07:16:37.914030: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:37.914033: | SPI size: 0 (0x0) Sep 21 07:16:37.914035: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:37.914038: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:37.914040: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:37.914043: | ***parse IKEv2 Notify Payload: Sep 21 07:16:37.914045: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:37.914047: | flags: none (0x0) Sep 21 07:16:37.914050: | length: 28 (0x1c) Sep 21 07:16:37.914052: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:37.914055: | SPI size: 0 (0x0) Sep 21 07:16:37.914057: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:37.914060: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:37.914063: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:16:37.914068: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:37.914071: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:16:37.914074: | Now let's proceed with state specific processing Sep 21 07:16:37.914076: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:16:37.914080: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:16:37.914098: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:37.914104: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:16:37.914108: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:37.914110: | local proposal 1 type PRF has 2 transforms Sep 21 07:16:37.914113: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:37.914116: | local proposal 1 type DH has 8 transforms Sep 21 07:16:37.914118: | local proposal 1 type ESN has 0 transforms Sep 21 07:16:37.914122: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:16:37.914124: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:37.914127: | local proposal 2 type PRF has 2 transforms Sep 21 07:16:37.914129: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:37.914132: | local proposal 2 type DH has 8 transforms Sep 21 07:16:37.914134: | local proposal 2 type ESN has 0 transforms Sep 21 07:16:37.914137: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:16:37.914140: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:37.914142: | local proposal 3 type PRF has 2 transforms Sep 21 07:16:37.914145: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:37.914147: | local proposal 3 type DH has 8 transforms Sep 21 07:16:37.914150: | local proposal 3 type ESN has 0 transforms Sep 21 07:16:37.914153: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:16:37.914155: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:37.914158: | local proposal 4 type PRF has 2 transforms Sep 21 07:16:37.914160: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:37.914163: | local proposal 4 type DH has 8 transforms Sep 21 07:16:37.914165: | local proposal 4 type ESN has 0 transforms Sep 21 07:16:37.914168: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:16:37.914171: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:37.914174: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:37.914176: | length: 36 (0x24) Sep 21 07:16:37.914178: | prop #: 1 (0x1) Sep 21 07:16:37.914181: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:37.914183: | spi size: 0 (0x0) Sep 21 07:16:37.914186: | # transforms: 3 (0x3) Sep 21 07:16:37.914190: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:16:37.914193: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:37.914195: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.914198: | length: 12 (0xc) Sep 21 07:16:37.914200: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:37.914203: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:37.914205: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:37.914208: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:37.914210: | length/value: 256 (0x100) Sep 21 07:16:37.914215: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:37.914218: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:37.914220: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.914223: | length: 8 (0x8) Sep 21 07:16:37.914226: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:37.914228: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:37.914232: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:16:37.914235: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:37.914237: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:37.914239: | length: 8 (0x8) Sep 21 07:16:37.914242: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:37.914244: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:37.914248: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:16:37.914253: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:16:37.914258: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:16:37.914261: | remote proposal 1 matches local proposal 1 Sep 21 07:16:37.914264: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:16:37.914266: | converting proposal to internal trans attrs Sep 21 07:16:37.914281: | natd_hash: hasher=0x55cee62487a0(20) Sep 21 07:16:37.914285: | natd_hash: icookie= e2 89 18 1d 52 8d ca 70 Sep 21 07:16:37.914287: | natd_hash: rcookie= 77 7a c6 a2 02 ee bc 1f Sep 21 07:16:37.914289: | natd_hash: ip= c0 01 03 d1 Sep 21 07:16:37.914292: | natd_hash: port= 01 f4 Sep 21 07:16:37.914294: | natd_hash: hash= 7e b4 85 4f 72 0d e7 b5 20 71 af 2e ef ee 72 02 Sep 21 07:16:37.914296: | natd_hash: hash= c8 d1 9e 21 Sep 21 07:16:37.914303: | natd_hash: hasher=0x55cee62487a0(20) Sep 21 07:16:37.914306: | natd_hash: icookie= e2 89 18 1d 52 8d ca 70 Sep 21 07:16:37.914308: | natd_hash: rcookie= 77 7a c6 a2 02 ee bc 1f Sep 21 07:16:37.914310: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:37.914312: | natd_hash: port= 01 f4 Sep 21 07:16:37.914315: | natd_hash: hash= 1d 84 4d ac f0 43 98 42 44 3f 4a fc d2 cc f7 c3 Sep 21 07:16:37.914317: | natd_hash: hash= 32 da a5 61 Sep 21 07:16:37.914320: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:16:37.914322: | NAT_TRAVERSAL this end is behind NAT Sep 21 07:16:37.914324: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:16:37.914328: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:16:37.914333: | NAT: #1 floating local endpoint from 192.1.3.209:500 to 192.1.3.209:4500 using pluto_nat_port (in ikev2_parent_inR1outI2() at ikev2_parent.c:1695) Sep 21 07:16:37.914338: | NAT: #1 floating endpoint ended up on interface eth0 192.1.3.209:4500 Sep 21 07:16:37.914341: | NAT-T: #1 floating remote port from 500 to 4500 using pluto_nat_port (in ikev2_parent_inR1outI2() at ikev2_parent.c:1695) Sep 21 07:16:37.914351: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:16:37.914355: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:16:37.914358: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:37.914361: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:16:37.914365: | libevent_free: release ptr-libevent@0x55cee7735800 Sep 21 07:16:37.914368: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55cee77357c0 Sep 21 07:16:37.914371: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55cee77357c0 Sep 21 07:16:37.914374: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:16:37.914377: | libevent_malloc: new ptr-libevent@0x55cee7735800 size 128 Sep 21 07:16:37.914388: | #1 spent 0.306 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:16:37.914394: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:37.914398: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:16:37.914400: | suspending state #1 and saving MD Sep 21 07:16:37.914402: | #1 is busy; has a suspended MD Sep 21 07:16:37.914407: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:37.914410: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:37.914415: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:37.914420: | #1 spent 0.611 milliseconds in ikev2_process_packet() Sep 21 07:16:37.914424: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:37.914429: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:37.914432: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:37.914437: | spent 0.628 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:37.914445: | crypto helper 3 resuming Sep 21 07:16:37.914450: | crypto helper 3 starting work-order 2 for state #1 Sep 21 07:16:37.914454: | crypto helper 3 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:16:37.915346: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:16:37.915811: | crypto helper 3 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001356 seconds Sep 21 07:16:37.915821: | (#1) spent 1.36 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:16:37.915825: | crypto helper 3 sending results from work-order 2 for state #1 to event queue Sep 21 07:16:37.915828: | scheduling resume sending helper answer for #1 Sep 21 07:16:37.915831: | libevent_malloc: new ptr-libevent@0x7feeec006b90 size 128 Sep 21 07:16:37.915839: | crypto helper 3 waiting (nothing to do) Sep 21 07:16:37.915850: | processing resume sending helper answer for #1 Sep 21 07:16:37.915857: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in resume_handler() at server.c:797) Sep 21 07:16:37.915861: | crypto helper 3 replies to request ID 2 Sep 21 07:16:37.915863: | calling continuation function 0x55cee6172630 Sep 21 07:16:37.915866: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:16:37.915871: | creating state object #2 at 0x55cee7738100 Sep 21 07:16:37.915874: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:16:37.915878: | pstats #2 ikev2.child started Sep 21 07:16:37.915881: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Sep 21 07:16:37.915886: | #2 setting local endpoint to 192.1.3.209:4500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:37.915893: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:37.915897: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:16:37.915902: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:37.915905: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:37.915909: | libevent_free: release ptr-libevent@0x55cee7735800 Sep 21 07:16:37.915912: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55cee77357c0 Sep 21 07:16:37.915915: | event_schedule: new EVENT_SA_REPLACE-pe@0x55cee77357c0 Sep 21 07:16:37.915918: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:16:37.915921: | libevent_malloc: new ptr-libevent@0x55cee7735800 size 128 Sep 21 07:16:37.915925: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:16:37.915931: | **emit ISAKMP Message: Sep 21 07:16:37.915934: | initiator cookie: Sep 21 07:16:37.915936: | e2 89 18 1d 52 8d ca 70 Sep 21 07:16:37.915939: | responder cookie: Sep 21 07:16:37.915941: | 77 7a c6 a2 02 ee bc 1f Sep 21 07:16:37.915943: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:37.915946: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:37.915949: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:37.915952: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:37.915954: | Message ID: 1 (0x1) Sep 21 07:16:37.915958: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:37.915961: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:37.915963: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:37.915969: | flags: none (0x0) Sep 21 07:16:37.915972: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:37.915975: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:16:37.915979: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:37.915986: | IKEv2 CERT: send a certificate? Sep 21 07:16:37.915991: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Sep 21 07:16:37.915994: | IDr payload will be sent Sep 21 07:16:37.916010: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:16:37.916014: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:37.916017: | flags: none (0x0) Sep 21 07:16:37.916019: | ID type: ID_IPV4_ADDR (0x1) Sep 21 07:16:37.916023: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:16:37.916026: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:37.916029: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:16:37.916032: | my identity c0 01 03 d1 Sep 21 07:16:37.916034: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Sep 21 07:16:37.916043: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:16:37.916046: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:16:37.916049: | flags: none (0x0) Sep 21 07:16:37.916051: | ID type: ID_FQDN (0x2) Sep 21 07:16:37.916055: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:16:37.916058: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:16:37.916061: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:37.916064: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:16:37.916066: | IDr 65 61 73 74 Sep 21 07:16:37.916069: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:16:37.916071: | not sending INITIAL_CONTACT Sep 21 07:16:37.916074: | ****emit IKEv2 Authentication Payload: Sep 21 07:16:37.916077: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:37.916079: | flags: none (0x0) Sep 21 07:16:37.916082: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:16:37.916085: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:16:37.916088: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:16:37.916092: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Sep 21 07:16:37.916097: | started looking for secret for 192.1.3.209->@east of kind PKK_PSK Sep 21 07:16:37.916100: | actually looking for secret for 192.1.3.209->@east of kind PKK_PSK Sep 21 07:16:37.916104: | line 1: key type PKK_PSK(192.1.3.209) to type PKK_PSK Sep 21 07:16:37.916109: | 1: compared key %any to 192.1.3.209 / @east -> 002 Sep 21 07:16:37.916114: | 2: compared key @east to 192.1.3.209 / @east -> 006 Sep 21 07:16:37.916116: | line 1: match=006 Sep 21 07:16:37.916119: | match 006 beats previous best_match 000 match=0x55cee7726b70 (line=1) Sep 21 07:16:37.916122: | concluding with best_match=006 best=0x55cee7726b70 (lineno=1) Sep 21 07:16:37.916185: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Sep 21 07:16:37.916189: | PSK auth 82 26 85 62 31 df b1 fa 7e 87 18 09 91 c4 1b db Sep 21 07:16:37.916192: | PSK auth e7 0c f3 d3 6a 0e 63 c3 1c b9 3d f0 e1 f4 3f 5f Sep 21 07:16:37.916198: | PSK auth 2c a1 3d 4c 54 e1 00 ce 41 6b 9a 6a af d8 24 9e Sep 21 07:16:37.916201: | PSK auth 14 45 02 e0 76 c8 4f fe fd 16 f0 34 4d dc e7 e2 Sep 21 07:16:37.916204: | emitting length of IKEv2 Authentication Payload: 72 Sep 21 07:16:37.916206: | getting first pending from state #1 Sep 21 07:16:37.916226: | netlink_get_spi: allocated 0x521f4cc9 for esp.0@192.1.3.209 Sep 21 07:16:37.916231: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:16:37.916238: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:16:37.916244: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:16:37.916247: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:16:37.916251: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:16:37.916254: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:37.916259: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:37.916262: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:37.916266: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:37.916274: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:37.916284: | Emitting ikev2_proposals ... Sep 21 07:16:37.916288: | ****emit IKEv2 Security Association Payload: Sep 21 07:16:37.916290: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:37.916293: | flags: none (0x0) Sep 21 07:16:37.916297: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:37.916299: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:37.916302: | discarding INTEG=NONE Sep 21 07:16:37.916304: | discarding DH=NONE Sep 21 07:16:37.916307: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:37.916309: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:37.916312: | prop #: 1 (0x1) Sep 21 07:16:37.916314: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:37.916317: | spi size: 4 (0x4) Sep 21 07:16:37.916319: | # transforms: 2 (0x2) Sep 21 07:16:37.916322: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:37.916325: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:37.916328: | our spi 52 1f 4c c9 Sep 21 07:16:37.916330: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.916333: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.916336: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:37.916338: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:37.916341: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.916344: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:37.916347: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:37.916349: | length/value: 256 (0x100) Sep 21 07:16:37.916352: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:37.916355: | discarding INTEG=NONE Sep 21 07:16:37.916357: | discarding DH=NONE Sep 21 07:16:37.916359: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.916365: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:37.916368: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:37.916370: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:37.916373: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.916376: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.916379: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.916381: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:16:37.916384: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:37.916387: | discarding INTEG=NONE Sep 21 07:16:37.916389: | discarding DH=NONE Sep 21 07:16:37.916391: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:37.916394: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:37.916396: | prop #: 2 (0x2) Sep 21 07:16:37.916399: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:37.916401: | spi size: 4 (0x4) Sep 21 07:16:37.916403: | # transforms: 2 (0x2) Sep 21 07:16:37.916407: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:37.916410: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:37.916413: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:37.916415: | our spi 52 1f 4c c9 Sep 21 07:16:37.916417: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.916420: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.916422: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:37.916425: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:37.916428: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.916431: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:37.916433: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:37.916436: | length/value: 128 (0x80) Sep 21 07:16:37.916438: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:37.916441: | discarding INTEG=NONE Sep 21 07:16:37.916443: | discarding DH=NONE Sep 21 07:16:37.916445: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.916448: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:37.916450: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:37.916453: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:37.916456: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.916459: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.916461: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.916464: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:16:37.916467: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:37.916469: | discarding DH=NONE Sep 21 07:16:37.916472: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:37.916474: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:37.916476: | prop #: 3 (0x3) Sep 21 07:16:37.916479: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:37.916481: | spi size: 4 (0x4) Sep 21 07:16:37.916484: | # transforms: 4 (0x4) Sep 21 07:16:37.916487: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:37.916491: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:37.916495: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:37.916497: | our spi 52 1f 4c c9 Sep 21 07:16:37.916499: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.916502: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.916505: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:37.916507: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:37.916510: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.916513: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:37.916515: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:37.916517: | length/value: 256 (0x100) Sep 21 07:16:37.916520: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:37.916523: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.916525: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.916528: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:37.916530: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:37.916533: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.916536: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.916539: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.916542: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.916544: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.916546: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:37.916549: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:37.916552: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.916555: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.916557: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.916560: | discarding DH=NONE Sep 21 07:16:37.916562: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.916565: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:37.916567: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:37.916570: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:37.916573: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.916576: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.916579: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.916581: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:16:37.916584: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:37.916586: | discarding DH=NONE Sep 21 07:16:37.916589: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:37.916591: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:37.916594: | prop #: 4 (0x4) Sep 21 07:16:37.916596: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:37.916598: | spi size: 4 (0x4) Sep 21 07:16:37.916601: | # transforms: 4 (0x4) Sep 21 07:16:37.916604: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:37.916607: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:37.916612: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:37.916614: | our spi 52 1f 4c c9 Sep 21 07:16:37.916617: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.916619: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.916621: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:37.916624: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:37.916627: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.916629: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:37.916632: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:37.916635: | length/value: 128 (0x80) Sep 21 07:16:37.916637: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:37.916640: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.916642: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.916645: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:37.916647: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:37.916650: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.916653: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.916656: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.916658: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.916661: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.916663: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:37.916666: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:37.916669: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.916672: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.916675: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.916677: | discarding DH=NONE Sep 21 07:16:37.916679: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:37.916682: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:37.916684: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:37.916687: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:37.916690: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:37.916692: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:37.916695: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:37.916698: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:16:37.916700: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:37.916703: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:16:37.916706: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:37.916709: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:37.916712: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:37.916715: | flags: none (0x0) Sep 21 07:16:37.916717: | number of TS: 1 (0x1) Sep 21 07:16:37.916720: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:16:37.916724: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:37.916728: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:37.916731: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:37.916734: | IP Protocol ID: 0 (0x0) Sep 21 07:16:37.916736: | start port: 0 (0x0) Sep 21 07:16:37.916739: | end port: 65535 (0xffff) Sep 21 07:16:37.916742: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:37.916745: | IP start c0 00 01 00 Sep 21 07:16:37.916747: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:37.916750: | IP end c0 00 01 ff Sep 21 07:16:37.916752: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:37.916754: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:16:37.916757: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:37.916760: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:37.916762: | flags: none (0x0) Sep 21 07:16:37.916764: | number of TS: 1 (0x1) Sep 21 07:16:37.916768: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:16:37.916771: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:37.916773: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:37.916776: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:37.916779: | IP Protocol ID: 0 (0x0) Sep 21 07:16:37.916781: | start port: 0 (0x0) Sep 21 07:16:37.916786: | end port: 65535 (0xffff) Sep 21 07:16:37.916791: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:37.916793: | IP start c0 00 02 00 Sep 21 07:16:37.916796: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:37.916798: | IP end c0 00 02 ff Sep 21 07:16:37.916801: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:37.916803: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:16:37.916806: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:16:37.916809: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:16:37.916812: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:37.916815: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:37.916818: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:37.916821: | emitting length of IKEv2 Encryption Payload: 337 Sep 21 07:16:37.916823: | emitting length of ISAKMP Message: 365 Sep 21 07:16:37.916839: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:37.916845: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:37.916849: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:16:37.916853: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:16:37.916856: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:16:37.916858: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:16:37.916864: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:16:37.916869: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:16:37.916874: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:16:37.916884: | sending V2 reply packet to 192.1.2.23:4500 (from 192.1.3.209:4500) Sep 21 07:16:37.916890: | sending 369 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:4500 to 192.1.2.23:4500 (using #1) Sep 21 07:16:37.916893: | 00 00 00 00 e2 89 18 1d 52 8d ca 70 77 7a c6 a2 Sep 21 07:16:37.916895: | 02 ee bc 1f 2e 20 23 08 00 00 00 01 00 00 01 6d Sep 21 07:16:37.916898: | 23 00 01 51 2e 89 0c 1d b9 58 90 eb 81 25 88 c4 Sep 21 07:16:37.916900: | 65 63 5d 87 5a da 68 41 91 f3 02 df 09 09 e7 97 Sep 21 07:16:37.916902: | 70 b0 03 9c 16 d7 9c cf 3c f9 f0 da 76 d1 a6 af Sep 21 07:16:37.916904: | ad bc 32 ea 0d 07 2c c4 ce d6 19 0c 37 c5 a6 7c Sep 21 07:16:37.916907: | e8 1f 89 05 13 8d 2d a0 ff 0e 9e 7c 7e 4d 3a 87 Sep 21 07:16:37.916909: | 84 12 1b ad 24 6b ef 85 38 06 70 21 5d d1 3f f7 Sep 21 07:16:37.916911: | 1c d6 d6 ef 6b f4 b7 ee 6f 99 53 e4 b0 ec df 3f Sep 21 07:16:37.916914: | b8 72 43 96 2f b4 9a 44 fd 5a 0d a1 ff 6c bf 39 Sep 21 07:16:37.916916: | 47 5a c0 41 13 55 34 cb 71 30 60 0f 87 d4 6b 6b Sep 21 07:16:37.916918: | 60 11 ae 0f 44 52 d1 43 d8 1e be b5 3b 44 bc 19 Sep 21 07:16:37.916921: | 96 e2 d2 7d 8a 6f 1d 77 a4 f7 a7 3c b6 16 33 64 Sep 21 07:16:37.916923: | 03 6e 53 cf d6 3c de 90 29 a8 ca 51 92 a3 eb ac Sep 21 07:16:37.916925: | 83 c1 5c 37 ba 82 a2 d2 d2 b4 4a 15 87 73 98 af Sep 21 07:16:37.916927: | 90 6d 86 21 d8 77 f6 38 e1 10 bf 02 cd 5a 5c 60 Sep 21 07:16:37.916930: | c7 99 f6 13 56 65 23 7f e6 0e e1 f2 5d cc 59 1b Sep 21 07:16:37.916932: | 97 a1 57 6e 5a 0b 82 9b 34 72 4e 06 6c fe 57 c8 Sep 21 07:16:37.916934: | b7 68 cc 88 78 1d f1 da c5 5d ba c8 97 34 29 86 Sep 21 07:16:37.916936: | 99 31 cd 8d ef 3a b9 35 3f 7a dc f2 0d ee 8d 24 Sep 21 07:16:37.916939: | 0c d6 83 19 1a 5c 87 ea 81 67 2a 06 d8 5f 62 de Sep 21 07:16:37.916941: | df 0e b1 1c c7 aa 73 16 cc 7b 54 79 17 1e 15 8c Sep 21 07:16:37.916943: | bf 17 ca f5 d4 ed e3 c0 0e 9e bf cd 11 92 d0 1a Sep 21 07:16:37.916945: | 23 Sep 21 07:16:37.916987: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:16:37.916992: "westnet-eastnet-ipv4-psk-ikev2" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:16:37.916998: | event_schedule: new EVENT_RETRANSMIT-pe@0x55cee7735540 Sep 21 07:16:37.917002: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Sep 21 07:16:37.917005: | libevent_malloc: new ptr-libevent@0x55cee7735620 size 128 Sep 21 07:16:37.917010: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48844.285262 Sep 21 07:16:37.917014: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:16:37.917019: | #1 spent 1.13 milliseconds in resume sending helper answer Sep 21 07:16:37.917024: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in resume_handler() at server.c:833) Sep 21 07:16:37.917028: | libevent_free: release ptr-libevent@0x7feeec006b90 Sep 21 07:16:38.598203: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:38.598226: | *received 225 bytes from 192.1.2.23:4500 on eth0 (192.1.3.209:4500) Sep 21 07:16:38.598230: | e2 89 18 1d 52 8d ca 70 77 7a c6 a2 02 ee bc 1f Sep 21 07:16:38.598233: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Sep 21 07:16:38.598235: | c4 82 0d a8 a3 5b 64 10 8a 41 aa a0 43 89 51 90 Sep 21 07:16:38.598237: | 57 56 92 74 a2 d8 2d 09 4b f5 50 7a ed f4 09 92 Sep 21 07:16:38.598240: | 2c c8 48 15 57 a3 d0 e1 fa 31 29 96 56 3f fe 2d Sep 21 07:16:38.598242: | bc 34 74 8a c8 54 81 ea 78 67 de 99 6f b2 66 6d Sep 21 07:16:38.598244: | 2a 07 10 34 53 27 a5 69 36 e3 9e 08 e8 35 30 97 Sep 21 07:16:38.598247: | 95 4e e8 d7 af 57 27 43 82 51 e9 44 7c cd 78 c0 Sep 21 07:16:38.598249: | 53 b2 3f 67 b4 73 09 38 72 de d6 7e ea 0e 6a 2c Sep 21 07:16:38.598251: | 8a 67 64 cd fd 26 06 53 35 4c 75 df 53 a7 f2 03 Sep 21 07:16:38.598256: | 1e 37 cf 3d a5 cd 6f 5c 4a 97 91 8d 68 a3 99 4d Sep 21 07:16:38.598258: | 88 2d 89 04 a5 35 fd b8 7c 14 72 84 09 95 2a 44 Sep 21 07:16:38.598261: | 1e ab 8e 8c ef 18 8f 2b 6c c7 31 55 b2 e1 7f fb Sep 21 07:16:38.598263: | 4e 9a 90 fa 22 06 3e fa 54 f6 d0 00 df dc 54 19 Sep 21 07:16:38.598265: | e2 Sep 21 07:16:38.598270: | start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378) Sep 21 07:16:38.598274: | **parse ISAKMP Message: Sep 21 07:16:38.598277: | initiator cookie: Sep 21 07:16:38.598280: | e2 89 18 1d 52 8d ca 70 Sep 21 07:16:38.598282: | responder cookie: Sep 21 07:16:38.598284: | 77 7a c6 a2 02 ee bc 1f Sep 21 07:16:38.598287: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:38.598290: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:38.598292: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:38.598295: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:38.598297: | Message ID: 1 (0x1) Sep 21 07:16:38.598300: | length: 225 (0xe1) Sep 21 07:16:38.598303: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:38.598306: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:16:38.598310: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:16:38.598317: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:38.598321: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:16:38.598325: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:38.598330: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:38.598333: | #2 is idle Sep 21 07:16:38.598335: | #2 idle Sep 21 07:16:38.598337: | unpacking clear payload Sep 21 07:16:38.598340: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:38.598343: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:38.598346: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:16:38.598348: | flags: none (0x0) Sep 21 07:16:38.598351: | length: 197 (0xc5) Sep 21 07:16:38.598353: | processing payload: ISAKMP_NEXT_v2SK (len=193) Sep 21 07:16:38.598356: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:16:38.598372: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:16:38.598376: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:16:38.598379: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:16:38.598382: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:16:38.598384: | flags: none (0x0) Sep 21 07:16:38.598386: | length: 12 (0xc) Sep 21 07:16:38.598389: | ID type: ID_FQDN (0x2) Sep 21 07:16:38.598391: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:16:38.598394: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:16:38.598396: | **parse IKEv2 Authentication Payload: Sep 21 07:16:38.598399: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:38.598401: | flags: none (0x0) Sep 21 07:16:38.598404: | length: 72 (0x48) Sep 21 07:16:38.598406: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:16:38.598409: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Sep 21 07:16:38.598411: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:38.598414: | **parse IKEv2 Security Association Payload: Sep 21 07:16:38.598416: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:16:38.598419: | flags: none (0x0) Sep 21 07:16:38.598421: | length: 36 (0x24) Sep 21 07:16:38.598423: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:16:38.598426: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:16:38.598428: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:38.598433: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:16:38.598435: | flags: none (0x0) Sep 21 07:16:38.598438: | length: 24 (0x18) Sep 21 07:16:38.598440: | number of TS: 1 (0x1) Sep 21 07:16:38.598443: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:16:38.598445: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:16:38.598448: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:38.598450: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:38.598453: | flags: none (0x0) Sep 21 07:16:38.598455: | length: 24 (0x18) Sep 21 07:16:38.598457: | number of TS: 1 (0x1) Sep 21 07:16:38.598459: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:16:38.598462: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:16:38.598464: | Now let's proceed with state specific processing Sep 21 07:16:38.598467: | calling processor Initiator: process IKE_AUTH response Sep 21 07:16:38.598473: | offered CA: '%none' Sep 21 07:16:38.598477: "westnet-eastnet-ipv4-psk-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:16:38.598516: | verifying AUTH payload Sep 21 07:16:38.598522: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Sep 21 07:16:38.598527: | started looking for secret for 192.1.3.209->@east of kind PKK_PSK Sep 21 07:16:38.598530: | actually looking for secret for 192.1.3.209->@east of kind PKK_PSK Sep 21 07:16:38.598534: | line 1: key type PKK_PSK(192.1.3.209) to type PKK_PSK Sep 21 07:16:38.598539: | 1: compared key %any to 192.1.3.209 / @east -> 002 Sep 21 07:16:38.598543: | 2: compared key @east to 192.1.3.209 / @east -> 006 Sep 21 07:16:38.598546: | line 1: match=006 Sep 21 07:16:38.598549: | match 006 beats previous best_match 000 match=0x55cee7726b70 (line=1) Sep 21 07:16:38.598552: | concluding with best_match=006 best=0x55cee7726b70 (lineno=1) Sep 21 07:16:38.598619: "westnet-eastnet-ipv4-psk-ikev2" #2: Authenticated using authby=secret Sep 21 07:16:38.598628: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:16:38.598632: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:16:38.598636: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:16:38.598639: | libevent_free: release ptr-libevent@0x55cee7735800 Sep 21 07:16:38.598642: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55cee77357c0 Sep 21 07:16:38.598645: | event_schedule: new EVENT_SA_REKEY-pe@0x55cee77357c0 Sep 21 07:16:38.598648: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:16:38.598651: | libevent_malloc: new ptr-libevent@0x55cee7735800 size 128 Sep 21 07:16:38.598862: | pstats #1 ikev2.ike established Sep 21 07:16:38.598873: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Sep 21 07:16:38.598881: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in for_each_state() at state.c:1572) Sep 21 07:16:38.598887: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in for_each_state() at state.c:1574) Sep 21 07:16:38.598892: | resume processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in for_each_state() at state.c:1574) Sep 21 07:16:38.598897: | suspend processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in for_each_state() at state.c:1572) Sep 21 07:16:38.598902: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in for_each_state() at state.c:1572) Sep 21 07:16:38.598906: | NAT-T: keepalive packet not required as recent DPD event used the IKE SA on conn westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:16:38.598911: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in for_each_state() at state.c:1574) Sep 21 07:16:38.598916: | resume processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in for_each_state() at state.c:1574) Sep 21 07:16:38.598923: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Sep 21 07:16:38.598928: | TSi: parsing 1 traffic selectors Sep 21 07:16:38.598932: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:38.598935: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:38.598937: | IP Protocol ID: 0 (0x0) Sep 21 07:16:38.598940: | length: 16 (0x10) Sep 21 07:16:38.598942: | start port: 0 (0x0) Sep 21 07:16:38.598945: | end port: 65535 (0xffff) Sep 21 07:16:38.598948: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:38.598950: | TS low c0 00 01 00 Sep 21 07:16:38.598953: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:38.598956: | TS high c0 00 01 ff Sep 21 07:16:38.598958: | TSi: parsed 1 traffic selectors Sep 21 07:16:38.598961: | TSr: parsing 1 traffic selectors Sep 21 07:16:38.598964: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:38.598966: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:38.598969: | IP Protocol ID: 0 (0x0) Sep 21 07:16:38.598971: | length: 16 (0x10) Sep 21 07:16:38.598974: | start port: 0 (0x0) Sep 21 07:16:38.598976: | end port: 65535 (0xffff) Sep 21 07:16:38.598979: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:38.598982: | TS low c0 00 02 00 Sep 21 07:16:38.598984: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:38.598987: | TS high c0 00 02 ff Sep 21 07:16:38.598989: | TSr: parsed 1 traffic selectors Sep 21 07:16:38.598996: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:16:38.599001: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:38.599008: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:16:38.599012: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:16:38.599015: | TSi[0] port match: YES fitness 65536 Sep 21 07:16:38.599018: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:16:38.599021: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:38.599026: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:38.599033: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:16:38.599036: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:16:38.599038: | TSr[0] port match: YES fitness 65536 Sep 21 07:16:38.599041: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:16:38.599044: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:38.599047: | best fit so far: TSi[0] TSr[0] Sep 21 07:16:38.599049: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:16:38.599052: | printing contents struct traffic_selector Sep 21 07:16:38.599054: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:38.599057: | ipprotoid: 0 Sep 21 07:16:38.599059: | port range: 0-65535 Sep 21 07:16:38.599063: | ip range: 192.0.1.0-192.0.1.255 Sep 21 07:16:38.599065: | printing contents struct traffic_selector Sep 21 07:16:38.599068: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:38.599070: | ipprotoid: 0 Sep 21 07:16:38.599072: | port range: 0-65535 Sep 21 07:16:38.599077: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:16:38.599092: | using existing local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:38.599096: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:16:38.599100: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:38.599105: | local proposal 1 type PRF has 0 transforms Sep 21 07:16:38.599108: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:38.599111: | local proposal 1 type DH has 1 transforms Sep 21 07:16:38.599114: | local proposal 1 type ESN has 1 transforms Sep 21 07:16:38.599117: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:16:38.599120: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:38.599123: | local proposal 2 type PRF has 0 transforms Sep 21 07:16:38.599125: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:38.599128: | local proposal 2 type DH has 1 transforms Sep 21 07:16:38.599130: | local proposal 2 type ESN has 1 transforms Sep 21 07:16:38.599133: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:16:38.599136: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:38.599138: | local proposal 3 type PRF has 0 transforms Sep 21 07:16:38.599141: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:38.599143: | local proposal 3 type DH has 1 transforms Sep 21 07:16:38.599146: | local proposal 3 type ESN has 1 transforms Sep 21 07:16:38.599149: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:16:38.599152: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:38.599154: | local proposal 4 type PRF has 0 transforms Sep 21 07:16:38.599157: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:38.599160: | local proposal 4 type DH has 1 transforms Sep 21 07:16:38.599162: | local proposal 4 type ESN has 1 transforms Sep 21 07:16:38.599165: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:16:38.599168: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:38.599171: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:38.599174: | length: 32 (0x20) Sep 21 07:16:38.599176: | prop #: 1 (0x1) Sep 21 07:16:38.599179: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:38.599181: | spi size: 4 (0x4) Sep 21 07:16:38.599184: | # transforms: 2 (0x2) Sep 21 07:16:38.599187: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:16:38.599190: | remote SPI 44 b4 68 eb Sep 21 07:16:38.599193: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:16:38.599196: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:38.599199: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:38.599202: | length: 12 (0xc) Sep 21 07:16:38.599204: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:38.599207: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:38.599209: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:38.599212: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:38.599215: | length/value: 256 (0x100) Sep 21 07:16:38.599219: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:38.599223: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:38.599225: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:38.599228: | length: 8 (0x8) Sep 21 07:16:38.599230: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:38.599233: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:38.599236: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:16:38.599240: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:16:38.599244: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:16:38.599247: | remote proposal 1 matches local proposal 1 Sep 21 07:16:38.599250: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:16:38.599256: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=44b468eb;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:16:38.599259: | converting proposal to internal trans attrs Sep 21 07:16:38.599267: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:16:38.599449: | #1 spent 1.11 milliseconds Sep 21 07:16:38.599454: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:16:38.599457: | could_route called for westnet-eastnet-ipv4-psk-ikev2 (kind=CK_PERMANENT) Sep 21 07:16:38.599460: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:38.599463: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:38.599466: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:16:38.599472: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:16:38.599477: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:38.599480: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:38.599483: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:38.599486: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:38.599490: | setting IPsec SA replay-window to 32 Sep 21 07:16:38.599494: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth0 Sep 21 07:16:38.599497: | netlink: enabling tunnel mode Sep 21 07:16:38.599499: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:38.599502: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:38.599636: | netlink response for Add SA esp.44b468eb@192.1.2.23 included non-error error Sep 21 07:16:38.599642: | set up outgoing SA, ref=0/0 Sep 21 07:16:38.599646: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:38.599649: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:38.599652: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:38.599655: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:38.599659: | setting IPsec SA replay-window to 32 Sep 21 07:16:38.599663: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth0 Sep 21 07:16:38.599665: | netlink: enabling tunnel mode Sep 21 07:16:38.599668: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:38.599671: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:38.599764: | netlink response for Add SA esp.521f4cc9@192.1.3.209 included non-error error Sep 21 07:16:38.599771: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:16:38.599778: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.3.209 (raw_eroute) Sep 21 07:16:38.599786: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:38.599918: | raw_eroute result=success Sep 21 07:16:38.599923: | set up incoming SA, ref=0/0 Sep 21 07:16:38.599927: | sr for #2: unrouted Sep 21 07:16:38.599930: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:16:38.599932: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:38.599936: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:38.599938: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:16:38.599942: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:16:38.599946: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:16:38.599949: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:16:38.599957: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:16:38.599961: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:38.600026: | raw_eroute result=success Sep 21 07:16:38.600032: | running updown command "ipsec _updown" for verb up Sep 21 07:16:38.600036: | command executing up-client Sep 21 07:16:38.600063: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED Sep 21 07:16:38.600071: | popen cmd is 1057 chars long Sep 21 07:16:38.600074: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Sep 21 07:16:38.600077: | cmd( 80):4-psk-ikev2' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1: Sep 21 07:16:38.600080: | cmd( 160):.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT: Sep 21 07:16:38.600083: | cmd( 240):_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY: Sep 21 07:16:38.600086: | cmd( 320):_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23': Sep 21 07:16:38.600088: | cmd( 400): PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='1: Sep 21 07:16:38.600091: | cmd( 480):92.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_: Sep 21 07:16:38.600094: | cmd( 560):PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_: Sep 21 07:16:38.600097: | cmd( 640):POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO': Sep 21 07:16:38.600099: | cmd( 720): PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUT: Sep 21 07:16:38.600102: | cmd( 800):O_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_: Sep 21 07:16:38.600105: | cmd( 880):BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_: Sep 21 07:16:38.600107: | cmd( 960):IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x44b468eb SPI_OUT=0x521f4cc9 i: Sep 21 07:16:38.600110: | cmd(1040):psec _updown 2>&1: Sep 21 07:16:38.711247: | route_and_eroute: firewall_notified: true Sep 21 07:16:38.711260: | running updown command "ipsec _updown" for verb prepare Sep 21 07:16:38.711264: | command executing prepare-client Sep 21 07:16:38.711296: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' Sep 21 07:16:38.711300: | popen cmd is 1062 chars long Sep 21 07:16:38.711303: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:16:38.711306: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME=': Sep 21 07:16:38.711312: | cmd( 160):192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_C: Sep 21 07:16:38.711314: | cmd( 240):LIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLU: Sep 21 07:16:38.711317: | cmd( 320):TO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.: Sep 21 07:16:38.711320: | cmd( 400):2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_N: Sep 21 07:16:38.711322: | cmd( 480):ET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_: Sep 21 07:16:38.711325: | cmd( 560):PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_: Sep 21 07:16:38.711327: | cmd( 640):CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ES: Sep 21 07:16:38.711330: | cmd( 720):N_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0: Sep 21 07:16:38.711333: | cmd( 800): PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_: Sep 21 07:16:38.711335: | cmd( 880):PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0': Sep 21 07:16:38.711338: | cmd( 960): VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x44b468eb SPI_OUT=0x521f4: Sep 21 07:16:38.711340: | cmd(1040):cc9 ipsec _updown 2>&1: Sep 21 07:16:38.725480: | running updown command "ipsec _updown" for verb route Sep 21 07:16:38.725496: | command executing route-client Sep 21 07:16:38.725528: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_ Sep 21 07:16:38.725532: | popen cmd is 1060 chars long Sep 21 07:16:38.725535: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Sep 21 07:16:38.725538: | cmd( 80):ipv4-psk-ikev2' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='19: Sep 21 07:16:38.725540: | cmd( 160):2.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLI: Sep 21 07:16:38.725543: | cmd( 240):ENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO: Sep 21 07:16:38.725545: | cmd( 320):_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.: Sep 21 07:16:38.725548: | cmd( 400):23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET: Sep 21 07:16:38.725550: | cmd( 480):='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PE: Sep 21 07:16:38.725552: | cmd( 560):ER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CO: Sep 21 07:16:38.725555: | cmd( 640):NN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_: Sep 21 07:16:38.725557: | cmd( 720):NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 P: Sep 21 07:16:38.725560: | cmd( 800):LUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PE: Sep 21 07:16:38.725562: | cmd( 880):ER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' V: Sep 21 07:16:38.725565: | cmd( 960):TI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x44b468eb SPI_OUT=0x521f4cc: Sep 21 07:16:38.725570: | cmd(1040):9 ipsec _updown 2>&1: Sep 21 07:16:38.923228: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x55cee7732550,sr=0x55cee7732550} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:16:38.923921: | #1 spent 1.34 milliseconds in install_ipsec_sa() Sep 21 07:16:38.923932: | inR2: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:16:38.923935: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:38.923938: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:16:38.923944: | libevent_free: release ptr-libevent@0x55cee7735620 Sep 21 07:16:38.923947: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55cee7735540 Sep 21 07:16:38.923953: | #2 spent 2.23 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:16:38.923960: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:38.923964: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:16:38.923967: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:16:38.923971: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:16:38.923974: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:16:38.923980: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:16:38.923985: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:38.923988: | pstats #2 ikev2.child established Sep 21 07:16:38.923997: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:16:38.924009: | NAT-T: NAT Traversal detected - their IKE port is '500' Sep 21 07:16:38.924012: | NAT-T: encaps is 'auto' Sep 21 07:16:38.924018: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP/NAT=>0x44b468eb <0x521f4cc9 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=192.1.2.23:4500 DPD=passive} Sep 21 07:16:38.924023: | releasing whack for #2 (sock=fd@23) Sep 21 07:16:38.924026: | close_any(fd@23) (in release_whack() at state.c:654) Sep 21 07:16:38.924029: | releasing whack and unpending for parent #1 Sep 21 07:16:38.924032: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:16:38.924037: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:16:38.924039: | removing pending policy for no connection {0x55cee76e35e0} Sep 21 07:16:38.924045: | close_any(fd@22) (in release_whack() at state.c:654) Sep 21 07:16:38.924050: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:16:38.924053: | event_schedule: new EVENT_SA_REKEY-pe@0x55cee7735540 Sep 21 07:16:38.924056: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:16:38.924060: | libevent_malloc: new ptr-libevent@0x55cee7735620 size 128 Sep 21 07:16:38.924066: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:38.924071: | #1 spent 2.6 milliseconds in ikev2_process_packet() Sep 21 07:16:38.924075: | stop processing: from 192.1.2.23:4500 (in process_md() at demux.c:380) Sep 21 07:16:38.924079: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:38.924081: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:38.924086: | spent 2.61 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:38.924097: | processing signal PLUTO_SIGCHLD Sep 21 07:16:38.924105: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:38.924110: | spent 0.00496 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:38.924112: | processing signal PLUTO_SIGCHLD Sep 21 07:16:38.924115: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:38.924119: | spent 0.00333 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:38.924121: | processing signal PLUTO_SIGCHLD Sep 21 07:16:38.924125: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:38.924128: | spent 0.00333 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:39.079602: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:39.079622: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:16:39.079627: | FOR_EACH_STATE_... in sort_states Sep 21 07:16:39.079636: | get_sa_info esp.521f4cc9@192.1.3.209 Sep 21 07:16:39.079652: | get_sa_info esp.44b468eb@192.1.2.23 Sep 21 07:16:39.079670: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:39.079678: | spent 0.0832 milliseconds in whack Sep 21 07:16:40.998172: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:40.998369: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:40.998375: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:40.998440: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:16:40.998445: | FOR_EACH_STATE_... in sort_states Sep 21 07:16:40.998459: | get_sa_info esp.521f4cc9@192.1.3.209 Sep 21 07:16:40.998479: | get_sa_info esp.44b468eb@192.1.2.23 Sep 21 07:16:40.998501: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:40.998509: | spent 0.347 milliseconds in whack Sep 21 07:16:41.796301: | spent 0.00267 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:41.796323: | *received 69 bytes from 192.1.2.23:4500 on eth0 (192.1.3.209:4500) Sep 21 07:16:41.796327: | e2 89 18 1d 52 8d ca 70 77 7a c6 a2 02 ee bc 1f Sep 21 07:16:41.796329: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:16:41.796332: | fd 63 a3 29 f1 de a1 fe 8e da d2 dc 77 02 2d 65 Sep 21 07:16:41.796334: | 3c 81 03 ec f5 15 9e 65 ae 3d 16 8c fa a3 18 61 Sep 21 07:16:41.796336: | af ad a7 17 6c Sep 21 07:16:41.796341: | start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378) Sep 21 07:16:41.796345: | **parse ISAKMP Message: Sep 21 07:16:41.796347: | initiator cookie: Sep 21 07:16:41.796350: | e2 89 18 1d 52 8d ca 70 Sep 21 07:16:41.796352: | responder cookie: Sep 21 07:16:41.796354: | 77 7a c6 a2 02 ee bc 1f Sep 21 07:16:41.796357: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:41.796360: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:41.796362: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:41.796365: | flags: none (0x0) Sep 21 07:16:41.796367: | Message ID: 0 (0x0) Sep 21 07:16:41.796370: | length: 69 (0x45) Sep 21 07:16:41.796373: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:16:41.796376: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:16:41.796380: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:16:41.796386: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:41.796390: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:16:41.796394: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:16:41.796397: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:16:41.796401: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Sep 21 07:16:41.796407: | unpacking clear payload Sep 21 07:16:41.796409: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:41.796412: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:41.796415: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:16:41.796417: | flags: none (0x0) Sep 21 07:16:41.796420: | length: 41 (0x29) Sep 21 07:16:41.796422: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:16:41.796427: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:16:41.796430: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:16:41.796445: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:16:41.796448: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:16:41.796451: | **parse IKEv2 Delete Payload: Sep 21 07:16:41.796453: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:41.796455: | flags: none (0x0) Sep 21 07:16:41.796458: | length: 12 (0xc) Sep 21 07:16:41.796460: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:41.796462: | SPI size: 4 (0x4) Sep 21 07:16:41.796465: | number of SPIs: 1 (0x1) Sep 21 07:16:41.796467: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:16:41.796470: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:16:41.796472: | Now let's proceed with state specific processing Sep 21 07:16:41.796474: | calling processor I3: INFORMATIONAL Request Sep 21 07:16:41.796478: | an informational request should send a response Sep 21 07:16:41.796483: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:16:41.796486: | **emit ISAKMP Message: Sep 21 07:16:41.796488: | initiator cookie: Sep 21 07:16:41.796490: | e2 89 18 1d 52 8d ca 70 Sep 21 07:16:41.796493: | responder cookie: Sep 21 07:16:41.796495: | 77 7a c6 a2 02 ee bc 1f Sep 21 07:16:41.796497: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:41.796500: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:41.796502: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:41.796505: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:16:41.796507: | Message ID: 0 (0x0) Sep 21 07:16:41.796510: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:41.796513: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:41.796515: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:41.796518: | flags: none (0x0) Sep 21 07:16:41.796521: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:41.796524: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:41.796527: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:41.796533: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:16:41.796535: | SPI 44 b4 68 eb Sep 21 07:16:41.796538: | delete PROTO_v2_ESP SA(0x44b468eb) Sep 21 07:16:41.796541: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:16:41.796543: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:16:41.796546: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x44b468eb) Sep 21 07:16:41.796549: "westnet-eastnet-ipv4-psk-ikev2" #1: received Delete SA payload: replace IPsec State #2 now Sep 21 07:16:41.796552: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:16:41.796556: | libevent_free: release ptr-libevent@0x55cee7735620 Sep 21 07:16:41.796559: | free_event_entry: release EVENT_SA_REKEY-pe@0x55cee7735540 Sep 21 07:16:41.796561: | event_schedule: new EVENT_SA_REPLACE-pe@0x55cee7735540 Sep 21 07:16:41.796565: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Sep 21 07:16:41.796568: | libevent_malloc: new ptr-libevent@0x55cee7735620 size 128 Sep 21 07:16:41.796574: | ****emit IKEv2 Delete Payload: Sep 21 07:16:41.796576: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:41.796578: | flags: none (0x0) Sep 21 07:16:41.796581: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:41.796583: | SPI size: 4 (0x4) Sep 21 07:16:41.796585: | number of SPIs: 1 (0x1) Sep 21 07:16:41.796589: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:16:41.796591: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:41.796594: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:16:41.796597: | local SPIs 52 1f 4c c9 Sep 21 07:16:41.796599: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:16:41.796602: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:41.796605: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:41.796608: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:41.796610: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:16:41.796613: | emitting length of ISAKMP Message: 69 Sep 21 07:16:41.796627: | sending 73 bytes for reply packet for process_encrypted_informational_ikev2 through eth0 from 192.1.3.209:4500 to 192.1.2.23:4500 (using #1) Sep 21 07:16:41.796630: | 00 00 00 00 e2 89 18 1d 52 8d ca 70 77 7a c6 a2 Sep 21 07:16:41.796632: | 02 ee bc 1f 2e 20 25 28 00 00 00 00 00 00 00 45 Sep 21 07:16:41.796635: | 2a 00 00 29 79 fb 33 94 c1 8f f1 5a 24 aa 9a d9 Sep 21 07:16:41.796637: | 67 f1 5c 5f 96 a6 07 55 2f af 9a ca 06 8a 40 60 Sep 21 07:16:41.796639: | c4 24 47 f6 3a 17 26 e8 44 Sep 21 07:16:41.796676: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:16:41.796681: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:16:41.796687: | #1 spent 0.187 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:16:41.796693: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:41.796697: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:16:41.796700: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:16:41.796704: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:16:41.796708: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:41.796711: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:16:41.796716: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:41.796720: | #1 spent 0.386 milliseconds in ikev2_process_packet() Sep 21 07:16:41.796724: | stop processing: from 192.1.2.23:4500 (in process_md() at demux.c:380) Sep 21 07:16:41.796728: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:41.796730: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:41.796734: | spent 0.399 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:41.796741: | timer_event_cb: processing event@0x55cee7735540 Sep 21 07:16:41.796743: | handling event EVENT_SA_REPLACE for child state #2 Sep 21 07:16:41.796748: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:41.796754: | picked newest_ipsec_sa #2 for #2 Sep 21 07:16:41.796756: | replacing stale CHILD SA Sep 21 07:16:41.796760: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:16:41.796763: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:41.796766: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:16:41.796770: | creating state object #3 at 0x55cee773cc60 Sep 21 07:16:41.796773: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:16:41.796779: | pstats #3 ikev2.child started Sep 21 07:16:41.796786: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #3 for IPSEC SA Sep 21 07:16:41.796794: | #3 setting local endpoint to 192.1.3.209:4500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:41.796799: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:41.796804: | suspend processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:41.796808: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:41.796812: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:16:41.796815: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:16:41.796818: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals) Sep 21 07:16:41.796825: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:16:41.796831: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:16:41.796834: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:16:41.796838: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:16:41.796841: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:41.796845: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:41.796848: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:41.796852: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:41.796860: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:41.796865: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Sep 21 07:16:41.796868: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55cee771a8e0 Sep 21 07:16:41.796871: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Sep 21 07:16:41.796874: | libevent_malloc: new ptr-libevent@0x55cee7737eb0 size 128 Sep 21 07:16:41.796879: | RESET processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:16:41.796882: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7feef4002b20 Sep 21 07:16:41.796885: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Sep 21 07:16:41.796888: | libevent_malloc: new ptr-libevent@0x55cee7737a10 size 128 Sep 21 07:16:41.796890: | libevent_realloc: release ptr-libevent@0x55cee7715090 Sep 21 07:16:41.796893: | libevent_realloc: new ptr-libevent@0x55cee773c9e0 size 128 Sep 21 07:16:41.796896: | libevent_free: release ptr-libevent@0x55cee7735620 Sep 21 07:16:41.796902: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55cee7735540 Sep 21 07:16:41.796907: | #2 spent 0.162 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:16:41.796910: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:16:41.796915: | timer_event_cb: processing event@0x55cee771a8e0 Sep 21 07:16:41.796917: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Sep 21 07:16:41.796922: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:41.796928: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Sep 21 07:16:41.796931: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55cee7735540 Sep 21 07:16:41.796935: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:16:41.796937: | libevent_malloc: new ptr-libevent@0x55cee7735620 size 128 Sep 21 07:16:41.796945: | libevent_free: release ptr-libevent@0x55cee7737eb0 Sep 21 07:16:41.796948: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55cee771a8e0 Sep 21 07:16:41.796952: | #3 spent 0.0369 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:16:41.796957: | stop processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in timer_event_cb() at timer.c:557) Sep 21 07:16:41.796961: | timer_event_cb: processing event@0x7feef4002b20 Sep 21 07:16:41.796968: | handling event EVENT_SA_EXPIRE for child state #2 Sep 21 07:16:41.796973: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:41.796976: | picked newest_ipsec_sa #2 for #2 Sep 21 07:16:41.796978: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:16:41.796981: | pstats #2 ikev2.child re-failed exchange-timeout Sep 21 07:16:41.796983: | pstats #2 ikev2.child deleted completed Sep 21 07:16:41.796986: | #2 spent 2.39 milliseconds in total Sep 21 07:16:41.796991: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in delete_state() at state.c:879) Sep 21 07:16:41.796994: "westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_V2_IPSEC_I) aged 3.881s and NOT sending notification Sep 21 07:16:41.796998: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:16:41.797002: | get_sa_info esp.44b468eb@192.1.2.23 Sep 21 07:16:41.797016: | get_sa_info esp.521f4cc9@192.1.3.209 Sep 21 07:16:41.797024: "westnet-eastnet-ipv4-psk-ikev2" #2: ESP traffic information: in=0B out=0B Sep 21 07:16:41.797028: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:16:41.796960: | crypto helper 0 resuming Sep 21 07:16:41.797094: | crypto helper 0 starting work-order 3 for state #3 Sep 21 07:16:41.797099: | crypto helper 0 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Sep 21 07:16:41.798082: | crypto helper 0 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.000982 seconds Sep 21 07:16:41.798165: | (#3) spent 1 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:16:41.798171: | crypto helper 0 sending results from work-order 3 for state #3 to event queue Sep 21 07:16:41.798174: | scheduling resume sending helper answer for #3 Sep 21 07:16:41.798178: | libevent_malloc: new ptr-libevent@0x7feef0006900 size 128 Sep 21 07:16:41.798184: | crypto helper 0 waiting (nothing to do) Sep 21 07:16:41.798154: | running updown command "ipsec _updown" for verb down Sep 21 07:16:41.798192: | command executing down-client Sep 21 07:16:41.798221: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050198' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='n Sep 21 07:16:41.798227: | popen cmd is 1068 chars long Sep 21 07:16:41.798230: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Sep 21 07:16:41.798233: | cmd( 80):pv4-psk-ikev2' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192: Sep 21 07:16:41.798236: | cmd( 160):.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIE: Sep 21 07:16:41.798239: | cmd( 240):NT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_: Sep 21 07:16:41.798241: | cmd( 320):MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.2: Sep 21 07:16:41.798244: | cmd( 400):3' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET=: Sep 21 07:16:41.798246: | cmd( 480):'192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEE: Sep 21 07:16:41.798249: | cmd( 560):R_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050198' : Sep 21 07:16:41.798252: | cmd( 640):PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_AL: Sep 21 07:16:41.798254: | cmd( 720):LOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FA: Sep 21 07:16:41.798257: | cmd( 800):ILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' : Sep 21 07:16:41.798259: | cmd( 880):PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGUR: Sep 21 07:16:41.798262: | cmd( 960):ED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x44b468eb SPI_OUT=0: Sep 21 07:16:41.798264: | cmd(1040):x521f4cc9 ipsec _updown 2>&1: Sep 21 07:16:41.810943: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:16:41.810958: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:16:41.810962: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:16:41.810966: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:41.811140: | delete esp.44b468eb@192.1.2.23 Sep 21 07:16:41.811240: | netlink response for Del SA esp.44b468eb@192.1.2.23 included non-error error Sep 21 07:16:41.811246: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:16:41.811254: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.3.209 (raw_eroute) Sep 21 07:16:41.811427: | raw_eroute result=success Sep 21 07:16:41.811434: | delete esp.521f4cc9@192.1.3.209 Sep 21 07:16:41.811521: | netlink response for Del SA esp.521f4cc9@192.1.3.209 included non-error error Sep 21 07:16:41.811529: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:16:41.811533: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:16:41.811537: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:16:41.811544: | stop processing: state #2 from 192.1.2.23:4500 (in delete_state() at state.c:1143) Sep 21 07:16:41.811550: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:16:41.811553: | can't expire unused IKE SA #1; it has the child #3 Sep 21 07:16:41.811558: | libevent_free: release ptr-libevent@0x55cee7737a10 Sep 21 07:16:41.811561: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7feef4002b20 Sep 21 07:16:41.811568: | in statetime_stop() and could not find #2 Sep 21 07:16:41.811571: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:16:41.811584: | processing resume sending helper answer for #3 Sep 21 07:16:41.811590: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in resume_handler() at server.c:797) Sep 21 07:16:41.811594: | crypto helper 0 replies to request ID 3 Sep 21 07:16:41.811597: | calling continuation function 0x55cee6172630 Sep 21 07:16:41.811601: | ikev2_child_outI_continue for #3 STATE_V2_REKEY_CHILD_I0 Sep 21 07:16:41.811604: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:41.811607: | libevent_free: release ptr-libevent@0x55cee7735620 Sep 21 07:16:41.811610: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55cee7735540 Sep 21 07:16:41.811613: | event_schedule: new EVENT_SA_REPLACE-pe@0x55cee7735540 Sep 21 07:16:41.811617: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Sep 21 07:16:41.811620: | libevent_malloc: new ptr-libevent@0x55cee7735620 size 128 Sep 21 07:16:41.811626: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:41.811629: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:16:41.811632: | libevent_malloc: new ptr-libevent@0x55cee7737a10 size 128 Sep 21 07:16:41.811637: | [RE]START processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:41.811641: | #3 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Sep 21 07:16:41.811644: | suspending state #3 and saving MD Sep 21 07:16:41.811647: | #3 is busy; has a suspended MD Sep 21 07:16:41.811651: | [RE]START processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:41.811655: | "westnet-eastnet-ipv4-psk-ikev2" #3 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:41.811658: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Sep 21 07:16:41.811666: | #3 spent 0.0678 milliseconds in resume sending helper answer Sep 21 07:16:41.811670: | stop processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in resume_handler() at server.c:833) Sep 21 07:16:41.811673: | libevent_free: release ptr-libevent@0x7feef0006900 Sep 21 07:16:41.811676: | processing signal PLUTO_SIGCHLD Sep 21 07:16:41.811681: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:41.811685: | spent 0.00502 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:41.811689: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:16:41.811694: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in callback_handler() at server.c:904) Sep 21 07:16:41.811699: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:41.811704: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:16:41.811709: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:16:41.811715: | **emit ISAKMP Message: Sep 21 07:16:41.811717: | initiator cookie: Sep 21 07:16:41.811720: | e2 89 18 1d 52 8d ca 70 Sep 21 07:16:41.811722: | responder cookie: Sep 21 07:16:41.811725: | 77 7a c6 a2 02 ee bc 1f Sep 21 07:16:41.811727: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:41.811730: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:41.811733: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:16:41.811738: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:41.811741: | Message ID: 2 (0x2) Sep 21 07:16:41.811744: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:41.811747: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:41.811750: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:41.811752: | flags: none (0x0) Sep 21 07:16:41.811755: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:41.811758: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:16:41.811762: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:41.811788: | netlink_get_spi: allocated 0xdbbe5c30 for esp.0@192.1.3.209 Sep 21 07:16:41.811794: | Emitting ikev2_proposals ... Sep 21 07:16:41.811796: | ****emit IKEv2 Security Association Payload: Sep 21 07:16:41.811799: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:41.811801: | flags: none (0x0) Sep 21 07:16:41.811805: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:41.811808: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:41.811810: | discarding INTEG=NONE Sep 21 07:16:41.811813: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:41.811816: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:41.811818: | prop #: 1 (0x1) Sep 21 07:16:41.811821: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:41.811823: | spi size: 4 (0x4) Sep 21 07:16:41.811826: | # transforms: 3 (0x3) Sep 21 07:16:41.811829: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:41.811832: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:41.811834: | our spi db be 5c 30 Sep 21 07:16:41.811837: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.811840: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.811842: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:41.811845: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:41.811848: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.811851: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:41.811854: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:41.811856: | length/value: 256 (0x100) Sep 21 07:16:41.811859: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:41.811861: | discarding INTEG=NONE Sep 21 07:16:41.811864: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.811866: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.811869: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.811871: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:41.811875: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.811877: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.811880: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.811883: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.811885: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:41.811887: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:41.811890: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:41.811893: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.811898: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.811900: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.811903: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:16:41.811906: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:41.811908: | discarding INTEG=NONE Sep 21 07:16:41.811911: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:41.811913: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:41.811915: | prop #: 2 (0x2) Sep 21 07:16:41.811918: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:41.811920: | spi size: 4 (0x4) Sep 21 07:16:41.811923: | # transforms: 3 (0x3) Sep 21 07:16:41.811926: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:41.811928: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:41.811932: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:41.811934: | our spi db be 5c 30 Sep 21 07:16:41.811936: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.811939: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.811941: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:41.811944: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:41.811947: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.811949: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:41.811952: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:41.811955: | length/value: 128 (0x80) Sep 21 07:16:41.811957: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:41.811960: | discarding INTEG=NONE Sep 21 07:16:41.811962: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.811965: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.811967: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.811970: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:41.811973: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.811975: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.811978: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.811980: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.811983: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:41.811985: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:41.811988: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:41.811991: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.811993: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.811996: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.811999: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:16:41.812001: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:41.812004: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:41.812006: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:41.812009: | prop #: 3 (0x3) Sep 21 07:16:41.812011: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:41.812013: | spi size: 4 (0x4) Sep 21 07:16:41.812017: | # transforms: 5 (0x5) Sep 21 07:16:41.812020: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:41.812023: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:41.812026: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:41.812029: | our spi db be 5c 30 Sep 21 07:16:41.812031: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.812034: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.812036: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:41.812039: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:41.812041: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.812044: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:41.812047: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:41.812049: | length/value: 256 (0x100) Sep 21 07:16:41.812052: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:41.812054: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.812057: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.812059: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:41.812062: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:41.812065: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.812068: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.812070: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.812072: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.812075: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.812078: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:41.812080: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:41.812083: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.812086: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.812089: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.812091: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.812093: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.812096: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.812098: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:41.812101: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.812104: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.812107: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.812109: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.812111: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:41.812114: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:41.812116: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:41.812119: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.812122: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.812125: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.812128: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:16:41.812131: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:41.812134: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:41.812136: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:41.812138: | prop #: 4 (0x4) Sep 21 07:16:41.812141: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:41.812143: | spi size: 4 (0x4) Sep 21 07:16:41.812146: | # transforms: 5 (0x5) Sep 21 07:16:41.812149: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:41.812152: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:41.812155: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:41.812157: | our spi db be 5c 30 Sep 21 07:16:41.812159: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.812162: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.812164: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:41.812167: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:41.812169: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.812172: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:41.812175: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:41.812177: | length/value: 128 (0x80) Sep 21 07:16:41.812180: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:41.812182: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.812184: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.812187: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:41.812189: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:41.812192: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.812195: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.812198: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.812200: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.812203: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.812205: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:41.812208: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:41.812211: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.812214: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.812216: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.812219: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.812221: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.812224: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.812226: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:41.812229: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.812232: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.812234: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.812237: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.812239: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:41.812242: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:41.812245: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:41.812248: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.812251: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.812254: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.812256: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:16:41.812259: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:41.812262: | emitting length of IKEv2 Security Association Payload: 196 Sep 21 07:16:41.812264: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:41.812268: "westnet-eastnet-ipv4-psk-ikev2" #3: CHILD SA to rekey #2 vanished abort this exchange Sep 21 07:16:41.812270: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Sep 21 07:16:41.812276: | [RE]START processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:41.812279: | #3 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Sep 21 07:16:41.812442: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Sep 21 07:16:41.812451: | stop processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:16:41.812456: | resume processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:16:41.812461: | #1 spent 0.659 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:16:41.812466: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in callback_handler() at server.c:908) Sep 21 07:16:41.812469: | libevent_free: release ptr-libevent@0x55cee7737a10 Sep 21 07:16:41.825188: | spent 0.00267 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:41.825209: | *received 65 bytes from 192.1.2.23:4500 on eth0 (192.1.3.209:4500) Sep 21 07:16:41.825212: | e2 89 18 1d 52 8d ca 70 77 7a c6 a2 02 ee bc 1f Sep 21 07:16:41.825215: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Sep 21 07:16:41.825218: | 93 65 82 08 87 45 a6 ba 97 af a1 1b d1 a6 d8 c8 Sep 21 07:16:41.825220: | d6 5e ab f8 49 42 6e b4 29 76 67 f2 ff 5f f9 cf Sep 21 07:16:41.825222: | af Sep 21 07:16:41.825227: | start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378) Sep 21 07:16:41.825231: | **parse ISAKMP Message: Sep 21 07:16:41.825233: | initiator cookie: Sep 21 07:16:41.825235: | e2 89 18 1d 52 8d ca 70 Sep 21 07:16:41.825238: | responder cookie: Sep 21 07:16:41.825240: | 77 7a c6 a2 02 ee bc 1f Sep 21 07:16:41.825243: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:41.825246: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:41.825248: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:41.825251: | flags: none (0x0) Sep 21 07:16:41.825254: | Message ID: 1 (0x1) Sep 21 07:16:41.825256: | length: 65 (0x41) Sep 21 07:16:41.825259: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:16:41.825263: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:16:41.825267: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:16:41.825273: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:41.825277: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:16:41.825282: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:16:41.825384: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:16:41.825390: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Sep 21 07:16:41.825393: | unpacking clear payload Sep 21 07:16:41.825395: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:41.825398: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:41.825401: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:16:41.825404: | flags: none (0x0) Sep 21 07:16:41.825406: | length: 37 (0x25) Sep 21 07:16:41.825409: | processing payload: ISAKMP_NEXT_v2SK (len=33) Sep 21 07:16:41.825414: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:16:41.825417: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:16:41.825431: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:16:41.825434: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:16:41.825437: | **parse IKEv2 Delete Payload: Sep 21 07:16:41.825440: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:41.825443: | flags: none (0x0) Sep 21 07:16:41.825445: | length: 8 (0x8) Sep 21 07:16:41.825448: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:16:41.825450: | SPI size: 0 (0x0) Sep 21 07:16:41.825453: | number of SPIs: 0 (0x0) Sep 21 07:16:41.825455: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:16:41.825458: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:16:41.825460: | Now let's proceed with state specific processing Sep 21 07:16:41.825463: | calling processor I3: INFORMATIONAL Request Sep 21 07:16:41.825467: | an informational request should send a response Sep 21 07:16:41.825472: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:16:41.825475: | **emit ISAKMP Message: Sep 21 07:16:41.825477: | initiator cookie: Sep 21 07:16:41.825480: | e2 89 18 1d 52 8d ca 70 Sep 21 07:16:41.825482: | responder cookie: Sep 21 07:16:41.825485: | 77 7a c6 a2 02 ee bc 1f Sep 21 07:16:41.825487: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:41.825490: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:41.825493: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:41.825496: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:16:41.825498: | Message ID: 1 (0x1) Sep 21 07:16:41.825501: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:41.825504: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:41.825507: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:41.825510: | flags: none (0x0) Sep 21 07:16:41.825513: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:41.825516: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:41.825519: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:41.825524: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:41.825528: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:41.825531: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:41.825533: | emitting length of IKEv2 Encryption Payload: 29 Sep 21 07:16:41.825536: | emitting length of ISAKMP Message: 57 Sep 21 07:16:41.825547: | sending 61 bytes for reply packet for process_encrypted_informational_ikev2 through eth0 from 192.1.3.209:4500 to 192.1.2.23:4500 (using #1) Sep 21 07:16:41.825550: | 00 00 00 00 e2 89 18 1d 52 8d ca 70 77 7a c6 a2 Sep 21 07:16:41.825553: | 02 ee bc 1f 2e 20 25 28 00 00 00 01 00 00 00 39 Sep 21 07:16:41.825557: | 00 00 00 1d 8d 84 11 9b 7c e0 e4 42 40 bf f0 93 Sep 21 07:16:41.825559: | d5 fd 8a 7d 38 b5 22 d2 61 e1 e7 53 e2 Sep 21 07:16:41.825595: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:16:41.825601: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:16:41.825606: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:16:41.825609: | pstats #3 ikev2.child deleted other Sep 21 07:16:41.825613: | #3 spent 1.1 milliseconds in total Sep 21 07:16:41.825618: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in delete_state() at state.c:879) Sep 21 07:16:41.825623: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in delete_state() at state.c:879) Sep 21 07:16:41.825627: "westnet-eastnet-ipv4-psk-ikev2" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.028s and NOT sending notification Sep 21 07:16:41.825630: | child state #3: CHILDSA_DEL(informational) => delete Sep 21 07:16:41.825633: | state #3 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:16:41.825637: | libevent_free: release ptr-libevent@0x55cee7735620 Sep 21 07:16:41.825640: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55cee7735540 Sep 21 07:16:41.825644: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:16:41.825651: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.3.209 (raw_eroute) Sep 21 07:16:41.825664: | raw_eroute result=success Sep 21 07:16:41.825668: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:16:41.825671: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Sep 21 07:16:41.825674: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:16:41.825689: | stop processing: state #3 from 192.1.2.23:4500 (in delete_state() at state.c:1143) Sep 21 07:16:41.825694: | resume processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in delete_state() at state.c:1143) Sep 21 07:16:41.825698: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:16:41.825701: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:16:41.825704: | pstats #1 ikev2.ike deleted completed Sep 21 07:16:41.825708: | #1 spent 9.57 milliseconds in total Sep 21 07:16:41.825712: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in delete_state() at state.c:879) Sep 21 07:16:41.825716: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting state (STATE_IKESA_DEL) aged 3.918s and NOT sending notification Sep 21 07:16:41.825719: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:16:41.826467: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:16:41.826479: | libevent_free: release ptr-libevent@0x55cee7735800 Sep 21 07:16:41.826483: | free_event_entry: release EVENT_SA_REKEY-pe@0x55cee77357c0 Sep 21 07:16:41.826486: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:16:41.826489: | picked newest_isakmp_sa #0 for #1 Sep 21 07:16:41.826492: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:16:41.826495: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 0 seconds Sep 21 07:16:41.826499: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:16:41.826503: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:16:41.826506: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:16:41.826509: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:16:41.826528: | stop processing: state #1 from 192.1.2.23:4500 (in delete_state() at state.c:1143) Sep 21 07:16:41.826546: | in statetime_stop() and could not find #1 Sep 21 07:16:41.826549: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:41.826553: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Sep 21 07:16:41.826556: | STF_OK but no state object remains Sep 21 07:16:41.826559: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:41.826561: | in statetime_stop() and could not find #1 Sep 21 07:16:41.826566: | stop processing: from 192.1.2.23:4500 (in process_md() at demux.c:380) Sep 21 07:16:41.826569: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:41.826572: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:41.826579: | spent 0.586 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:41.826586: | processing global timer EVENT_REVIVE_CONNS Sep 21 07:16:41.826590: Initiating connection westnet-eastnet-ipv4-psk-ikev2 which received a Delete/Notify but must remain up per local policy Sep 21 07:16:41.826593: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:41.826597: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:16:41.826600: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Sep 21 07:16:41.826603: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:16:41.826606: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:41.826613: | creating state object #4 at 0x55cee773cc60 Sep 21 07:16:41.826616: | State DB: adding IKEv2 state #4 in UNDEFINED Sep 21 07:16:41.826622: | pstats #4 ikev2.ike started Sep 21 07:16:41.826626: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:16:41.826629: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:16:41.826635: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:41.826642: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:41.826647: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:41.826650: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:16:41.826655: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #4 "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:16:41.826659: "westnet-eastnet-ipv4-psk-ikev2" #4: initiating v2 parent SA Sep 21 07:16:41.826676: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:41.826682: | adding ikev2_outI1 KE work-order 4 for state #4 Sep 21 07:16:41.826685: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55cee77357c0 Sep 21 07:16:41.826689: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:16:41.826693: | libevent_malloc: new ptr-libevent@0x55cee7735800 size 128 Sep 21 07:16:41.826707: | #4 spent 0.109 milliseconds in ikev2_parent_outI1() Sep 21 07:16:41.826713: | RESET processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:41.826716: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:41.826718: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:16:41.826723: | spent 0.133 milliseconds in global timer EVENT_REVIVE_CONNS Sep 21 07:16:41.826733: | crypto helper 2 resuming Sep 21 07:16:41.826742: | crypto helper 2 starting work-order 4 for state #4 Sep 21 07:16:41.826747: | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Sep 21 07:16:41.827689: | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.000941 seconds Sep 21 07:16:41.827704: | (#4) spent 0.951 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Sep 21 07:16:41.827708: | crypto helper 2 sending results from work-order 4 for state #4 to event queue Sep 21 07:16:41.827711: | scheduling resume sending helper answer for #4 Sep 21 07:16:41.827714: | libevent_malloc: new ptr-libevent@0x7feee4006900 size 128 Sep 21 07:16:41.827723: | crypto helper 2 waiting (nothing to do) Sep 21 07:16:41.827733: | processing resume sending helper answer for #4 Sep 21 07:16:41.827744: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:41.827748: | crypto helper 2 replies to request ID 4 Sep 21 07:16:41.827751: | calling continuation function 0x55cee6172630 Sep 21 07:16:41.827754: | ikev2_parent_outI1_continue for #4 Sep 21 07:16:41.827759: | **emit ISAKMP Message: Sep 21 07:16:41.827762: | initiator cookie: Sep 21 07:16:41.827765: | eb cb e2 6a 13 f7 47 3e Sep 21 07:16:41.827767: | responder cookie: Sep 21 07:16:41.827769: | 00 00 00 00 00 00 00 00 Sep 21 07:16:41.827772: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:41.827775: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:41.827778: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:41.827781: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:41.827802: | Message ID: 0 (0x0) Sep 21 07:16:41.827809: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:41.827862: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:41.827868: | Emitting ikev2_proposals ... Sep 21 07:16:41.827871: | ***emit IKEv2 Security Association Payload: Sep 21 07:16:41.827874: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:41.827877: | flags: none (0x0) Sep 21 07:16:41.827880: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:41.827884: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:41.827887: | discarding INTEG=NONE Sep 21 07:16:41.827889: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:41.827892: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:41.827895: | prop #: 1 (0x1) Sep 21 07:16:41.827897: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:41.827908: | spi size: 0 (0x0) Sep 21 07:16:41.827925: | # transforms: 11 (0xb) Sep 21 07:16:41.827929: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:41.827932: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.827934: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.827936: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:41.827938: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:41.827941: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.827943: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:41.827945: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:41.827947: | length/value: 256 (0x100) Sep 21 07:16:41.827949: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:41.827951: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.827953: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.827955: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:41.827957: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:41.827960: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.827962: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.827964: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.827966: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.827968: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.827970: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:41.827972: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:41.827974: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.827977: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.827979: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.827980: | discarding INTEG=NONE Sep 21 07:16:41.827982: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.827984: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.827987: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.827989: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:41.827992: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.827994: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.827997: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.827999: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828001: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828003: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828005: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:41.828008: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828010: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828013: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828015: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828017: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828019: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828026: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:41.828029: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828032: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828035: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828037: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828039: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828041: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828044: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:41.828046: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828049: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828052: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828054: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828056: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828059: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828061: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:41.828064: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828067: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828069: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828072: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828074: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828077: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828079: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:41.828082: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828084: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828087: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828090: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828092: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828095: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828097: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:41.828100: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828103: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828105: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828107: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828110: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:41.828112: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828115: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:41.828118: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828121: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828123: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828128: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:41.828131: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:41.828133: | discarding INTEG=NONE Sep 21 07:16:41.828136: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:41.828139: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:41.828141: | prop #: 2 (0x2) Sep 21 07:16:41.828144: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:41.828146: | spi size: 0 (0x0) Sep 21 07:16:41.828149: | # transforms: 11 (0xb) Sep 21 07:16:41.828152: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:41.828155: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:41.828158: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828160: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828163: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:41.828165: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:41.828168: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828170: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:41.828174: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:41.828176: | length/value: 128 (0x80) Sep 21 07:16:41.828179: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:41.828182: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828184: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828187: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:41.828190: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:41.828193: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828196: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828198: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828201: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828204: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828206: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:41.828208: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:41.828211: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828214: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828217: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828219: | discarding INTEG=NONE Sep 21 07:16:41.828222: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828224: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828227: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828229: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:41.828232: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828235: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828238: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828240: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828243: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828246: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828248: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:41.828253: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828257: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828260: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828262: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828264: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828267: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828270: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:41.828273: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828276: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828278: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828281: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828284: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828286: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828289: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:41.828291: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828294: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828297: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828300: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828302: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828305: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828307: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:41.828310: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828313: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828316: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828318: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828321: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828323: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828325: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:41.828329: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828331: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828334: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828337: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828339: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828341: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828344: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:41.828347: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828350: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828352: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828355: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828360: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:41.828362: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828365: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:41.828368: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828371: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828373: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828376: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:41.828379: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:41.828382: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:41.828384: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:41.828386: | prop #: 3 (0x3) Sep 21 07:16:41.828389: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:41.828391: | spi size: 0 (0x0) Sep 21 07:16:41.828393: | # transforms: 13 (0xd) Sep 21 07:16:41.828396: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:41.828399: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:41.828402: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828405: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828407: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:41.828410: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:41.828412: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828415: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:41.828418: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:41.828420: | length/value: 256 (0x100) Sep 21 07:16:41.828423: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:41.828425: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828428: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828430: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:41.828433: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:41.828436: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828438: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828441: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828443: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828446: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828448: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:41.828451: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:41.828453: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828456: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828459: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828462: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828464: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828467: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:41.828469: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:41.828472: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828476: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828479: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828481: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828484: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828486: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:41.828488: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:41.828491: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828494: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828497: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828499: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828502: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828504: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828506: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:41.828509: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828512: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828514: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828517: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828519: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828522: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828524: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:41.828527: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828530: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828532: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828534: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828536: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828539: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828541: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:41.828544: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828547: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828550: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828552: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828554: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828557: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828559: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:41.828562: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828564: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828567: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828569: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828571: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828573: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828577: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:41.828580: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828583: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828585: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828587: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828589: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828591: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828594: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:41.828597: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828599: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828602: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828604: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828606: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828608: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828610: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:41.828613: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828616: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828618: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828620: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828622: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:41.828624: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828626: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:41.828629: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828632: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828635: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828637: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:41.828640: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:41.828642: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:41.828645: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:41.828647: | prop #: 4 (0x4) Sep 21 07:16:41.828650: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:41.828652: | spi size: 0 (0x0) Sep 21 07:16:41.828655: | # transforms: 13 (0xd) Sep 21 07:16:41.828658: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:41.828661: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:41.828663: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828665: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828667: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:41.828669: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:41.828671: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828674: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:41.828678: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:41.828681: | length/value: 128 (0x80) Sep 21 07:16:41.828683: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:41.828686: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828688: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828690: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:41.828693: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:41.828696: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828698: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828701: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828703: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828706: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828708: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:41.828711: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:41.828714: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828717: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828719: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828722: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828724: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828726: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:41.828729: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:41.828732: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828735: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828738: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828740: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828742: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828744: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:41.828747: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:41.828749: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828752: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828755: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828757: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828759: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828761: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828763: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:41.828766: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828769: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828771: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828773: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828775: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828777: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828780: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:41.828917: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828926: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828930: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828932: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828935: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828938: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828941: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:41.828944: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828947: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828950: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828953: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828955: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828958: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828961: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:41.828964: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828967: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828969: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828972: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828975: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828977: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828980: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:41.828983: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828986: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.828989: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.828991: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.828994: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.828997: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.828999: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:41.829002: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.829005: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.829007: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.829010: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.829012: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.829015: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.829017: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:41.829021: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.829023: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.829026: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.829029: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:41.829032: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:41.829036: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:41.829039: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:41.829042: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:41.829045: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:41.829047: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:41.829050: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:41.829053: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:41.829056: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:16:41.829059: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:41.829062: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:16:41.829065: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:41.829068: | flags: none (0x0) Sep 21 07:16:41.829071: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:41.829074: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:41.829077: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:41.829080: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:41.829084: | ikev2 g^x 20 51 8e 5f ae 30 8b 20 ad c8 dc a2 25 74 a2 7b Sep 21 07:16:41.829086: | ikev2 g^x df 11 60 d6 51 ba f8 f9 eb 76 ea c0 77 a4 68 fe Sep 21 07:16:41.829089: | ikev2 g^x 8a 4f 53 24 35 86 3b 9e 38 f6 33 5a 4d 60 5a d5 Sep 21 07:16:41.829091: | ikev2 g^x 30 83 09 8c d4 0b 64 af 9a 58 92 e1 c8 68 b7 10 Sep 21 07:16:41.829093: | ikev2 g^x ff 42 5e 75 df 8d c7 09 98 5f 56 05 33 df cc 20 Sep 21 07:16:41.829096: | ikev2 g^x 97 75 7d 8e 19 2e ef b7 c3 a6 6c bb 50 34 55 c0 Sep 21 07:16:41.829098: | ikev2 g^x 97 bc b9 87 83 54 5f 70 7b 21 49 9c 53 c6 11 33 Sep 21 07:16:41.829100: | ikev2 g^x f3 a1 55 ba fa f9 00 b8 b3 2b d8 ba 4b 4d 2c 28 Sep 21 07:16:41.829103: | ikev2 g^x 85 9c 8c 8b de 5a f7 39 88 fc 1f de 74 44 69 54 Sep 21 07:16:41.829105: | ikev2 g^x a9 49 f9 2e 00 34 e7 93 b5 fd 26 ef 89 95 5e a6 Sep 21 07:16:41.829108: | ikev2 g^x 7b be 92 67 1b 08 ff 6a d2 f2 3f b1 f4 81 8b 0e Sep 21 07:16:41.829110: | ikev2 g^x 48 1d 95 d1 17 6e d7 a7 67 79 13 cf 24 47 4c 63 Sep 21 07:16:41.829113: | ikev2 g^x 8f 48 a6 b6 22 6e f3 8e c8 47 ac 81 c0 40 46 21 Sep 21 07:16:41.829115: | ikev2 g^x e6 5c 0d 8a e9 1d 75 01 99 b0 8b 50 7a 31 bc 1b Sep 21 07:16:41.829118: | ikev2 g^x e9 4b 8d 88 af 9e d2 19 41 29 18 4e 59 d5 8a cb Sep 21 07:16:41.829120: | ikev2 g^x 99 a3 ca 6f b2 07 82 6c 87 10 07 e7 84 32 d7 45 Sep 21 07:16:41.829123: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:16:41.829125: | ***emit IKEv2 Nonce Payload: Sep 21 07:16:41.829128: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:41.829131: | flags: none (0x0) Sep 21 07:16:41.829134: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:16:41.829137: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:41.829140: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:41.829143: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:41.829146: | IKEv2 nonce 86 92 57 00 6a 62 df 5e 9c a2 f2 aa 6b a0 09 a8 Sep 21 07:16:41.829148: | IKEv2 nonce 29 69 08 4c 86 3c 3b 03 28 a9 ed ad 81 23 85 a6 Sep 21 07:16:41.829151: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:41.829155: | Adding a v2N Payload Sep 21 07:16:41.829158: | ***emit IKEv2 Notify Payload: Sep 21 07:16:41.829161: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:41.829163: | flags: none (0x0) Sep 21 07:16:41.829166: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:41.829169: | SPI size: 0 (0x0) Sep 21 07:16:41.829172: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:41.829175: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:41.829178: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:41.829181: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:16:41.829184: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:16:41.829187: | natd_hash: rcookie is zero Sep 21 07:16:41.829206: | natd_hash: hasher=0x55cee62487a0(20) Sep 21 07:16:41.829210: | natd_hash: icookie= eb cb e2 6a 13 f7 47 3e Sep 21 07:16:41.829212: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:41.829215: | natd_hash: ip= c0 01 03 d1 Sep 21 07:16:41.829217: | natd_hash: port= 01 f4 Sep 21 07:16:41.829220: | natd_hash: hash= 19 b1 44 8b 0b 3a 58 17 b0 8a 72 5c 58 32 f5 75 Sep 21 07:16:41.829222: | natd_hash: hash= 73 11 b6 da Sep 21 07:16:41.829224: | Adding a v2N Payload Sep 21 07:16:41.829227: | ***emit IKEv2 Notify Payload: Sep 21 07:16:41.829229: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:41.829232: | flags: none (0x0) Sep 21 07:16:41.829234: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:41.829237: | SPI size: 0 (0x0) Sep 21 07:16:41.829240: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:41.829243: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:41.829246: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:41.829249: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:41.829252: | Notify data 19 b1 44 8b 0b 3a 58 17 b0 8a 72 5c 58 32 f5 75 Sep 21 07:16:41.829254: | Notify data 73 11 b6 da Sep 21 07:16:41.829257: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:41.829259: | natd_hash: rcookie is zero Sep 21 07:16:41.829266: | natd_hash: hasher=0x55cee62487a0(20) Sep 21 07:16:41.829269: | natd_hash: icookie= eb cb e2 6a 13 f7 47 3e Sep 21 07:16:41.829271: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:41.829273: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:41.829275: | natd_hash: port= 01 f4 Sep 21 07:16:41.829278: | natd_hash: hash= 32 c3 eb cf 19 98 21 9f 16 65 93 bf 84 ba e6 fd Sep 21 07:16:41.829280: | natd_hash: hash= f9 b3 68 ea Sep 21 07:16:41.829282: | Adding a v2N Payload Sep 21 07:16:41.829284: | ***emit IKEv2 Notify Payload: Sep 21 07:16:41.829287: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:41.829289: | flags: none (0x0) Sep 21 07:16:41.829292: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:41.829294: | SPI size: 0 (0x0) Sep 21 07:16:41.829296: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:41.829299: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:41.829302: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:41.829305: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:41.829307: | Notify data 32 c3 eb cf 19 98 21 9f 16 65 93 bf 84 ba e6 fd Sep 21 07:16:41.829310: | Notify data f9 b3 68 ea Sep 21 07:16:41.829312: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:41.829315: | emitting length of ISAKMP Message: 828 Sep 21 07:16:41.829322: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:16:41.829332: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:41.829336: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:16:41.829339: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:16:41.829343: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:16:41.829346: | Message ID: updating counters for #4 to 4294967295 after switching state Sep 21 07:16:41.829349: | Message ID: IKE #4 skipping update_recv as MD is fake Sep 21 07:16:41.829354: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:41.829358: "westnet-eastnet-ipv4-psk-ikev2" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:41.829363: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) Sep 21 07:16:41.829369: | sending 828 bytes for STATE_PARENT_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #4) Sep 21 07:16:41.829372: | eb cb e2 6a 13 f7 47 3e 00 00 00 00 00 00 00 00 Sep 21 07:16:41.829374: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:16:41.829377: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:16:41.829379: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:16:41.829381: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:16:41.829384: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:16:41.829386: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:16:41.829388: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:16:41.829390: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:16:41.829393: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:16:41.829395: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:16:41.829397: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:16:41.829400: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:16:41.829402: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:16:41.829404: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:16:41.829407: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:16:41.829409: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:16:41.829411: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:16:41.829414: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:16:41.829416: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:16:41.829418: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:16:41.829420: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:16:41.829423: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:16:41.829425: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:16:41.829427: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:16:41.829430: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:16:41.829432: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:16:41.829434: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:16:41.829437: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:16:41.829439: | 28 00 01 08 00 0e 00 00 20 51 8e 5f ae 30 8b 20 Sep 21 07:16:41.829441: | ad c8 dc a2 25 74 a2 7b df 11 60 d6 51 ba f8 f9 Sep 21 07:16:41.829444: | eb 76 ea c0 77 a4 68 fe 8a 4f 53 24 35 86 3b 9e Sep 21 07:16:41.829446: | 38 f6 33 5a 4d 60 5a d5 30 83 09 8c d4 0b 64 af Sep 21 07:16:41.829448: | 9a 58 92 e1 c8 68 b7 10 ff 42 5e 75 df 8d c7 09 Sep 21 07:16:41.829449: | 98 5f 56 05 33 df cc 20 97 75 7d 8e 19 2e ef b7 Sep 21 07:16:41.829451: | c3 a6 6c bb 50 34 55 c0 97 bc b9 87 83 54 5f 70 Sep 21 07:16:41.829454: | 7b 21 49 9c 53 c6 11 33 f3 a1 55 ba fa f9 00 b8 Sep 21 07:16:41.829458: | b3 2b d8 ba 4b 4d 2c 28 85 9c 8c 8b de 5a f7 39 Sep 21 07:16:41.829461: | 88 fc 1f de 74 44 69 54 a9 49 f9 2e 00 34 e7 93 Sep 21 07:16:41.829463: | b5 fd 26 ef 89 95 5e a6 7b be 92 67 1b 08 ff 6a Sep 21 07:16:41.829465: | d2 f2 3f b1 f4 81 8b 0e 48 1d 95 d1 17 6e d7 a7 Sep 21 07:16:41.829468: | 67 79 13 cf 24 47 4c 63 8f 48 a6 b6 22 6e f3 8e Sep 21 07:16:41.829470: | c8 47 ac 81 c0 40 46 21 e6 5c 0d 8a e9 1d 75 01 Sep 21 07:16:41.829472: | 99 b0 8b 50 7a 31 bc 1b e9 4b 8d 88 af 9e d2 19 Sep 21 07:16:41.829475: | 41 29 18 4e 59 d5 8a cb 99 a3 ca 6f b2 07 82 6c Sep 21 07:16:41.829477: | 87 10 07 e7 84 32 d7 45 29 00 00 24 86 92 57 00 Sep 21 07:16:41.829479: | 6a 62 df 5e 9c a2 f2 aa 6b a0 09 a8 29 69 08 4c Sep 21 07:16:41.829481: | 86 3c 3b 03 28 a9 ed ad 81 23 85 a6 29 00 00 08 Sep 21 07:16:41.829484: | 00 00 40 2e 29 00 00 1c 00 00 40 04 19 b1 44 8b Sep 21 07:16:41.829486: | 0b 3a 58 17 b0 8a 72 5c 58 32 f5 75 73 11 b6 da Sep 21 07:16:41.829488: | 00 00 00 1c 00 00 40 05 32 c3 eb cf 19 98 21 9f Sep 21 07:16:41.829490: | 16 65 93 bf 84 ba e6 fd f9 b3 68 ea Sep 21 07:16:41.829535: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:41.829541: | libevent_free: release ptr-libevent@0x55cee7735800 Sep 21 07:16:41.829544: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55cee77357c0 Sep 21 07:16:41.829547: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:16:41.829550: "westnet-eastnet-ipv4-psk-ikev2" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:16:41.829554: | event_schedule: new EVENT_RETRANSMIT-pe@0x55cee77357c0 Sep 21 07:16:41.829558: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #4 Sep 21 07:16:41.829561: | libevent_malloc: new ptr-libevent@0x55cee7735800 size 128 Sep 21 07:16:41.829567: | #4 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48848.197818 Sep 21 07:16:41.829571: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Sep 21 07:16:41.829577: | #4 spent 1.61 milliseconds in resume sending helper answer Sep 21 07:16:41.829582: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:41.829586: | libevent_free: release ptr-libevent@0x7feee4006900 Sep 21 07:16:42.501110: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:42.501136: shutting down Sep 21 07:16:42.501145: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:16:42.501149: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:16:42.501156: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:42.501158: forgetting secrets Sep 21 07:16:42.501162: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:42.501167: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in delete_connection() at connections.c:189) Sep 21 07:16:42.501171: | removing pending policy for no connection {0x55cee771a9d0} Sep 21 07:16:42.501174: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:16:42.501177: | pass 0 Sep 21 07:16:42.501180: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:42.501183: | state #4 Sep 21 07:16:42.501187: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:16:42.501193: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:16:42.501196: | pstats #4 ikev2.ike deleted other Sep 21 07:16:42.501201: | #4 spent 2.67 milliseconds in total Sep 21 07:16:42.501210: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:42.501220: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting state (STATE_PARENT_I1) aged 0.674s and NOT sending notification Sep 21 07:16:42.501223: | parent state #4: PARENT_I1(half-open IKE SA) => delete Sep 21 07:16:42.501226: | state #4 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:42.501229: | #4 STATE_PARENT_I1: retransmits: cleared Sep 21 07:16:42.501234: | libevent_free: release ptr-libevent@0x55cee7735800 Sep 21 07:16:42.501237: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55cee77357c0 Sep 21 07:16:42.501240: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:16:42.501243: | picked newest_isakmp_sa #0 for #4 Sep 21 07:16:42.501246: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:16:42.501250: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 5 seconds Sep 21 07:16:42.501253: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Sep 21 07:16:42.501260: | stop processing: connection "westnet-eastnet-ipv4-psk-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:16:42.501263: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:16:42.501265: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:16:42.501268: | State DB: deleting IKEv2 state #4 in PARENT_I1 Sep 21 07:16:42.501272: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:16:42.501290: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:42.501295: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:16:42.501297: | pass 1 Sep 21 07:16:42.501299: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:42.501305: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:16:42.501309: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:16:42.501312: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:16:42.501536: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:16:42.501551: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:42.501555: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:42.501558: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:16:42.501562: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL Sep 21 07:16:42.501565: | running updown command "ipsec _updown" for verb unroute Sep 21 07:16:42.501568: | command executing unroute-client Sep 21 07:16:42.501597: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' Sep 21 07:16:42.501603: | popen cmd is 1049 chars long Sep 21 07:16:42.501606: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:16:42.501609: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME=': Sep 21 07:16:42.501612: | cmd( 160):192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_C: Sep 21 07:16:42.501615: | cmd( 240):LIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLU: Sep 21 07:16:42.501617: | cmd( 320):TO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1: Sep 21 07:16:42.501620: | cmd( 400):.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_: Sep 21 07:16:42.501622: | cmd( 480):NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO: Sep 21 07:16:42.501625: | cmd( 560):_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO: Sep 21 07:16:42.501627: | cmd( 640):_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+E: Sep 21 07:16:42.501630: | cmd( 720):SN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=: Sep 21 07:16:42.501633: | cmd( 800):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO: Sep 21 07:16:42.501635: | cmd( 880):_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0: Sep 21 07:16:42.501638: | cmd( 960):' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _up: Sep 21 07:16:42.501640: | cmd(1040):down 2>&1: Sep 21 07:16:42.524770: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.524794: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.524799: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.524808: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.524820: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.524831: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.524844: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.524856: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.524866: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.524879: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.524891: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.524905: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.524916: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.524928: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.524940: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.524951: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.524964: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.524976: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.525310: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.525322: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.525333: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:42.530276: | free hp@0x55cee77152c0 Sep 21 07:16:42.530289: | flush revival: connection 'westnet-eastnet-ipv4-psk-ikev2' revival flushed Sep 21 07:16:42.530292: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:16:42.530300: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:16:42.530302: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:16:42.530313: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:16:42.530317: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:16:42.530320: shutting down interface eth0/eth0 192.1.3.209:4500 Sep 21 07:16:42.530323: shutting down interface eth0/eth0 192.1.3.209:500 Sep 21 07:16:42.530333: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:16:42.530341: | libevent_free: release ptr-libevent@0x55cee77316d0 Sep 21 07:16:42.530344: | free_event_entry: release EVENT_NULL-pe@0x55cee771a350 Sep 21 07:16:42.530354: | libevent_free: release ptr-libevent@0x55cee77317c0 Sep 21 07:16:42.530357: | free_event_entry: release EVENT_NULL-pe@0x55cee7731780 Sep 21 07:16:42.530363: | libevent_free: release ptr-libevent@0x55cee77318b0 Sep 21 07:16:42.530365: | free_event_entry: release EVENT_NULL-pe@0x55cee7731870 Sep 21 07:16:42.530371: | libevent_free: release ptr-libevent@0x55cee77319a0 Sep 21 07:16:42.530374: | free_event_entry: release EVENT_NULL-pe@0x55cee7731960 Sep 21 07:16:42.530378: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:16:42.530781: | libevent_free: release ptr-libevent@0x55cee7730f90 Sep 21 07:16:42.530799: | free_event_entry: release EVENT_NULL-pe@0x55cee7714bd0 Sep 21 07:16:42.530803: | libevent_free: release ptr-libevent@0x55cee7726a20 Sep 21 07:16:42.530806: | free_event_entry: release EVENT_NULL-pe@0x55cee771abb0 Sep 21 07:16:42.530809: | libevent_free: release ptr-libevent@0x55cee7726990 Sep 21 07:16:42.530812: | free_event_entry: release EVENT_NULL-pe@0x55cee771abf0 Sep 21 07:16:42.530815: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:16:42.530817: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:16:42.530820: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:16:42.530822: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:16:42.530825: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:16:42.530827: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:16:42.530830: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:16:42.530832: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:16:42.530834: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:16:42.530839: | libevent_free: release ptr-libevent@0x55cee7731170 Sep 21 07:16:42.530842: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:16:42.530845: | libevent_free: release ptr-libevent@0x55cee7731250 Sep 21 07:16:42.530847: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:16:42.530850: | libevent_free: release ptr-libevent@0x55cee7731310 Sep 21 07:16:42.530853: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:16:42.530856: | libevent_free: release ptr-libevent@0x55cee7725d10 Sep 21 07:16:42.530858: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:16:42.530860: | releasing event base Sep 21 07:16:42.530872: | libevent_free: release ptr-libevent@0x55cee77313d0 Sep 21 07:16:42.530874: | libevent_free: release ptr-libevent@0x55cee76ea420 Sep 21 07:16:42.530878: | libevent_free: release ptr-libevent@0x55cee7714eb0 Sep 21 07:16:42.530881: | libevent_free: release ptr-libevent@0x55cee773c9e0 Sep 21 07:16:42.530883: | libevent_free: release ptr-libevent@0x55cee7714ed0 Sep 21 07:16:42.530886: | libevent_free: release ptr-libevent@0x55cee7731020 Sep 21 07:16:42.530889: | libevent_free: release ptr-libevent@0x55cee7731210 Sep 21 07:16:42.530891: | libevent_free: release ptr-libevent@0x55cee7715070 Sep 21 07:16:42.530893: | libevent_free: release ptr-libevent@0x55cee7715280 Sep 21 07:16:42.530896: | libevent_free: release ptr-libevent@0x55cee7719b70 Sep 21 07:16:42.530898: | libevent_free: release ptr-libevent@0x55cee7731a30 Sep 21 07:16:42.530900: | libevent_free: release ptr-libevent@0x55cee7731940 Sep 21 07:16:42.530903: | libevent_free: release ptr-libevent@0x55cee7731850 Sep 21 07:16:42.530905: | libevent_free: release ptr-libevent@0x55cee7731760 Sep 21 07:16:42.530908: | libevent_free: release ptr-libevent@0x55cee7714f60 Sep 21 07:16:42.530910: | libevent_free: release ptr-libevent@0x55cee77312f0 Sep 21 07:16:42.530912: | libevent_free: release ptr-libevent@0x55cee7731230 Sep 21 07:16:42.530915: | libevent_free: release ptr-libevent@0x55cee7731150 Sep 21 07:16:42.530917: | libevent_free: release ptr-libevent@0x55cee77313b0 Sep 21 07:16:42.530922: | libevent_free: release ptr-libevent@0x55cee7731040 Sep 21 07:16:42.530925: | libevent_free: release ptr-libevent@0x55cee7714ef0 Sep 21 07:16:42.530927: | libevent_free: release ptr-libevent@0x55cee7714f20 Sep 21 07:16:42.530930: | libevent_free: release ptr-libevent@0x55cee7714c10 Sep 21 07:16:42.530932: | releasing global libevent data Sep 21 07:16:42.530935: | libevent_free: release ptr-libevent@0x55cee7712ea0 Sep 21 07:16:42.530938: | libevent_free: release ptr-libevent@0x55cee7712ed0 Sep 21 07:16:42.530940: | libevent_free: release ptr-libevent@0x55cee7714480