Sep 21 07:16:43.769763: FIPS Product: YES
Sep 21 07:16:43.769813: FIPS Kernel: NO
Sep 21 07:16:43.769817: FIPS Mode: NO
Sep 21 07:16:43.769820: NSS DB directory: sql:/etc/ipsec.d
Sep 21 07:16:43.769986: Initializing NSS
Sep 21 07:16:43.769990: Opening NSS database "sql:/etc/ipsec.d" read-only
Sep 21 07:16:43.812581: NSS initialized
Sep 21 07:16:43.812593: NSS crypto library initialized
Sep 21 07:16:43.812595: FIPS HMAC integrity support [enabled]
Sep 21 07:16:43.812596: FIPS mode disabled for pluto daemon
Sep 21 07:16:43.893381: FIPS HMAC integrity verification self-test FAILED
Sep 21 07:16:43.893472: libcap-ng support [enabled]
Sep 21 07:16:43.893480: Linux audit support [enabled]
Sep 21 07:16:43.893517: Linux audit activated
Sep 21 07:16:43.893527: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:21637
Sep 21 07:16:43.893529: core dump dir: /tmp
Sep 21 07:16:43.893531: secrets file: /etc/ipsec.secrets
Sep 21 07:16:43.893532: leak-detective disabled
Sep 21 07:16:43.893534: NSS crypto [enabled]
Sep 21 07:16:43.893535: XAUTH PAM support [enabled]
Sep 21 07:16:43.893590: | libevent is using pluto's memory allocator
Sep 21 07:16:43.893597: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Sep 21 07:16:43.893607: | libevent_malloc: new ptr-libevent@0x5610e92485a0 size 40
Sep 21 07:16:43.893609: | libevent_malloc: new ptr-libevent@0x5610e9249850 size 40
Sep 21 07:16:43.893611: | libevent_malloc: new ptr-libevent@0x5610e9249880 size 40
Sep 21 07:16:43.893613: | creating event base
Sep 21 07:16:43.893614: | libevent_malloc: new ptr-libevent@0x5610e9249810 size 56
Sep 21 07:16:43.893616: | libevent_malloc: new ptr-libevent@0x5610e92498b0 size 664
Sep 21 07:16:43.893624: | libevent_malloc: new ptr-libevent@0x5610e9249b50 size 24
Sep 21 07:16:43.893627: | libevent_malloc: new ptr-libevent@0x5610e923b1e0 size 384
Sep 21 07:16:43.893635: | libevent_malloc: new ptr-libevent@0x5610e9249b70 size 16
Sep 21 07:16:43.893636: | libevent_malloc: new ptr-libevent@0x5610e9249b90 size 40
Sep 21 07:16:43.893638: | libevent_malloc: new ptr-libevent@0x5610e9249bc0 size 48
Sep 21 07:16:43.893642: | libevent_realloc: new ptr-libevent@0x5610e91cd370 size 256
Sep 21 07:16:43.893644: | libevent_malloc: new ptr-libevent@0x5610e9249c00 size 16
Sep 21 07:16:43.893648: | libevent_free: release ptr-libevent@0x5610e9249810
Sep 21 07:16:43.893651: | libevent initialized
Sep 21 07:16:43.893654: | libevent_realloc: new ptr-libevent@0x5610e9249c20 size 64
Sep 21 07:16:43.893658: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds
Sep 21 07:16:43.893669: | init_nat_traversal() initialized with keep_alive=0s
Sep 21 07:16:43.893671: NAT-Traversal support  [enabled]
Sep 21 07:16:43.893672: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
Sep 21 07:16:43.893677: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized
Sep 21 07:16:43.893679: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
Sep 21 07:16:43.893707: | global one-shot timer EVENT_REVIVE_CONNS initialized
Sep 21 07:16:43.893709: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
Sep 21 07:16:43.893711: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds
Sep 21 07:16:43.893745: Encryption algorithms:
Sep 21 07:16:43.893751:   AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
Sep 21 07:16:43.893754:   AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
Sep 21 07:16:43.893756:   AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
Sep 21 07:16:43.893758:   3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
Sep 21 07:16:43.893760:   CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
Sep 21 07:16:43.893766:   CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
Sep 21 07:16:43.893769:   AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
Sep 21 07:16:43.893771:   AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
Sep 21 07:16:43.893773:   AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
Sep 21 07:16:43.893775:   AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
Sep 21 07:16:43.893777:   AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
Sep 21 07:16:43.893780:   SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
Sep 21 07:16:43.893782:   TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
Sep 21 07:16:43.893805:   TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
Sep 21 07:16:43.893810:   NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_gmac
Sep 21 07:16:43.893812:   NULL                    IKEv1:     ESP     IKEv2:     ESP           []
Sep 21 07:16:43.893814:   CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
Sep 21 07:16:43.893819: Hash algorithms:
Sep 21 07:16:43.893820:   MD5                     IKEv1: IKE         IKEv2:                 
Sep 21 07:16:43.893822:   SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
Sep 21 07:16:43.893824:   SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
Sep 21 07:16:43.893826:   SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
Sep 21 07:16:43.893828:   SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
Sep 21 07:16:43.893836: PRF algorithms:
Sep 21 07:16:43.893838:   HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
Sep 21 07:16:43.893840:   HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
Sep 21 07:16:43.893842:   HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
Sep 21 07:16:43.893844:   HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
Sep 21 07:16:43.893846:   HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
Sep 21 07:16:43.893848:   AES_XCBC                IKEv1:             IKEv2: IKE               aes128_xcbc
Sep 21 07:16:43.893862: Integrity algorithms:
Sep 21 07:16:43.893865:   HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
Sep 21 07:16:43.893867:   HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
Sep 21 07:16:43.893869:   HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, sha2_512_256, hmac_sha2_512
Sep 21 07:16:43.893872:   HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, sha2_384_192, hmac_sha2_384
Sep 21 07:16:43.893874:   HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Sep 21 07:16:43.893876:   HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH      
Sep 21 07:16:43.893878:   AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH        aes_xcbc, aes128_xcbc, aes128_xcbc_96
Sep 21 07:16:43.893880:   AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
Sep 21 07:16:43.893882:   NONE                    IKEv1:     ESP     IKEv2: IKE ESP     FIPS  null
Sep 21 07:16:43.893889: DH algorithms:
Sep 21 07:16:43.893891:   NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
Sep 21 07:16:43.893893:   MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
Sep 21 07:16:43.893895:   MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
Sep 21 07:16:43.893916:   MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
Sep 21 07:16:43.893918:   MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
Sep 21 07:16:43.893920:   MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
Sep 21 07:16:43.893922:   MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
Sep 21 07:16:43.893923:   DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256, ecp256
Sep 21 07:16:43.893940:   DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384, ecp384
Sep 21 07:16:43.893942:   DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521, ecp521
Sep 21 07:16:43.893944:   DH31                    IKEv1: IKE         IKEv2: IKE ESP AH        curve25519
Sep 21 07:16:43.893946: testing CAMELLIA_CBC:
Sep 21 07:16:43.893947:   Camellia: 16 bytes with 128-bit key
Sep 21 07:16:43.894048:   Camellia: 16 bytes with 128-bit key
Sep 21 07:16:43.894068:   Camellia: 16 bytes with 256-bit key
Sep 21 07:16:43.894087:   Camellia: 16 bytes with 256-bit key
Sep 21 07:16:43.894143: testing AES_GCM_16:
Sep 21 07:16:43.894148:   empty string
Sep 21 07:16:43.894175:   one block
Sep 21 07:16:43.894206:   two blocks
Sep 21 07:16:43.894222:   two blocks with associated data
Sep 21 07:16:43.894237: testing AES_CTR:
Sep 21 07:16:43.894239:   Encrypting 16 octets using AES-CTR with 128-bit key
Sep 21 07:16:43.894255:   Encrypting 32 octets using AES-CTR with 128-bit key
Sep 21 07:16:43.894272:   Encrypting 36 octets using AES-CTR with 128-bit key
Sep 21 07:16:43.894289:   Encrypting 16 octets using AES-CTR with 192-bit key
Sep 21 07:16:43.894304:   Encrypting 32 octets using AES-CTR with 192-bit key
Sep 21 07:16:43.894320:   Encrypting 36 octets using AES-CTR with 192-bit key
Sep 21 07:16:43.894337:   Encrypting 16 octets using AES-CTR with 256-bit key
Sep 21 07:16:43.894353:   Encrypting 32 octets using AES-CTR with 256-bit key
Sep 21 07:16:43.894369:   Encrypting 36 octets using AES-CTR with 256-bit key
Sep 21 07:16:43.894386: testing AES_CBC:
Sep 21 07:16:43.894387:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Sep 21 07:16:43.894403:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Sep 21 07:16:43.894420:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Sep 21 07:16:43.894437:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Sep 21 07:16:43.894457: testing AES_XCBC:
Sep 21 07:16:43.894459:   RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input
Sep 21 07:16:43.894533:   RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input
Sep 21 07:16:43.894611:   RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input
Sep 21 07:16:43.894685:   RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input
Sep 21 07:16:43.894760:   RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input
Sep 21 07:16:43.894885:   RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input
Sep 21 07:16:43.894968:   RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input
Sep 21 07:16:43.895139:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Sep 21 07:16:43.895215:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Sep 21 07:16:43.895295:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Sep 21 07:16:43.895438: testing HMAC_MD5:
Sep 21 07:16:43.895440:   RFC 2104: MD5_HMAC test 1
Sep 21 07:16:43.895548:   RFC 2104: MD5_HMAC test 2
Sep 21 07:16:43.895642:   RFC 2104: MD5_HMAC test 3
Sep 21 07:16:43.895754: 8 CPU cores online
Sep 21 07:16:43.895757: starting up 7 crypto helpers
Sep 21 07:16:43.895786: started thread for crypto helper 0
Sep 21 07:16:43.895817: | starting up helper thread 0
Sep 21 07:16:43.895826: started thread for crypto helper 1
Sep 21 07:16:43.895830: | status value returned by setting the priority of this thread (crypto helper 0) 22
Sep 21 07:16:43.895840: | crypto helper 0 waiting (nothing to do)
Sep 21 07:16:43.895832: | starting up helper thread 1
Sep 21 07:16:43.895858: | status value returned by setting the priority of this thread (crypto helper 1) 22
Sep 21 07:16:43.895861: | crypto helper 1 waiting (nothing to do)
Sep 21 07:16:43.895842: started thread for crypto helper 2
Sep 21 07:16:43.895848: | starting up helper thread 2
Sep 21 07:16:43.895921: | status value returned by setting the priority of this thread (crypto helper 2) 22
Sep 21 07:16:43.895925: | crypto helper 2 waiting (nothing to do)
Sep 21 07:16:43.895938: started thread for crypto helper 3
Sep 21 07:16:43.895963: | starting up helper thread 3
Sep 21 07:16:43.895972: started thread for crypto helper 4
Sep 21 07:16:43.895976: | starting up helper thread 4
Sep 21 07:16:43.895986: | status value returned by setting the priority of this thread (crypto helper 4) 22
Sep 21 07:16:43.895973: | status value returned by setting the priority of this thread (crypto helper 3) 22
Sep 21 07:16:43.895989: | crypto helper 4 waiting (nothing to do)
Sep 21 07:16:43.895999: started thread for crypto helper 5
Sep 21 07:16:43.896005: | starting up helper thread 5
Sep 21 07:16:43.896005: | crypto helper 3 waiting (nothing to do)
Sep 21 07:16:43.896017: started thread for crypto helper 6
Sep 21 07:16:43.896014: | status value returned by setting the priority of this thread (crypto helper 5) 22
Sep 21 07:16:43.896025: | checking IKEv1 state table
Sep 21 07:16:43.896033: |   MAIN_R0: category: half-open IKE SA flags: 0:
Sep 21 07:16:43.896025: | crypto helper 5 waiting (nothing to do)
Sep 21 07:16:43.896020: | starting up helper thread 6
Sep 21 07:16:43.896036: |     -> MAIN_R1 EVENT_SO_DISCARD
Sep 21 07:16:43.896047: | status value returned by setting the priority of this thread (crypto helper 6) 22
Sep 21 07:16:43.896052: |   MAIN_I1: category: half-open IKE SA flags: 0:
Sep 21 07:16:43.896055: | crypto helper 6 waiting (nothing to do)
Sep 21 07:16:43.896059: |     -> MAIN_I2 EVENT_RETRANSMIT
Sep 21 07:16:43.896066: |   MAIN_R1: category: open IKE SA flags: 200:
Sep 21 07:16:43.896068: |     -> MAIN_R2 EVENT_RETRANSMIT
Sep 21 07:16:43.896070: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:16:43.896071: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:16:43.896073: |   MAIN_I2: category: open IKE SA flags: 0:
Sep 21 07:16:43.896074: |     -> MAIN_I3 EVENT_RETRANSMIT
Sep 21 07:16:43.896076: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:16:43.896077: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:16:43.896079: |   MAIN_R2: category: open IKE SA flags: 0:
Sep 21 07:16:43.896080: |     -> MAIN_R3 EVENT_SA_REPLACE
Sep 21 07:16:43.896082: |     -> MAIN_R3 EVENT_SA_REPLACE
Sep 21 07:16:43.896083: |     -> UNDEFINED EVENT_SA_REPLACE
Sep 21 07:16:43.896085: |   MAIN_I3: category: open IKE SA flags: 0:
Sep 21 07:16:43.896086: |     -> MAIN_I4 EVENT_SA_REPLACE
Sep 21 07:16:43.896088: |     -> MAIN_I4 EVENT_SA_REPLACE
Sep 21 07:16:43.896089: |     -> UNDEFINED EVENT_SA_REPLACE
Sep 21 07:16:43.896091: |   MAIN_R3: category: established IKE SA flags: 200:
Sep 21 07:16:43.896092: |     -> UNDEFINED EVENT_NULL
Sep 21 07:16:43.896094: |   MAIN_I4: category: established IKE SA flags: 0:
Sep 21 07:16:43.896095: |     -> UNDEFINED EVENT_NULL
Sep 21 07:16:43.896097: |   AGGR_R0: category: half-open IKE SA flags: 0:
Sep 21 07:16:43.896099: |     -> AGGR_R1 EVENT_SO_DISCARD
Sep 21 07:16:43.896100: |   AGGR_I1: category: half-open IKE SA flags: 0:
Sep 21 07:16:43.896102: |     -> AGGR_I2 EVENT_SA_REPLACE
Sep 21 07:16:43.896103: |     -> AGGR_I2 EVENT_SA_REPLACE
Sep 21 07:16:43.896105: |   AGGR_R1: category: open IKE SA flags: 200:
Sep 21 07:16:43.896106: |     -> AGGR_R2 EVENT_SA_REPLACE
Sep 21 07:16:43.896108: |     -> AGGR_R2 EVENT_SA_REPLACE
Sep 21 07:16:43.896109: |   AGGR_I2: category: established IKE SA flags: 200:
Sep 21 07:16:43.896111: |     -> UNDEFINED EVENT_NULL
Sep 21 07:16:43.896112: |   AGGR_R2: category: established IKE SA flags: 0:
Sep 21 07:16:43.896114: |     -> UNDEFINED EVENT_NULL
Sep 21 07:16:43.896115: |   QUICK_R0: category: established CHILD SA flags: 0:
Sep 21 07:16:43.896120: |     -> QUICK_R1 EVENT_RETRANSMIT
Sep 21 07:16:43.896121: |   QUICK_I1: category: established CHILD SA flags: 0:
Sep 21 07:16:43.896123: |     -> QUICK_I2 EVENT_SA_REPLACE
Sep 21 07:16:43.896125: |   QUICK_R1: category: established CHILD SA flags: 0:
Sep 21 07:16:43.896126: |     -> QUICK_R2 EVENT_SA_REPLACE
Sep 21 07:16:43.896128: |   QUICK_I2: category: established CHILD SA flags: 200:
Sep 21 07:16:43.896129: |     -> UNDEFINED EVENT_NULL
Sep 21 07:16:43.896131: |   QUICK_R2: category: established CHILD SA flags: 0:
Sep 21 07:16:43.896132: |     -> UNDEFINED EVENT_NULL
Sep 21 07:16:43.896134: |   INFO: category: informational flags: 0:
Sep 21 07:16:43.896135: |     -> UNDEFINED EVENT_NULL
Sep 21 07:16:43.896137: |   INFO_PROTECTED: category: informational flags: 0:
Sep 21 07:16:43.896138: |     -> UNDEFINED EVENT_NULL
Sep 21 07:16:43.896140: |   XAUTH_R0: category: established IKE SA flags: 0:
Sep 21 07:16:43.896142: |     -> XAUTH_R1 EVENT_NULL
Sep 21 07:16:43.896143: |   XAUTH_R1: category: established IKE SA flags: 0:
Sep 21 07:16:43.896145: |     -> MAIN_R3 EVENT_SA_REPLACE
Sep 21 07:16:43.896146: |   MODE_CFG_R0: category: informational flags: 0:
Sep 21 07:16:43.896148: |     -> MODE_CFG_R1 EVENT_SA_REPLACE
Sep 21 07:16:43.896149: |   MODE_CFG_R1: category: established IKE SA flags: 0:
Sep 21 07:16:43.896151: |     -> MODE_CFG_R2 EVENT_SA_REPLACE
Sep 21 07:16:43.896152: |   MODE_CFG_R2: category: established IKE SA flags: 0:
Sep 21 07:16:43.896154: |     -> UNDEFINED EVENT_NULL
Sep 21 07:16:43.896156: |   MODE_CFG_I1: category: established IKE SA flags: 0:
Sep 21 07:16:43.896157: |     -> MAIN_I4 EVENT_SA_REPLACE
Sep 21 07:16:43.896159: |   XAUTH_I0: category: established IKE SA flags: 0:
Sep 21 07:16:43.896160: |     -> XAUTH_I1 EVENT_RETRANSMIT
Sep 21 07:16:43.896162: |   XAUTH_I1: category: established IKE SA flags: 0:
Sep 21 07:16:43.896163: |     -> MAIN_I4 EVENT_RETRANSMIT
Sep 21 07:16:43.896168: | checking IKEv2 state table
Sep 21 07:16:43.896172: |   PARENT_I0: category: ignore flags: 0:
Sep 21 07:16:43.896174: |     -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT)
Sep 21 07:16:43.896176: |   PARENT_I1: category: half-open IKE SA flags: 0:
Sep 21 07:16:43.896178: |     -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification)
Sep 21 07:16:43.896179: |     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH)
Sep 21 07:16:43.896181: |   PARENT_I2: category: open IKE SA flags: 0:
Sep 21 07:16:43.896183: |     -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification)
Sep 21 07:16:43.896185: |     -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification)
Sep 21 07:16:43.896186: |     -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification)
Sep 21 07:16:43.896188: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response)
Sep 21 07:16:43.896190: |     -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification)
Sep 21 07:16:43.896191: |   PARENT_I3: category: established IKE SA flags: 0:
Sep 21 07:16:43.896193: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Request)
Sep 21 07:16:43.896195: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Response)
Sep 21 07:16:43.896196: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request)
Sep 21 07:16:43.896198: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response)
Sep 21 07:16:43.896200: |   PARENT_R0: category: half-open IKE SA flags: 0:
Sep 21 07:16:43.896201: |     -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT)
Sep 21 07:16:43.896203: |   PARENT_R1: category: half-open IKE SA flags: 0:
Sep 21 07:16:43.896205: |     -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED))
Sep 21 07:16:43.896206: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request)
Sep 21 07:16:43.896208: |   PARENT_R2: category: established IKE SA flags: 0:
Sep 21 07:16:43.896211: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request)
Sep 21 07:16:43.896213: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response)
Sep 21 07:16:43.896214: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request)
Sep 21 07:16:43.896216: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response)
Sep 21 07:16:43.896218: |   V2_CREATE_I0: category: established IKE SA flags: 0:
Sep 21 07:16:43.896219: |     -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA)
Sep 21 07:16:43.896221: |   V2_CREATE_I: category: established IKE SA flags: 0:
Sep 21 07:16:43.896223: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response)
Sep 21 07:16:43.896224: |   V2_REKEY_IKE_I0: category: established IKE SA flags: 0:
Sep 21 07:16:43.896226: |     -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey)
Sep 21 07:16:43.896228: |   V2_REKEY_IKE_I: category: established IKE SA flags: 0:
Sep 21 07:16:43.896230: |     -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response)
Sep 21 07:16:43.896231: |   V2_REKEY_CHILD_I0: category: established IKE SA flags: 0:
Sep 21 07:16:43.896233: |     -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA)
Sep 21 07:16:43.896235: |   V2_REKEY_CHILD_I: category: established IKE SA flags: 0: <none>
Sep 21 07:16:43.896237: |   V2_CREATE_R: category: established IKE SA flags: 0:
Sep 21 07:16:43.896238: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request)
Sep 21 07:16:43.896240: |   V2_REKEY_IKE_R: category: established IKE SA flags: 0:
Sep 21 07:16:43.896242: |     -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey)
Sep 21 07:16:43.896244: |   V2_REKEY_CHILD_R: category: established IKE SA flags: 0: <none>
Sep 21 07:16:43.896245: |   V2_IPSEC_I: category: established CHILD SA flags: 0: <none>
Sep 21 07:16:43.896247: |   V2_IPSEC_R: category: established CHILD SA flags: 0: <none>
Sep 21 07:16:43.896249: |   IKESA_DEL: category: established IKE SA flags: 0:
Sep 21 07:16:43.896250: |     -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
Sep 21 07:16:43.896252: |   CHILDSA_DEL: category: informational flags: 0: <none>
Sep 21 07:16:43.896293: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+
Sep 21 07:16:43.896345: | Hard-wiring algorithms
Sep 21 07:16:43.896348: | adding AES_CCM_16 to kernel algorithm db
Sep 21 07:16:43.896351: | adding AES_CCM_12 to kernel algorithm db
Sep 21 07:16:43.896352: | adding AES_CCM_8 to kernel algorithm db
Sep 21 07:16:43.896354: | adding 3DES_CBC to kernel algorithm db
Sep 21 07:16:43.896355: | adding CAMELLIA_CBC to kernel algorithm db
Sep 21 07:16:43.896357: | adding AES_GCM_16 to kernel algorithm db
Sep 21 07:16:43.896358: | adding AES_GCM_12 to kernel algorithm db
Sep 21 07:16:43.896360: | adding AES_GCM_8 to kernel algorithm db
Sep 21 07:16:43.896361: | adding AES_CTR to kernel algorithm db
Sep 21 07:16:43.896363: | adding AES_CBC to kernel algorithm db
Sep 21 07:16:43.896364: | adding SERPENT_CBC to kernel algorithm db
Sep 21 07:16:43.896366: | adding TWOFISH_CBC to kernel algorithm db
Sep 21 07:16:43.896367: | adding NULL_AUTH_AES_GMAC to kernel algorithm db
Sep 21 07:16:43.896369: | adding NULL to kernel algorithm db
Sep 21 07:16:43.896370: | adding CHACHA20_POLY1305 to kernel algorithm db
Sep 21 07:16:43.896372: | adding HMAC_MD5_96 to kernel algorithm db
Sep 21 07:16:43.896373: | adding HMAC_SHA1_96 to kernel algorithm db
Sep 21 07:16:43.896375: | adding HMAC_SHA2_512_256 to kernel algorithm db
Sep 21 07:16:43.896376: | adding HMAC_SHA2_384_192 to kernel algorithm db
Sep 21 07:16:43.896378: | adding HMAC_SHA2_256_128 to kernel algorithm db
Sep 21 07:16:43.896379: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
Sep 21 07:16:43.896381: | adding AES_XCBC_96 to kernel algorithm db
Sep 21 07:16:43.896382: | adding AES_CMAC_96 to kernel algorithm db
Sep 21 07:16:43.896384: | adding NONE to kernel algorithm db
Sep 21 07:16:43.896400: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes
Sep 21 07:16:43.896404: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
Sep 21 07:16:43.896406: | setup kernel fd callback
Sep 21 07:16:43.896408: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x5610e9253fd0
Sep 21 07:16:43.896410: | libevent_malloc: new ptr-libevent@0x5610e925b3a0 size 128
Sep 21 07:16:43.896412: | libevent_malloc: new ptr-libevent@0x5610e9249d60 size 16
Sep 21 07:16:43.896416: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x5610e924e870
Sep 21 07:16:43.896417: | libevent_malloc: new ptr-libevent@0x5610e925b430 size 128
Sep 21 07:16:43.896419: | libevent_malloc: new ptr-libevent@0x5610e924e7c0 size 16
Sep 21 07:16:43.896566: | global one-shot timer EVENT_CHECK_CRLS initialized
Sep 21 07:16:43.896571: selinux support is enabled.
Sep 21 07:16:43.896631: systemd watchdog not enabled - not sending watchdog keepalives
Sep 21 07:16:43.896758: | unbound context created - setting debug level to 5
Sep 21 07:16:43.896791: | /etc/hosts lookups activated
Sep 21 07:16:43.896806: | /etc/resolv.conf usage activated
Sep 21 07:16:43.896840: | outgoing-port-avoid set 0-65535
Sep 21 07:16:43.896857: | outgoing-port-permit set 32768-60999
Sep 21 07:16:43.896859: | Loading dnssec root key from:/var/lib/unbound/root.key
Sep 21 07:16:43.896861: | No additional dnssec trust anchors defined via dnssec-trusted= option
Sep 21 07:16:43.896863: | Setting up events, loop start
Sep 21 07:16:43.896865: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x5610e924e5c0
Sep 21 07:16:43.896867: | libevent_malloc: new ptr-libevent@0x5610e92659a0 size 128
Sep 21 07:16:43.896869: | libevent_malloc: new ptr-libevent@0x5610e9265a30 size 16
Sep 21 07:16:43.896873: | libevent_realloc: new ptr-libevent@0x5610e91cb6c0 size 256
Sep 21 07:16:43.896875: | libevent_malloc: new ptr-libevent@0x5610e9265a50 size 8
Sep 21 07:16:43.896877: | libevent_realloc: new ptr-libevent@0x5610e925a7a0 size 144
Sep 21 07:16:43.896878: | libevent_malloc: new ptr-libevent@0x5610e9265a70 size 152
Sep 21 07:16:43.896881: | libevent_malloc: new ptr-libevent@0x5610e9265b10 size 16
Sep 21 07:16:43.896883: | signal event handler PLUTO_SIGCHLD installed
Sep 21 07:16:43.896885: | libevent_malloc: new ptr-libevent@0x5610e9265b30 size 8
Sep 21 07:16:43.896886: | libevent_malloc: new ptr-libevent@0x5610e9265b50 size 152
Sep 21 07:16:43.896888: | signal event handler PLUTO_SIGTERM installed
Sep 21 07:16:43.896890: | libevent_malloc: new ptr-libevent@0x5610e9265bf0 size 8
Sep 21 07:16:43.896891: | libevent_malloc: new ptr-libevent@0x5610e9265c10 size 152
Sep 21 07:16:43.896893: | signal event handler PLUTO_SIGHUP installed
Sep 21 07:16:43.896895: | libevent_malloc: new ptr-libevent@0x5610e9265cb0 size 8
Sep 21 07:16:43.896897: | libevent_realloc: release ptr-libevent@0x5610e925a7a0
Sep 21 07:16:43.896898: | libevent_realloc: new ptr-libevent@0x5610e9265cd0 size 256
Sep 21 07:16:43.896900: | libevent_malloc: new ptr-libevent@0x5610e925a7a0 size 152
Sep 21 07:16:43.896902: | signal event handler PLUTO_SIGSYS installed
Sep 21 07:16:43.897152: | created addconn helper (pid:21735) using fork+execve
Sep 21 07:16:43.897162: | forked child 21735
Sep 21 07:16:43.897193: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:16:43.897206: | pluto_sd: executing action action: reloading(4), status 0
Sep 21 07:16:43.897211: listening for IKE messages
Sep 21 07:16:43.897242: | Inspecting interface lo 
Sep 21 07:16:43.897247: | found lo with address 127.0.0.1
Sep 21 07:16:43.897248: | Inspecting interface eth0 
Sep 21 07:16:43.897252: | found eth0 with address 192.0.2.254
Sep 21 07:16:43.897253: | Inspecting interface eth1 
Sep 21 07:16:43.897256: | found eth1 with address 192.1.2.23
Sep 21 07:16:43.897291: Kernel supports NIC esp-hw-offload
Sep 21 07:16:43.897298: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500
Sep 21 07:16:43.897316: | NAT-Traversal: Trying sockopt style NAT-T
Sep 21 07:16:43.897321: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Sep 21 07:16:43.897324: adding interface eth1/eth1 192.1.2.23:4500
Sep 21 07:16:43.897344: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500
Sep 21 07:16:43.897361: | NAT-Traversal: Trying sockopt style NAT-T
Sep 21 07:16:43.897363: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Sep 21 07:16:43.897366: adding interface eth0/eth0 192.0.2.254:4500
Sep 21 07:16:43.897385: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
Sep 21 07:16:43.897401: | NAT-Traversal: Trying sockopt style NAT-T
Sep 21 07:16:43.897403: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Sep 21 07:16:43.897406: adding interface lo/lo 127.0.0.1:4500
Sep 21 07:16:43.897441: | no interfaces to sort
Sep 21 07:16:43.897444: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Sep 21 07:16:43.897449: | add_fd_read_event_handler: new ethX-pe@0x5610e924f340
Sep 21 07:16:43.897451: | libevent_malloc: new ptr-libevent@0x5610e9266040 size 128
Sep 21 07:16:43.897453: | libevent_malloc: new ptr-libevent@0x5610e92660d0 size 16
Sep 21 07:16:43.897458: | setup callback for interface lo 127.0.0.1:4500 fd 22
Sep 21 07:16:43.897460: | add_fd_read_event_handler: new ethX-pe@0x5610e92660f0
Sep 21 07:16:43.897462: | libevent_malloc: new ptr-libevent@0x5610e9266130 size 128
Sep 21 07:16:43.897463: | libevent_malloc: new ptr-libevent@0x5610e92661c0 size 16
Sep 21 07:16:43.897466: | setup callback for interface lo 127.0.0.1:500 fd 21
Sep 21 07:16:43.897468: | add_fd_read_event_handler: new ethX-pe@0x5610e92661e0
Sep 21 07:16:43.897469: | libevent_malloc: new ptr-libevent@0x5610e9266220 size 128
Sep 21 07:16:43.897471: | libevent_malloc: new ptr-libevent@0x5610e92662b0 size 16
Sep 21 07:16:43.897474: | setup callback for interface eth0 192.0.2.254:4500 fd 20
Sep 21 07:16:43.897475: | add_fd_read_event_handler: new ethX-pe@0x5610e92662d0
Sep 21 07:16:43.897477: | libevent_malloc: new ptr-libevent@0x5610e9266310 size 128
Sep 21 07:16:43.897479: | libevent_malloc: new ptr-libevent@0x5610e92663a0 size 16
Sep 21 07:16:43.897481: | setup callback for interface eth0 192.0.2.254:500 fd 19
Sep 21 07:16:43.897483: | add_fd_read_event_handler: new ethX-pe@0x5610e92663c0
Sep 21 07:16:43.897485: | libevent_malloc: new ptr-libevent@0x5610e9266400 size 128
Sep 21 07:16:43.897486: | libevent_malloc: new ptr-libevent@0x5610e9266490 size 16
Sep 21 07:16:43.897489: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Sep 21 07:16:43.897491: | add_fd_read_event_handler: new ethX-pe@0x5610e92664b0
Sep 21 07:16:43.897492: | libevent_malloc: new ptr-libevent@0x5610e92664f0 size 128
Sep 21 07:16:43.897494: | libevent_malloc: new ptr-libevent@0x5610e9266580 size 16
Sep 21 07:16:43.897497: | setup callback for interface eth1 192.1.2.23:500 fd 17
Sep 21 07:16:43.897500: | certs and keys locked by 'free_preshared_secrets'
Sep 21 07:16:43.897501: | certs and keys unlocked by 'free_preshared_secrets'
Sep 21 07:16:43.897516: loading secrets from "/etc/ipsec.secrets"
Sep 21 07:16:43.897524: | id type added to secret(0x5610e925b580) PKK_PSK: @east
Sep 21 07:16:43.897527: | id type added to secret(0x5610e925b580) PKK_PSK: @north
Sep 21 07:16:43.897529: | Processing PSK at line 1: passed
Sep 21 07:16:43.897531: | certs and keys locked by 'process_secret'
Sep 21 07:16:43.897534: | certs and keys unlocked by 'process_secret'
Sep 21 07:16:43.897537: | pluto_sd: executing action action: ready(5), status 0
Sep 21 07:16:43.897543: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:16:43.897549: | spent 0.363 milliseconds in whack
Sep 21 07:16:43.928283: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:16:43.928304: | pluto_sd: executing action action: reloading(4), status 0
Sep 21 07:16:43.928309: listening for IKE messages
Sep 21 07:16:43.928345: | Inspecting interface lo 
Sep 21 07:16:43.928355: | found lo with address 127.0.0.1
Sep 21 07:16:43.928359: | Inspecting interface eth0 
Sep 21 07:16:43.928363: | found eth0 with address 192.0.2.254
Sep 21 07:16:43.928365: | Inspecting interface eth1 
Sep 21 07:16:43.928369: | found eth1 with address 192.1.2.23
Sep 21 07:16:43.928422: | no interfaces to sort
Sep 21 07:16:43.928430: | libevent_free: release ptr-libevent@0x5610e9266040
Sep 21 07:16:43.928433: | free_event_entry: release EVENT_NULL-pe@0x5610e924f340
Sep 21 07:16:43.928437: | add_fd_read_event_handler: new ethX-pe@0x5610e924f340
Sep 21 07:16:43.928440: | libevent_malloc: new ptr-libevent@0x5610e9266040 size 128
Sep 21 07:16:43.928448: | setup callback for interface lo 127.0.0.1:4500 fd 22
Sep 21 07:16:43.928451: | libevent_free: release ptr-libevent@0x5610e9266130
Sep 21 07:16:43.928454: | free_event_entry: release EVENT_NULL-pe@0x5610e92660f0
Sep 21 07:16:43.928457: | add_fd_read_event_handler: new ethX-pe@0x5610e92660f0
Sep 21 07:16:43.928459: | libevent_malloc: new ptr-libevent@0x5610e9266130 size 128
Sep 21 07:16:43.928464: | setup callback for interface lo 127.0.0.1:500 fd 21
Sep 21 07:16:43.928467: | libevent_free: release ptr-libevent@0x5610e9266220
Sep 21 07:16:43.928470: | free_event_entry: release EVENT_NULL-pe@0x5610e92661e0
Sep 21 07:16:43.928472: | add_fd_read_event_handler: new ethX-pe@0x5610e92661e0
Sep 21 07:16:43.928475: | libevent_malloc: new ptr-libevent@0x5610e9266220 size 128
Sep 21 07:16:43.928480: | setup callback for interface eth0 192.0.2.254:4500 fd 20
Sep 21 07:16:43.928483: | libevent_free: release ptr-libevent@0x5610e9266310
Sep 21 07:16:43.928486: | free_event_entry: release EVENT_NULL-pe@0x5610e92662d0
Sep 21 07:16:43.928488: | add_fd_read_event_handler: new ethX-pe@0x5610e92662d0
Sep 21 07:16:43.928491: | libevent_malloc: new ptr-libevent@0x5610e9266310 size 128
Sep 21 07:16:43.928495: | setup callback for interface eth0 192.0.2.254:500 fd 19
Sep 21 07:16:43.928499: | libevent_free: release ptr-libevent@0x5610e9266400
Sep 21 07:16:43.928501: | free_event_entry: release EVENT_NULL-pe@0x5610e92663c0
Sep 21 07:16:43.928504: | add_fd_read_event_handler: new ethX-pe@0x5610e92663c0
Sep 21 07:16:43.928506: | libevent_malloc: new ptr-libevent@0x5610e9266400 size 128
Sep 21 07:16:43.928511: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Sep 21 07:16:43.928514: | libevent_free: release ptr-libevent@0x5610e92664f0
Sep 21 07:16:43.928517: | free_event_entry: release EVENT_NULL-pe@0x5610e92664b0
Sep 21 07:16:43.928519: | add_fd_read_event_handler: new ethX-pe@0x5610e92664b0
Sep 21 07:16:43.928522: | libevent_malloc: new ptr-libevent@0x5610e92664f0 size 128
Sep 21 07:16:43.928526: | setup callback for interface eth1 192.1.2.23:500 fd 17
Sep 21 07:16:43.928530: | certs and keys locked by 'free_preshared_secrets'
Sep 21 07:16:43.928532: forgetting secrets
Sep 21 07:16:43.928539: | certs and keys unlocked by 'free_preshared_secrets'
Sep 21 07:16:43.928553: loading secrets from "/etc/ipsec.secrets"
Sep 21 07:16:43.928561: | id type added to secret(0x5610e925b580) PKK_PSK: @east
Sep 21 07:16:43.928564: | id type added to secret(0x5610e925b580) PKK_PSK: @north
Sep 21 07:16:43.928568: | Processing PSK at line 1: passed
Sep 21 07:16:43.928571: | certs and keys locked by 'process_secret'
Sep 21 07:16:43.928573: | certs and keys unlocked by 'process_secret'
Sep 21 07:16:43.928578: | pluto_sd: executing action action: ready(5), status 0
Sep 21 07:16:43.928586: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:16:43.928592: | spent 0.318 milliseconds in whack
Sep 21 07:16:43.929076: | processing signal PLUTO_SIGCHLD
Sep 21 07:16:43.929090: | waitpid returned pid 21735 (exited with status 0)
Sep 21 07:16:43.929093: | reaped addconn helper child (status 0)
Sep 21 07:16:43.929098: | waitpid returned ECHILD (no child processes left)
Sep 21 07:16:43.929103: | spent 0.0164 milliseconds in signal handler PLUTO_SIGCHLD
Sep 21 07:16:44.010754: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:16:44.010790: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:16:44.010797: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Sep 21 07:16:44.010801: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:16:44.010804: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Sep 21 07:16:44.010809: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:16:44.010820: | Added new connection northnet-eastnet/0x1 with policy PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Sep 21 07:16:44.010908: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Sep 21 07:16:44.010916: | from whack: got --esp=
Sep 21 07:16:44.010981: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Sep 21 07:16:44.010987: | counting wild cards for @north is 0
Sep 21 07:16:44.010992: | counting wild cards for @east is 0
Sep 21 07:16:44.011005: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none
Sep 21 07:16:44.011011: | new hp@0x5610e9232920
Sep 21 07:16:44.011016: added connection description "northnet-eastnet/0x1"
Sep 21 07:16:44.011028: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Sep 21 07:16:44.011043: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.3.33<192.1.3.33>[@north]===192.0.3.0/24
Sep 21 07:16:44.011051: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:16:44.011060: | spent 0.31 milliseconds in whack
Sep 21 07:16:44.011131: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:16:44.011147: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:16:44.011152: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Sep 21 07:16:44.011155: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:16:44.011159: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Sep 21 07:16:44.011166: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:16:44.011173: | Added new connection northnet-eastnet/0x2 with policy PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Sep 21 07:16:44.011248: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Sep 21 07:16:44.011252: | from whack: got --esp=
Sep 21 07:16:44.011314: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Sep 21 07:16:44.011319: | counting wild cards for @north is 0
Sep 21 07:16:44.011324: | counting wild cards for @east is 0
Sep 21 07:16:44.011333: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports
Sep 21 07:16:44.011340: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@0x5610e9232920: northnet-eastnet/0x1
Sep 21 07:16:44.011343: added connection description "northnet-eastnet/0x2"
Sep 21 07:16:44.011353: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Sep 21 07:16:44.011366: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.3.33<192.1.3.33>[@north]===192.0.3.0/24
Sep 21 07:16:44.011378: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:16:44.011384: | spent 0.253 milliseconds in whack
Sep 21 07:16:44.109347: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:16:44.109554: | FOR_EACH_CONNECTION_... in show_connections_status
Sep 21 07:16:44.109560: | FOR_EACH_CONNECTION_... in show_connections_status
Sep 21 07:16:44.109641: | FOR_EACH_STATE_... in show_states_status (sort_states)
Sep 21 07:16:44.109649: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:16:44.109655: | spent 0.318 milliseconds in whack
Sep 21 07:16:44.176626: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:16:44.176657: | old debugging base+cpu-usage + none
Sep 21 07:16:44.176661: | base debugging = base+cpu-usage
Sep 21 07:16:44.176664: | old impairing none + suppress-retransmits
Sep 21 07:16:44.176666: | base impairing = suppress-retransmits
Sep 21 07:16:44.176673: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:16:44.176679: | spent 0.0551 milliseconds in whack
Sep 21 07:16:45.255859: | spent 0.00291 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Sep 21 07:16:45.255890: | *received 828 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500)
Sep 21 07:16:45.255895: |   e6 a2 5a 27  64 e5 77 c8  00 00 00 00  00 00 00 00
Sep 21 07:16:45.255899: |   21 20 22 08  00 00 00 00  00 00 03 3c  22 00 01 b4
Sep 21 07:16:45.255903: |   02 00 00 64  01 01 00 0b  03 00 00 0c  01 00 00 14
Sep 21 07:16:45.255906: |   80 0e 01 00  03 00 00 08  02 00 00 07  03 00 00 08
Sep 21 07:16:45.255908: |   02 00 00 05  03 00 00 08  04 00 00 0e  03 00 00 08
Sep 21 07:16:45.255910: |   04 00 00 0f  03 00 00 08  04 00 00 10  03 00 00 08
Sep 21 07:16:45.255913: |   04 00 00 12  03 00 00 08  04 00 00 13  03 00 00 08
Sep 21 07:16:45.255915: |   04 00 00 14  03 00 00 08  04 00 00 15  00 00 00 08
Sep 21 07:16:45.255917: |   04 00 00 1f  02 00 00 64  02 01 00 0b  03 00 00 0c
Sep 21 07:16:45.255922: |   01 00 00 14  80 0e 00 80  03 00 00 08  02 00 00 07
Sep 21 07:16:45.255926: |   03 00 00 08  02 00 00 05  03 00 00 08  04 00 00 0e
Sep 21 07:16:45.255929: |   03 00 00 08  04 00 00 0f  03 00 00 08  04 00 00 10
Sep 21 07:16:45.255932: |   03 00 00 08  04 00 00 12  03 00 00 08  04 00 00 13
Sep 21 07:16:45.255935: |   03 00 00 08  04 00 00 14  03 00 00 08  04 00 00 15
Sep 21 07:16:45.255937: |   00 00 00 08  04 00 00 1f  02 00 00 74  03 01 00 0d
Sep 21 07:16:45.255940: |   03 00 00 0c  01 00 00 0c  80 0e 01 00  03 00 00 08
Sep 21 07:16:45.255943: |   02 00 00 07  03 00 00 08  02 00 00 05  03 00 00 08
Sep 21 07:16:45.255946: |   03 00 00 0e  03 00 00 08  03 00 00 0c  03 00 00 08
Sep 21 07:16:45.255949: |   04 00 00 0e  03 00 00 08  04 00 00 0f  03 00 00 08
Sep 21 07:16:45.255952: |   04 00 00 10  03 00 00 08  04 00 00 12  03 00 00 08
Sep 21 07:16:45.255955: |   04 00 00 13  03 00 00 08  04 00 00 14  03 00 00 08
Sep 21 07:16:45.255958: |   04 00 00 15  00 00 00 08  04 00 00 1f  00 00 00 74
Sep 21 07:16:45.255961: |   04 01 00 0d  03 00 00 0c  01 00 00 0c  80 0e 00 80
Sep 21 07:16:45.255964: |   03 00 00 08  02 00 00 07  03 00 00 08  02 00 00 05
Sep 21 07:16:45.255966: |   03 00 00 08  03 00 00 0e  03 00 00 08  03 00 00 0c
Sep 21 07:16:45.255969: |   03 00 00 08  04 00 00 0e  03 00 00 08  04 00 00 0f
Sep 21 07:16:45.255972: |   03 00 00 08  04 00 00 10  03 00 00 08  04 00 00 12
Sep 21 07:16:45.255975: |   03 00 00 08  04 00 00 13  03 00 00 08  04 00 00 14
Sep 21 07:16:45.255978: |   03 00 00 08  04 00 00 15  00 00 00 08  04 00 00 1f
Sep 21 07:16:45.255981: |   28 00 01 08  00 0e 00 00  03 64 9e b1  18 87 68 ff
Sep 21 07:16:45.255983: |   dd aa f9 18  9d 43 8c 29  19 9d be 15  13 11 1b 38
Sep 21 07:16:45.255986: |   0f 79 0e f2  2d 5f 82 5a  7f 91 58 e2  bf c3 65 0e
Sep 21 07:16:45.255989: |   80 4e 12 bb  54 93 9d a9  78 f5 14 33  48 94 f9 89
Sep 21 07:16:45.255992: |   1c 37 a6 2d  28 ef 66 10  6c b0 76 19  32 4d 90 63
Sep 21 07:16:45.255999: |   08 68 8f 0f  c9 69 e6 94  78 9d 75 38  aa 6a 62 55
Sep 21 07:16:45.256002: |   e3 73 ad d5  fa fc 99 c6  bf 7f 82 a9  b6 3a f6 21
Sep 21 07:16:45.256005: |   6d 2d d2 e3  bf e7 98 fe  6a f0 30 82  00 5e 93 f9
Sep 21 07:16:45.256008: |   11 b8 10 91  7b 07 6d 5a  96 60 43 96  f3 b6 32 6a
Sep 21 07:16:45.256011: |   9e 1d db 5d  51 f5 e0 f2  90 b3 f8 db  db 85 ca b8
Sep 21 07:16:45.256014: |   b2 c0 46 20  81 ab 3c 2a  75 ea 32 f4  44 7f cf 53
Sep 21 07:16:45.256016: |   8b f5 d5 da  7b 16 35 69  36 b8 02 fe  80 70 89 d4
Sep 21 07:16:45.256019: |   9c b0 67 4a  54 d3 f3 34  28 76 51 28  5e 06 fb f2
Sep 21 07:16:45.256022: |   8e 03 a1 25  41 ea 8a ae  b8 be 6f 2b  e8 40 9e 94
Sep 21 07:16:45.256025: |   88 21 fd 04  d8 34 bb fb  d6 ec 16 b9  83 70 11 92
Sep 21 07:16:45.256028: |   ee 35 90 58  95 84 e2 b9  76 31 dd 25  e0 1c 98 6c
Sep 21 07:16:45.256031: |   ac 4f 23 dc  f5 45 a4 6b  29 00 00 24  f9 33 1c 31
Sep 21 07:16:45.256033: |   37 be 1e b7  bf a5 27 48  a2 45 e8 41  c2 29 f8 70
Sep 21 07:16:45.256036: |   20 f6 f3 2d  f2 ca 6f f3  d6 9e 40 a7  29 00 00 08
Sep 21 07:16:45.256039: |   00 00 40 2e  29 00 00 1c  00 00 40 04  47 de 10 84
Sep 21 07:16:45.256042: |   5d 6a f0 93  5d d3 67 89  64 e4 f6 13  d2 d2 f6 f4
Sep 21 07:16:45.256045: |   00 00 00 1c  00 00 40 05  3f 41 2f 95  10 6b 07 bf
Sep 21 07:16:45.256048: |   0d a4 7a e6  e7 6a 28 2b  2c b2 83 2c
Sep 21 07:16:45.256056: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378)
Sep 21 07:16:45.256060: | **parse ISAKMP Message:
Sep 21 07:16:45.256062: |    initiator cookie:
Sep 21 07:16:45.256065: |   e6 a2 5a 27  64 e5 77 c8
Sep 21 07:16:45.256068: |    responder cookie:
Sep 21 07:16:45.256070: |   00 00 00 00  00 00 00 00
Sep 21 07:16:45.256073: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Sep 21 07:16:45.256076: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:16:45.256079: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Sep 21 07:16:45.256082: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Sep 21 07:16:45.256085: |    Message ID: 0 (0x0)
Sep 21 07:16:45.256088: |    length: 828 (0x33c)
Sep 21 07:16:45.256091: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34)
Sep 21 07:16:45.256095: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request 
Sep 21 07:16:45.256099: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi)
Sep 21 07:16:45.256103: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Sep 21 07:16:45.256106: | ***parse IKEv2 Security Association Payload:
Sep 21 07:16:45.256109: |    next payload type: ISAKMP_NEXT_v2KE (0x22)
Sep 21 07:16:45.256112: |    flags: none (0x0)
Sep 21 07:16:45.256114: |    length: 436 (0x1b4)
Sep 21 07:16:45.256117: | processing payload: ISAKMP_NEXT_v2SA (len=432)
Sep 21 07:16:45.256120: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Sep 21 07:16:45.256123: | ***parse IKEv2 Key Exchange Payload:
Sep 21 07:16:45.256126: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Sep 21 07:16:45.256129: |    flags: none (0x0)
Sep 21 07:16:45.256131: |    length: 264 (0x108)
Sep 21 07:16:45.256134: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:16:45.256137: | processing payload: ISAKMP_NEXT_v2KE (len=256)
Sep 21 07:16:45.256140: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Sep 21 07:16:45.256143: | ***parse IKEv2 Nonce Payload:
Sep 21 07:16:45.256146: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:16:45.256148: |    flags: none (0x0)
Sep 21 07:16:45.256151: |    length: 36 (0x24)
Sep 21 07:16:45.256154: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Sep 21 07:16:45.256156: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Sep 21 07:16:45.256159: | ***parse IKEv2 Notify Payload:
Sep 21 07:16:45.256162: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:16:45.256165: |    flags: none (0x0)
Sep 21 07:16:45.256168: |    length: 8 (0x8)
Sep 21 07:16:45.256170: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:16:45.256173: |    SPI size: 0 (0x0)
Sep 21 07:16:45.256181: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Sep 21 07:16:45.256184: | processing payload: ISAKMP_NEXT_v2N (len=0)
Sep 21 07:16:45.256187: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Sep 21 07:16:45.256190: | ***parse IKEv2 Notify Payload:
Sep 21 07:16:45.256192: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:16:45.256195: |    flags: none (0x0)
Sep 21 07:16:45.256198: |    length: 28 (0x1c)
Sep 21 07:16:45.256200: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:16:45.256203: |    SPI size: 0 (0x0)
Sep 21 07:16:45.256206: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Sep 21 07:16:45.256209: | processing payload: ISAKMP_NEXT_v2N (len=20)
Sep 21 07:16:45.256212: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Sep 21 07:16:45.256214: | ***parse IKEv2 Notify Payload:
Sep 21 07:16:45.256217: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:45.256220: |    flags: none (0x0)
Sep 21 07:16:45.256222: |    length: 28 (0x1c)
Sep 21 07:16:45.256225: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:16:45.256228: |    SPI size: 0 (0x0)
Sep 21 07:16:45.256231: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Sep 21 07:16:45.256234: | processing payload: ISAKMP_NEXT_v2N (len=20)
Sep 21 07:16:45.256237: | DDOS disabled and no cookie sent, continuing
Sep 21 07:16:45.256244: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports
Sep 21 07:16:45.256250: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports
Sep 21 07:16:45.256254: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Sep 21 07:16:45.256258: | found policy = PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnet/0x2)
Sep 21 07:16:45.256263: | found policy = PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnet/0x1)
Sep 21 07:16:45.256266: | find_next_host_connection returns empty
Sep 21 07:16:45.256271: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=ECDSA+IKEV2_ALLOW but ignoring ports
Sep 21 07:16:45.256274: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Sep 21 07:16:45.256277: | find_next_host_connection returns empty
Sep 21 07:16:45.256282: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW
Sep 21 07:16:45.256288: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports
Sep 21 07:16:45.256293: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports
Sep 21 07:16:45.256296: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Sep 21 07:16:45.256300: | found policy = PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnet/0x2)
Sep 21 07:16:45.256304: | found policy = PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnet/0x1)
Sep 21 07:16:45.256307: | find_next_host_connection returns empty
Sep 21 07:16:45.256312: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=RSASIG+IKEV2_ALLOW but ignoring ports
Sep 21 07:16:45.256315: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Sep 21 07:16:45.256317: | find_next_host_connection returns empty
Sep 21 07:16:45.256322: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW
Sep 21 07:16:45.256328: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=PSK+IKEV2_ALLOW but ignoring ports
Sep 21 07:16:45.256333: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports
Sep 21 07:16:45.256336: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Sep 21 07:16:45.256340: | found policy = PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnet/0x2)
Sep 21 07:16:45.256343: | find_next_host_connection returns northnet-eastnet/0x2
Sep 21 07:16:45.256348: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Sep 21 07:16:45.256352: | found policy = PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnet/0x1)
Sep 21 07:16:45.256355: | find_next_host_connection returns northnet-eastnet/0x1
Sep 21 07:16:45.256358: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Sep 21 07:16:45.256361: | find_next_host_connection returns empty
Sep 21 07:16:45.256364: | found connection: northnet-eastnet/0x2 with policy PSK+IKEV2_ALLOW
Sep 21 07:16:45.256393: | creating state object #1 at 0x5610e926a770
Sep 21 07:16:45.256397: | State DB: adding IKEv2 state #1 in UNDEFINED
Sep 21 07:16:45.256405: | pstats #1 ikev2.ike started
Sep 21 07:16:45.256409: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0
Sep 21 07:16:45.256413: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA)
Sep 21 07:16:45.256420: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1
Sep 21 07:16:45.256431: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016)
Sep 21 07:16:45.256435: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Sep 21 07:16:45.256440: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064)
Sep 21 07:16:45.256444: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000
Sep 21 07:16:45.256449: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1
Sep 21 07:16:45.256455: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0
Sep 21 07:16:45.256458: | #1 in state PARENT_R0: processing SA_INIT request
Sep 21 07:16:45.256461: | selected state microcode Respond to IKE_SA_INIT
Sep 21 07:16:45.256464: | Now let's proceed with state specific processing
Sep 21 07:16:45.256467: | calling processor Respond to IKE_SA_INIT
Sep 21 07:16:45.256478: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668)
Sep 21 07:16:45.256482: | constructing local IKE proposals for northnet-eastnet/0x2 (IKE SA responder matching remote proposals)
Sep 21 07:16:45.256491: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:16:45.256501: | ...  ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:16:45.256506: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:16:45.256513: | ...  ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:16:45.256519: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:16:45.256527: | ...  ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:16:45.256532: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:16:45.256539: | ...  ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:16:45.256554: "northnet-eastnet/0x2": constructed local IKE proposals for northnet-eastnet/0x2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:16:45.256560: | Comparing remote proposals against IKE responder 4 local proposals
Sep 21 07:16:45.256564: | local proposal 1 type ENCR has 1 transforms
Sep 21 07:16:45.256567: | local proposal 1 type PRF has 2 transforms
Sep 21 07:16:45.256570: | local proposal 1 type INTEG has 1 transforms
Sep 21 07:16:45.256573: | local proposal 1 type DH has 8 transforms
Sep 21 07:16:45.256576: | local proposal 1 type ESN has 0 transforms
Sep 21 07:16:45.256580: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
Sep 21 07:16:45.256583: | local proposal 2 type ENCR has 1 transforms
Sep 21 07:16:45.256586: | local proposal 2 type PRF has 2 transforms
Sep 21 07:16:45.256588: | local proposal 2 type INTEG has 1 transforms
Sep 21 07:16:45.256591: | local proposal 2 type DH has 8 transforms
Sep 21 07:16:45.256594: | local proposal 2 type ESN has 0 transforms
Sep 21 07:16:45.256598: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
Sep 21 07:16:45.256600: | local proposal 3 type ENCR has 1 transforms
Sep 21 07:16:45.256603: | local proposal 3 type PRF has 2 transforms
Sep 21 07:16:45.256606: | local proposal 3 type INTEG has 2 transforms
Sep 21 07:16:45.256609: | local proposal 3 type DH has 8 transforms
Sep 21 07:16:45.256612: | local proposal 3 type ESN has 0 transforms
Sep 21 07:16:45.256615: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Sep 21 07:16:45.256618: | local proposal 4 type ENCR has 1 transforms
Sep 21 07:16:45.256621: | local proposal 4 type PRF has 2 transforms
Sep 21 07:16:45.256624: | local proposal 4 type INTEG has 2 transforms
Sep 21 07:16:45.256627: | local proposal 4 type DH has 8 transforms
Sep 21 07:16:45.256629: | local proposal 4 type ESN has 0 transforms
Sep 21 07:16:45.256633: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Sep 21 07:16:45.256636: | ****parse IKEv2 Proposal Substructure Payload:
Sep 21 07:16:45.256640: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:16:45.256642: |    length: 100 (0x64)
Sep 21 07:16:45.256645: |    prop #: 1 (0x1)
Sep 21 07:16:45.256648: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:16:45.256650: |    spi size: 0 (0x0)
Sep 21 07:16:45.256653: |    # transforms: 11 (0xb)
Sep 21 07:16:45.256658: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals
Sep 21 07:16:45.256661: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.256664: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.256666: |    length: 12 (0xc)
Sep 21 07:16:45.256669: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:16:45.256672: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:16:45.256675: | ******parse IKEv2 Attribute Substructure Payload:
Sep 21 07:16:45.256678: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:16:45.256681: |    length/value: 256 (0x100)
Sep 21 07:16:45.256686: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Sep 21 07:16:45.256690: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.256693: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.256695: |    length: 8 (0x8)
Sep 21 07:16:45.256698: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:16:45.256701: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:16:45.256705: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
Sep 21 07:16:45.256711: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
Sep 21 07:16:45.256715: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
Sep 21 07:16:45.256719: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
Sep 21 07:16:45.256722: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.256725: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.256728: |    length: 8 (0x8)
Sep 21 07:16:45.256731: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:16:45.256733: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:16:45.256737: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.256740: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.256742: |    length: 8 (0x8)
Sep 21 07:16:45.256745: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.256748: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:16:45.256752: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
Sep 21 07:16:45.256756: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0
Sep 21 07:16:45.256760: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0
Sep 21 07:16:45.256764: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0
Sep 21 07:16:45.256767: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.256770: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.256772: |    length: 8 (0x8)
Sep 21 07:16:45.256775: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.256778: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:16:45.256781: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.256793: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.256796: |    length: 8 (0x8)
Sep 21 07:16:45.256799: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.256802: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:16:45.256805: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.256808: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.256811: |    length: 8 (0x8)
Sep 21 07:16:45.256814: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.256817: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:16:45.256820: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.256823: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.256826: |    length: 8 (0x8)
Sep 21 07:16:45.256829: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.256832: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:16:45.256835: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.256838: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.256840: |    length: 8 (0x8)
Sep 21 07:16:45.256843: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.256846: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:16:45.256849: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.256852: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.256855: |    length: 8 (0x8)
Sep 21 07:16:45.256858: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.256861: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:16:45.256864: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.256867: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:16:45.256869: |    length: 8 (0x8)
Sep 21 07:16:45.256872: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.256875: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:16:45.256880: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
Sep 21 07:16:45.256886: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
Sep 21 07:16:45.256893: | remote proposal 1 matches local proposal 1
Sep 21 07:16:45.256896: | ****parse IKEv2 Proposal Substructure Payload:
Sep 21 07:16:45.256899: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:16:45.256902: |    length: 100 (0x64)
Sep 21 07:16:45.256904: |    prop #: 2 (0x2)
Sep 21 07:16:45.256907: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:16:45.256910: |    spi size: 0 (0x0)
Sep 21 07:16:45.256912: |    # transforms: 11 (0xb)
Sep 21 07:16:45.256917: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:16:45.256920: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.256923: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.256925: |    length: 12 (0xc)
Sep 21 07:16:45.256928: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:16:45.256931: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:16:45.256934: | ******parse IKEv2 Attribute Substructure Payload:
Sep 21 07:16:45.256937: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:16:45.256939: |    length/value: 128 (0x80)
Sep 21 07:16:45.256943: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.256946: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.256948: |    length: 8 (0x8)
Sep 21 07:16:45.256951: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:16:45.256954: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:16:45.256957: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.256960: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.256963: |    length: 8 (0x8)
Sep 21 07:16:45.256966: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:16:45.256969: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:16:45.256972: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.256975: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.256977: |    length: 8 (0x8)
Sep 21 07:16:45.256980: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.256983: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:16:45.256986: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.256989: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.256992: |    length: 8 (0x8)
Sep 21 07:16:45.256994: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.256997: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:16:45.257000: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257003: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257006: |    length: 8 (0x8)
Sep 21 07:16:45.257009: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257012: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:16:45.257015: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257018: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257020: |    length: 8 (0x8)
Sep 21 07:16:45.257023: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257026: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:16:45.257029: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257032: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257034: |    length: 8 (0x8)
Sep 21 07:16:45.257037: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257040: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:16:45.257043: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257046: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257049: |    length: 8 (0x8)
Sep 21 07:16:45.257052: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257055: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:16:45.257058: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257061: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257064: |    length: 8 (0x8)
Sep 21 07:16:45.257067: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257070: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:16:45.257074: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257076: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:16:45.257079: |    length: 8 (0x8)
Sep 21 07:16:45.257082: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257085: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:16:45.257089: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH
Sep 21 07:16:45.257093: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH
Sep 21 07:16:45.257096: | ****parse IKEv2 Proposal Substructure Payload:
Sep 21 07:16:45.257099: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:16:45.257102: |    length: 116 (0x74)
Sep 21 07:16:45.257104: |    prop #: 3 (0x3)
Sep 21 07:16:45.257108: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:16:45.257110: |    spi size: 0 (0x0)
Sep 21 07:16:45.257113: |    # transforms: 13 (0xd)
Sep 21 07:16:45.257117: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:16:45.257120: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257123: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257125: |    length: 12 (0xc)
Sep 21 07:16:45.257128: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:16:45.257131: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:16:45.257134: | ******parse IKEv2 Attribute Substructure Payload:
Sep 21 07:16:45.257137: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:16:45.257140: |    length/value: 256 (0x100)
Sep 21 07:16:45.257143: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257146: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257148: |    length: 8 (0x8)
Sep 21 07:16:45.257151: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:16:45.257154: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:16:45.257157: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257160: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257163: |    length: 8 (0x8)
Sep 21 07:16:45.257166: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:16:45.257168: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:16:45.257172: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257174: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257177: |    length: 8 (0x8)
Sep 21 07:16:45.257180: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:16:45.257183: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:16:45.257186: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257189: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257192: |    length: 8 (0x8)
Sep 21 07:16:45.257194: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:16:45.257197: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:16:45.257201: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257204: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257206: |    length: 8 (0x8)
Sep 21 07:16:45.257209: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257212: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:16:45.257215: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257218: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257221: |    length: 8 (0x8)
Sep 21 07:16:45.257224: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257227: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:16:45.257230: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257233: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257235: |    length: 8 (0x8)
Sep 21 07:16:45.257239: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257243: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:16:45.257246: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257249: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257251: |    length: 8 (0x8)
Sep 21 07:16:45.257254: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257257: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:16:45.257260: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257263: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257265: |    length: 8 (0x8)
Sep 21 07:16:45.257268: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257271: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:16:45.257274: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257277: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257280: |    length: 8 (0x8)
Sep 21 07:16:45.257283: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257285: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:16:45.257289: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257292: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257294: |    length: 8 (0x8)
Sep 21 07:16:45.257297: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257300: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:16:45.257303: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257306: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:16:45.257308: |    length: 8 (0x8)
Sep 21 07:16:45.257311: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257314: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:16:45.257319: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Sep 21 07:16:45.257323: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Sep 21 07:16:45.257326: | ****parse IKEv2 Proposal Substructure Payload:
Sep 21 07:16:45.257329: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:16:45.257331: |    length: 116 (0x74)
Sep 21 07:16:45.257334: |    prop #: 4 (0x4)
Sep 21 07:16:45.257337: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:16:45.257339: |    spi size: 0 (0x0)
Sep 21 07:16:45.257342: |    # transforms: 13 (0xd)
Sep 21 07:16:45.257346: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:16:45.257349: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257352: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257354: |    length: 12 (0xc)
Sep 21 07:16:45.257357: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:16:45.257360: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:16:45.257363: | ******parse IKEv2 Attribute Substructure Payload:
Sep 21 07:16:45.257366: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:16:45.257369: |    length/value: 128 (0x80)
Sep 21 07:16:45.257372: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257375: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257377: |    length: 8 (0x8)
Sep 21 07:16:45.257380: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:16:45.257383: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:16:45.257386: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257389: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257392: |    length: 8 (0x8)
Sep 21 07:16:45.257395: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:16:45.257397: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:16:45.257401: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257404: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257407: |    length: 8 (0x8)
Sep 21 07:16:45.257410: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:16:45.257414: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:16:45.257418: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257421: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257423: |    length: 8 (0x8)
Sep 21 07:16:45.257426: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:16:45.257429: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:16:45.257432: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257435: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257438: |    length: 8 (0x8)
Sep 21 07:16:45.257440: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257443: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:16:45.257446: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257449: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257452: |    length: 8 (0x8)
Sep 21 07:16:45.257455: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257458: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:16:45.257461: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257464: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257466: |    length: 8 (0x8)
Sep 21 07:16:45.257469: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257472: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:16:45.257475: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257478: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257481: |    length: 8 (0x8)
Sep 21 07:16:45.257484: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257487: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:16:45.257490: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257493: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257495: |    length: 8 (0x8)
Sep 21 07:16:45.257498: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257501: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:16:45.257504: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257507: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257510: |    length: 8 (0x8)
Sep 21 07:16:45.257513: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257516: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:16:45.257519: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257522: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.257524: |    length: 8 (0x8)
Sep 21 07:16:45.257527: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257530: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:16:45.257533: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.257536: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:16:45.257539: |    length: 8 (0x8)
Sep 21 07:16:45.257541: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.257544: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:16:45.257549: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Sep 21 07:16:45.257553: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Sep 21 07:16:45.257558: "northnet-eastnet/0x2" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519
Sep 21 07:16:45.257565: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048
Sep 21 07:16:45.257568: | converting proposal to internal trans attrs
Sep 21 07:16:45.257572: | natd_hash: rcookie is zero
Sep 21 07:16:45.257587: | natd_hash: hasher=0x5610e82a97a0(20)
Sep 21 07:16:45.257590: | natd_hash: icookie=  e6 a2 5a 27  64 e5 77 c8
Sep 21 07:16:45.257593: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Sep 21 07:16:45.257596: | natd_hash: ip=  c0 01 02 17
Sep 21 07:16:45.257598: | natd_hash: port=  01 f4
Sep 21 07:16:45.257601: | natd_hash: hash=  3f 41 2f 95  10 6b 07 bf  0d a4 7a e6  e7 6a 28 2b
Sep 21 07:16:45.257604: | natd_hash: hash=  2c b2 83 2c
Sep 21 07:16:45.257606: | natd_hash: rcookie is zero
Sep 21 07:16:45.257613: | natd_hash: hasher=0x5610e82a97a0(20)
Sep 21 07:16:45.257616: | natd_hash: icookie=  e6 a2 5a 27  64 e5 77 c8
Sep 21 07:16:45.257619: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Sep 21 07:16:45.257622: | natd_hash: ip=  c0 01 03 21
Sep 21 07:16:45.257624: | natd_hash: port=  01 f4
Sep 21 07:16:45.257627: | natd_hash: hash=  47 de 10 84  5d 6a f0 93  5d d3 67 89  64 e4 f6 13
Sep 21 07:16:45.257629: | natd_hash: hash=  d2 d2 f6 f4
Sep 21 07:16:45.257632: | NAT_TRAVERSAL encaps using auto-detect
Sep 21 07:16:45.257635: | NAT_TRAVERSAL this end is NOT behind NAT
Sep 21 07:16:45.257638: | NAT_TRAVERSAL that end is NOT behind NAT
Sep 21 07:16:45.257641: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33
Sep 21 07:16:45.257647: | adding ikev2_inI1outR1 KE work-order 1 for state #1
Sep 21 07:16:45.257651: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5610e926a6a0
Sep 21 07:16:45.257656: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Sep 21 07:16:45.257660: | libevent_malloc: new ptr-libevent@0x5610e926c8e0 size 128
Sep 21 07:16:45.257674: |   #1 spent 1.19 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet()
Sep 21 07:16:45.257682: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:16:45.257687: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND
Sep 21 07:16:45.257690: | suspending state #1 and saving MD
Sep 21 07:16:45.257692: | #1 is busy; has a suspended MD
Sep 21 07:16:45.257698: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266)
Sep 21 07:16:45.257702: | "northnet-eastnet/0x2" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448
Sep 21 07:16:45.257708: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018)
Sep 21 07:16:45.257713: | #1 spent 1.83 milliseconds in ikev2_process_packet()
Sep 21 07:16:45.257717: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380)
Sep 21 07:16:45.257721: | processing: STOP state #0 (in process_md() at demux.c:382)
Sep 21 07:16:45.257724: | processing: STOP connection NULL (in process_md() at demux.c:383)
Sep 21 07:16:45.257728: | spent 1.85 milliseconds in comm_handle_cb() reading and processing packet
Sep 21 07:16:45.257741: | crypto helper 0 resuming
Sep 21 07:16:45.257747: | crypto helper 0 starting work-order 1 for state #1
Sep 21 07:16:45.257751: | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1
Sep 21 07:16:45.258866: | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.001113 seconds
Sep 21 07:16:45.258882: | (#1) spent 1.07 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr)
Sep 21 07:16:45.258886: | crypto helper 0 sending results from work-order 1 for state #1 to event queue
Sep 21 07:16:45.258889: | scheduling resume sending helper answer for #1
Sep 21 07:16:45.258893: | libevent_malloc: new ptr-libevent@0x7fc694006900 size 128
Sep 21 07:16:45.258905: | crypto helper 0 waiting (nothing to do)
Sep 21 07:16:45.258916: | processing resume sending helper answer for #1
Sep 21 07:16:45.258923: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797)
Sep 21 07:16:45.258927: | crypto helper 0 replies to request ID 1
Sep 21 07:16:45.258930: | calling continuation function 0x5610e81d3630
Sep 21 07:16:45.258934: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1
Sep 21 07:16:45.258964: | **emit ISAKMP Message:
Sep 21 07:16:45.258967: |    initiator cookie:
Sep 21 07:16:45.258970: |   e6 a2 5a 27  64 e5 77 c8
Sep 21 07:16:45.258972: |    responder cookie:
Sep 21 07:16:45.258975: |   03 a4 93 57  cb a7 9e 0f
Sep 21 07:16:45.258978: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 21 07:16:45.258981: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:16:45.258984: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Sep 21 07:16:45.258988: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Sep 21 07:16:45.258990: |    Message ID: 0 (0x0)
Sep 21 07:16:45.258994: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Sep 21 07:16:45.258997: | Emitting ikev2_proposal ...
Sep 21 07:16:45.259000: | ***emit IKEv2 Security Association Payload:
Sep 21 07:16:45.259003: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:45.259006: |    flags: none (0x0)
Sep 21 07:16:45.259010: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Sep 21 07:16:45.259014: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Sep 21 07:16:45.259017: | ****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:16:45.259020: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:16:45.259023: |    prop #: 1 (0x1)
Sep 21 07:16:45.259026: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:16:45.259028: |    spi size: 0 (0x0)
Sep 21 07:16:45.259031: |    # transforms: 3 (0x3)
Sep 21 07:16:45.259035: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:16:45.259038: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.259041: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.259045: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:16:45.259048: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:16:45.259052: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:16:45.259055: | ******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:16:45.259058: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:16:45.259061: |    length/value: 256 (0x100)
Sep 21 07:16:45.259064: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:16:45.259067: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.259070: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.259073: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:16:45.259076: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:16:45.259080: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.259084: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:16:45.259087: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:16:45.259090: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.259093: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:16:45.259096: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.259099: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:16:45.259103: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.259108: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:16:45.259111: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:16:45.259114: | emitting length of IKEv2 Proposal Substructure Payload: 36
Sep 21 07:16:45.259118: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:16:45.259121: | emitting length of IKEv2 Security Association Payload: 40
Sep 21 07:16:45.259125: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Sep 21 07:16:45.259129: | ***emit IKEv2 Key Exchange Payload:
Sep 21 07:16:45.259132: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:45.259135: |    flags: none (0x0)
Sep 21 07:16:45.259138: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:16:45.259142: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
Sep 21 07:16:45.259146: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
Sep 21 07:16:45.259150: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
Sep 21 07:16:45.259153: | ikev2 g^x  c6 69 7d 34  fd 05 3b 1c  7b b8 c5 47  31 c5 db b2
Sep 21 07:16:45.259156: | ikev2 g^x  d8 96 04 a8  1d 61 3d 25  2d 15 48 73  5e e5 08 61
Sep 21 07:16:45.259159: | ikev2 g^x  3f d4 11 a9  55 b6 09 d0  df 4a ac 52  16 48 10 ae
Sep 21 07:16:45.259162: | ikev2 g^x  09 78 51 8b  bb 07 74 74  ce 4d 93 c5  67 77 a9 98
Sep 21 07:16:45.259165: | ikev2 g^x  80 f7 4f f4  05 95 af f0  85 b7 73 5f  46 e9 1d fe
Sep 21 07:16:45.259167: | ikev2 g^x  f3 44 75 28  fb 66 c8 cb  f7 3f d8 91  61 bf 50 ba
Sep 21 07:16:45.259170: | ikev2 g^x  9a d2 50 60  c8 95 f7 f4  51 a7 42 28  4a f0 62 75
Sep 21 07:16:45.259173: | ikev2 g^x  ab 3e 44 17  ce 39 72 ab  d8 9d a2 b7  04 e8 c0 65
Sep 21 07:16:45.259176: | ikev2 g^x  1c 25 a1 4d  c7 63 f6 b6  f6 e2 87 89  92 c8 ab 0e
Sep 21 07:16:45.259179: | ikev2 g^x  2c af 32 e3  ad 48 9d b9  87 1b 7f bd  eb 3c 71 ad
Sep 21 07:16:45.259182: | ikev2 g^x  08 dc fe a1  0c 0b f5 fc  29 82 70 eb  38 b6 d3 4e
Sep 21 07:16:45.259184: | ikev2 g^x  1b 20 b9 cd  0f 60 75 fa  2c 7c f1 26  75 60 95 3b
Sep 21 07:16:45.259187: | ikev2 g^x  d4 ae ff 40  5d 0c 31 17  21 56 9c f4  fc 2e 29 0b
Sep 21 07:16:45.259190: | ikev2 g^x  4b 14 a2 53  96 37 c3 8f  75 9f 0d ec  db df 4c 19
Sep 21 07:16:45.259193: | ikev2 g^x  48 be ab 5b  44 08 15 af  ee d9 6f 86  c8 a4 e4 26
Sep 21 07:16:45.259196: | ikev2 g^x  0f 53 34 07  f7 d8 e9 d7  d4 c9 0c 46  82 62 30 7a
Sep 21 07:16:45.259198: | emitting length of IKEv2 Key Exchange Payload: 264
Sep 21 07:16:45.259201: | ***emit IKEv2 Nonce Payload:
Sep 21 07:16:45.259204: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:16:45.259207: |    flags: none (0x0)
Sep 21 07:16:45.259210: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N
Sep 21 07:16:45.259214: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Sep 21 07:16:45.259218: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Sep 21 07:16:45.259221: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Sep 21 07:16:45.259224: | IKEv2 nonce  b6 04 e7 6d  75 fd a7 8c  c5 ce 95 c1  f4 1f aa 7c
Sep 21 07:16:45.259227: | IKEv2 nonce  f8 39 9b 68  5e 29 68 6c  cc 14 47 2e  91 76 d6 20
Sep 21 07:16:45.259230: | emitting length of IKEv2 Nonce Payload: 36
Sep 21 07:16:45.259233: | Adding a v2N Payload
Sep 21 07:16:45.259236: | ***emit IKEv2 Notify Payload:
Sep 21 07:16:45.259239: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:45.259243: |    flags: none (0x0)
Sep 21 07:16:45.259246: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:16:45.259248: |    SPI size: 0 (0x0)
Sep 21 07:16:45.259252: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Sep 21 07:16:45.259256: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Sep 21 07:16:45.259259: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Sep 21 07:16:45.259262: | emitting length of IKEv2 Notify Payload: 8
Sep 21 07:16:45.259266: |  NAT-Traversal support  [enabled] add v2N payloads.
Sep 21 07:16:45.259275: | natd_hash: hasher=0x5610e82a97a0(20)
Sep 21 07:16:45.259278: | natd_hash: icookie=  e6 a2 5a 27  64 e5 77 c8
Sep 21 07:16:45.259280: | natd_hash: rcookie=  03 a4 93 57  cb a7 9e 0f
Sep 21 07:16:45.259283: | natd_hash: ip=  c0 01 02 17
Sep 21 07:16:45.259286: | natd_hash: port=  01 f4
Sep 21 07:16:45.259289: | natd_hash: hash=  9b a9 7c 4e  e5 0a 2f ce  eb 32 39 c3  62 24 3f 4a
Sep 21 07:16:45.259291: | natd_hash: hash=  34 e1 67 8a
Sep 21 07:16:45.259294: | Adding a v2N Payload
Sep 21 07:16:45.259296: | ***emit IKEv2 Notify Payload:
Sep 21 07:16:45.259299: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:45.259302: |    flags: none (0x0)
Sep 21 07:16:45.259305: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:16:45.259307: |    SPI size: 0 (0x0)
Sep 21 07:16:45.259310: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Sep 21 07:16:45.259314: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Sep 21 07:16:45.259318: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Sep 21 07:16:45.259321: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Sep 21 07:16:45.259324: | Notify data  9b a9 7c 4e  e5 0a 2f ce  eb 32 39 c3  62 24 3f 4a
Sep 21 07:16:45.259327: | Notify data  34 e1 67 8a
Sep 21 07:16:45.259330: | emitting length of IKEv2 Notify Payload: 28
Sep 21 07:16:45.259336: | natd_hash: hasher=0x5610e82a97a0(20)
Sep 21 07:16:45.259339: | natd_hash: icookie=  e6 a2 5a 27  64 e5 77 c8
Sep 21 07:16:45.259341: | natd_hash: rcookie=  03 a4 93 57  cb a7 9e 0f
Sep 21 07:16:45.259344: | natd_hash: ip=  c0 01 03 21
Sep 21 07:16:45.259346: | natd_hash: port=  01 f4
Sep 21 07:16:45.259349: | natd_hash: hash=  ee b7 c1 74  54 17 ea a9  18 fd 24 a7  37 c8 11 b0
Sep 21 07:16:45.259352: | natd_hash: hash=  0d ce 6f 5b
Sep 21 07:16:45.259354: | Adding a v2N Payload
Sep 21 07:16:45.259357: | ***emit IKEv2 Notify Payload:
Sep 21 07:16:45.259360: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:45.259362: |    flags: none (0x0)
Sep 21 07:16:45.259365: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:16:45.259368: |    SPI size: 0 (0x0)
Sep 21 07:16:45.259371: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Sep 21 07:16:45.259375: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Sep 21 07:16:45.259378: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Sep 21 07:16:45.259382: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Sep 21 07:16:45.259385: | Notify data  ee b7 c1 74  54 17 ea a9  18 fd 24 a7  37 c8 11 b0
Sep 21 07:16:45.259387: | Notify data  0d ce 6f 5b
Sep 21 07:16:45.259390: | emitting length of IKEv2 Notify Payload: 28
Sep 21 07:16:45.259393: | emitting length of ISAKMP Message: 432
Sep 21 07:16:45.259400: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:16:45.259405: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK
Sep 21 07:16:45.259408: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1
Sep 21 07:16:45.259413: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA)
Sep 21 07:16:45.259418: | Message ID: updating counters for #1 to 0 after switching state
Sep 21 07:16:45.259424: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1
Sep 21 07:16:45.259430: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1
Sep 21 07:16:45.259436: "northnet-eastnet/0x2" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
Sep 21 07:16:45.259442: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500)
Sep 21 07:16:45.259451: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1)
Sep 21 07:16:45.259455: |   e6 a2 5a 27  64 e5 77 c8  03 a4 93 57  cb a7 9e 0f
Sep 21 07:16:45.259457: |   21 20 22 20  00 00 00 00  00 00 01 b0  22 00 00 28
Sep 21 07:16:45.259460: |   00 00 00 24  01 01 00 03  03 00 00 0c  01 00 00 14
Sep 21 07:16:45.259463: |   80 0e 01 00  03 00 00 08  02 00 00 07  00 00 00 08
Sep 21 07:16:45.259466: |   04 00 00 0e  28 00 01 08  00 0e 00 00  c6 69 7d 34
Sep 21 07:16:45.259468: |   fd 05 3b 1c  7b b8 c5 47  31 c5 db b2  d8 96 04 a8
Sep 21 07:16:45.259471: |   1d 61 3d 25  2d 15 48 73  5e e5 08 61  3f d4 11 a9
Sep 21 07:16:45.259474: |   55 b6 09 d0  df 4a ac 52  16 48 10 ae  09 78 51 8b
Sep 21 07:16:45.259476: |   bb 07 74 74  ce 4d 93 c5  67 77 a9 98  80 f7 4f f4
Sep 21 07:16:45.259479: |   05 95 af f0  85 b7 73 5f  46 e9 1d fe  f3 44 75 28
Sep 21 07:16:45.259482: |   fb 66 c8 cb  f7 3f d8 91  61 bf 50 ba  9a d2 50 60
Sep 21 07:16:45.259485: |   c8 95 f7 f4  51 a7 42 28  4a f0 62 75  ab 3e 44 17
Sep 21 07:16:45.259487: |   ce 39 72 ab  d8 9d a2 b7  04 e8 c0 65  1c 25 a1 4d
Sep 21 07:16:45.259490: |   c7 63 f6 b6  f6 e2 87 89  92 c8 ab 0e  2c af 32 e3
Sep 21 07:16:45.259493: |   ad 48 9d b9  87 1b 7f bd  eb 3c 71 ad  08 dc fe a1
Sep 21 07:16:45.259496: |   0c 0b f5 fc  29 82 70 eb  38 b6 d3 4e  1b 20 b9 cd
Sep 21 07:16:45.259498: |   0f 60 75 fa  2c 7c f1 26  75 60 95 3b  d4 ae ff 40
Sep 21 07:16:45.259501: |   5d 0c 31 17  21 56 9c f4  fc 2e 29 0b  4b 14 a2 53
Sep 21 07:16:45.259504: |   96 37 c3 8f  75 9f 0d ec  db df 4c 19  48 be ab 5b
Sep 21 07:16:45.259506: |   44 08 15 af  ee d9 6f 86  c8 a4 e4 26  0f 53 34 07
Sep 21 07:16:45.259509: |   f7 d8 e9 d7  d4 c9 0c 46  82 62 30 7a  29 00 00 24
Sep 21 07:16:45.259512: |   b6 04 e7 6d  75 fd a7 8c  c5 ce 95 c1  f4 1f aa 7c
Sep 21 07:16:45.259515: |   f8 39 9b 68  5e 29 68 6c  cc 14 47 2e  91 76 d6 20
Sep 21 07:16:45.259517: |   29 00 00 08  00 00 40 2e  29 00 00 1c  00 00 40 04
Sep 21 07:16:45.259520: |   9b a9 7c 4e  e5 0a 2f ce  eb 32 39 c3  62 24 3f 4a
Sep 21 07:16:45.259523: |   34 e1 67 8a  00 00 00 1c  00 00 40 05  ee b7 c1 74
Sep 21 07:16:45.259528: |   54 17 ea a9  18 fd 24 a7  37 c8 11 b0  0d ce 6f 5b
Sep 21 07:16:45.259581: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Sep 21 07:16:45.259587: | libevent_free: release ptr-libevent@0x5610e926c8e0
Sep 21 07:16:45.259590: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5610e926a6a0
Sep 21 07:16:45.259594: | event_schedule: new EVENT_SO_DISCARD-pe@0x5610e926a6a0
Sep 21 07:16:45.259598: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1
Sep 21 07:16:45.259601: | libevent_malloc: new ptr-libevent@0x5610e926c8e0 size 128
Sep 21 07:16:45.259606: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Sep 21 07:16:45.259612: | #1 spent 0.655 milliseconds in resume sending helper answer
Sep 21 07:16:45.259618: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833)
Sep 21 07:16:45.259621: | libevent_free: release ptr-libevent@0x7fc694006900
Sep 21 07:16:45.264393: | spent 0.00268 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Sep 21 07:16:45.264414: | *received 366 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500)
Sep 21 07:16:45.264420: |   e6 a2 5a 27  64 e5 77 c8  03 a4 93 57  cb a7 9e 0f
Sep 21 07:16:45.264423: |   2e 20 23 08  00 00 00 01  00 00 01 6e  23 00 01 52
Sep 21 07:16:45.264426: |   d4 6b 96 9f  6d 43 7c 76  db 91 59 f9  0a fd 92 d6
Sep 21 07:16:45.264429: |   3b 8d c7 91  39 eb b1 67  c1 02 54 70  ea 11 fb d1
Sep 21 07:16:45.264431: |   97 53 0e 4a  a8 33 7f dd  80 2d 98 c4  6f 06 77 96
Sep 21 07:16:45.264434: |   56 47 ba 1a  21 6e 7d f0  2e 05 23 a9  d4 bf 2a 38
Sep 21 07:16:45.264437: |   c3 8b b1 83  e3 39 28 1e  03 80 71 ad  66 94 cb 76
Sep 21 07:16:45.264439: |   63 ec 6c 29  1d 1e fc 04  df 55 18 3a  ab cf 93 3c
Sep 21 07:16:45.264442: |   d6 80 0a 5c  b8 f7 f2 07  2e 58 a0 88  ec 6a a6 3a
Sep 21 07:16:45.264445: |   2e d9 34 6e  3a 1f 4c f5  a9 f3 bf aa  01 c3 07 71
Sep 21 07:16:45.264447: |   52 a9 1a 64  5c 06 e4 39  be cc dd f5  e4 93 ac 8a
Sep 21 07:16:45.264450: |   0d de 62 ef  a8 be 85 eb  a6 93 73 fc  7c 79 90 2f
Sep 21 07:16:45.264453: |   b7 cb 49 8d  dd 6d 56 81  a8 5f 1e c4  b3 11 21 1f
Sep 21 07:16:45.264455: |   15 4c d2 f8  ea 91 74 b1  01 9a 67 b4  de 1a 58 cd
Sep 21 07:16:45.264458: |   b7 6a 3c 3d  35 7c a3 36  d0 3b 89 9e  36 0f 75 e4
Sep 21 07:16:45.264461: |   bc 00 f7 86  50 47 59 d0  28 bb 62 2e  5b 54 6e 94
Sep 21 07:16:45.264464: |   b9 82 f9 5c  29 2e 54 91  84 4a ba 1a  94 a1 bb 30
Sep 21 07:16:45.264466: |   e2 be 19 15  5d 3f 35 b9  5a 85 28 73  83 62 5c c2
Sep 21 07:16:45.264469: |   2d 56 14 12  8d ac 50 06  cc c7 a9 cf  73 88 a6 41
Sep 21 07:16:45.264472: |   d2 4f 34 6b  70 92 f5 81  a5 2e 64 a1  db 21 a8 5a
Sep 21 07:16:45.264474: |   95 d1 24 8d  5d a5 4c 49  ea c4 31 9d  d3 e7 b2 9f
Sep 21 07:16:45.264477: |   05 20 9f d8  8f 84 b0 85  76 87 3c 12  38 5a c4 fc
Sep 21 07:16:45.264480: |   f0 57 8a 10  d7 b7 c9 dd  1e 22 d9 95  c7 9a
Sep 21 07:16:45.264485: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378)
Sep 21 07:16:45.264489: | **parse ISAKMP Message:
Sep 21 07:16:45.264491: |    initiator cookie:
Sep 21 07:16:45.264494: |   e6 a2 5a 27  64 e5 77 c8
Sep 21 07:16:45.264497: |    responder cookie:
Sep 21 07:16:45.264499: |   03 a4 93 57  cb a7 9e 0f
Sep 21 07:16:45.264502: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Sep 21 07:16:45.264505: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:16:45.264508: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Sep 21 07:16:45.264511: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Sep 21 07:16:45.264514: |    Message ID: 1 (0x1)
Sep 21 07:16:45.264517: |    length: 366 (0x16e)
Sep 21 07:16:45.264521: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Sep 21 07:16:45.264524: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request 
Sep 21 07:16:45.264529: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa)
Sep 21 07:16:45.264535: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016)
Sep 21 07:16:45.264539: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Sep 21 07:16:45.264545: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064)
Sep 21 07:16:45.264548: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
Sep 21 07:16:45.264553: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0
Sep 21 07:16:45.264556: | unpacking clear payload
Sep 21 07:16:45.264559: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Sep 21 07:16:45.264562: | ***parse IKEv2 Encryption Payload:
Sep 21 07:16:45.264565: |    next payload type: ISAKMP_NEXT_v2IDi (0x23)
Sep 21 07:16:45.264568: |    flags: none (0x0)
Sep 21 07:16:45.264571: |    length: 338 (0x152)
Sep 21 07:16:45.264574: | processing payload: ISAKMP_NEXT_v2SK (len=334)
Sep 21 07:16:45.264579: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1
Sep 21 07:16:45.264584: | #1 in state PARENT_R1: received v2I1, sent v2R1
Sep 21 07:16:45.264588: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED)
Sep 21 07:16:45.264591: | Now let's proceed with state specific processing
Sep 21 07:16:45.264594: | calling processor Responder: process IKE_AUTH request (no SKEYSEED)
Sep 21 07:16:45.264597: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2
Sep 21 07:16:45.264602: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16
Sep 21 07:16:45.264606: | adding ikev2_inI2outR2 KE work-order 2 for state #1
Sep 21 07:16:45.264609: | state #1 requesting EVENT_SO_DISCARD to be deleted
Sep 21 07:16:45.264613: | libevent_free: release ptr-libevent@0x5610e926c8e0
Sep 21 07:16:45.264616: | free_event_entry: release EVENT_SO_DISCARD-pe@0x5610e926a6a0
Sep 21 07:16:45.264620: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5610e926a6a0
Sep 21 07:16:45.264624: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Sep 21 07:16:45.264627: | libevent_malloc: new ptr-libevent@0x5610e926c8e0 size 128
Sep 21 07:16:45.264638: |   #1 spent 0.0391 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet()
Sep 21 07:16:45.264643: | crypto helper 1 resuming
Sep 21 07:16:45.264655: | crypto helper 1 starting work-order 2 for state #1
Sep 21 07:16:45.264662: | crypto helper 1 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2
Sep 21 07:16:45.264645: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:16:45.264672: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND
Sep 21 07:16:45.264675: | suspending state #1 and saving MD
Sep 21 07:16:45.264679: | #1 is busy; has a suspended MD
Sep 21 07:16:45.264684: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266)
Sep 21 07:16:45.264689: | "northnet-eastnet/0x2" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448
Sep 21 07:16:45.264694: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018)
Sep 21 07:16:45.264699: | #1 spent 0.285 milliseconds in ikev2_process_packet()
Sep 21 07:16:45.264704: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380)
Sep 21 07:16:45.264707: | processing: STOP state #0 (in process_md() at demux.c:382)
Sep 21 07:16:45.264711: | processing: STOP connection NULL (in process_md() at demux.c:383)
Sep 21 07:16:45.264715: | spent 0.301 milliseconds in comm_handle_cb() reading and processing packet
Sep 21 07:16:45.265646: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4
Sep 21 07:16:45.266084: | crypto helper 1 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001422 seconds
Sep 21 07:16:45.266094: | (#1) spent 1.41 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr)
Sep 21 07:16:45.266097: | crypto helper 1 sending results from work-order 2 for state #1 to event queue
Sep 21 07:16:45.266101: | scheduling resume sending helper answer for #1
Sep 21 07:16:45.266104: | libevent_malloc: new ptr-libevent@0x7fc68c006b90 size 128
Sep 21 07:16:45.266113: | crypto helper 1 waiting (nothing to do)
Sep 21 07:16:45.266147: | processing resume sending helper answer for #1
Sep 21 07:16:45.266160: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797)
Sep 21 07:16:45.266167: | crypto helper 1 replies to request ID 2
Sep 21 07:16:45.266171: | calling continuation function 0x5610e81d3630
Sep 21 07:16:45.266174: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2
Sep 21 07:16:45.266178: | #1 in state PARENT_R1: received v2I1, sent v2R1
Sep 21 07:16:45.266195: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success
Sep 21 07:16:45.266201: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi)
Sep 21 07:16:45.266205: | **parse IKEv2 Identification - Initiator - Payload:
Sep 21 07:16:45.266208: |    next payload type: ISAKMP_NEXT_v2IDr (0x24)
Sep 21 07:16:45.266211: |    flags: none (0x0)
Sep 21 07:16:45.266214: |    length: 13 (0xd)
Sep 21 07:16:45.266217: |    ID type: ID_FQDN (0x2)
Sep 21 07:16:45.266220: | processing payload: ISAKMP_NEXT_v2IDi (len=5)
Sep 21 07:16:45.266223: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr)
Sep 21 07:16:45.266226: | **parse IKEv2 Identification - Responder - Payload:
Sep 21 07:16:45.266229: |    next payload type: ISAKMP_NEXT_v2AUTH (0x27)
Sep 21 07:16:45.266231: |    flags: none (0x0)
Sep 21 07:16:45.266234: |    length: 12 (0xc)
Sep 21 07:16:45.266236: |    ID type: ID_FQDN (0x2)
Sep 21 07:16:45.266239: | processing payload: ISAKMP_NEXT_v2IDr (len=4)
Sep 21 07:16:45.266242: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH)
Sep 21 07:16:45.266246: | **parse IKEv2 Authentication Payload:
Sep 21 07:16:45.266248: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Sep 21 07:16:45.266251: |    flags: none (0x0)
Sep 21 07:16:45.266254: |    length: 72 (0x48)
Sep 21 07:16:45.266257: |    auth method: IKEv2_AUTH_SHARED (0x2)
Sep 21 07:16:45.266259: | processing payload: ISAKMP_NEXT_v2AUTH (len=64)
Sep 21 07:16:45.266262: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Sep 21 07:16:45.266265: | **parse IKEv2 Security Association Payload:
Sep 21 07:16:45.266268: |    next payload type: ISAKMP_NEXT_v2TSi (0x2c)
Sep 21 07:16:45.266271: |    flags: none (0x0)
Sep 21 07:16:45.266273: |    length: 164 (0xa4)
Sep 21 07:16:45.266276: | processing payload: ISAKMP_NEXT_v2SA (len=160)
Sep 21 07:16:45.266279: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi)
Sep 21 07:16:45.266282: | **parse IKEv2 Traffic Selector - Initiator - Payload:
Sep 21 07:16:45.266285: |    next payload type: ISAKMP_NEXT_v2TSr (0x2d)
Sep 21 07:16:45.266287: |    flags: none (0x0)
Sep 21 07:16:45.266290: |    length: 24 (0x18)
Sep 21 07:16:45.266293: |    number of TS: 1 (0x1)
Sep 21 07:16:45.266296: | processing payload: ISAKMP_NEXT_v2TSi (len=16)
Sep 21 07:16:45.266298: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr)
Sep 21 07:16:45.266301: | **parse IKEv2 Traffic Selector - Responder - Payload:
Sep 21 07:16:45.266304: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:45.266307: |    flags: none (0x0)
Sep 21 07:16:45.266309: |    length: 24 (0x18)
Sep 21 07:16:45.266312: |    number of TS: 1 (0x1)
Sep 21 07:16:45.266315: | processing payload: ISAKMP_NEXT_v2TSr (len=16)
Sep 21 07:16:45.266318: | selected state microcode Responder: process IKE_AUTH request
Sep 21 07:16:45.266321: | Now let's proceed with state specific processing
Sep 21 07:16:45.266323: | calling processor Responder: process IKE_AUTH request
Sep 21 07:16:45.266330: "northnet-eastnet/0x2" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr}
Sep 21 07:16:45.266337: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668)
Sep 21 07:16:45.266341: | received IDr payload - extracting our alleged ID
Sep 21 07:16:45.266345: | refine_host_connection for IKEv2: starting with "northnet-eastnet/0x2"
Sep 21 07:16:45.266350: |    match_id a=@north
Sep 21 07:16:45.266353: |             b=@north
Sep 21 07:16:45.266355: |    results  matched
Sep 21 07:16:45.266360: | refine_host_connection: checking "northnet-eastnet/0x2" against "northnet-eastnet/0x2", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0))
Sep 21 07:16:45.266363: | Warning: not switching back to template of current instance
Sep 21 07:16:45.266367: | Peer expects us to be @east (ID_FQDN) according to its IDr payload
Sep 21 07:16:45.266370: | This connection's local id is @east (ID_FQDN)
Sep 21 07:16:45.266374: | refine_host_connection: checked northnet-eastnet/0x2 against northnet-eastnet/0x2, now for see if best
Sep 21 07:16:45.266379: | started looking for secret for @east->@north of kind PKK_PSK
Sep 21 07:16:45.266382: | actually looking for secret for @east->@north of kind PKK_PSK
Sep 21 07:16:45.266387: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Sep 21 07:16:45.266391: | 1: compared key @north to @east / @north -> 004
Sep 21 07:16:45.266395: | 2: compared key @east to @east / @north -> 014
Sep 21 07:16:45.266398: | line 1: match=014
Sep 21 07:16:45.266402: | match 014 beats previous best_match 000 match=0x5610e925b580 (line=1)
Sep 21 07:16:45.266405: | concluding with best_match=014 best=0x5610e925b580 (lineno=1)
Sep 21 07:16:45.266408: | returning because exact peer id match
Sep 21 07:16:45.266411: | offered CA: '%none'
Sep 21 07:16:45.266414: "northnet-eastnet/0x2" #1: IKEv2 mode peer ID is ID_FQDN: '@north'
Sep 21 07:16:45.266434: | verifying AUTH payload
Sep 21 07:16:45.266439: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret
Sep 21 07:16:45.266443: | started looking for secret for @east->@north of kind PKK_PSK
Sep 21 07:16:45.266446: | actually looking for secret for @east->@north of kind PKK_PSK
Sep 21 07:16:45.266450: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Sep 21 07:16:45.266454: | 1: compared key @north to @east / @north -> 004
Sep 21 07:16:45.266458: | 2: compared key @east to @east / @north -> 014
Sep 21 07:16:45.266460: | line 1: match=014
Sep 21 07:16:45.266463: | match 014 beats previous best_match 000 match=0x5610e925b580 (line=1)
Sep 21 07:16:45.266467: | concluding with best_match=014 best=0x5610e925b580 (lineno=1)
Sep 21 07:16:45.266530: "northnet-eastnet/0x2" #1: Authenticated using authby=secret
Sep 21 07:16:45.266536: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA)
Sep 21 07:16:45.266541: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key)
Sep 21 07:16:45.266544: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Sep 21 07:16:45.266548: | libevent_free: release ptr-libevent@0x5610e926c8e0
Sep 21 07:16:45.266551: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5610e926a6a0
Sep 21 07:16:45.266555: | event_schedule: new EVENT_SA_REKEY-pe@0x5610e926a6a0
Sep 21 07:16:45.266559: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1
Sep 21 07:16:45.266562: | libevent_malloc: new ptr-libevent@0x5610e926c8e0 size 128
Sep 21 07:16:45.267470: | pstats #1 ikev2.ike established
Sep 21 07:16:45.267485: | **emit ISAKMP Message:
Sep 21 07:16:45.267488: |    initiator cookie:
Sep 21 07:16:45.267491: |   e6 a2 5a 27  64 e5 77 c8
Sep 21 07:16:45.267494: |    responder cookie:
Sep 21 07:16:45.267496: |   03 a4 93 57  cb a7 9e 0f
Sep 21 07:16:45.267500: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 21 07:16:45.267503: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:16:45.267506: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Sep 21 07:16:45.267509: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Sep 21 07:16:45.267511: |    Message ID: 1 (0x1)
Sep 21 07:16:45.267515: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Sep 21 07:16:45.267518: | IKEv2 CERT: send a certificate?
Sep 21 07:16:45.267521: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK
Sep 21 07:16:45.267524: | ***emit IKEv2 Encryption Payload:
Sep 21 07:16:45.267527: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:45.267530: |    flags: none (0x0)
Sep 21 07:16:45.267533: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Sep 21 07:16:45.267536: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Sep 21 07:16:45.267540: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Sep 21 07:16:45.267552: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Sep 21 07:16:45.267574: | ****emit IKEv2 Identification - Responder - Payload:
Sep 21 07:16:45.267578: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:45.267580: |    flags: none (0x0)
Sep 21 07:16:45.267582: |    ID type: ID_FQDN (0x2)
Sep 21 07:16:45.267590: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr)
Sep 21 07:16:45.267594: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet'
Sep 21 07:16:45.267598: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload
Sep 21 07:16:45.267601: | my identity  65 61 73 74
Sep 21 07:16:45.267604: | emitting length of IKEv2 Identification - Responder - Payload: 12
Sep 21 07:16:45.267616: | assembled IDr payload
Sep 21 07:16:45.267619: | CHILD SA proposals received
Sep 21 07:16:45.267622: | going to assemble AUTH payload
Sep 21 07:16:45.267625: | ****emit IKEv2 Authentication Payload:
Sep 21 07:16:45.267628: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Sep 21 07:16:45.267631: |    flags: none (0x0)
Sep 21 07:16:45.267634: |    auth method: IKEv2_AUTH_SHARED (0x2)
Sep 21 07:16:45.267638: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA
Sep 21 07:16:45.267641: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH)
Sep 21 07:16:45.267644: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet'
Sep 21 07:16:45.267647: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret
Sep 21 07:16:45.267652: | started looking for secret for @east->@north of kind PKK_PSK
Sep 21 07:16:45.267654: | actually looking for secret for @east->@north of kind PKK_PSK
Sep 21 07:16:45.267657: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Sep 21 07:16:45.267661: | 1: compared key @north to @east / @north -> 004
Sep 21 07:16:45.267665: | 2: compared key @east to @east / @north -> 014
Sep 21 07:16:45.267667: | line 1: match=014
Sep 21 07:16:45.267670: | match 014 beats previous best_match 000 match=0x5610e925b580 (line=1)
Sep 21 07:16:45.267673: | concluding with best_match=014 best=0x5610e925b580 (lineno=1)
Sep 21 07:16:45.267729: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload
Sep 21 07:16:45.267734: | PSK auth  4e 2a 38 a6  a3 31 06 26  2d f5 7f 29  7c 6b 90 86
Sep 21 07:16:45.267736: | PSK auth  9c 3f 3b 3e  8c 06 e6 eb  63 94 97 c2  af e7 ae d3
Sep 21 07:16:45.267738: | PSK auth  34 cf 47 be  b1 c5 9c c7  4f 08 e4 ce  50 41 74 ad
Sep 21 07:16:45.267740: | PSK auth  dd 8a 0c 89  93 ef a3 23  f6 cb 19 96  82 89 99 23
Sep 21 07:16:45.267743: | emitting length of IKEv2 Authentication Payload: 72
Sep 21 07:16:45.267750: | creating state object #2 at 0x5610e926dd40
Sep 21 07:16:45.267753: | State DB: adding IKEv2 state #2 in UNDEFINED
Sep 21 07:16:45.267758: | pstats #2 ikev2.child started
Sep 21 07:16:45.267761: | duplicating state object #1 "northnet-eastnet/0x2" as #2 for IPSEC SA
Sep 21 07:16:45.267766: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481)
Sep 21 07:16:45.267772: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1
Sep 21 07:16:45.267777: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1
Sep 21 07:16:45.267781: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1
Sep 21 07:16:45.267792: | Child SA TS Request has ike->sa == md->st; so using parent connection
Sep 21 07:16:45.267795: | TSi: parsing 1 traffic selectors
Sep 21 07:16:45.267800: | ***parse IKEv2 Traffic Selector:
Sep 21 07:16:45.267803: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:16:45.267806: |    IP Protocol ID: 0 (0x0)
Sep 21 07:16:45.267809: |    length: 16 (0x10)
Sep 21 07:16:45.267811: |    start port: 0 (0x0)
Sep 21 07:16:45.267817: |    end port: 65535 (0xffff)
Sep 21 07:16:45.267821: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Sep 21 07:16:45.267824: | TS low  c0 00 03 00
Sep 21 07:16:45.267827: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Sep 21 07:16:45.267830: | TS high  c0 00 03 ff
Sep 21 07:16:45.267833: | TSi: parsed 1 traffic selectors
Sep 21 07:16:45.267836: | TSr: parsing 1 traffic selectors
Sep 21 07:16:45.267839: | ***parse IKEv2 Traffic Selector:
Sep 21 07:16:45.267841: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:16:45.267844: |    IP Protocol ID: 0 (0x0)
Sep 21 07:16:45.267846: |    length: 16 (0x10)
Sep 21 07:16:45.267848: |    start port: 0 (0x0)
Sep 21 07:16:45.267851: |    end port: 65535 (0xffff)
Sep 21 07:16:45.267853: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Sep 21 07:16:45.267855: | TS low  c0 00 02 00
Sep 21 07:16:45.267858: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Sep 21 07:16:45.267860: | TS high  c0 00 02 ff
Sep 21 07:16:45.267862: | TSr: parsed 1 traffic selectors
Sep 21 07:16:45.267865: | looking for best SPD in current connection
Sep 21 07:16:45.267871: | evaluating our conn="northnet-eastnet/0x2" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their:
Sep 21 07:16:45.267876: |     TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:16:45.267883: |         match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32
Sep 21 07:16:45.267888: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Sep 21 07:16:45.267891: |           TSi[0] port match: YES fitness 65536
Sep 21 07:16:45.267894: |         narrow protocol end=*0 == TSi[0]=*0: 0
Sep 21 07:16:45.267898: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Sep 21 07:16:45.267904: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:16:45.267911: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Sep 21 07:16:45.267915: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Sep 21 07:16:45.267918: |           TSr[0] port match: YES fitness 65536
Sep 21 07:16:45.267921: |         narrow protocol end=*0 == TSr[0]=*0: 0
Sep 21 07:16:45.267924: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Sep 21 07:16:45.267927: | best fit so far: TSi[0] TSr[0]
Sep 21 07:16:45.267931: |     found better spd route for TSi[0],TSr[0]
Sep 21 07:16:45.267933: | looking for better host pair
Sep 21 07:16:45.267939: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports
Sep 21 07:16:45.267943: |   checking hostpair 192.0.2.0/24:0 -> 192.0.3.0/24:0 is found
Sep 21 07:16:45.267946: |   investigating connection "northnet-eastnet/0x2" as a better match
Sep 21 07:16:45.267949: |    match_id a=@north
Sep 21 07:16:45.267952: |             b=@north
Sep 21 07:16:45.267954: |    results  matched
Sep 21 07:16:45.267959: | evaluating our conn="northnet-eastnet/0x2" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their:
Sep 21 07:16:45.267964: |     TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:16:45.267971: |         match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32
Sep 21 07:16:45.267974: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Sep 21 07:16:45.267977: |           TSi[0] port match: YES fitness 65536
Sep 21 07:16:45.267981: |         narrow protocol end=*0 == TSi[0]=*0: 0
Sep 21 07:16:45.267984: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Sep 21 07:16:45.267990: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:16:45.267997: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Sep 21 07:16:45.268001: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Sep 21 07:16:45.268003: |           TSr[0] port match: YES fitness 65536
Sep 21 07:16:45.268007: |         narrow protocol end=*0 == TSr[0]=*0: 0
Sep 21 07:16:45.268013: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Sep 21 07:16:45.268016: | best fit so far: TSi[0] TSr[0]
Sep 21 07:16:45.268019: |   investigating connection "northnet-eastnet/0x1" as a better match
Sep 21 07:16:45.268022: |    match_id a=@north
Sep 21 07:16:45.268024: |             b=@north
Sep 21 07:16:45.268026: |    results  matched
Sep 21 07:16:45.268032: | evaluating our conn="northnet-eastnet/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their:
Sep 21 07:16:45.268036: |     TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:16:45.268042: |         match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32
Sep 21 07:16:45.268045: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Sep 21 07:16:45.268047: |           TSi[0] port match: YES fitness 65536
Sep 21 07:16:45.268050: |         narrow protocol end=*0 == TSi[0]=*0: 0
Sep 21 07:16:45.268054: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Sep 21 07:16:45.268059: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:16:45.268066: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Sep 21 07:16:45.268070: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Sep 21 07:16:45.268073: |           TSr[0] port match: YES fitness 65536
Sep 21 07:16:45.268076: |         narrow protocol end=*0 == TSr[0]=*0: 0
Sep 21 07:16:45.268079: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Sep 21 07:16:45.268082: | best fit so far: TSi[0] TSr[0]
Sep 21 07:16:45.268085: |   did not find a better connection using host pair
Sep 21 07:16:45.268088: | printing contents struct traffic_selector
Sep 21 07:16:45.268091: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Sep 21 07:16:45.268094: |   ipprotoid: 0
Sep 21 07:16:45.268097: |   port range: 0-65535
Sep 21 07:16:45.268101: |   ip range: 192.0.2.0-192.0.2.255
Sep 21 07:16:45.268104: | printing contents struct traffic_selector
Sep 21 07:16:45.268106: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Sep 21 07:16:45.268108: |   ipprotoid: 0
Sep 21 07:16:45.268110: |   port range: 0-65535
Sep 21 07:16:45.268114: |   ip range: 192.0.3.0-192.0.3.255
Sep 21 07:16:45.268119: | constructing ESP/AH proposals with all DH removed  for northnet-eastnet/0x2 (IKE_AUTH responder matching remote ESP/AH proposals)
Sep 21 07:16:45.268128: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Sep 21 07:16:45.268136: | ...  ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED
Sep 21 07:16:45.268139: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Sep 21 07:16:45.268144: | ...  ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED
Sep 21 07:16:45.268148: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Sep 21 07:16:45.268154: | ...  ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Sep 21 07:16:45.268158: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Sep 21 07:16:45.268163: | ...  ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Sep 21 07:16:45.268171: "northnet-eastnet/0x2": constructed local ESP/AH proposals for northnet-eastnet/0x2 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Sep 21 07:16:45.268175: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals
Sep 21 07:16:45.268178: | local proposal 1 type ENCR has 1 transforms
Sep 21 07:16:45.268181: | local proposal 1 type PRF has 0 transforms
Sep 21 07:16:45.268183: | local proposal 1 type INTEG has 1 transforms
Sep 21 07:16:45.268189: | local proposal 1 type DH has 1 transforms
Sep 21 07:16:45.268192: | local proposal 1 type ESN has 1 transforms
Sep 21 07:16:45.268196: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH
Sep 21 07:16:45.268199: | local proposal 2 type ENCR has 1 transforms
Sep 21 07:16:45.268202: | local proposal 2 type PRF has 0 transforms
Sep 21 07:16:45.268205: | local proposal 2 type INTEG has 1 transforms
Sep 21 07:16:45.268208: | local proposal 2 type DH has 1 transforms
Sep 21 07:16:45.268211: | local proposal 2 type ESN has 1 transforms
Sep 21 07:16:45.268214: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH
Sep 21 07:16:45.268217: | local proposal 3 type ENCR has 1 transforms
Sep 21 07:16:45.268220: | local proposal 3 type PRF has 0 transforms
Sep 21 07:16:45.268223: | local proposal 3 type INTEG has 2 transforms
Sep 21 07:16:45.268226: | local proposal 3 type DH has 1 transforms
Sep 21 07:16:45.268229: | local proposal 3 type ESN has 1 transforms
Sep 21 07:16:45.268232: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH
Sep 21 07:16:45.268235: | local proposal 4 type ENCR has 1 transforms
Sep 21 07:16:45.268238: | local proposal 4 type PRF has 0 transforms
Sep 21 07:16:45.268241: | local proposal 4 type INTEG has 2 transforms
Sep 21 07:16:45.268244: | local proposal 4 type DH has 1 transforms
Sep 21 07:16:45.268246: | local proposal 4 type ESN has 1 transforms
Sep 21 07:16:45.268249: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH
Sep 21 07:16:45.268252: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:16:45.268255: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:16:45.268257: |    length: 32 (0x20)
Sep 21 07:16:45.268260: |    prop #: 1 (0x1)
Sep 21 07:16:45.268262: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:16:45.268265: |    spi size: 4 (0x4)
Sep 21 07:16:45.268267: |    # transforms: 2 (0x2)
Sep 21 07:16:45.268270: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:16:45.268273: | remote SPI  ed eb e2 49
Sep 21 07:16:45.268277: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals
Sep 21 07:16:45.268280: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.268283: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.268286: |    length: 12 (0xc)
Sep 21 07:16:45.268289: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:16:45.268292: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:16:45.268295: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:16:45.268299: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:16:45.268302: |    length/value: 256 (0x100)
Sep 21 07:16:45.268307: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Sep 21 07:16:45.268310: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.268313: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:16:45.268316: |    length: 8 (0x8)
Sep 21 07:16:45.268319: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:16:45.268322: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:16:45.268326: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0
Sep 21 07:16:45.268329: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0
Sep 21 07:16:45.268332: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0
Sep 21 07:16:45.268335: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0
Sep 21 07:16:45.268339: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none
Sep 21 07:16:45.268343: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN
Sep 21 07:16:45.268346: | remote proposal 1 matches local proposal 1
Sep 21 07:16:45.268350: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:16:45.268353: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:16:45.268355: |    length: 32 (0x20)
Sep 21 07:16:45.268358: |    prop #: 2 (0x2)
Sep 21 07:16:45.268361: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:16:45.268364: |    spi size: 4 (0x4)
Sep 21 07:16:45.268367: |    # transforms: 2 (0x2)
Sep 21 07:16:45.268370: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:16:45.268373: | remote SPI  ed eb e2 49
Sep 21 07:16:45.268377: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:16:45.268380: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.268383: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.268386: |    length: 12 (0xc)
Sep 21 07:16:45.268389: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:16:45.268392: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:16:45.268395: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:16:45.268398: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:16:45.268401: |    length/value: 128 (0x80)
Sep 21 07:16:45.268404: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.268407: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:16:45.268409: |    length: 8 (0x8)
Sep 21 07:16:45.268411: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:16:45.268414: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:16:45.268417: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN
Sep 21 07:16:45.268420: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN
Sep 21 07:16:45.268423: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:16:45.268425: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:16:45.268428: |    length: 48 (0x30)
Sep 21 07:16:45.268430: |    prop #: 3 (0x3)
Sep 21 07:16:45.268432: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:16:45.268434: |    spi size: 4 (0x4)
Sep 21 07:16:45.268437: |    # transforms: 4 (0x4)
Sep 21 07:16:45.268441: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:16:45.268443: | remote SPI  ed eb e2 49
Sep 21 07:16:45.268447: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:16:45.268450: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.268453: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.268456: |    length: 12 (0xc)
Sep 21 07:16:45.268459: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:16:45.268462: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:16:45.268465: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:16:45.268468: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:16:45.268471: |    length/value: 256 (0x100)
Sep 21 07:16:45.268474: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.268477: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.268480: |    length: 8 (0x8)
Sep 21 07:16:45.268483: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:16:45.268486: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:16:45.268488: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.268491: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.268493: |    length: 8 (0x8)
Sep 21 07:16:45.268495: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:16:45.268498: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:16:45.268500: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.268503: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:16:45.268505: |    length: 8 (0x8)
Sep 21 07:16:45.268508: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:16:45.268510: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:16:45.268514: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Sep 21 07:16:45.268516: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Sep 21 07:16:45.268520: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:16:45.268523: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:16:45.268526: |    length: 48 (0x30)
Sep 21 07:16:45.268528: |    prop #: 4 (0x4)
Sep 21 07:16:45.268531: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:16:45.268534: |    spi size: 4 (0x4)
Sep 21 07:16:45.268537: |    # transforms: 4 (0x4)
Sep 21 07:16:45.268541: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:16:45.268543: | remote SPI  ed eb e2 49
Sep 21 07:16:45.268547: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:16:45.268550: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.268553: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.268556: |    length: 12 (0xc)
Sep 21 07:16:45.268559: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:16:45.268562: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:16:45.268565: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:16:45.268567: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:16:45.268570: |    length/value: 128 (0x80)
Sep 21 07:16:45.268574: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.268576: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.268578: |    length: 8 (0x8)
Sep 21 07:16:45.268581: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:16:45.268583: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:16:45.268586: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.268589: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.268591: |    length: 8 (0x8)
Sep 21 07:16:45.268593: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:16:45.268596: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:16:45.268598: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.268601: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:16:45.268603: |    length: 8 (0x8)
Sep 21 07:16:45.268605: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:16:45.268608: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:16:45.268611: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Sep 21 07:16:45.268614: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Sep 21 07:16:45.268618: "northnet-eastnet/0x2" #1: proposal 1:ESP:SPI=edebe249;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED
Sep 21 07:16:45.268623: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=edebe249;ENCR=AES_GCM_C_256;ESN=DISABLED
Sep 21 07:16:45.268626: | converting proposal to internal trans attrs
Sep 21 07:16:45.268647: | netlink_get_spi: allocated 0x8af9a110 for esp.0@192.1.2.23
Sep 21 07:16:45.268650: | Emitting ikev2_proposal ...
Sep 21 07:16:45.268652: | ****emit IKEv2 Security Association Payload:
Sep 21 07:16:45.268655: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:45.268657: |    flags: none (0x0)
Sep 21 07:16:45.268660: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Sep 21 07:16:45.268663: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Sep 21 07:16:45.268666: | *****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:16:45.268668: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:16:45.268671: |    prop #: 1 (0x1)
Sep 21 07:16:45.268673: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:16:45.268675: |    spi size: 4 (0x4)
Sep 21 07:16:45.268679: |    # transforms: 2 (0x2)
Sep 21 07:16:45.268682: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:16:45.268686: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Sep 21 07:16:45.268689: | our spi  8a f9 a1 10
Sep 21 07:16:45.268692: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.268695: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.268698: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:16:45.268701: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:16:45.268705: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:16:45.268708: | *******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:16:45.268711: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:16:45.268714: |    length/value: 256 (0x100)
Sep 21 07:16:45.268717: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:16:45.268720: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.268723: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:16:45.268726: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:16:45.268729: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:16:45.268733: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.268736: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:16:45.268738: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:16:45.268741: | emitting length of IKEv2 Proposal Substructure Payload: 32
Sep 21 07:16:45.268744: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:16:45.268746: | emitting length of IKEv2 Security Association Payload: 36
Sep 21 07:16:45.268749: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Sep 21 07:16:45.268751: | ****emit IKEv2 Traffic Selector - Initiator - Payload:
Sep 21 07:16:45.268755: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:45.268758: |    flags: none (0x0)
Sep 21 07:16:45.268760: |    number of TS: 1 (0x1)
Sep 21 07:16:45.268764: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi)
Sep 21 07:16:45.268768: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet'
Sep 21 07:16:45.268771: | *****emit IKEv2 Traffic Selector:
Sep 21 07:16:45.268774: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:16:45.268777: |    IP Protocol ID: 0 (0x0)
Sep 21 07:16:45.268780: |    start port: 0 (0x0)
Sep 21 07:16:45.268788: |    end port: 65535 (0xffff)
Sep 21 07:16:45.268795: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Sep 21 07:16:45.268798: | IP start  c0 00 03 00
Sep 21 07:16:45.268801: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Sep 21 07:16:45.268804: | IP end  c0 00 03 ff
Sep 21 07:16:45.268807: | emitting length of IKEv2 Traffic Selector: 16
Sep 21 07:16:45.268809: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24
Sep 21 07:16:45.268812: | ****emit IKEv2 Traffic Selector - Responder - Payload:
Sep 21 07:16:45.268814: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:45.268816: |    flags: none (0x0)
Sep 21 07:16:45.268819: |    number of TS: 1 (0x1)
Sep 21 07:16:45.268822: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr)
Sep 21 07:16:45.268825: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet'
Sep 21 07:16:45.268829: | *****emit IKEv2 Traffic Selector:
Sep 21 07:16:45.268832: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:16:45.268834: |    IP Protocol ID: 0 (0x0)
Sep 21 07:16:45.268836: |    start port: 0 (0x0)
Sep 21 07:16:45.268839: |    end port: 65535 (0xffff)
Sep 21 07:16:45.268842: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Sep 21 07:16:45.268845: | IP start  c0 00 02 00
Sep 21 07:16:45.268848: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Sep 21 07:16:45.268851: | IP end  c0 00 02 ff
Sep 21 07:16:45.268854: | emitting length of IKEv2 Traffic Selector: 16
Sep 21 07:16:45.268857: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24
Sep 21 07:16:45.268860: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Sep 21 07:16:45.268864: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36
Sep 21 07:16:45.269063: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established
Sep 21 07:16:45.269072: |     #1 spent 2.33 milliseconds
Sep 21 07:16:45.269075: | install_ipsec_sa() for #2: inbound and outbound
Sep 21 07:16:45.269078: | could_route called for northnet-eastnet/0x2 (kind=CK_PERMANENT)
Sep 21 07:16:45.269082: | FOR_EACH_CONNECTION_... in route_owner
Sep 21 07:16:45.269085: |  conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs
Sep 21 07:16:45.269089: |  conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000
Sep 21 07:16:45.269092: |  conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs
Sep 21 07:16:45.269095: |  conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000
Sep 21 07:16:45.269103: | route owner of "northnet-eastnet/0x2" unrouted: NULL; eroute owner: NULL
Sep 21 07:16:45.269108: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Sep 21 07:16:45.269112: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Sep 21 07:16:45.269115: | AES_GCM_16 requires 4 salt bytes
Sep 21 07:16:45.269119: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Sep 21 07:16:45.269124: | setting IPsec SA replay-window to 32
Sep 21 07:16:45.269128: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x2' not available on interface eth1
Sep 21 07:16:45.269131: | netlink: enabling tunnel mode
Sep 21 07:16:45.269134: | netlink: setting IPsec SA replay-window to 32 using old-style req
Sep 21 07:16:45.269137: | netlink: esp-hw-offload not set for IPsec SA
Sep 21 07:16:45.269230: | netlink response for Add SA esp.edebe249@192.1.3.33 included non-error error
Sep 21 07:16:45.269235: | set up outgoing SA, ref=0/0
Sep 21 07:16:45.269238: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Sep 21 07:16:45.269242: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Sep 21 07:16:45.269245: | AES_GCM_16 requires 4 salt bytes
Sep 21 07:16:45.269248: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Sep 21 07:16:45.269253: | setting IPsec SA replay-window to 32
Sep 21 07:16:45.269257: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x2' not available on interface eth1
Sep 21 07:16:45.269260: | netlink: enabling tunnel mode
Sep 21 07:16:45.269263: | netlink: setting IPsec SA replay-window to 32 using old-style req
Sep 21 07:16:45.269266: | netlink: esp-hw-offload not set for IPsec SA
Sep 21 07:16:45.269319: | netlink response for Add SA esp.8af9a110@192.1.2.23 included non-error error
Sep 21 07:16:45.269325: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7
Sep 21 07:16:45.269334: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute)
Sep 21 07:16:45.269338: | IPsec Sa SPD priority set to 1042407
Sep 21 07:16:45.269391: | raw_eroute result=success
Sep 21 07:16:45.269395: | set up incoming SA, ref=0/0
Sep 21 07:16:45.269398: | sr for #2: unrouted
Sep 21 07:16:45.269402: | route_and_eroute() for proto 0, and source port 0 dest port 0
Sep 21 07:16:45.269405: | FOR_EACH_CONNECTION_... in route_owner
Sep 21 07:16:45.269412: |  conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs
Sep 21 07:16:45.269416: |  conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000
Sep 21 07:16:45.269419: |  conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs
Sep 21 07:16:45.269422: |  conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000
Sep 21 07:16:45.269427: | route owner of "northnet-eastnet/0x2" unrouted: NULL; eroute owner: NULL
Sep 21 07:16:45.269431: | route_and_eroute with c: northnet-eastnet/0x2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2
Sep 21 07:16:45.269435: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7
Sep 21 07:16:45.269444: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute)
Sep 21 07:16:45.269447: | IPsec Sa SPD priority set to 1042407
Sep 21 07:16:45.269473: | raw_eroute result=success
Sep 21 07:16:45.269476: | running updown command "ipsec _updown" for verb up 
Sep 21 07:16:45.269479: | command executing up-client
Sep 21 07:16:45.269514: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_
Sep 21 07:16:45.269520: | popen cmd is 1047 chars long
Sep 21 07:16:45.269524: | cmd(   0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x:
Sep 21 07:16:45.269528: | cmd(  80):2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUT:
Sep 21 07:16:45.269531: | cmd( 160):O_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' P:
Sep 21 07:16:45.269535: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUT:
Sep 21 07:16:45.269538: | cmd( 320):O_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@n:
Sep 21 07:16:45.269541: | cmd( 400):orth' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_P:
Sep 21 07:16:45.269545: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT:
Sep 21 07:16:45.269548: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRY:
Sep 21 07:16:45.269552: | cmd( 640):PT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CON:
Sep 21 07:16:45.269555: | cmd( 720):N_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_:
Sep 21 07:16:45.269558: | cmd( 800):CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' :
Sep 21 07:16:45.269562: | cmd( 880):PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' V:
Sep 21 07:16:45.269565: | cmd( 960):TI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xedebe249 SPI_OUT=0x8af9a110 ipsec _updo:
Sep 21 07:16:45.269568: | cmd(1040):wn 2>&1:
Sep 21 07:16:45.287508: | route_and_eroute: firewall_notified: true
Sep 21 07:16:45.287523: | running updown command "ipsec _updown" for verb prepare 
Sep 21 07:16:45.287527: | command executing prepare-client
Sep 21 07:16:45.287560: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED
Sep 21 07:16:45.287569: | popen cmd is 1052 chars long
Sep 21 07:16:45.287572: | cmd(   0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn:
Sep 21 07:16:45.287575: | cmd(  80):et/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23':
Sep 21 07:16:45.287578: | cmd( 160): PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2:
Sep 21 07:16:45.287581: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0':
Sep 21 07:16:45.287584: | cmd( 320): PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_I:
Sep 21 07:16:45.287586: | cmd( 400):D='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PL:
Sep 21 07:16:45.287589: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0':
Sep 21 07:16:45.287591: | cmd( 560): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+:
Sep 21 07:16:45.287594: | cmd( 640):ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUT:
Sep 21 07:16:45.287597: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_:
Sep 21 07:16:45.287600: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE:
Sep 21 07:16:45.287602: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE:
Sep 21 07:16:45.287605: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xedebe249 SPI_OUT=0x8af9a110 ipsec :
Sep 21 07:16:45.287607: | cmd(1040):_updown 2>&1:
Sep 21 07:16:45.297771: | running updown command "ipsec _updown" for verb route 
Sep 21 07:16:45.297789: | command executing route-client
Sep 21 07:16:45.297822: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no
Sep 21 07:16:45.297826: | popen cmd is 1050 chars long
Sep 21 07:16:45.297829: | cmd(   0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet:
Sep 21 07:16:45.297832: | cmd(  80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' P:
Sep 21 07:16:45.297835: | cmd( 160):LUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0:
Sep 21 07:16:45.297841: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P:
Sep 21 07:16:45.297844: | cmd( 320):LUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID=:
Sep 21 07:16:45.297846: | cmd( 400):'@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUT:
Sep 21 07:16:45.297849: | cmd( 480):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P:
Sep 21 07:16:45.297851: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+EN:
Sep 21 07:16:45.297854: | cmd( 640):CRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_:
Sep 21 07:16:45.297857: | cmd( 720):CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PE:
Sep 21 07:16:45.297859: | cmd( 800):ER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=:
Sep 21 07:16:45.297862: | cmd( 880):'' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=':
Sep 21 07:16:45.297865: | cmd( 960):' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xedebe249 SPI_OUT=0x8af9a110 ipsec _u:
Sep 21 07:16:45.297867: | cmd(1040):pdown 2>&1:
Sep 21 07:16:45.311224: | route_and_eroute: instance "northnet-eastnet/0x2", setting eroute_owner {spd=0x5610e9267ee0,sr=0x5610e9267ee0} to #2 (was #0) (newest_ipsec_sa=#0)
Sep 21 07:16:45.311447: |     #1 spent 0.973 milliseconds in install_ipsec_sa()
Sep 21 07:16:45.311456: | ISAKMP_v2_IKE_AUTH: instance northnet-eastnet/0x2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1
Sep 21 07:16:45.311460: | adding 1 bytes of padding (including 1 byte padding-length)
Sep 21 07:16:45.311464: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Sep 21 07:16:45.311467: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Sep 21 07:16:45.311470: | emitting length of IKEv2 Encryption Payload: 197
Sep 21 07:16:45.311473: | emitting length of ISAKMP Message: 225
Sep 21 07:16:45.311494: | ikev2_parent_inI2outR2_continue_tail returned STF_OK
Sep 21 07:16:45.311499: |   #1 spent 3.35 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet()
Sep 21 07:16:45.311507: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:16:45.311512: | start processing: state #2 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:16:45.311517: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK
Sep 21 07:16:45.311520: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R
Sep 21 07:16:45.311523: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA)
Sep 21 07:16:45.311526: | Message ID: updating counters for #2 to 1 after switching state
Sep 21 07:16:45.311532: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1
Sep 21 07:16:45.311537: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1
Sep 21 07:16:45.311540: | pstats #2 ikev2.child established
Sep 21 07:16:45.311548: "northnet-eastnet/0x2" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0]
Sep 21 07:16:45.311553: | NAT-T: encaps is 'auto'
Sep 21 07:16:45.311558: "northnet-eastnet/0x2" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xedebe249 <0x8af9a110 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive}
Sep 21 07:16:45.311563: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500)
Sep 21 07:16:45.311569: | sending 225 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1)
Sep 21 07:16:45.311575: |   e6 a2 5a 27  64 e5 77 c8  03 a4 93 57  cb a7 9e 0f
Sep 21 07:16:45.311578: |   2e 20 23 20  00 00 00 01  00 00 00 e1  24 00 00 c5
Sep 21 07:16:45.311580: |   ad 2d 3c 02  2c 9a 0c 6d  92 0f d8 72  15 2a b4 44
Sep 21 07:16:45.311583: |   31 48 2b e5  a0 87 0b 02  80 7a 31 21  d7 fa 0a b6
Sep 21 07:16:45.311585: |   f6 a1 76 f6  bc 9a 6b 6c  79 43 a3 f2  3f 17 e5 ba
Sep 21 07:16:45.311587: |   8b b3 dd 7d  9b 18 41 9e  d9 ff fd 16  68 8e 28 cb
Sep 21 07:16:45.311589: |   99 fb 9c 16  b6 fa 35 04  88 09 40 d9  f4 be e5 ed
Sep 21 07:16:45.311592: |   d5 ef f1 5a  7f c1 3b dd  cc 81 b5 29  b5 b9 b0 4a
Sep 21 07:16:45.311594: |   c8 07 e8 b6  a9 31 aa 74  e3 c9 26 c9  c8 0b 44 d8
Sep 21 07:16:45.311596: |   3b 7b 4e 23  90 85 e3 40  ce 38 8c a6  d8 a4 ba 61
Sep 21 07:16:45.311599: |   a6 3c fe 2b  bb 7d 96 7b  58 3f ac 0f  43 23 ba 7f
Sep 21 07:16:45.311601: |   79 4d 01 c8  df ab 5b a8  36 e3 ea fe  02 7e da d1
Sep 21 07:16:45.311603: |   6a ad 66 22  74 b5 a5 4d  53 a9 ab d3  e2 c7 73 b9
Sep 21 07:16:45.311606: |   47 e7 00 fc  12 d0 dd 37  91 4f c9 c1  19 33 76 80
Sep 21 07:16:45.311608: |   aa
Sep 21 07:16:45.311659: | releasing whack for #2 (sock=fd@-1)
Sep 21 07:16:45.311663: | releasing whack and unpending for parent #1
Sep 21 07:16:45.311666: | unpending state #1 connection "northnet-eastnet/0x2"
Sep 21 07:16:45.311671: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key)
Sep 21 07:16:45.311675: | event_schedule: new EVENT_SA_REKEY-pe@0x7fc694002b20
Sep 21 07:16:45.311678: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2
Sep 21 07:16:45.311682: | libevent_malloc: new ptr-libevent@0x5610e9271730 size 128
Sep 21 07:16:45.311687: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Sep 21 07:16:45.311693: | #1 spent 3.68 milliseconds in resume sending helper answer
Sep 21 07:16:45.311698: | stop processing: state #2 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833)
Sep 21 07:16:45.311702: | libevent_free: release ptr-libevent@0x7fc68c006b90
Sep 21 07:16:45.311712: | processing signal PLUTO_SIGCHLD
Sep 21 07:16:45.311717: | waitpid returned ECHILD (no child processes left)
Sep 21 07:16:45.311721: | spent 0.005 milliseconds in signal handler PLUTO_SIGCHLD
Sep 21 07:16:45.311724: | processing signal PLUTO_SIGCHLD
Sep 21 07:16:45.311727: | waitpid returned ECHILD (no child processes left)
Sep 21 07:16:45.311731: | spent 0.00349 milliseconds in signal handler PLUTO_SIGCHLD
Sep 21 07:16:45.311733: | processing signal PLUTO_SIGCHLD
Sep 21 07:16:45.311737: | waitpid returned ECHILD (no child processes left)
Sep 21 07:16:45.311740: | spent 0.00332 milliseconds in signal handler PLUTO_SIGCHLD
Sep 21 07:16:45.350738: | spent 0.00296 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Sep 21 07:16:45.350759: | *received 601 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500)
Sep 21 07:16:45.350762: |   e6 a2 5a 27  64 e5 77 c8  03 a4 93 57  cb a7 9e 0f
Sep 21 07:16:45.350765: |   2e 20 24 08  00 00 00 02  00 00 02 59  21 00 02 3d
Sep 21 07:16:45.350767: |   17 2f 55 6a  2f 1b 12 4b  ef 8a 79 65  92 cb 0a 73
Sep 21 07:16:45.350770: |   ea 7d 43 cf  27 a5 77 0a  0a 78 cc 28  b0 01 53 44
Sep 21 07:16:45.350772: |   f5 71 43 25  67 84 b9 41  90 03 37 6c  48 f2 d7 84
Sep 21 07:16:45.350775: |   d8 ea 86 e3  71 03 b7 96  91 7f 49 01  c0 31 fa 77
Sep 21 07:16:45.350777: |   65 c6 2b fc  7f 22 35 a9  f6 80 82 15  3e c8 e1 1c
Sep 21 07:16:45.350779: |   e9 93 f0 cb  15 d1 20 0f  cd bd 42 d4  bd ae b0 1a
Sep 21 07:16:45.350782: |   66 99 d9 1b  cf 2b 1b a9  54 1e 28 e1  20 05 17 a1
Sep 21 07:16:45.350793: |   6b 4b 48 f4  98 23 a1 4a  27 fe a3 72  51 19 ca 90
Sep 21 07:16:45.350796: |   dd a3 ad 4a  9e a0 47 07  09 9f 72 1a  28 34 ea d3
Sep 21 07:16:45.350798: |   70 fe fe df  14 f1 97 79  b8 ff 90 27  f7 0a 98 a8
Sep 21 07:16:45.350800: |   06 b7 03 14  80 42 c0 70  46 fe 20 2a  67 a5 e6 44
Sep 21 07:16:45.350802: |   eb 3e 29 8d  40 91 d1 57  99 94 00 54  55 fc 6d 16
Sep 21 07:16:45.350807: |   76 9e 3b ab  16 42 3a 67  d7 77 67 75  6b 87 1d c8
Sep 21 07:16:45.350809: |   74 7e af 5f  7d cb bd 01  bb af 79 df  a2 5f 2f f4
Sep 21 07:16:45.350811: |   6a b5 89 e5  40 c2 0a 62  52 c5 62 da  d9 43 cf 77
Sep 21 07:16:45.350813: |   48 4e 7c 81  e6 a5 2e 9e  17 e2 9c a9  cc 41 17 df
Sep 21 07:16:45.350816: |   81 df 1b d5  d9 ed b3 4d  57 9d 19 d5  60 dc 76 98
Sep 21 07:16:45.350818: |   35 99 f6 06  c5 d3 aa 00  63 b3 81 40  99 90 14 9f
Sep 21 07:16:45.350820: |   bf 9e 4e ac  11 85 73 5a  59 15 41 e5  c7 10 91 df
Sep 21 07:16:45.350822: |   cf 7e 8b b6  3c 3e 46 cd  98 9c cb f3  8c 5b cb ac
Sep 21 07:16:45.350823: |   b9 f9 2f 8d  9e 1e b2 f4  2c f9 6b 0d  ed d7 ce d2
Sep 21 07:16:45.350825: |   dc 3e 2f 74  3f 82 77 13  1b b5 bd d8  72 ae e8 c9
Sep 21 07:16:45.350826: |   af e7 d9 87  3a 69 b8 9f  15 75 ae f2  80 24 78 c0
Sep 21 07:16:45.350828: |   0b 83 2a 1b  6c 16 d5 ee  22 89 38 ef  c4 2d 1a 91
Sep 21 07:16:45.350829: |   48 2f 9f 1b  ad 78 67 f9  9f d9 c6 13  32 37 a9 4e
Sep 21 07:16:45.350831: |   6e 54 2e e7  99 41 99 03  01 18 56 ff  45 58 62 5c
Sep 21 07:16:45.350832: |   ac fa a0 c1  3b 42 ec d6  86 8f 42 03  e7 5a 86 d2
Sep 21 07:16:45.350833: |   1f 17 da 0f  4a 6b f6 91  81 98 1a 85  b3 c3 85 2f
Sep 21 07:16:45.350835: |   9c f9 88 20  8b aa a9 31  4c 5b f6 9c  bf 3c c0 2b
Sep 21 07:16:45.350836: |   a1 55 9c e4  86 e7 7a b7  55 2b 99 b8  43 64 95 70
Sep 21 07:16:45.350838: |   1d 51 05 f3  af ce 70 f4  f5 08 4a 42  88 cd a8 c2
Sep 21 07:16:45.350839: |   ef fb 50 a3  49 19 80 cb  2c 79 1f c9  b6 9e 13 8a
Sep 21 07:16:45.350841: |   c1 d5 6d c1  32 10 ea e6  e8 e9 40 65  db c1 03 73
Sep 21 07:16:45.350842: |   7b 2e 93 db  77 0c 7a 8a  59 73 60 30  65 c3 a3 56
Sep 21 07:16:45.350844: |   81 35 45 6b  7f 8b f8 4f  fe 9e 02 0c  f5 a1 1c e5
Sep 21 07:16:45.350845: |   5b 2f bd 0d  6a cb 73 7c  a1
Sep 21 07:16:45.350849: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378)
Sep 21 07:16:45.350851: | **parse ISAKMP Message:
Sep 21 07:16:45.350853: |    initiator cookie:
Sep 21 07:16:45.350855: |   e6 a2 5a 27  64 e5 77 c8
Sep 21 07:16:45.350856: |    responder cookie:
Sep 21 07:16:45.350857: |   03 a4 93 57  cb a7 9e 0f
Sep 21 07:16:45.350859: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Sep 21 07:16:45.350861: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:16:45.350863: |    exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24)
Sep 21 07:16:45.350865: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Sep 21 07:16:45.350866: |    Message ID: 2 (0x2)
Sep 21 07:16:45.350868: |    length: 601 (0x259)
Sep 21 07:16:45.350870: |  processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36)
Sep 21 07:16:45.350872: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request 
Sep 21 07:16:45.350876: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa)
Sep 21 07:16:45.350882: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016)
Sep 21 07:16:45.350886: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Sep 21 07:16:45.350890: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064)
Sep 21 07:16:45.350893: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002
Sep 21 07:16:45.350897: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1
Sep 21 07:16:45.350899: | unpacking clear payload
Sep 21 07:16:45.350902: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Sep 21 07:16:45.350905: | ***parse IKEv2 Encryption Payload:
Sep 21 07:16:45.350907: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Sep 21 07:16:45.350910: |    flags: none (0x0)
Sep 21 07:16:45.350912: |    length: 573 (0x23d)
Sep 21 07:16:45.350915: | processing payload: ISAKMP_NEXT_v2SK (len=569)
Sep 21 07:16:45.350919: | Message ID: start-responder #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2
Sep 21 07:16:45.350927: | #1 in state PARENT_R2: received v2I2, PARENT SA established
Sep 21 07:16:45.351008: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success
Sep 21 07:16:45.351014: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Sep 21 07:16:45.351018: | **parse IKEv2 Security Association Payload:
Sep 21 07:16:45.351021: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Sep 21 07:16:45.351023: |    flags: none (0x0)
Sep 21 07:16:45.351026: |    length: 196 (0xc4)
Sep 21 07:16:45.351029: | processing payload: ISAKMP_NEXT_v2SA (len=192)
Sep 21 07:16:45.351031: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Sep 21 07:16:45.351034: | **parse IKEv2 Nonce Payload:
Sep 21 07:16:45.351037: |    next payload type: ISAKMP_NEXT_v2KE (0x22)
Sep 21 07:16:45.351039: |    flags: none (0x0)
Sep 21 07:16:45.351042: |    length: 36 (0x24)
Sep 21 07:16:45.351044: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Sep 21 07:16:45.351047: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Sep 21 07:16:45.351050: | **parse IKEv2 Key Exchange Payload:
Sep 21 07:16:45.351053: |    next payload type: ISAKMP_NEXT_v2TSi (0x2c)
Sep 21 07:16:45.351056: |    flags: none (0x0)
Sep 21 07:16:45.351058: |    length: 264 (0x108)
Sep 21 07:16:45.351061: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:16:45.351064: | processing payload: ISAKMP_NEXT_v2KE (len=256)
Sep 21 07:16:45.351067: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi)
Sep 21 07:16:45.351070: | **parse IKEv2 Traffic Selector - Initiator - Payload:
Sep 21 07:16:45.351072: |    next payload type: ISAKMP_NEXT_v2TSr (0x2d)
Sep 21 07:16:45.351075: |    flags: none (0x0)
Sep 21 07:16:45.351077: |    length: 24 (0x18)
Sep 21 07:16:45.351080: |    number of TS: 1 (0x1)
Sep 21 07:16:45.351083: | processing payload: ISAKMP_NEXT_v2TSi (len=16)
Sep 21 07:16:45.351086: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr)
Sep 21 07:16:45.351088: | **parse IKEv2 Traffic Selector - Responder - Payload:
Sep 21 07:16:45.351091: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:45.351094: |    flags: none (0x0)
Sep 21 07:16:45.351096: |    length: 24 (0x18)
Sep 21 07:16:45.351099: |    number of TS: 1 (0x1)
Sep 21 07:16:45.351101: | processing payload: ISAKMP_NEXT_v2TSr (len=16)
Sep 21 07:16:45.351105: | state #1 forced to match CREATE_CHILD_SA from V2_CREATE_R->V2_IPSEC_R by ignoring from state
Sep 21 07:16:45.351108: | selected state microcode Respond to CREATE_CHILD_SA IPsec SA Request
Sep 21 07:16:45.351115: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668)
Sep 21 07:16:45.351120: | creating state object #3 at 0x5610e9273350
Sep 21 07:16:45.351122: | State DB: adding IKEv2 state #3 in UNDEFINED
Sep 21 07:16:45.351129: | pstats #3 ikev2.child started
Sep 21 07:16:45.351133: | duplicating state object #1 "northnet-eastnet/0x2" as #3 for IPSEC SA
Sep 21 07:16:45.351138: | #3 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481)
Sep 21 07:16:45.351145: | Message ID: init_child #1.#3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1
Sep 21 07:16:45.351148: | child state #3: UNDEFINED(ignore) => V2_CREATE_R(established IKE SA)
Sep 21 07:16:45.351154: | "northnet-eastnet/0x2" #1 received Child SA Request CREATE_CHILD_SA from 192.1.3.33:500 Child "northnet-eastnet/0x2" #3 in STATE_V2_CREATE_R will process it further
Sep 21 07:16:45.351158: | Message ID: switch-from #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2->-1
Sep 21 07:16:45.351162: | Message ID: switch-to #1.#3 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1->2
Sep 21 07:16:45.351165: | forcing ST #1 to CHILD #1.#3 in FSM processor
Sep 21 07:16:45.351167: | Now let's proceed with state specific processing
Sep 21 07:16:45.351170: | calling processor Respond to CREATE_CHILD_SA IPsec SA Request
Sep 21 07:16:45.351177: | create child proposal's DH changed from no-PFS to MODP2048, flushing
Sep 21 07:16:45.351181: | constructing ESP/AH proposals with default DH MODP2048  for northnet-eastnet/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals)
Sep 21 07:16:45.351185: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Sep 21 07:16:45.351192: | ...  ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED
Sep 21 07:16:45.351195: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Sep 21 07:16:45.351199: | ...  ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED
Sep 21 07:16:45.351202: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Sep 21 07:16:45.351207: | ...  ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED
Sep 21 07:16:45.351210: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Sep 21 07:16:45.351214: | ...  ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED
Sep 21 07:16:45.351222: "northnet-eastnet/0x2": constructed local ESP/AH proposals for northnet-eastnet/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED
Sep 21 07:16:45.351226: | Comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 4 local proposals
Sep 21 07:16:45.351230: | local proposal 1 type ENCR has 1 transforms
Sep 21 07:16:45.351232: | local proposal 1 type PRF has 0 transforms
Sep 21 07:16:45.351235: | local proposal 1 type INTEG has 1 transforms
Sep 21 07:16:45.351237: | local proposal 1 type DH has 1 transforms
Sep 21 07:16:45.351240: | local proposal 1 type ESN has 1 transforms
Sep 21 07:16:45.351243: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG
Sep 21 07:16:45.351246: | local proposal 2 type ENCR has 1 transforms
Sep 21 07:16:45.351248: | local proposal 2 type PRF has 0 transforms
Sep 21 07:16:45.351251: | local proposal 2 type INTEG has 1 transforms
Sep 21 07:16:45.351253: | local proposal 2 type DH has 1 transforms
Sep 21 07:16:45.351255: | local proposal 2 type ESN has 1 transforms
Sep 21 07:16:45.351258: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG
Sep 21 07:16:45.351261: | local proposal 3 type ENCR has 1 transforms
Sep 21 07:16:45.351263: | local proposal 3 type PRF has 0 transforms
Sep 21 07:16:45.351266: | local proposal 3 type INTEG has 2 transforms
Sep 21 07:16:45.351268: | local proposal 3 type DH has 1 transforms
Sep 21 07:16:45.351271: | local proposal 3 type ESN has 1 transforms
Sep 21 07:16:45.351274: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none
Sep 21 07:16:45.351277: | local proposal 4 type ENCR has 1 transforms
Sep 21 07:16:45.351279: | local proposal 4 type PRF has 0 transforms
Sep 21 07:16:45.351282: | local proposal 4 type INTEG has 2 transforms
Sep 21 07:16:45.351284: | local proposal 4 type DH has 1 transforms
Sep 21 07:16:45.351287: | local proposal 4 type ESN has 1 transforms
Sep 21 07:16:45.351290: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none
Sep 21 07:16:45.351293: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:16:45.351296: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:16:45.351299: |    length: 40 (0x28)
Sep 21 07:16:45.351301: |    prop #: 1 (0x1)
Sep 21 07:16:45.351304: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:16:45.351306: |    spi size: 4 (0x4)
Sep 21 07:16:45.351309: |    # transforms: 3 (0x3)
Sep 21 07:16:45.351312: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:16:45.351315: | remote SPI  86 c7 d8 53
Sep 21 07:16:45.351320: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..4] of 4 local proposals
Sep 21 07:16:45.351323: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.351326: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.351329: |    length: 12 (0xc)
Sep 21 07:16:45.351331: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:16:45.351334: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:16:45.351337: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:16:45.351340: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:16:45.351343: |    length/value: 256 (0x100)
Sep 21 07:16:45.351348: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Sep 21 07:16:45.351351: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.351353: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.351356: |    length: 8 (0x8)
Sep 21 07:16:45.351358: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.351361: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:16:45.351365: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
Sep 21 07:16:45.351368: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0
Sep 21 07:16:45.351372: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0
Sep 21 07:16:45.351375: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0
Sep 21 07:16:45.351378: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.351381: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:16:45.351383: |    length: 8 (0x8)
Sep 21 07:16:45.351386: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:16:45.351388: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:16:45.351392: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0
Sep 21 07:16:45.351395: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0
Sep 21 07:16:45.351399: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0
Sep 21 07:16:45.351402: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0
Sep 21 07:16:45.351405: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none
Sep 21 07:16:45.351410: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN
Sep 21 07:16:45.351413: | remote proposal 1 matches local proposal 1
Sep 21 07:16:45.351416: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:16:45.351419: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:16:45.351421: |    length: 40 (0x28)
Sep 21 07:16:45.351423: |    prop #: 2 (0x2)
Sep 21 07:16:45.351426: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:16:45.351429: |    spi size: 4 (0x4)
Sep 21 07:16:45.351431: |    # transforms: 3 (0x3)
Sep 21 07:16:45.351434: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:16:45.351437: | remote SPI  86 c7 d8 53
Sep 21 07:16:45.351440: | Comparing remote proposal 2 containing 3 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:16:45.351443: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.351446: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.351448: |    length: 12 (0xc)
Sep 21 07:16:45.351451: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:16:45.351453: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:16:45.351456: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:16:45.351458: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:16:45.351461: |    length/value: 128 (0x80)
Sep 21 07:16:45.351464: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.351466: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.351470: |    length: 8 (0x8)
Sep 21 07:16:45.351473: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.351475: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:16:45.351478: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.351480: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:16:45.351483: |    length: 8 (0x8)
Sep 21 07:16:45.351485: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:16:45.351487: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:16:45.351491: | remote proposal 2 proposed transforms: ENCR+DH+ESN; matched: none; unmatched: ENCR+DH+ESN
Sep 21 07:16:45.351494: | remote proposal 2 does not match; unmatched remote transforms: ENCR+DH+ESN
Sep 21 07:16:45.351496: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:16:45.351499: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:16:45.351501: |    length: 56 (0x38)
Sep 21 07:16:45.351503: |    prop #: 3 (0x3)
Sep 21 07:16:45.351505: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:16:45.351508: |    spi size: 4 (0x4)
Sep 21 07:16:45.351510: |    # transforms: 5 (0x5)
Sep 21 07:16:45.351513: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:16:45.351515: | remote SPI  86 c7 d8 53
Sep 21 07:16:45.351518: | Comparing remote proposal 3 containing 5 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:16:45.351521: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.351523: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.351525: |    length: 12 (0xc)
Sep 21 07:16:45.351527: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:16:45.351530: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:16:45.351532: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:16:45.351535: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:16:45.351537: |    length/value: 256 (0x100)
Sep 21 07:16:45.351539: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.351540: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.351541: |    length: 8 (0x8)
Sep 21 07:16:45.351545: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:16:45.351548: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:16:45.351550: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.351551: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.351553: |    length: 8 (0x8)
Sep 21 07:16:45.351554: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:16:45.351556: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:16:45.351558: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.351559: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.351560: |    length: 8 (0x8)
Sep 21 07:16:45.351562: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.351564: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:16:45.351565: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.351567: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:16:45.351568: |    length: 8 (0x8)
Sep 21 07:16:45.351570: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:16:45.351571: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:16:45.351574: | remote proposal 3 proposed transforms: ENCR+INTEG+DH+ESN; matched: none; unmatched: ENCR+INTEG+DH+ESN
Sep 21 07:16:45.351575: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+DH+ESN
Sep 21 07:16:45.351577: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:16:45.351578: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:16:45.351580: |    length: 56 (0x38)
Sep 21 07:16:45.351581: |    prop #: 4 (0x4)
Sep 21 07:16:45.351583: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:16:45.351584: |    spi size: 4 (0x4)
Sep 21 07:16:45.351586: |    # transforms: 5 (0x5)
Sep 21 07:16:45.351588: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:16:45.351591: | remote SPI  86 c7 d8 53
Sep 21 07:16:45.351592: | Comparing remote proposal 4 containing 5 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:16:45.351594: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.351596: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.351597: |    length: 12 (0xc)
Sep 21 07:16:45.351599: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:16:45.351600: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:16:45.351602: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:16:45.351603: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:16:45.351605: |    length/value: 128 (0x80)
Sep 21 07:16:45.351607: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.351608: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.351610: |    length: 8 (0x8)
Sep 21 07:16:45.351611: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:16:45.351613: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:16:45.351614: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.351616: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.351617: |    length: 8 (0x8)
Sep 21 07:16:45.351619: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:16:45.351620: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:16:45.351622: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.351623: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.351625: |    length: 8 (0x8)
Sep 21 07:16:45.351626: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.351628: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:16:45.351630: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.351631: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:16:45.351633: |    length: 8 (0x8)
Sep 21 07:16:45.351634: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:16:45.351636: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:16:45.351638: | remote proposal 4 proposed transforms: ENCR+INTEG+DH+ESN; matched: none; unmatched: ENCR+INTEG+DH+ESN
Sep 21 07:16:45.351640: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+DH+ESN
Sep 21 07:16:45.351643: "northnet-eastnet/0x2" #1: proposal 1:ESP:SPI=86c7d853;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED
Sep 21 07:16:45.351647: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=86c7d853;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED
Sep 21 07:16:45.351649: | converting proposal to internal trans attrs
Sep 21 07:16:45.351652: | updating #3's .st_oakley with preserved PRF, but why update?
Sep 21 07:16:45.351655: | Child SA TS Request has child->sa == md->st; so using child connection
Sep 21 07:16:45.351656: | TSi: parsing 1 traffic selectors
Sep 21 07:16:45.351658: | ***parse IKEv2 Traffic Selector:
Sep 21 07:16:45.351660: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:16:45.351661: |    IP Protocol ID: 0 (0x0)
Sep 21 07:16:45.351663: |    length: 16 (0x10)
Sep 21 07:16:45.351664: |    start port: 0 (0x0)
Sep 21 07:16:45.351666: |    end port: 65535 (0xffff)
Sep 21 07:16:45.351668: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Sep 21 07:16:45.351669: | TS low  c0 00 03 00
Sep 21 07:16:45.351671: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Sep 21 07:16:45.351672: | TS high  c0 00 03 ff
Sep 21 07:16:45.351674: | TSi: parsed 1 traffic selectors
Sep 21 07:16:45.351676: | TSr: parsing 1 traffic selectors
Sep 21 07:16:45.351678: | ***parse IKEv2 Traffic Selector:
Sep 21 07:16:45.351683: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:16:45.351686: |    IP Protocol ID: 0 (0x0)
Sep 21 07:16:45.351689: |    length: 16 (0x10)
Sep 21 07:16:45.351693: |    start port: 0 (0x0)
Sep 21 07:16:45.351696: |    end port: 65535 (0xffff)
Sep 21 07:16:45.351697: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Sep 21 07:16:45.351699: | TS low  c0 00 02 00
Sep 21 07:16:45.351700: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Sep 21 07:16:45.351702: | TS high  c0 00 02 ff
Sep 21 07:16:45.351703: | TSr: parsed 1 traffic selectors
Sep 21 07:16:45.351705: | looking for best SPD in current connection
Sep 21 07:16:45.351709: | evaluating our conn="northnet-eastnet/0x2" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their:
Sep 21 07:16:45.351712: |     TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:16:45.351716: |         match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32
Sep 21 07:16:45.351718: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Sep 21 07:16:45.351720: |           TSi[0] port match: YES fitness 65536
Sep 21 07:16:45.351722: |         narrow protocol end=*0 == TSi[0]=*0: 0
Sep 21 07:16:45.351724: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Sep 21 07:16:45.351727: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:16:45.351730: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Sep 21 07:16:45.351732: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Sep 21 07:16:45.351733: |           TSr[0] port match: YES fitness 65536
Sep 21 07:16:45.351735: |         narrow protocol end=*0 == TSr[0]=*0: 0
Sep 21 07:16:45.351737: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Sep 21 07:16:45.351738: | best fit so far: TSi[0] TSr[0]
Sep 21 07:16:45.351740: |     found better spd route for TSi[0],TSr[0]
Sep 21 07:16:45.351742: | looking for better host pair
Sep 21 07:16:45.351745: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports
Sep 21 07:16:45.351748: |   checking hostpair 192.0.2.0/24:0 -> 192.0.3.0/24:0 is found
Sep 21 07:16:45.351750: |   investigating connection "northnet-eastnet/0x2" as a better match
Sep 21 07:16:45.351753: |    match_id a=@north
Sep 21 07:16:45.351754: |             b=@north
Sep 21 07:16:45.351756: |    results  matched
Sep 21 07:16:45.351759: | evaluating our conn="northnet-eastnet/0x2" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their:
Sep 21 07:16:45.351762: |     TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:16:45.351765: |         match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32
Sep 21 07:16:45.351767: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Sep 21 07:16:45.351768: |           TSi[0] port match: YES fitness 65536
Sep 21 07:16:45.351770: |         narrow protocol end=*0 == TSi[0]=*0: 0
Sep 21 07:16:45.351772: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Sep 21 07:16:45.351774: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:16:45.351778: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Sep 21 07:16:45.351779: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Sep 21 07:16:45.351781: |           TSr[0] port match: YES fitness 65536
Sep 21 07:16:45.351787: |         narrow protocol end=*0 == TSr[0]=*0: 0
Sep 21 07:16:45.351794: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Sep 21 07:16:45.351796: | best fit so far: TSi[0] TSr[0]
Sep 21 07:16:45.351798: |   investigating connection "northnet-eastnet/0x1" as a better match
Sep 21 07:16:45.351801: |    match_id a=@north
Sep 21 07:16:45.351803: |             b=@north
Sep 21 07:16:45.351804: |    results  matched
Sep 21 07:16:45.351807: | evaluating our conn="northnet-eastnet/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their:
Sep 21 07:16:45.351810: |     TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:16:45.351817: |         match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32
Sep 21 07:16:45.351819: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Sep 21 07:16:45.351820: |           TSi[0] port match: YES fitness 65536
Sep 21 07:16:45.351822: |         narrow protocol end=*0 == TSi[0]=*0: 0
Sep 21 07:16:45.351824: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Sep 21 07:16:45.351826: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:16:45.351829: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Sep 21 07:16:45.351831: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Sep 21 07:16:45.351832: |           TSr[0] port match: YES fitness 65536
Sep 21 07:16:45.351834: |         narrow protocol end=*0 == TSr[0]=*0: 0
Sep 21 07:16:45.351836: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Sep 21 07:16:45.351837: | best fit so far: TSi[0] TSr[0]
Sep 21 07:16:45.351839: |   did not find a better connection using host pair
Sep 21 07:16:45.351841: | printing contents struct traffic_selector
Sep 21 07:16:45.351842: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Sep 21 07:16:45.351844: |   ipprotoid: 0
Sep 21 07:16:45.351846: |   port range: 0-65535
Sep 21 07:16:45.351849: |   ip range: 192.0.2.0-192.0.2.255
Sep 21 07:16:45.351851: | printing contents struct traffic_selector
Sep 21 07:16:45.351852: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Sep 21 07:16:45.351853: |   ipprotoid: 0
Sep 21 07:16:45.351855: |   port range: 0-65535
Sep 21 07:16:45.351857: |   ip range: 192.0.3.0-192.0.3.255
Sep 21 07:16:45.351863: | adding Child Responder KE and nonce nr work-order 3 for state #3
Sep 21 07:16:45.351865: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5610e92667f0
Sep 21 07:16:45.351868: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3
Sep 21 07:16:45.351871: | libevent_malloc: new ptr-libevent@0x7fc68c006b90 size 128
Sep 21 07:16:45.351882: | #3 spent 0.698 milliseconds in processing: Respond to CREATE_CHILD_SA IPsec SA Request in ikev2_process_state_packet()
Sep 21 07:16:45.351886: | crypto helper 2 resuming
Sep 21 07:16:45.351895: | crypto helper 2 starting work-order 3 for state #3
Sep 21 07:16:45.351899: | crypto helper 2 doing build KE and nonce (Child Responder KE and nonce nr); request ID 3
Sep 21 07:16:45.351888: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:16:45.352200: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:16:45.352206: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND
Sep 21 07:16:45.352210: | suspending state #3 and saving MD
Sep 21 07:16:45.352212: | #3 is busy; has a suspended MD
Sep 21 07:16:45.352218: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266)
Sep 21 07:16:45.352221: | "northnet-eastnet/0x2" #3 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3448
Sep 21 07:16:45.352227: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018)
Sep 21 07:16:45.352233: | #1 spent 1.11 milliseconds in ikev2_process_packet()
Sep 21 07:16:45.352237: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380)
Sep 21 07:16:45.352240: | processing: STOP state #0 (in process_md() at demux.c:382)
Sep 21 07:16:45.352243: | processing: STOP connection NULL (in process_md() at demux.c:383)
Sep 21 07:16:45.352247: | spent 1.13 milliseconds in comm_handle_cb() reading and processing packet
Sep 21 07:16:45.352465: | crypto helper 2 finished build KE and nonce (Child Responder KE and nonce nr); request ID 3 time elapsed 0.000566 seconds
Sep 21 07:16:45.352471: | (#3) spent 0.57 milliseconds in crypto helper computing work-order 3: Child Responder KE and nonce nr (pcr)
Sep 21 07:16:45.352476: | crypto helper 2 sending results from work-order 3 for state #3 to event queue
Sep 21 07:16:45.352478: | scheduling resume sending helper answer for #3
Sep 21 07:16:45.352480: | libevent_malloc: new ptr-libevent@0x7fc690006900 size 128
Sep 21 07:16:45.352482: | libevent_realloc: release ptr-libevent@0x5610e9249c20
Sep 21 07:16:45.352484: | libevent_realloc: new ptr-libevent@0x5610e926d1a0 size 128
Sep 21 07:16:45.352491: | crypto helper 2 waiting (nothing to do)
Sep 21 07:16:45.352498: | processing resume sending helper answer for #3
Sep 21 07:16:45.352505: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797)
Sep 21 07:16:45.352509: | crypto helper 2 replies to request ID 3
Sep 21 07:16:45.352512: | calling continuation function 0x5610e81d3630
Sep 21 07:16:45.352515: | ikev2_child_inIoutR_continue for #3 STATE_V2_CREATE_R
Sep 21 07:16:45.352521: | adding DHv2 for child sa work-order 4 for state #3
Sep 21 07:16:45.352524: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Sep 21 07:16:45.352527: | libevent_free: release ptr-libevent@0x7fc68c006b90
Sep 21 07:16:45.352530: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5610e92667f0
Sep 21 07:16:45.352533: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5610e9266890
Sep 21 07:16:45.352536: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3
Sep 21 07:16:45.352539: | libevent_malloc: new ptr-libevent@0x7fc68c006b90 size 128
Sep 21 07:16:45.352548: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:16:45.352552: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND
Sep 21 07:16:45.352555: | suspending state #3 and saving MD
Sep 21 07:16:45.352560: | #3 is busy; has a suspended MD
Sep 21 07:16:45.352554: | crypto helper 4 resuming
Sep 21 07:16:45.352567: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266)
Sep 21 07:16:45.352577: | crypto helper 4 starting work-order 4 for state #3
Sep 21 07:16:45.352582: | "northnet-eastnet/0x2" #3 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3448
Sep 21 07:16:45.352589: | crypto helper 4 doing crypto (DHv2 for child sa); request ID 4
Sep 21 07:16:45.352591: | resume sending helper answer for #3 suppresed complete_v2_state_transition() and stole MD
Sep 21 07:16:45.352596: | #3 spent 0.079 milliseconds in resume sending helper answer
Sep 21 07:16:45.352601: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833)
Sep 21 07:16:45.352604: | libevent_free: release ptr-libevent@0x7fc690006900
Sep 21 07:16:45.353386: | crypto helper 4 finished crypto (DHv2 for child sa); request ID 4 time elapsed 0.000798 seconds
Sep 21 07:16:45.353397: | (#3) spent 0.775 milliseconds in crypto helper computing work-order 4: DHv2 for child sa (dh)
Sep 21 07:16:45.353399: | crypto helper 4 sending results from work-order 4 for state #3 to event queue
Sep 21 07:16:45.353401: | scheduling resume sending helper answer for #3
Sep 21 07:16:45.353404: | libevent_malloc: new ptr-libevent@0x7fc684001ef0 size 128
Sep 21 07:16:45.353409: | crypto helper 4 waiting (nothing to do)
Sep 21 07:16:45.353417: | processing resume sending helper answer for #3
Sep 21 07:16:45.353426: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797)
Sep 21 07:16:45.353431: | crypto helper 4 replies to request ID 4
Sep 21 07:16:45.353433: | calling continuation function 0x5610e81d44f0
Sep 21 07:16:45.353436: | ikev2_child_inIoutR_continue_continue for #3 STATE_V2_CREATE_R
Sep 21 07:16:45.353442: | **emit ISAKMP Message:
Sep 21 07:16:45.353445: |    initiator cookie:
Sep 21 07:16:45.353447: |   e6 a2 5a 27  64 e5 77 c8
Sep 21 07:16:45.353451: |    responder cookie:
Sep 21 07:16:45.353454: |   03 a4 93 57  cb a7 9e 0f
Sep 21 07:16:45.353456: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 21 07:16:45.353459: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:16:45.353461: |    exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24)
Sep 21 07:16:45.353464: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Sep 21 07:16:45.353466: |    Message ID: 2 (0x2)
Sep 21 07:16:45.353469: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Sep 21 07:16:45.353473: | ***emit IKEv2 Encryption Payload:
Sep 21 07:16:45.353476: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:45.353477: |    flags: none (0x0)
Sep 21 07:16:45.353480: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Sep 21 07:16:45.353483: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Sep 21 07:16:45.353486: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Sep 21 07:16:45.353512: | netlink_get_spi: allocated 0xdcead35a for esp.0@192.1.2.23
Sep 21 07:16:45.353515: | Emitting ikev2_proposal ...
Sep 21 07:16:45.353518: | ****emit IKEv2 Security Association Payload:
Sep 21 07:16:45.353521: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:45.353523: |    flags: none (0x0)
Sep 21 07:16:45.353526: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Sep 21 07:16:45.353528: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Sep 21 07:16:45.353531: | *****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:16:45.353533: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:16:45.353535: |    prop #: 1 (0x1)
Sep 21 07:16:45.353538: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:16:45.353540: |    spi size: 4 (0x4)
Sep 21 07:16:45.353542: |    # transforms: 3 (0x3)
Sep 21 07:16:45.353545: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:16:45.353548: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Sep 21 07:16:45.353550: | our spi  dc ea d3 5a
Sep 21 07:16:45.353553: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.353555: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.353557: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:16:45.353560: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:16:45.353562: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:16:45.353565: | *******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:16:45.353568: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:16:45.353570: |    length/value: 256 (0x100)
Sep 21 07:16:45.353573: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:16:45.353575: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.353577: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.353579: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:16:45.353582: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:16:45.353585: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.353588: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:16:45.353590: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:16:45.353593: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:16:45.353595: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:16:45.353597: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:16:45.353602: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:16:45.353605: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:16:45.353607: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:16:45.353610: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:16:45.353613: | emitting length of IKEv2 Proposal Substructure Payload: 40
Sep 21 07:16:45.353615: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:16:45.353618: | emitting length of IKEv2 Security Association Payload: 44
Sep 21 07:16:45.353621: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Sep 21 07:16:45.353623: | ****emit IKEv2 Nonce Payload:
Sep 21 07:16:45.353625: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:45.353628: |    flags: none (0x0)
Sep 21 07:16:45.353631: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Sep 21 07:16:45.353634: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Sep 21 07:16:45.353637: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Sep 21 07:16:45.353640: | IKEv2 nonce  be 7b be 0d  a7 4f 77 a0  c8 1b 06 fa  57 b4 82 44
Sep 21 07:16:45.353642: | IKEv2 nonce  3f 6e b1 13  5c 99 dc 77  21 aa 1d 77  fb f1 ab a1
Sep 21 07:16:45.353645: | emitting length of IKEv2 Nonce Payload: 36
Sep 21 07:16:45.353647: | ****emit IKEv2 Key Exchange Payload:
Sep 21 07:16:45.353650: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:45.353653: |    flags: none (0x0)
Sep 21 07:16:45.353655: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:16:45.353658: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
Sep 21 07:16:45.353661: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
Sep 21 07:16:45.353664: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
Sep 21 07:16:45.353666: | ikev2 g^x  6a f4 30 d5  07 da 5c 13  7d 5b 30 e7  5d ce 12 aa
Sep 21 07:16:45.353669: | ikev2 g^x  7b 49 3d ac  d5 ff 90 64  88 d8 66 e4  f6 3c df fd
Sep 21 07:16:45.353671: | ikev2 g^x  62 9b 2f ae  5a 91 b9 22  64 f6 73 a7  5c 25 6a 74
Sep 21 07:16:45.353673: | ikev2 g^x  7c 7f 4c 7d  54 97 e4 b0  ba be 8d a8  07 ed 72 62
Sep 21 07:16:45.353676: | ikev2 g^x  45 3b 54 04  37 7b 86 50  17 d9 92 82  84 74 da d9
Sep 21 07:16:45.353678: | ikev2 g^x  b8 ec c8 cf  76 f9 c0 71  cb 76 f9 71  a2 a2 bc 32
Sep 21 07:16:45.353680: | ikev2 g^x  7c c7 b2 15  81 4d f9 d5  4d a1 c2 b0  4d 11 cf de
Sep 21 07:16:45.353683: | ikev2 g^x  d1 b4 91 c5  75 fb 66 01  ac 30 59 c9  d4 ce 63 a0
Sep 21 07:16:45.353685: | ikev2 g^x  45 03 ea 71  d9 f4 c0 7c  5c 8f 0d f2  4b 72 95 e0
Sep 21 07:16:45.353688: | ikev2 g^x  e8 54 07 ca  74 59 fb 64  36 fd 8d 3a  f7 b0 1e 25
Sep 21 07:16:45.353690: | ikev2 g^x  04 11 b0 ec  2b ba 3f 05  f2 2b 5c ce  78 69 a6 2b
Sep 21 07:16:45.353693: | ikev2 g^x  7b 78 1f 7b  4d 9f a9 8b  cb e8 c9 8a  88 ca ba f8
Sep 21 07:16:45.353696: | ikev2 g^x  5d 9f 36 45  2a 75 77 3f  6d 48 70 f7  f5 dd 45 72
Sep 21 07:16:45.353698: | ikev2 g^x  66 27 f2 04  58 0d 27 9c  47 1b f7 a1  0b 1f 3a 6e
Sep 21 07:16:45.353700: | ikev2 g^x  4b f6 f2 53  a3 9a 31 32  9c 22 6e 8f  8a 59 d2 ab
Sep 21 07:16:45.353703: | ikev2 g^x  04 52 7d 78  c9 b7 69 d8  ff fe ad e4  95 3c 8c 29
Sep 21 07:16:45.353705: | emitting length of IKEv2 Key Exchange Payload: 264
Sep 21 07:16:45.353709: | ****emit IKEv2 Traffic Selector - Initiator - Payload:
Sep 21 07:16:45.353712: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:45.353714: |    flags: none (0x0)
Sep 21 07:16:45.353718: |    number of TS: 1 (0x1)
Sep 21 07:16:45.353722: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi)
Sep 21 07:16:45.353725: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet'
Sep 21 07:16:45.353727: | *****emit IKEv2 Traffic Selector:
Sep 21 07:16:45.353730: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:16:45.353732: |    IP Protocol ID: 0 (0x0)
Sep 21 07:16:45.353734: |    start port: 0 (0x0)
Sep 21 07:16:45.353737: |    end port: 65535 (0xffff)
Sep 21 07:16:45.353740: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Sep 21 07:16:45.353742: | IP start  c0 00 03 00
Sep 21 07:16:45.353745: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Sep 21 07:16:45.353747: | IP end  c0 00 03 ff
Sep 21 07:16:45.353750: | emitting length of IKEv2 Traffic Selector: 16
Sep 21 07:16:45.353752: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24
Sep 21 07:16:45.353755: | ****emit IKEv2 Traffic Selector - Responder - Payload:
Sep 21 07:16:45.353758: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:45.353760: |    flags: none (0x0)
Sep 21 07:16:45.353762: |    number of TS: 1 (0x1)
Sep 21 07:16:45.353766: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr)
Sep 21 07:16:45.353769: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet'
Sep 21 07:16:45.353771: | *****emit IKEv2 Traffic Selector:
Sep 21 07:16:45.353774: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:16:45.353776: |    IP Protocol ID: 0 (0x0)
Sep 21 07:16:45.353778: |    start port: 0 (0x0)
Sep 21 07:16:45.353781: |    end port: 65535 (0xffff)
Sep 21 07:16:45.353787: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Sep 21 07:16:45.353793: | IP start  c0 00 02 00
Sep 21 07:16:45.353796: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Sep 21 07:16:45.353798: | IP end  c0 00 02 ff
Sep 21 07:16:45.353801: | emitting length of IKEv2 Traffic Selector: 16
Sep 21 07:16:45.353803: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24
Sep 21 07:16:45.353806: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Sep 21 07:16:45.353809: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36
Sep 21 07:16:45.353994: | install_ipsec_sa() for #3: inbound and outbound
Sep 21 07:16:45.353999: | could_route called for northnet-eastnet/0x2 (kind=CK_PERMANENT)
Sep 21 07:16:45.354002: | FOR_EACH_CONNECTION_... in route_owner
Sep 21 07:16:45.354006: |  conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs
Sep 21 07:16:45.354008: |  conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000
Sep 21 07:16:45.354011: |  conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs
Sep 21 07:16:45.354014: |  conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000
Sep 21 07:16:45.354018: | route owner of "northnet-eastnet/0x2" erouted: self; eroute owner: self
Sep 21 07:16:45.354022: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Sep 21 07:16:45.354026: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Sep 21 07:16:45.354029: | AES_GCM_16 requires 4 salt bytes
Sep 21 07:16:45.354031: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Sep 21 07:16:45.354036: | setting IPsec SA replay-window to 32
Sep 21 07:16:45.354040: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x2' not available on interface eth1
Sep 21 07:16:45.354043: | netlink: enabling tunnel mode
Sep 21 07:16:45.354046: | netlink: setting IPsec SA replay-window to 32 using old-style req
Sep 21 07:16:45.354048: | netlink: esp-hw-offload not set for IPsec SA
Sep 21 07:16:45.354134: | netlink response for Add SA esp.86c7d853@192.1.3.33 included non-error error
Sep 21 07:16:45.354141: | set up outgoing SA, ref=0/0
Sep 21 07:16:45.354145: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Sep 21 07:16:45.354148: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Sep 21 07:16:45.354150: | AES_GCM_16 requires 4 salt bytes
Sep 21 07:16:45.354153: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Sep 21 07:16:45.354156: | setting IPsec SA replay-window to 32
Sep 21 07:16:45.354159: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x2' not available on interface eth1
Sep 21 07:16:45.354162: | netlink: enabling tunnel mode
Sep 21 07:16:45.354165: | netlink: setting IPsec SA replay-window to 32 using old-style req
Sep 21 07:16:45.354167: | netlink: esp-hw-offload not set for IPsec SA
Sep 21 07:16:45.354215: | netlink response for Add SA esp.dcead35a@192.1.2.23 included non-error error
Sep 21 07:16:45.354220: | set up incoming SA, ref=0/0
Sep 21 07:16:45.354222: | sr for #3: erouted
Sep 21 07:16:45.354225: | route_and_eroute() for proto 0, and source port 0 dest port 0
Sep 21 07:16:45.354228: | FOR_EACH_CONNECTION_... in route_owner
Sep 21 07:16:45.354231: |  conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs
Sep 21 07:16:45.354233: |  conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000
Sep 21 07:16:45.354236: |  conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs
Sep 21 07:16:45.354239: |  conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000
Sep 21 07:16:45.354242: | route owner of "northnet-eastnet/0x2" erouted: self; eroute owner: self
Sep 21 07:16:45.354246: | route_and_eroute with c: northnet-eastnet/0x2 (next: none) ero:northnet-eastnet/0x2 esr:{(nil)} ro:northnet-eastnet/0x2 rosr:{(nil)} and state: #3
Sep 21 07:16:45.354249: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7
Sep 21 07:16:45.354259: | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 (raw_eroute)
Sep 21 07:16:45.354262: | IPsec Sa SPD priority set to 1042407
Sep 21 07:16:45.354289: | raw_eroute result=success
Sep 21 07:16:45.354293: | route_and_eroute: firewall_notified: true
Sep 21 07:16:45.354296: | route_and_eroute: instance "northnet-eastnet/0x2", setting eroute_owner {spd=0x5610e9267ee0,sr=0x5610e9267ee0} to #3 (was #2) (newest_ipsec_sa=#2)
Sep 21 07:16:45.354357: | #1 spent 0.342 milliseconds in install_ipsec_sa()
Sep 21 07:16:45.354362: | ISAKMP_v2_CREATE_CHILD_SA: instance northnet-eastnet/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #2) (spd.eroute=#3) cloned from #1
Sep 21 07:16:45.354366: | adding 1 bytes of padding (including 1 byte padding-length)
Sep 21 07:16:45.354369: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Sep 21 07:16:45.354372: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Sep 21 07:16:45.354374: | emitting length of IKEv2 Encryption Payload: 421
Sep 21 07:16:45.354377: | emitting length of ISAKMP Message: 449
Sep 21 07:16:45.354394: "northnet-eastnet/0x2" #3: negotiated new IPsec SA [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0]
Sep 21 07:16:45.354401: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:16:45.354405: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_OK
Sep 21 07:16:45.354408: | IKEv2: transition from state STATE_V2_CREATE_R to state STATE_V2_IPSEC_R
Sep 21 07:16:45.354412: | child state #3: V2_CREATE_R(established IKE SA) => V2_IPSEC_R(established CHILD SA)
Sep 21 07:16:45.354415: | Message ID: updating counters for #3 to 2 after switching state
Sep 21 07:16:45.354420: | Message ID: recv #1.#3 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1->2; child: wip.initiator=-1 wip.responder=2->-1
Sep 21 07:16:45.354425: | Message ID: sent #1.#3 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=2; child: wip.initiator=-1 wip.responder=-1
Sep 21 07:16:45.354432: | pstats #3 ikev2.child established
Sep 21 07:16:45.354439: "northnet-eastnet/0x2" #3: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0]
Sep 21 07:16:45.354443: | NAT-T: encaps is 'auto'
Sep 21 07:16:45.354448: "northnet-eastnet/0x2" #3: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x86c7d853 <0xdcead35a xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive}
Sep 21 07:16:45.354453: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500)
Sep 21 07:16:45.354459: | sending 449 bytes for STATE_V2_CREATE_R through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1)
Sep 21 07:16:45.354461: |   e6 a2 5a 27  64 e5 77 c8  03 a4 93 57  cb a7 9e 0f
Sep 21 07:16:45.354464: |   2e 20 24 20  00 00 00 02  00 00 01 c1  21 00 01 a5
Sep 21 07:16:45.354466: |   8b 1d bb c0  ad 5e 68 b7  c2 77 76 c8  3f 99 d9 77
Sep 21 07:16:45.354468: |   de d7 0b c1  9e 7d c6 ad  af 7e 73 7d  bd c6 93 4f
Sep 21 07:16:45.354471: |   41 bc 88 99  fc 56 dc 7e  e7 94 cb b7  c6 93 da 9c
Sep 21 07:16:45.354473: |   26 d3 08 c2  e1 ac 26 c6  e3 40 f7 fe  0d 57 11 21
Sep 21 07:16:45.354475: |   80 c5 8b af  fd a2 2c bc  b5 e1 ab 65  1b e2 4c 1a
Sep 21 07:16:45.354477: |   8d 88 38 33  0b cf 80 50  0b ff 12 ce  60 73 bd 6f
Sep 21 07:16:45.354480: |   41 62 73 54  10 13 3b 0e  e4 5b 4e dc  b6 7f 6c c1
Sep 21 07:16:45.354482: |   90 57 c0 6c  7e 96 33 09  79 42 8e 7b  cc 99 a5 6e
Sep 21 07:16:45.354484: |   0b 73 fb a6  82 89 fd d0  a3 bc 42 92  7f 22 5e 9d
Sep 21 07:16:45.354486: |   3a 40 a1 09  08 7a c9 c6  d0 9a 65 b3  7e 83 4a bd
Sep 21 07:16:45.354488: |   ac 93 88 c8  ac 07 a6 e7  11 c0 a6 d6  3c 33 ba 42
Sep 21 07:16:45.354490: |   2b 52 cb 9e  6d 77 c3 c5  69 71 54 41  63 98 6d 37
Sep 21 07:16:45.354492: |   69 b2 8c 86  6b 79 16 a7  25 fb 84 3f  06 78 86 bf
Sep 21 07:16:45.354495: |   4f 3b b7 39  d8 88 2d 9d  9d 24 1e 81  f9 92 9f 87
Sep 21 07:16:45.354497: |   9c 54 82 dc  90 88 20 14  c9 ae 5a f2  d0 ef 30 d3
Sep 21 07:16:45.354499: |   a6 01 4c 47  2d a5 58 26  93 04 b8 a9  c8 e8 a2 96
Sep 21 07:16:45.354501: |   5e 6e 40 5b  a5 54 02 ae  94 42 f1 f7  34 91 5e 79
Sep 21 07:16:45.354504: |   b6 84 54 1e  8f 7e ac 7e  80 c7 a0 6c  a1 ac 46 f3
Sep 21 07:16:45.354506: |   01 67 ee 98  f2 f4 a3 4f  23 ee 31 9c  be 22 65 b7
Sep 21 07:16:45.354508: |   3a 4a 32 6e  fa 0d 6d 08  c8 2c 58 8c  fe 5b 6c 21
Sep 21 07:16:45.354510: |   2c 18 9b 16  1a 54 d7 a9  16 7f 92 ba  1a 66 b0 a9
Sep 21 07:16:45.354512: |   61 54 c5 1b  9c bb 4a 94  f9 f7 99 cc  f7 f1 4b ff
Sep 21 07:16:45.354515: |   57 26 d0 f7  df ad 73 ed  41 bc 31 e4  86 1d f2 83
Sep 21 07:16:45.354517: |   b9 b4 cd 3a  b7 74 cc 84  26 cb 5a 05  ca e8 ce e1
Sep 21 07:16:45.354519: |   82 88 6e 2a  ff d8 b9 f0  50 db 84 5f  3d 41 e7 57
Sep 21 07:16:45.354522: |   7c cf 5f 39  ef a2 53 ae  6a a6 c8 23  39 2d c8 2e
Sep 21 07:16:45.354524: |   52
Sep 21 07:16:45.354577: | releasing whack for #3 (sock=fd@-1)
Sep 21 07:16:45.354582: | releasing whack and unpending for parent #1
Sep 21 07:16:45.354585: | unpending state #1 connection "northnet-eastnet/0x2"
Sep 21 07:16:45.354589: | #3 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key)
Sep 21 07:16:45.354592: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Sep 21 07:16:45.354595: | libevent_free: release ptr-libevent@0x7fc68c006b90
Sep 21 07:16:45.354598: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5610e9266890
Sep 21 07:16:45.354602: | event_schedule: new EVENT_SA_REKEY-pe@0x7fc690002b20
Sep 21 07:16:45.354606: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #3
Sep 21 07:16:45.354609: | libevent_malloc: new ptr-libevent@0x7fc68c006b90 size 128
Sep 21 07:16:45.354615: | #3 spent 1.13 milliseconds in resume sending helper answer
Sep 21 07:16:45.354620: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833)
Sep 21 07:16:45.354624: | libevent_free: release ptr-libevent@0x7fc684001ef0
Sep 21 07:16:47.820881: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:16:47.820898: | FOR_EACH_STATE_... in show_traffic_status (sort_states)
Sep 21 07:16:47.820902: | FOR_EACH_STATE_... in sort_states
Sep 21 07:16:47.820909: | get_sa_info esp.8af9a110@192.1.2.23
Sep 21 07:16:47.820921: | get_sa_info esp.edebe249@192.1.3.33
Sep 21 07:16:47.820933: | get_sa_info esp.dcead35a@192.1.2.23
Sep 21 07:16:47.820942: | get_sa_info esp.86c7d853@192.1.3.33
Sep 21 07:16:47.820957: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:16:47.820963: | spent 0.0893 milliseconds in whack
Sep 21 07:16:48.089014: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:16:48.089245: | FOR_EACH_CONNECTION_... in show_connections_status
Sep 21 07:16:48.089251: | FOR_EACH_CONNECTION_... in show_connections_status
Sep 21 07:16:48.089358: | FOR_EACH_STATE_... in show_states_status (sort_states)
Sep 21 07:16:48.089363: | FOR_EACH_STATE_... in sort_states
Sep 21 07:16:48.089376: | get_sa_info esp.8af9a110@192.1.2.23
Sep 21 07:16:48.089395: | get_sa_info esp.edebe249@192.1.3.33
Sep 21 07:16:48.089412: | get_sa_info esp.dcead35a@192.1.2.23
Sep 21 07:16:48.089421: | get_sa_info esp.86c7d853@192.1.3.33
Sep 21 07:16:48.089458: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:16:48.089466: | spent 0.461 milliseconds in whack
Sep 21 07:16:49.543353: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:16:49.543378: shutting down
Sep 21 07:16:49.543388: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825)
Sep 21 07:16:49.543392: | pluto_sd: executing action action: stopping(6), status 0
Sep 21 07:16:49.543399: | certs and keys locked by 'free_preshared_secrets'
Sep 21 07:16:49.543401: forgetting secrets
Sep 21 07:16:49.543405: | certs and keys unlocked by 'free_preshared_secrets'
Sep 21 07:16:49.543409: | start processing: connection "northnet-eastnet/0x2" (in delete_connection() at connections.c:189)
Sep 21 07:16:49.543413: | Deleting states for connection - including all other IPsec SA's of this IKE SA
Sep 21 07:16:49.543415: | pass 0
Sep 21 07:16:49.543418: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
Sep 21 07:16:49.543420: | state #3
Sep 21 07:16:49.543423: | suspend processing: connection "northnet-eastnet/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310)
Sep 21 07:16:49.543429: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310)
Sep 21 07:16:49.543432: | pstats #3 ikev2.child deleted completed
Sep 21 07:16:49.543437: | #3 spent 3.25 milliseconds in total
Sep 21 07:16:49.543442: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879)
Sep 21 07:16:49.543447: "northnet-eastnet/0x2" #3: deleting state (STATE_V2_IPSEC_R) aged 4.192s and sending notification
Sep 21 07:16:49.543450: | child state #3: V2_IPSEC_R(established CHILD SA) => delete
Sep 21 07:16:49.543455: | get_sa_info esp.86c7d853@192.1.3.33
Sep 21 07:16:49.543473: | get_sa_info esp.dcead35a@192.1.2.23
Sep 21 07:16:49.543482: "northnet-eastnet/0x2" #3: ESP traffic information: in=336B out=336B
Sep 21 07:16:49.543486: | #3 send IKEv2 delete notification for STATE_V2_IPSEC_R
Sep 21 07:16:49.543489: | Opening output PBS informational exchange delete request
Sep 21 07:16:49.543492: | **emit ISAKMP Message:
Sep 21 07:16:49.543495: |    initiator cookie:
Sep 21 07:16:49.543498: |   e6 a2 5a 27  64 e5 77 c8
Sep 21 07:16:49.543500: |    responder cookie:
Sep 21 07:16:49.543502: |   03 a4 93 57  cb a7 9e 0f
Sep 21 07:16:49.543505: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 21 07:16:49.543508: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:16:49.543511: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Sep 21 07:16:49.543518: |    flags: none (0x0)
Sep 21 07:16:49.543520: |    Message ID: 0 (0x0)
Sep 21 07:16:49.543523: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Sep 21 07:16:49.543527: | ***emit IKEv2 Encryption Payload:
Sep 21 07:16:49.543530: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:49.543533: |    flags: none (0x0)
Sep 21 07:16:49.543536: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Sep 21 07:16:49.543539: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request'
Sep 21 07:16:49.543542: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Sep 21 07:16:49.543553: | ****emit IKEv2 Delete Payload:
Sep 21 07:16:49.543556: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:49.543558: |    flags: none (0x0)
Sep 21 07:16:49.543561: |    protocol ID: PROTO_v2_ESP (0x3)
Sep 21 07:16:49.543564: |    SPI size: 4 (0x4)
Sep 21 07:16:49.543566: |    number of SPIs: 1 (0x1)
Sep 21 07:16:49.543569: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D)
Sep 21 07:16:49.543572: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request'
Sep 21 07:16:49.543576: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload
Sep 21 07:16:49.543578: | local spis  dc ea d3 5a
Sep 21 07:16:49.543581: | emitting length of IKEv2 Delete Payload: 12
Sep 21 07:16:49.543584: | adding 1 bytes of padding (including 1 byte padding-length)
Sep 21 07:16:49.543587: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Sep 21 07:16:49.543591: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Sep 21 07:16:49.543593: | emitting length of IKEv2 Encryption Payload: 41
Sep 21 07:16:49.543596: | emitting length of ISAKMP Message: 69
Sep 21 07:16:49.543621: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3)
Sep 21 07:16:49.543625: |   e6 a2 5a 27  64 e5 77 c8  03 a4 93 57  cb a7 9e 0f
Sep 21 07:16:49.543627: |   2e 20 25 00  00 00 00 00  00 00 00 45  2a 00 00 29
Sep 21 07:16:49.543630: |   2d 76 25 cf  cd d4 81 82  64 ed b2 c9  f8 08 e6 23
Sep 21 07:16:49.543632: |   92 78 8a e1  e1 bf 80 67  41 bf db 08  a7 ad 0d 51
Sep 21 07:16:49.543635: |   bf bf b2 1d  33
Sep 21 07:16:49.543688: | Message ID: IKE #1 sender #3 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0
Sep 21 07:16:49.543692: | Message ID: IKE #1 sender #3 in send_delete hacking around record ' send
Sep 21 07:16:49.543697: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1->0 wip.responder=-1
Sep 21 07:16:49.543700: | state #3 requesting EVENT_SA_REKEY to be deleted
Sep 21 07:16:49.543705: | libevent_free: release ptr-libevent@0x7fc68c006b90
Sep 21 07:16:49.543708: | free_event_entry: release EVENT_SA_REKEY-pe@0x7fc690002b20
Sep 21 07:16:49.543949: | running updown command "ipsec _updown" for verb down 
Sep 21 07:16:49.543959: | command executing down-client
Sep 21 07:16:49.543990: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050205' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA
Sep 21 07:16:49.543997: | popen cmd is 1058 chars long
Sep 21 07:16:49.544001: | cmd(   0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/:
Sep 21 07:16:49.544004: | cmd(  80):0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PL:
Sep 21 07:16:49.544007: | cmd( 160):UTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0':
Sep 21 07:16:49.544010: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL:
Sep 21 07:16:49.544012: | cmd( 320):UTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID=':
Sep 21 07:16:49.544015: | cmd( 400):@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO:
Sep 21 07:16:49.544018: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL:
Sep 21 07:16:49.544021: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050205' PLUTO_CONN_POLICY:
Sep 21 07:16:49.544024: | cmd( 640):='PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO:
Sep 21 07:16:49.544026: | cmd( 720):' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLU:
Sep 21 07:16:49.544029: | cmd( 800):TO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER:
Sep 21 07:16:49.544032: | cmd( 880):_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI:
Sep 21 07:16:49.544035: | cmd( 960):_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x86c7d853 SPI_OUT=0xdcead35a :
Sep 21 07:16:49.544037: | cmd(1040):ipsec _updown 2>&1:
Sep 21 07:16:49.554472: | shunt_eroute() called for connection 'northnet-eastnet/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0
Sep 21 07:16:49.554495: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0
Sep 21 07:16:49.554500: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7
Sep 21 07:16:49.554504: | IPsec Sa SPD priority set to 1042407
Sep 21 07:16:49.554559: | delete esp.86c7d853@192.1.3.33
Sep 21 07:16:49.554597: | netlink response for Del SA esp.86c7d853@192.1.3.33 included non-error error
Sep 21 07:16:49.554602: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7
Sep 21 07:16:49.554611: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute)
Sep 21 07:16:49.555153: | raw_eroute result=success
Sep 21 07:16:49.555164: | delete esp.dcead35a@192.1.2.23
Sep 21 07:16:49.555200: | netlink response for Del SA esp.dcead35a@192.1.2.23 included non-error error
Sep 21 07:16:49.555212: | stop processing: connection "northnet-eastnet/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4037)
Sep 21 07:16:49.555218: | start processing: connection NULL (in update_state_connection() at connections.c:4038)
Sep 21 07:16:49.555221: | in connection_discard for connection northnet-eastnet/0x2
Sep 21 07:16:49.555225: | State DB: deleting IKEv2 state #3 in V2_IPSEC_R
Sep 21 07:16:49.555232: | child state #3: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore)
Sep 21 07:16:49.555260: | stop processing: state #3 from 192.1.3.33:500 (in delete_state() at state.c:1143)
Sep 21 07:16:49.555272: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312)
Sep 21 07:16:49.555276: | state #2
Sep 21 07:16:49.555282: | start processing: state #2 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310)
Sep 21 07:16:49.555286: | pstats #2 ikev2.child deleted completed
Sep 21 07:16:49.555295: | [RE]START processing: state #2 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879)
Sep 21 07:16:49.555303: "northnet-eastnet/0x2" #2: deleting state (STATE_V2_IPSEC_R) aged 4.287s and sending notification
Sep 21 07:16:49.555307: | child state #2: V2_IPSEC_R(established CHILD SA) => delete
Sep 21 07:16:49.555312: | get_sa_info esp.edebe249@192.1.3.33
Sep 21 07:16:49.555324: | get_sa_info esp.8af9a110@192.1.2.23
Sep 21 07:16:49.555333: "northnet-eastnet/0x2" #2: ESP traffic information: in=0B out=0B
Sep 21 07:16:49.555337: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_R
Sep 21 07:16:49.555340: | Opening output PBS informational exchange delete request
Sep 21 07:16:49.555344: | **emit ISAKMP Message:
Sep 21 07:16:49.555346: |    initiator cookie:
Sep 21 07:16:49.555349: |   e6 a2 5a 27  64 e5 77 c8
Sep 21 07:16:49.555351: |    responder cookie:
Sep 21 07:16:49.555353: |   03 a4 93 57  cb a7 9e 0f
Sep 21 07:16:49.555356: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 21 07:16:49.555359: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:16:49.555362: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Sep 21 07:16:49.555365: |    flags: none (0x0)
Sep 21 07:16:49.555368: |    Message ID: 1 (0x1)
Sep 21 07:16:49.555371: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Sep 21 07:16:49.555374: | ***emit IKEv2 Encryption Payload:
Sep 21 07:16:49.555377: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:49.555379: |    flags: none (0x0)
Sep 21 07:16:49.555384: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Sep 21 07:16:49.555387: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request'
Sep 21 07:16:49.555390: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Sep 21 07:16:49.555398: | ****emit IKEv2 Delete Payload:
Sep 21 07:16:49.555401: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:49.555403: |    flags: none (0x0)
Sep 21 07:16:49.555406: |    protocol ID: PROTO_v2_ESP (0x3)
Sep 21 07:16:49.555408: |    SPI size: 4 (0x4)
Sep 21 07:16:49.555410: |    number of SPIs: 1 (0x1)
Sep 21 07:16:49.555414: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D)
Sep 21 07:16:49.555417: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request'
Sep 21 07:16:49.555420: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload
Sep 21 07:16:49.555422: | local spis  8a f9 a1 10
Sep 21 07:16:49.555425: | emitting length of IKEv2 Delete Payload: 12
Sep 21 07:16:49.555428: | adding 1 bytes of padding (including 1 byte padding-length)
Sep 21 07:16:49.555431: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Sep 21 07:16:49.555434: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Sep 21 07:16:49.555437: | emitting length of IKEv2 Encryption Payload: 41
Sep 21 07:16:49.555439: | emitting length of ISAKMP Message: 69
Sep 21 07:16:49.555458: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2)
Sep 21 07:16:49.555461: |   e6 a2 5a 27  64 e5 77 c8  03 a4 93 57  cb a7 9e 0f
Sep 21 07:16:49.555464: |   2e 20 25 00  00 00 00 01  00 00 00 45  2a 00 00 29
Sep 21 07:16:49.555466: |   42 61 10 dd  9a e0 08 4a  4a ed 3e 0b  ff 0e 8e 8c
Sep 21 07:16:49.555468: |   8a bd 71 0f  5a 0f e6 9a  1b d1 c2 d6  9e 55 0a c0
Sep 21 07:16:49.555470: |   0e 98 b6 42  34
Sep 21 07:16:49.555519: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1
Sep 21 07:16:49.555522: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send
Sep 21 07:16:49.555527: | Message ID: #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=1 wip.responder=-1
Sep 21 07:16:49.555534: | Message ID: sent #1 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=0->1 wip.responder=-1
Sep 21 07:16:49.555537: | state #2 requesting EVENT_SA_REKEY to be deleted
Sep 21 07:16:49.555542: | libevent_free: release ptr-libevent@0x5610e9271730
Sep 21 07:16:49.555545: | free_event_entry: release EVENT_SA_REKEY-pe@0x7fc694002b20
Sep 21 07:16:49.555703: | delete esp.edebe249@192.1.3.33
Sep 21 07:16:49.555736: | netlink response for Del SA esp.edebe249@192.1.3.33 included non-error error
Sep 21 07:16:49.555809: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7
Sep 21 07:16:49.555823: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute)
Sep 21 07:16:49.555837: | raw_eroute result=success
Sep 21 07:16:49.555841: | delete esp.8af9a110@192.1.2.23
Sep 21 07:16:49.555868: | netlink response for Del SA esp.8af9a110@192.1.2.23 included non-error error
Sep 21 07:16:49.555937: | in connection_discard for connection northnet-eastnet/0x2
Sep 21 07:16:49.555944: | State DB: deleting IKEv2 state #2 in V2_IPSEC_R
Sep 21 07:16:49.555949: | child state #2: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore)
Sep 21 07:16:49.555955: | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1143)
Sep 21 07:16:49.555960: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312)
Sep 21 07:16:49.555963: | state #1
Sep 21 07:16:49.555966: | pass 1
Sep 21 07:16:49.555969: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
Sep 21 07:16:49.555971: | state #1
Sep 21 07:16:49.555977: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310)
Sep 21 07:16:49.555980: | pstats #1 ikev2.ike deleted completed
Sep 21 07:16:49.555986: | #1 spent 10.4 milliseconds in total
Sep 21 07:16:49.555991: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879)
Sep 21 07:16:49.555995: "northnet-eastnet/0x2" #1: deleting state (STATE_PARENT_R2) aged 4.299s and sending notification
Sep 21 07:16:49.555999: | parent state #1: PARENT_R2(established IKE SA) => delete
Sep 21 07:16:49.556141: | #1 send IKEv2 delete notification for STATE_PARENT_R2
Sep 21 07:16:49.556146: | Opening output PBS informational exchange delete request
Sep 21 07:16:49.556149: | **emit ISAKMP Message:
Sep 21 07:16:49.556152: |    initiator cookie:
Sep 21 07:16:49.556154: |   e6 a2 5a 27  64 e5 77 c8
Sep 21 07:16:49.556156: |    responder cookie:
Sep 21 07:16:49.556159: |   03 a4 93 57  cb a7 9e 0f
Sep 21 07:16:49.556162: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 21 07:16:49.556164: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:16:49.556167: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Sep 21 07:16:49.556170: |    flags: none (0x0)
Sep 21 07:16:49.556172: |    Message ID: 2 (0x2)
Sep 21 07:16:49.556175: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Sep 21 07:16:49.556178: | ***emit IKEv2 Encryption Payload:
Sep 21 07:16:49.556181: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:49.556183: |    flags: none (0x0)
Sep 21 07:16:49.556187: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Sep 21 07:16:49.556190: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request'
Sep 21 07:16:49.556193: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Sep 21 07:16:49.556198: | ****emit IKEv2 Delete Payload:
Sep 21 07:16:49.556201: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:16:49.556203: |    flags: none (0x0)
Sep 21 07:16:49.556206: |    protocol ID: PROTO_v2_IKE (0x1)
Sep 21 07:16:49.556208: |    SPI size: 0 (0x0)
Sep 21 07:16:49.556213: |    number of SPIs: 0 (0x0)
Sep 21 07:16:49.556216: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D)
Sep 21 07:16:49.556219: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request'
Sep 21 07:16:49.556221: | emitting length of IKEv2 Delete Payload: 8
Sep 21 07:16:49.556224: | adding 1 bytes of padding (including 1 byte padding-length)
Sep 21 07:16:49.556227: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Sep 21 07:16:49.556230: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Sep 21 07:16:49.556233: | emitting length of IKEv2 Encryption Payload: 37
Sep 21 07:16:49.556235: | emitting length of ISAKMP Message: 65
Sep 21 07:16:49.556250: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1)
Sep 21 07:16:49.556253: |   e6 a2 5a 27  64 e5 77 c8  03 a4 93 57  cb a7 9e 0f
Sep 21 07:16:49.556256: |   2e 20 25 00  00 00 00 02  00 00 00 41  2a 00 00 25
Sep 21 07:16:49.556258: |   b8 9f 57 22  fb e1 60 82  8f 2e 09 04  0c 8e bd 9c
Sep 21 07:16:49.556260: |   d0 55 c9 84  b9 e2 cd 67  62 d7 09 64  99 42 f6 88
Sep 21 07:16:49.556262: |   a6
Sep 21 07:16:49.556466: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=2->3 and sender msgid=1->2
Sep 21 07:16:49.556472: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send
Sep 21 07:16:49.556477: | Message ID: #1 XXX: expecting sender.wip.initiator 1 == -1 - suspect record'n'send out-of-order?); initiator.sent=2 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=2 wip.responder=-1
Sep 21 07:16:49.556480: | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=1->2 wip.responder=-1
Sep 21 07:16:49.556482: | state #1 requesting EVENT_SA_REKEY to be deleted
Sep 21 07:16:49.556485: | libevent_free: release ptr-libevent@0x5610e926c8e0
Sep 21 07:16:49.556487: | free_event_entry: release EVENT_SA_REKEY-pe@0x5610e926a6a0
Sep 21 07:16:49.556489: | State DB: IKEv2 state not found (flush_incomplete_children)
Sep 21 07:16:49.556491: | in connection_discard for connection northnet-eastnet/0x2
Sep 21 07:16:49.556493: | State DB: deleting IKEv2 state #1 in PARENT_R2
Sep 21 07:16:49.556495: | parent state #1: PARENT_R2(established IKE SA) => UNDEFINED(ignore)
Sep 21 07:16:49.556506: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1143)
Sep 21 07:16:49.556517: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312)
Sep 21 07:16:49.556522: | shunt_eroute() called for connection 'northnet-eastnet/0x2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0
Sep 21 07:16:49.556525: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0
Sep 21 07:16:49.556527: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7
Sep 21 07:16:49.556557: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7
Sep 21 07:16:49.556571: | FOR_EACH_CONNECTION_... in route_owner
Sep 21 07:16:49.556577: |  conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs
Sep 21 07:16:49.556581: |  conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000
Sep 21 07:16:49.556589: |  conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs
Sep 21 07:16:49.556592: |  conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000
Sep 21 07:16:49.556599: | route owner of "northnet-eastnet/0x2" unrouted: NULL
Sep 21 07:16:49.556604: | running updown command "ipsec _updown" for verb unroute 
Sep 21 07:16:49.556607: | command executing unroute-client
Sep 21 07:16:49.556643: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARE
Sep 21 07:16:49.556650: | popen cmd is 1039 chars long
Sep 21 07:16:49.556654: | cmd(   0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn:
Sep 21 07:16:49.556657: | cmd(  80):et/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23':
Sep 21 07:16:49.556660: | cmd( 160): PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2:
Sep 21 07:16:49.556661: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0':
Sep 21 07:16:49.556663: | cmd( 320): PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_:
Sep 21 07:16:49.556665: | cmd( 400):ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' P:
Sep 21 07:16:49.556666: | cmd( 480):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0:
Sep 21 07:16:49.556668: | cmd( 560):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK:
Sep 21 07:16:49.556669: | cmd( 640):+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLU:
Sep 21 07:16:49.556671: | cmd( 720):TO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS:
Sep 21 07:16:49.556673: | cmd( 800):_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANN:
Sep 21 07:16:49.556674: | cmd( 880):ER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFAC:
Sep 21 07:16:49.556676: | cmd( 960):E='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1:
Sep 21 07:16:49.568603: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568618: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568631: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568645: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568658: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568671: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568686: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568715: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568742: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568766: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568840: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568853: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568872: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568884: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568897: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568910: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568925: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568938: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568951: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568964: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568977: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.568991: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.569005: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.569018: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.569424: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.569459: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.569494: unroute-client output: Error: Peer netns reference is invalid.
Sep 21 07:16:49.582331: | flush revival: connection 'northnet-eastnet/0x2' wasn't on the list
Sep 21 07:16:49.582344: | processing: STOP connection NULL (in discard_connection() at connections.c:249)
Sep 21 07:16:49.582354: | start processing: connection "northnet-eastnet/0x1" (in delete_connection() at connections.c:189)
Sep 21 07:16:49.582358: | Deleting states for connection - including all other IPsec SA's of this IKE SA
Sep 21 07:16:49.582361: | pass 0
Sep 21 07:16:49.582363: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
Sep 21 07:16:49.582366: | pass 1
Sep 21 07:16:49.582368: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
Sep 21 07:16:49.582372: | free hp@0x5610e9232920
Sep 21 07:16:49.582375: | flush revival: connection 'northnet-eastnet/0x1' wasn't on the list
Sep 21 07:16:49.582378: | stop processing: connection "northnet-eastnet/0x1" (in discard_connection() at connections.c:249)
Sep 21 07:16:49.582383: | crl fetch request list locked by 'free_crl_fetch'
Sep 21 07:16:49.582386: | crl fetch request list unlocked by 'free_crl_fetch'
Sep 21 07:16:49.582395: shutting down interface lo/lo 127.0.0.1:4500
Sep 21 07:16:49.582399: shutting down interface lo/lo 127.0.0.1:500
Sep 21 07:16:49.582403: shutting down interface eth0/eth0 192.0.2.254:4500
Sep 21 07:16:49.582406: shutting down interface eth0/eth0 192.0.2.254:500
Sep 21 07:16:49.582409: shutting down interface eth1/eth1 192.1.2.23:4500
Sep 21 07:16:49.582412: shutting down interface eth1/eth1 192.1.2.23:500
Sep 21 07:16:49.582416: | FOR_EACH_STATE_... in delete_states_dead_interfaces
Sep 21 07:16:49.582424: | libevent_free: release ptr-libevent@0x5610e9266040
Sep 21 07:16:49.582427: | free_event_entry: release EVENT_NULL-pe@0x5610e924f340
Sep 21 07:16:49.582438: | libevent_free: release ptr-libevent@0x5610e9266130
Sep 21 07:16:49.582440: | free_event_entry: release EVENT_NULL-pe@0x5610e92660f0
Sep 21 07:16:49.582446: | libevent_free: release ptr-libevent@0x5610e9266220
Sep 21 07:16:49.582449: | free_event_entry: release EVENT_NULL-pe@0x5610e92661e0
Sep 21 07:16:49.582455: | libevent_free: release ptr-libevent@0x5610e9266310
Sep 21 07:16:49.582457: | free_event_entry: release EVENT_NULL-pe@0x5610e92662d0
Sep 21 07:16:49.582463: | libevent_free: release ptr-libevent@0x5610e9266400
Sep 21 07:16:49.582466: | free_event_entry: release EVENT_NULL-pe@0x5610e92663c0
Sep 21 07:16:49.582472: | libevent_free: release ptr-libevent@0x5610e92664f0
Sep 21 07:16:49.582475: | free_event_entry: release EVENT_NULL-pe@0x5610e92664b0
Sep 21 07:16:49.582479: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Sep 21 07:16:49.582876: | libevent_free: release ptr-libevent@0x5610e92659a0
Sep 21 07:16:49.582883: | free_event_entry: release EVENT_NULL-pe@0x5610e924e5c0
Sep 21 07:16:49.582887: | libevent_free: release ptr-libevent@0x5610e925b430
Sep 21 07:16:49.582890: | free_event_entry: release EVENT_NULL-pe@0x5610e924e870
Sep 21 07:16:49.582893: | libevent_free: release ptr-libevent@0x5610e925b3a0
Sep 21 07:16:49.582896: | free_event_entry: release EVENT_NULL-pe@0x5610e9253fd0
Sep 21 07:16:49.582899: | global timer EVENT_REINIT_SECRET uninitialized
Sep 21 07:16:49.582901: | global timer EVENT_SHUNT_SCAN uninitialized
Sep 21 07:16:49.582904: | global timer EVENT_PENDING_DDNS uninitialized
Sep 21 07:16:49.582906: | global timer EVENT_PENDING_PHASE2 uninitialized
Sep 21 07:16:49.582911: | global timer EVENT_CHECK_CRLS uninitialized
Sep 21 07:16:49.582914: | global timer EVENT_REVIVE_CONNS uninitialized
Sep 21 07:16:49.582916: | global timer EVENT_FREE_ROOT_CERTS uninitialized
Sep 21 07:16:49.582919: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized
Sep 21 07:16:49.582921: | global timer EVENT_NAT_T_KEEPALIVE uninitialized
Sep 21 07:16:49.582925: | libevent_free: release ptr-libevent@0x5610e9265a70
Sep 21 07:16:49.582928: | signal event handler PLUTO_SIGCHLD uninstalled
Sep 21 07:16:49.582931: | libevent_free: release ptr-libevent@0x5610e9265b50
Sep 21 07:16:49.582934: | signal event handler PLUTO_SIGTERM uninstalled
Sep 21 07:16:49.582936: | libevent_free: release ptr-libevent@0x5610e9265c10
Sep 21 07:16:49.582939: | signal event handler PLUTO_SIGHUP uninstalled
Sep 21 07:16:49.582942: | libevent_free: release ptr-libevent@0x5610e925a7a0
Sep 21 07:16:49.582944: | signal event handler PLUTO_SIGSYS uninstalled
Sep 21 07:16:49.582947: | releasing event base
Sep 21 07:16:49.582958: | libevent_free: release ptr-libevent@0x5610e9265cd0
Sep 21 07:16:49.582961: | libevent_free: release ptr-libevent@0x5610e923b1e0
Sep 21 07:16:49.582964: | libevent_free: release ptr-libevent@0x5610e9249b50
Sep 21 07:16:49.582967: | libevent_free: release ptr-libevent@0x5610e926d1a0
Sep 21 07:16:49.582969: | libevent_free: release ptr-libevent@0x5610e9249b70
Sep 21 07:16:49.582972: | libevent_free: release ptr-libevent@0x5610e9265a30
Sep 21 07:16:49.582974: | libevent_free: release ptr-libevent@0x5610e9265b10
Sep 21 07:16:49.582977: | libevent_free: release ptr-libevent@0x5610e9249c00
Sep 21 07:16:49.582979: | libevent_free: release ptr-libevent@0x5610e9249d60
Sep 21 07:16:49.582981: | libevent_free: release ptr-libevent@0x5610e924e7c0
Sep 21 07:16:49.582984: | libevent_free: release ptr-libevent@0x5610e9266580
Sep 21 07:16:49.582986: | libevent_free: release ptr-libevent@0x5610e9266490
Sep 21 07:16:49.582988: | libevent_free: release ptr-libevent@0x5610e92663a0
Sep 21 07:16:49.582991: | libevent_free: release ptr-libevent@0x5610e92662b0
Sep 21 07:16:49.582993: | libevent_free: release ptr-libevent@0x5610e92661c0
Sep 21 07:16:49.582995: | libevent_free: release ptr-libevent@0x5610e92660d0
Sep 21 07:16:49.582998: | libevent_free: release ptr-libevent@0x5610e91cd370
Sep 21 07:16:49.583000: | libevent_free: release ptr-libevent@0x5610e9265bf0
Sep 21 07:16:49.583002: | libevent_free: release ptr-libevent@0x5610e9265b30
Sep 21 07:16:49.583005: | libevent_free: release ptr-libevent@0x5610e9265a50
Sep 21 07:16:49.583007: | libevent_free: release ptr-libevent@0x5610e9265cb0
Sep 21 07:16:49.583010: | libevent_free: release ptr-libevent@0x5610e91cb6c0
Sep 21 07:16:49.583012: | libevent_free: release ptr-libevent@0x5610e9249b90
Sep 21 07:16:49.583015: | libevent_free: release ptr-libevent@0x5610e9249bc0
Sep 21 07:16:49.583017: | libevent_free: release ptr-libevent@0x5610e92498b0
Sep 21 07:16:49.583019: | releasing global libevent data
Sep 21 07:16:49.583022: | libevent_free: release ptr-libevent@0x5610e92485a0
Sep 21 07:16:49.583025: | libevent_free: release ptr-libevent@0x5610e9249850
Sep 21 07:16:49.583028: | libevent_free: release ptr-libevent@0x5610e9249880