Sep 21 07:16:44.692699: FIPS Product: YES Sep 21 07:16:44.692734: FIPS Kernel: NO Sep 21 07:16:44.692737: FIPS Mode: NO Sep 21 07:16:44.692740: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:16:44.692911: Initializing NSS Sep 21 07:16:44.692917: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:16:44.732277: NSS initialized Sep 21 07:16:44.732288: NSS crypto library initialized Sep 21 07:16:44.732290: FIPS HMAC integrity support [enabled] Sep 21 07:16:44.732292: FIPS mode disabled for pluto daemon Sep 21 07:16:44.806546: FIPS HMAC integrity verification self-test FAILED Sep 21 07:16:44.806642: libcap-ng support [enabled] Sep 21 07:16:44.806650: Linux audit support [enabled] Sep 21 07:16:44.806674: Linux audit activated Sep 21 07:16:44.806681: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:22550 Sep 21 07:16:44.806684: core dump dir: /tmp Sep 21 07:16:44.806686: secrets file: /etc/ipsec.secrets Sep 21 07:16:44.806688: leak-detective disabled Sep 21 07:16:44.806691: NSS crypto [enabled] Sep 21 07:16:44.806692: XAUTH PAM support [enabled] Sep 21 07:16:44.806767: | libevent is using pluto's memory allocator Sep 21 07:16:44.806776: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:16:44.806794: | libevent_malloc: new ptr-libevent@0x564cd0417600 size 40 Sep 21 07:16:44.806800: | libevent_malloc: new ptr-libevent@0x564cd04188b0 size 40 Sep 21 07:16:44.806803: | libevent_malloc: new ptr-libevent@0x564cd04188e0 size 40 Sep 21 07:16:44.806805: | creating event base Sep 21 07:16:44.806808: | libevent_malloc: new ptr-libevent@0x564cd0418870 size 56 Sep 21 07:16:44.806811: | libevent_malloc: new ptr-libevent@0x564cd0418910 size 664 Sep 21 07:16:44.806829: | libevent_malloc: new ptr-libevent@0x564cd0418bb0 size 24 Sep 21 07:16:44.806833: | libevent_malloc: new ptr-libevent@0x564cd040a240 size 384 Sep 21 07:16:44.806842: | libevent_malloc: new ptr-libevent@0x564cd0418bd0 size 16 Sep 21 07:16:44.806844: | libevent_malloc: new ptr-libevent@0x564cd0418bf0 size 40 Sep 21 07:16:44.806847: | libevent_malloc: new ptr-libevent@0x564cd0418c20 size 48 Sep 21 07:16:44.806853: | libevent_realloc: new ptr-libevent@0x564cd039c370 size 256 Sep 21 07:16:44.806856: | libevent_malloc: new ptr-libevent@0x564cd0418c60 size 16 Sep 21 07:16:44.806862: | libevent_free: release ptr-libevent@0x564cd0418870 Sep 21 07:16:44.806866: | libevent initialized Sep 21 07:16:44.806870: | libevent_realloc: new ptr-libevent@0x564cd0418c80 size 64 Sep 21 07:16:44.806876: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:16:44.806891: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:16:44.806893: NAT-Traversal support [enabled] Sep 21 07:16:44.806896: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:16:44.806902: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:16:44.806905: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:16:44.806941: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:16:44.806945: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:16:44.806948: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:16:44.807000: Encryption algorithms: Sep 21 07:16:44.807007: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:16:44.807010: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:16:44.807014: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:16:44.807017: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:16:44.807021: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:16:44.807029: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:16:44.807034: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:16:44.807037: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:16:44.807041: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:16:44.807044: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:16:44.807048: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:16:44.807051: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:16:44.807055: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:16:44.807059: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:16:44.807062: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:16:44.807065: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:16:44.807068: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:16:44.807079: Hash algorithms: Sep 21 07:16:44.807081: MD5 IKEv1: IKE IKEv2: Sep 21 07:16:44.807084: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:16:44.807087: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:16:44.807090: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:16:44.807093: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:16:44.807106: PRF algorithms: Sep 21 07:16:44.807109: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:16:44.807112: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:16:44.807116: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:16:44.807119: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:16:44.807122: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:16:44.807125: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:16:44.807149: Integrity algorithms: Sep 21 07:16:44.807152: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:16:44.807156: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:16:44.807160: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:16:44.807164: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:16:44.807168: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:16:44.807171: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:16:44.807174: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:16:44.807177: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:16:44.807180: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:16:44.807192: DH algorithms: Sep 21 07:16:44.807195: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:16:44.807198: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:16:44.807201: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:16:44.807206: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:16:44.807209: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:16:44.807211: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:16:44.807214: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:16:44.807217: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:16:44.807220: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:16:44.807223: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:16:44.807226: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:16:44.807229: testing CAMELLIA_CBC: Sep 21 07:16:44.807231: Camellia: 16 bytes with 128-bit key Sep 21 07:16:44.807356: Camellia: 16 bytes with 128-bit key Sep 21 07:16:44.807386: Camellia: 16 bytes with 256-bit key Sep 21 07:16:44.807417: Camellia: 16 bytes with 256-bit key Sep 21 07:16:44.807445: testing AES_GCM_16: Sep 21 07:16:44.807448: empty string Sep 21 07:16:44.807475: one block Sep 21 07:16:44.807499: two blocks Sep 21 07:16:44.807525: two blocks with associated data Sep 21 07:16:44.807550: testing AES_CTR: Sep 21 07:16:44.807552: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:16:44.807579: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:16:44.807606: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:16:44.807633: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:16:44.807659: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:16:44.807686: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:16:44.807714: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:16:44.807739: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:16:44.807767: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:16:44.807798: testing AES_CBC: Sep 21 07:16:44.807803: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:16:44.807830: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:16:44.807858: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:16:44.807887: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:16:44.807921: testing AES_XCBC: Sep 21 07:16:44.807923: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:16:44.808045: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:16:44.808176: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:16:44.808300: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:16:44.808427: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:16:44.808555: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:16:44.808687: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:16:44.808986: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:16:44.809116: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:16:44.809254: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:16:44.809492: testing HMAC_MD5: Sep 21 07:16:44.809495: RFC 2104: MD5_HMAC test 1 Sep 21 07:16:44.809669: RFC 2104: MD5_HMAC test 2 Sep 21 07:16:44.809846: RFC 2104: MD5_HMAC test 3 Sep 21 07:16:44.810031: 8 CPU cores online Sep 21 07:16:44.810035: starting up 7 crypto helpers Sep 21 07:16:44.810073: started thread for crypto helper 0 Sep 21 07:16:44.810230: | starting up helper thread 0 Sep 21 07:16:44.810242: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:16:44.810246: | crypto helper 0 waiting (nothing to do) Sep 21 07:16:44.810387: started thread for crypto helper 1 Sep 21 07:16:44.810422: started thread for crypto helper 2 Sep 21 07:16:44.810441: started thread for crypto helper 3 Sep 21 07:16:44.810460: started thread for crypto helper 4 Sep 21 07:16:44.810475: started thread for crypto helper 5 Sep 21 07:16:44.810495: started thread for crypto helper 6 Sep 21 07:16:44.810503: | checking IKEv1 state table Sep 21 07:16:44.810510: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:44.810512: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:16:44.810518: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:44.810521: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:16:44.810523: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:16:44.810525: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:16:44.810528: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:44.810530: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:44.810532: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:16:44.810535: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:16:44.810537: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:44.810539: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:16:44.810541: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:16:44.810544: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:44.810546: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:44.810548: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:44.810551: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:16:44.810553: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:44.810555: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:44.810557: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:16:44.810560: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:16:44.810562: | -> UNDEFINED EVENT_NULL Sep 21 07:16:44.810565: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:16:44.810567: | -> UNDEFINED EVENT_NULL Sep 21 07:16:44.810570: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:44.810572: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:16:44.810574: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:44.810577: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:44.810579: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:16:44.810581: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:16:44.810583: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:44.810585: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:16:44.810588: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:16:44.810590: | -> UNDEFINED EVENT_NULL Sep 21 07:16:44.810593: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:16:44.810595: | -> UNDEFINED EVENT_NULL Sep 21 07:16:44.810597: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:16:44.810600: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:16:44.810602: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:16:44.810605: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:16:44.810607: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:16:44.810609: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:16:44.810612: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:16:44.810614: | -> UNDEFINED EVENT_NULL Sep 21 07:16:44.810617: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:16:44.810619: | -> UNDEFINED EVENT_NULL Sep 21 07:16:44.810622: | INFO: category: informational flags: 0: Sep 21 07:16:44.810624: | -> UNDEFINED EVENT_NULL Sep 21 07:16:44.810626: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:16:44.810629: | -> UNDEFINED EVENT_NULL Sep 21 07:16:44.810631: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:16:44.810633: | -> XAUTH_R1 EVENT_NULL Sep 21 07:16:44.810636: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:16:44.810638: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:16:44.810641: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:16:44.810643: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:16:44.810646: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:16:44.810648: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:16:44.810653: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:16:44.810655: | -> UNDEFINED EVENT_NULL Sep 21 07:16:44.810658: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:16:44.810660: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:16:44.810663: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:16:44.810665: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:16:44.810668: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:16:44.810670: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:16:44.810675: | checking IKEv2 state table Sep 21 07:16:44.810681: | PARENT_I0: category: ignore flags: 0: Sep 21 07:16:44.810684: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:16:44.810687: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:16:44.810689: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:16:44.810692: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:16:44.810695: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:16:44.810698: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:16:44.810700: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:16:44.810703: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:16:44.810705: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:16:44.810708: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:16:44.810711: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:16:44.810713: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:16:44.810715: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:16:44.810718: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:16:44.810720: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:16:44.810723: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:16:44.810725: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:16:44.810728: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:16:44.810731: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:16:44.810733: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:16:44.810736: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:16:44.810738: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:16:44.810741: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:16:44.810743: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:16:44.810746: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:16:44.810748: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:16:44.810751: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:16:44.810754: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:16:44.810756: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:16:44.810759: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:16:44.810762: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:44.810764: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:16:44.810767: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:16:44.810770: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:16:44.810772: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:16:44.810775: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:16:44.810780: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:16:44.810786: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:16:44.810792: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:16:44.810795: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:16:44.810797: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:16:44.810800: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:16:44.810803: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:16:44.810806: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:16:44.810808: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:16:44.810811: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:16:44.810893: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:16:44.811324: | Hard-wiring algorithms Sep 21 07:16:44.811328: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:16:44.811332: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:16:44.811334: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:16:44.811337: | adding 3DES_CBC to kernel algorithm db Sep 21 07:16:44.811339: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:16:44.811341: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:16:44.811343: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:16:44.811346: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:16:44.811348: | adding AES_CTR to kernel algorithm db Sep 21 07:16:44.811350: | adding AES_CBC to kernel algorithm db Sep 21 07:16:44.811352: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:16:44.811355: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:16:44.811357: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:16:44.811360: | adding NULL to kernel algorithm db Sep 21 07:16:44.811362: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:16:44.811365: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:16:44.811367: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:16:44.811370: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:16:44.811372: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:16:44.811374: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:16:44.811377: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:16:44.811379: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:16:44.811381: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:16:44.811384: | adding NONE to kernel algorithm db Sep 21 07:16:44.811403: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:16:44.811410: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:16:44.811412: | setup kernel fd callback Sep 21 07:16:44.811415: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x564cd0423030 Sep 21 07:16:44.811419: | libevent_malloc: new ptr-libevent@0x564cd042a480 size 128 Sep 21 07:16:44.811422: | libevent_malloc: new ptr-libevent@0x564cd041e2a0 size 16 Sep 21 07:16:44.811428: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x564cd041d8d0 Sep 21 07:16:44.811430: | libevent_malloc: new ptr-libevent@0x564cd042a510 size 128 Sep 21 07:16:44.811433: | libevent_malloc: new ptr-libevent@0x564cd0418cd0 size 16 Sep 21 07:16:44.811671: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:16:44.811679: selinux support is enabled. Sep 21 07:16:44.812090: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:16:44.812264: | unbound context created - setting debug level to 5 Sep 21 07:16:44.812295: | /etc/hosts lookups activated Sep 21 07:16:44.812310: | /etc/resolv.conf usage activated Sep 21 07:16:44.810388: | starting up helper thread 1 Sep 21 07:16:44.812375: | outgoing-port-avoid set 0-65535 Sep 21 07:16:44.812701: | starting up helper thread 2 Sep 21 07:16:44.813719: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:16:44.813727: | crypto helper 2 waiting (nothing to do) Sep 21 07:16:44.812707: | starting up helper thread 3 Sep 21 07:16:44.813739: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:16:44.813742: | crypto helper 3 waiting (nothing to do) Sep 21 07:16:44.812711: | starting up helper thread 4 Sep 21 07:16:44.813753: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:16:44.813756: | crypto helper 4 waiting (nothing to do) Sep 21 07:16:44.812714: | starting up helper thread 5 Sep 21 07:16:44.813768: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:16:44.813771: | crypto helper 5 waiting (nothing to do) Sep 21 07:16:44.812718: | starting up helper thread 6 Sep 21 07:16:44.813791: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:16:44.813797: | crypto helper 6 waiting (nothing to do) Sep 21 07:16:44.813829: | outgoing-port-permit set 32768-60999 Sep 21 07:16:44.813832: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:16:44.813836: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:16:44.813840: | Setting up events, loop start Sep 21 07:16:44.813843: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x564cd041d620 Sep 21 07:16:44.813847: | libevent_malloc: new ptr-libevent@0x564cd0434a80 size 128 Sep 21 07:16:44.813852: | libevent_malloc: new ptr-libevent@0x564cd0434b10 size 16 Sep 21 07:16:44.813859: | libevent_realloc: new ptr-libevent@0x564cd039a6c0 size 256 Sep 21 07:16:44.813863: | libevent_malloc: new ptr-libevent@0x564cd0434b30 size 8 Sep 21 07:16:44.813867: | libevent_realloc: new ptr-libevent@0x564cd0429800 size 144 Sep 21 07:16:44.813870: | libevent_malloc: new ptr-libevent@0x564cd0434b50 size 152 Sep 21 07:16:44.813874: | libevent_malloc: new ptr-libevent@0x564cd0434bf0 size 16 Sep 21 07:16:44.813878: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:16:44.813881: | libevent_malloc: new ptr-libevent@0x564cd0434c10 size 8 Sep 21 07:16:44.813884: | libevent_malloc: new ptr-libevent@0x564cd0434c30 size 152 Sep 21 07:16:44.813887: | signal event handler PLUTO_SIGTERM installed Sep 21 07:16:44.813891: | libevent_malloc: new ptr-libevent@0x564cd0434cd0 size 8 Sep 21 07:16:44.813894: | libevent_malloc: new ptr-libevent@0x564cd0434cf0 size 152 Sep 21 07:16:44.813897: | signal event handler PLUTO_SIGHUP installed Sep 21 07:16:44.813900: | libevent_malloc: new ptr-libevent@0x564cd0434d90 size 8 Sep 21 07:16:44.813903: | libevent_realloc: release ptr-libevent@0x564cd0429800 Sep 21 07:16:44.813906: | libevent_realloc: new ptr-libevent@0x564cd0434db0 size 256 Sep 21 07:16:44.813909: | libevent_malloc: new ptr-libevent@0x564cd0429800 size 152 Sep 21 07:16:44.813912: | signal event handler PLUTO_SIGSYS installed Sep 21 07:16:44.814274: | created addconn helper (pid:22683) using fork+execve Sep 21 07:16:44.814288: | forked child 22683 Sep 21 07:16:44.814326: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:44.814345: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:44.814351: listening for IKE messages Sep 21 07:16:44.814490: | Inspecting interface lo Sep 21 07:16:44.814497: | found lo with address 127.0.0.1 Sep 21 07:16:44.814500: | Inspecting interface eth0 Sep 21 07:16:44.814505: | found eth0 with address 192.0.3.254 Sep 21 07:16:44.814507: | Inspecting interface eth1 Sep 21 07:16:44.814511: | found eth1 with address 192.1.3.33 Sep 21 07:16:44.814557: Kernel supports NIC esp-hw-offload Sep 21 07:16:44.814575: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Sep 21 07:16:44.813701: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:16:44.814605: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:44.814615: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:44.814625: adding interface eth1/eth1 192.1.3.33:4500 Sep 21 07:16:44.814616: | crypto helper 1 waiting (nothing to do) Sep 21 07:16:44.841353: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Sep 21 07:16:44.841410: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:44.841417: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:44.841422: adding interface eth0/eth0 192.0.3.254:4500 Sep 21 07:16:44.841455: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:16:44.841479: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:16:44.841484: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:16:44.841488: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:16:44.841542: | no interfaces to sort Sep 21 07:16:44.841546: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:16:44.841555: | add_fd_read_event_handler: new ethX-pe@0x564cd041e3a0 Sep 21 07:16:44.841560: | libevent_malloc: new ptr-libevent@0x564cd0435120 size 128 Sep 21 07:16:44.841565: | libevent_malloc: new ptr-libevent@0x564cd04351b0 size 16 Sep 21 07:16:44.841574: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:16:44.841576: | add_fd_read_event_handler: new ethX-pe@0x564cd04351d0 Sep 21 07:16:44.841579: | libevent_malloc: new ptr-libevent@0x564cd0435210 size 128 Sep 21 07:16:44.841582: | libevent_malloc: new ptr-libevent@0x564cd04352a0 size 16 Sep 21 07:16:44.841586: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:16:44.841590: | add_fd_read_event_handler: new ethX-pe@0x564cd04352c0 Sep 21 07:16:44.841592: | libevent_malloc: new ptr-libevent@0x564cd0435300 size 128 Sep 21 07:16:44.841595: | libevent_malloc: new ptr-libevent@0x564cd0435390 size 16 Sep 21 07:16:44.841600: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:16:44.841602: | add_fd_read_event_handler: new ethX-pe@0x564cd04353b0 Sep 21 07:16:44.841605: | libevent_malloc: new ptr-libevent@0x564cd04353f0 size 128 Sep 21 07:16:44.841607: | libevent_malloc: new ptr-libevent@0x564cd0435480 size 16 Sep 21 07:16:44.841612: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:16:44.841615: | add_fd_read_event_handler: new ethX-pe@0x564cd04354a0 Sep 21 07:16:44.841617: | libevent_malloc: new ptr-libevent@0x564cd04354e0 size 128 Sep 21 07:16:44.841619: | libevent_malloc: new ptr-libevent@0x564cd0435570 size 16 Sep 21 07:16:44.841623: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:16:44.841625: | add_fd_read_event_handler: new ethX-pe@0x564cd0435590 Sep 21 07:16:44.841627: | libevent_malloc: new ptr-libevent@0x564cd04355d0 size 128 Sep 21 07:16:44.841629: | libevent_malloc: new ptr-libevent@0x564cd0435660 size 16 Sep 21 07:16:44.841633: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:16:44.841638: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:44.841640: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:44.841663: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:44.841672: | id type added to secret(0x564cd042a660) PKK_PSK: @east Sep 21 07:16:44.841675: | id type added to secret(0x564cd042a660) PKK_PSK: @north Sep 21 07:16:44.841680: | Processing PSK at line 1: passed Sep 21 07:16:44.841682: | certs and keys locked by 'process_secret' Sep 21 07:16:44.841684: | certs and keys unlocked by 'process_secret' Sep 21 07:16:44.841689: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:44.841698: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:44.841706: | spent 0.684 milliseconds in whack Sep 21 07:16:44.854631: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:44.854654: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:16:44.854660: listening for IKE messages Sep 21 07:16:44.864916: | Inspecting interface lo Sep 21 07:16:44.864944: | found lo with address 127.0.0.1 Sep 21 07:16:44.864948: | Inspecting interface eth0 Sep 21 07:16:44.864952: | found eth0 with address 192.0.3.254 Sep 21 07:16:44.864954: | Inspecting interface eth1 Sep 21 07:16:44.864958: | found eth1 with address 192.1.3.33 Sep 21 07:16:44.865018: | no interfaces to sort Sep 21 07:16:44.865029: | libevent_free: release ptr-libevent@0x564cd0435120 Sep 21 07:16:44.865033: | free_event_entry: release EVENT_NULL-pe@0x564cd041e3a0 Sep 21 07:16:44.865036: | add_fd_read_event_handler: new ethX-pe@0x564cd041e3a0 Sep 21 07:16:44.865039: | libevent_malloc: new ptr-libevent@0x564cd0435120 size 128 Sep 21 07:16:44.865047: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:16:44.865050: | libevent_free: release ptr-libevent@0x564cd0435210 Sep 21 07:16:44.865053: | free_event_entry: release EVENT_NULL-pe@0x564cd04351d0 Sep 21 07:16:44.865055: | add_fd_read_event_handler: new ethX-pe@0x564cd04351d0 Sep 21 07:16:44.865057: | libevent_malloc: new ptr-libevent@0x564cd0435210 size 128 Sep 21 07:16:44.865062: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:16:44.865065: | libevent_free: release ptr-libevent@0x564cd0435300 Sep 21 07:16:44.865067: | free_event_entry: release EVENT_NULL-pe@0x564cd04352c0 Sep 21 07:16:44.865069: | add_fd_read_event_handler: new ethX-pe@0x564cd04352c0 Sep 21 07:16:44.865071: | libevent_malloc: new ptr-libevent@0x564cd0435300 size 128 Sep 21 07:16:44.865075: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:16:44.865079: | libevent_free: release ptr-libevent@0x564cd04353f0 Sep 21 07:16:44.865081: | free_event_entry: release EVENT_NULL-pe@0x564cd04353b0 Sep 21 07:16:44.865083: | add_fd_read_event_handler: new ethX-pe@0x564cd04353b0 Sep 21 07:16:44.865085: | libevent_malloc: new ptr-libevent@0x564cd04353f0 size 128 Sep 21 07:16:44.865089: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:16:44.865093: | libevent_free: release ptr-libevent@0x564cd04354e0 Sep 21 07:16:44.865095: | free_event_entry: release EVENT_NULL-pe@0x564cd04354a0 Sep 21 07:16:44.865097: | add_fd_read_event_handler: new ethX-pe@0x564cd04354a0 Sep 21 07:16:44.865100: | libevent_malloc: new ptr-libevent@0x564cd04354e0 size 128 Sep 21 07:16:44.865124: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:16:44.865132: | libevent_free: release ptr-libevent@0x564cd04355d0 Sep 21 07:16:44.865137: | free_event_entry: release EVENT_NULL-pe@0x564cd0435590 Sep 21 07:16:44.865143: | add_fd_read_event_handler: new ethX-pe@0x564cd0435590 Sep 21 07:16:44.865149: | libevent_malloc: new ptr-libevent@0x564cd04355d0 size 128 Sep 21 07:16:44.865157: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:16:44.865162: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:44.865167: forgetting secrets Sep 21 07:16:44.865185: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:44.865209: loading secrets from "/etc/ipsec.secrets" Sep 21 07:16:44.865222: | id type added to secret(0x564cd042a660) PKK_PSK: @east Sep 21 07:16:44.865228: | id type added to secret(0x564cd042a660) PKK_PSK: @north Sep 21 07:16:44.865236: | Processing PSK at line 1: passed Sep 21 07:16:44.865240: | certs and keys locked by 'process_secret' Sep 21 07:16:44.865242: | certs and keys unlocked by 'process_secret' Sep 21 07:16:44.865247: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:16:44.865255: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:44.865263: | spent 0.436 milliseconds in whack Sep 21 07:16:44.866294: | processing signal PLUTO_SIGCHLD Sep 21 07:16:44.866310: | waitpid returned pid 22683 (exited with status 0) Sep 21 07:16:44.866314: | reaped addconn helper child (status 0) Sep 21 07:16:44.866318: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:44.866323: | spent 0.016 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:44.954988: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:44.955009: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:44.955012: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:44.955013: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:44.955015: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:44.955018: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:44.955024: | Added new connection northnet-eastnet/0x1 with policy PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:44.955060: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:16:44.955064: | from whack: got --esp= Sep 21 07:16:44.955086: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:16:44.955090: | counting wild cards for @north is 0 Sep 21 07:16:44.955092: | counting wild cards for @east is 0 Sep 21 07:16:44.955099: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:16:44.955102: | new hp@0x564cd0401980 Sep 21 07:16:44.955105: added connection description "northnet-eastnet/0x1" Sep 21 07:16:44.955112: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:44.955120: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:16:44.955125: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:44.955129: | spent 0.149 milliseconds in whack Sep 21 07:16:44.955202: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:44.955214: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:44.955216: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:44.955218: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:44.955219: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:44.955224: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:44.955228: | Added new connection northnet-eastnet/0x2 with policy PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:44.955258: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:16:44.955260: | from whack: got --esp= Sep 21 07:16:44.955280: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:16:44.955283: | counting wild cards for @north is 0 Sep 21 07:16:44.955285: | counting wild cards for @east is 0 Sep 21 07:16:44.955289: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Sep 21 07:16:44.955292: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x564cd0401980: northnet-eastnet/0x1 Sep 21 07:16:44.955294: added connection description "northnet-eastnet/0x2" Sep 21 07:16:44.955301: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:16:44.955307: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:16:44.955316: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:44.955320: | spent 0.123 milliseconds in whack Sep 21 07:16:45.031231: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:45.031260: | old debugging base+cpu-usage + none Sep 21 07:16:45.031263: | base debugging = base+cpu-usage Sep 21 07:16:45.031266: | old impairing none + suppress-retransmits Sep 21 07:16:45.031269: | base impairing = suppress-retransmits Sep 21 07:16:45.031277: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:45.031285: | spent 0.0638 milliseconds in whack Sep 21 07:16:45.162669: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:45.162883: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:45.162891: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:45.162996: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:16:45.163008: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:45.163015: | spent 0.344 milliseconds in whack Sep 21 07:16:45.252818: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:45.252844: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:16:45.252848: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:45.252852: initiating all conns with alias='northnet-eastnet' Sep 21 07:16:45.252859: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:16:45.252866: | start processing: connection "northnet-eastnet/0x2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:16:45.252870: | connection 'northnet-eastnet/0x2' +POLICY_UP Sep 21 07:16:45.252874: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:16:45.252877: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:45.252896: | creating state object #1 at 0x564cd0437f00 Sep 21 07:16:45.252900: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:16:45.252909: | pstats #1 ikev2.ike started Sep 21 07:16:45.252913: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:16:45.252917: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:16:45.252925: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:45.252933: | suspend processing: connection "northnet-eastnet/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:45.252940: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:45.252945: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:16:45.252950: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet/0x2" IKE SA #1 "northnet-eastnet/0x2" Sep 21 07:16:45.252955: "northnet-eastnet/0x2" #1: initiating v2 parent SA Sep 21 07:16:45.252963: | constructing local IKE proposals for northnet-eastnet/0x2 (IKE SA initiator selecting KE) Sep 21 07:16:45.252973: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:45.252983: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:45.252988: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:45.252996: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:45.253001: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:45.253015: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:45.253020: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:16:45.253028: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:45.253043: "northnet-eastnet/0x2": constructed local IKE proposals for northnet-eastnet/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:45.253052: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:16:45.253056: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564cd043a590 Sep 21 07:16:45.253061: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:16:45.253065: | libevent_malloc: new ptr-libevent@0x564cd043a5d0 size 128 Sep 21 07:16:45.253079: | #1 spent 0.212 milliseconds in ikev2_parent_outI1() Sep 21 07:16:45.253084: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:45.253083: | crypto helper 0 resuming Sep 21 07:16:45.253102: | crypto helper 0 starting work-order 1 for state #1 Sep 21 07:16:45.253107: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:16:45.253093: | RESET processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:45.254012: | RESET processing: connection "northnet-eastnet/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:45.254018: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:16:45.254024: | start processing: connection "northnet-eastnet/0x1" (in initiate_a_connection() at initiate.c:186) Sep 21 07:16:45.254026: | connection 'northnet-eastnet/0x1' +POLICY_UP Sep 21 07:16:45.254030: | dup_any(fd@23) -> fd@26 (in initiate_a_connection() at initiate.c:342) Sep 21 07:16:45.254033: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:45.254038: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet/0x1" IKE SA #1 "northnet-eastnet/0x2" Sep 21 07:16:45.254042: | stop processing: connection "northnet-eastnet/0x1" (in initiate_a_connection() at initiate.c:349) Sep 21 07:16:45.254046: | close_any(fd@23) (in initiate_connection() at initiate.c:384) Sep 21 07:16:45.254049: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:45.254055: | spent 0.347 milliseconds in whack Sep 21 07:16:45.254165: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001058 seconds Sep 21 07:16:45.254173: | (#1) spent 1.06 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:16:45.254176: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Sep 21 07:16:45.254178: | scheduling resume sending helper answer for #1 Sep 21 07:16:45.254182: | libevent_malloc: new ptr-libevent@0x7fd73c006900 size 128 Sep 21 07:16:45.254191: | crypto helper 0 waiting (nothing to do) Sep 21 07:16:45.254200: | processing resume sending helper answer for #1 Sep 21 07:16:45.254210: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:45.254214: | crypto helper 0 replies to request ID 1 Sep 21 07:16:45.254216: | calling continuation function 0x564ccf5d0630 Sep 21 07:16:45.254219: | ikev2_parent_outI1_continue for #1 Sep 21 07:16:45.254250: | **emit ISAKMP Message: Sep 21 07:16:45.254253: | initiator cookie: Sep 21 07:16:45.254255: | e6 a2 5a 27 64 e5 77 c8 Sep 21 07:16:45.254257: | responder cookie: Sep 21 07:16:45.254259: | 00 00 00 00 00 00 00 00 Sep 21 07:16:45.254262: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:45.254265: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:45.254268: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:45.254271: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:45.254273: | Message ID: 0 (0x0) Sep 21 07:16:45.254276: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:45.254293: | using existing local IKE proposals for connection northnet-eastnet/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:45.254296: | Emitting ikev2_proposals ... Sep 21 07:16:45.254299: | ***emit IKEv2 Security Association Payload: Sep 21 07:16:45.254302: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.254304: | flags: none (0x0) Sep 21 07:16:45.254307: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:45.254310: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:45.254313: | discarding INTEG=NONE Sep 21 07:16:45.254315: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:45.254318: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:45.254320: | prop #: 1 (0x1) Sep 21 07:16:45.254322: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:45.254325: | spi size: 0 (0x0) Sep 21 07:16:45.254327: | # transforms: 11 (0xb) Sep 21 07:16:45.254330: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:45.254332: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254335: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254337: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:45.254340: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:45.254342: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254345: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:45.254348: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:45.254350: | length/value: 256 (0x100) Sep 21 07:16:45.254353: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:45.254355: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254358: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254360: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:45.254363: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:45.254366: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254371: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254373: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254376: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254378: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254380: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:45.254383: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:45.254385: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254388: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254391: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254393: | discarding INTEG=NONE Sep 21 07:16:45.254395: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254397: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254400: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254402: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:45.254405: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254407: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254410: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254412: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254414: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254417: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254419: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:45.254422: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254424: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254427: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254429: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254432: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254434: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254436: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:45.254439: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254442: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254444: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254447: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254449: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254451: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254454: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:45.254456: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254459: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254462: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254464: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254466: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254468: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254473: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:45.254476: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254478: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254481: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254483: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254485: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254488: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254490: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:45.254493: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254496: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254498: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254501: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254503: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254505: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254507: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:45.254510: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254513: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254515: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254518: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254520: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:45.254522: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254525: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:45.254527: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254530: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254532: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254535: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:45.254538: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:45.254540: | discarding INTEG=NONE Sep 21 07:16:45.254542: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:45.254544: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:45.254547: | prop #: 2 (0x2) Sep 21 07:16:45.254549: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:45.254551: | spi size: 0 (0x0) Sep 21 07:16:45.254554: | # transforms: 11 (0xb) Sep 21 07:16:45.254556: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:45.254559: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:45.254562: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254564: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254567: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:45.254569: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:45.254571: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254574: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:45.254578: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:45.254580: | length/value: 128 (0x80) Sep 21 07:16:45.254583: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:45.254585: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254587: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254590: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:45.254592: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:45.254595: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254598: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254600: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254602: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254605: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254607: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:45.254609: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:45.254612: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254615: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254617: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254619: | discarding INTEG=NONE Sep 21 07:16:45.254622: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254624: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254627: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254629: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:45.254632: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254635: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254637: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254639: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254642: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254644: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254646: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:45.254649: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254652: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254654: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254657: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254659: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254661: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254664: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:45.254666: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254669: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254672: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254674: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254676: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254678: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254681: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:45.254687: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254690: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254693: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254695: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254697: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254699: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254702: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:45.254705: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254707: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254710: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254712: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254714: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254717: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254719: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:45.254722: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254724: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254727: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254729: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254731: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254734: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254736: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:45.254739: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254741: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254744: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254746: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254748: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:45.254751: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254753: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:45.254756: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254759: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254761: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254764: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:45.254766: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:45.254769: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:45.254771: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:45.254774: | prop #: 3 (0x3) Sep 21 07:16:45.254776: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:45.254778: | spi size: 0 (0x0) Sep 21 07:16:45.254781: | # transforms: 13 (0xd) Sep 21 07:16:45.254787: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:45.254793: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:45.254797: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254799: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254802: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:45.254804: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:45.254807: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254809: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:45.254812: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:45.254814: | length/value: 256 (0x100) Sep 21 07:16:45.254817: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:45.254819: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254821: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254824: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:45.254826: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:45.254829: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254832: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254834: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254836: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254839: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254841: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:45.254843: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:45.254846: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254849: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254851: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254854: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254856: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254858: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:45.254861: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:45.254864: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254866: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254869: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254871: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254873: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254876: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:45.254878: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:45.254881: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254883: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254886: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254888: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254891: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254893: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254895: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:45.254898: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254904: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254906: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254909: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254911: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254913: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254916: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:45.254918: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254921: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254924: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254926: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254928: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254931: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254933: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:45.254936: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254939: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254941: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254943: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254946: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254948: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254950: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:45.254953: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254956: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254959: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254961: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254963: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254965: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254968: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:45.254971: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254973: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254976: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254978: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254980: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254983: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.254985: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:45.254988: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.254990: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.254993: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.254995: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.254997: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255000: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.255003: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:45.255006: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255009: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.255011: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.255014: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.255016: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:45.255018: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.255021: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:45.255024: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255026: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.255029: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.255031: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:45.255034: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:45.255036: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:45.255039: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:45.255041: | prop #: 4 (0x4) Sep 21 07:16:45.255043: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:45.255046: | spi size: 0 (0x0) Sep 21 07:16:45.255048: | # transforms: 13 (0xd) Sep 21 07:16:45.255051: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:45.255053: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:45.255056: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.255058: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255060: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:45.255063: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:45.255065: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.255068: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:45.255070: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:45.255072: | length/value: 128 (0x80) Sep 21 07:16:45.255075: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:45.255077: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.255080: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255082: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:45.255084: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:45.255087: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255090: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.255093: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.255095: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.255097: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255100: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:45.255102: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:45.255105: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255108: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.255111: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.255114: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.255116: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255118: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:45.255121: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:45.255124: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255126: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.255129: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.255131: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.255133: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255136: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:45.255138: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:45.255141: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255144: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.255146: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.255148: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.255151: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255153: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.255156: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:45.255158: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255161: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.255163: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.255166: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.255168: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255171: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.255173: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:45.255176: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255179: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.255181: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.255183: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.255186: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255188: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.255191: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:45.255193: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255196: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.255199: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.255201: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.255203: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255206: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.255208: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:45.255211: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255215: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.255218: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.255220: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.255223: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255225: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.255227: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:45.255230: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255233: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.255235: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.255238: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.255240: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255242: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.255245: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:45.255248: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255250: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.255253: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.255255: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.255257: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255260: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.255262: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:45.255265: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255267: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.255270: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.255272: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.255274: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:45.255277: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.255279: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:45.255282: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.255285: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.255287: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.255290: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:45.255292: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:45.255295: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:16:45.255297: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:45.255300: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:16:45.255302: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.255305: | flags: none (0x0) Sep 21 07:16:45.255307: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:45.255310: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:45.255315: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:45.255318: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:45.255321: | ikev2 g^x 03 64 9e b1 18 87 68 ff dd aa f9 18 9d 43 8c 29 Sep 21 07:16:45.255323: | ikev2 g^x 19 9d be 15 13 11 1b 38 0f 79 0e f2 2d 5f 82 5a Sep 21 07:16:45.255326: | ikev2 g^x 7f 91 58 e2 bf c3 65 0e 80 4e 12 bb 54 93 9d a9 Sep 21 07:16:45.255328: | ikev2 g^x 78 f5 14 33 48 94 f9 89 1c 37 a6 2d 28 ef 66 10 Sep 21 07:16:45.255330: | ikev2 g^x 6c b0 76 19 32 4d 90 63 08 68 8f 0f c9 69 e6 94 Sep 21 07:16:45.255333: | ikev2 g^x 78 9d 75 38 aa 6a 62 55 e3 73 ad d5 fa fc 99 c6 Sep 21 07:16:45.255335: | ikev2 g^x bf 7f 82 a9 b6 3a f6 21 6d 2d d2 e3 bf e7 98 fe Sep 21 07:16:45.255337: | ikev2 g^x 6a f0 30 82 00 5e 93 f9 11 b8 10 91 7b 07 6d 5a Sep 21 07:16:45.255339: | ikev2 g^x 96 60 43 96 f3 b6 32 6a 9e 1d db 5d 51 f5 e0 f2 Sep 21 07:16:45.255342: | ikev2 g^x 90 b3 f8 db db 85 ca b8 b2 c0 46 20 81 ab 3c 2a Sep 21 07:16:45.255344: | ikev2 g^x 75 ea 32 f4 44 7f cf 53 8b f5 d5 da 7b 16 35 69 Sep 21 07:16:45.255346: | ikev2 g^x 36 b8 02 fe 80 70 89 d4 9c b0 67 4a 54 d3 f3 34 Sep 21 07:16:45.255348: | ikev2 g^x 28 76 51 28 5e 06 fb f2 8e 03 a1 25 41 ea 8a ae Sep 21 07:16:45.255351: | ikev2 g^x b8 be 6f 2b e8 40 9e 94 88 21 fd 04 d8 34 bb fb Sep 21 07:16:45.255353: | ikev2 g^x d6 ec 16 b9 83 70 11 92 ee 35 90 58 95 84 e2 b9 Sep 21 07:16:45.255355: | ikev2 g^x 76 31 dd 25 e0 1c 98 6c ac 4f 23 dc f5 45 a4 6b Sep 21 07:16:45.255358: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:16:45.255360: | ***emit IKEv2 Nonce Payload: Sep 21 07:16:45.255363: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:45.255365: | flags: none (0x0) Sep 21 07:16:45.255368: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:16:45.255371: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:45.255374: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:45.255377: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:45.255379: | IKEv2 nonce f9 33 1c 31 37 be 1e b7 bf a5 27 48 a2 45 e8 41 Sep 21 07:16:45.255382: | IKEv2 nonce c2 29 f8 70 20 f6 f3 2d f2 ca 6f f3 d6 9e 40 a7 Sep 21 07:16:45.255384: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:45.255386: | Adding a v2N Payload Sep 21 07:16:45.255389: | ***emit IKEv2 Notify Payload: Sep 21 07:16:45.255391: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.255393: | flags: none (0x0) Sep 21 07:16:45.255396: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:45.255398: | SPI size: 0 (0x0) Sep 21 07:16:45.255401: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:45.255404: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:45.255406: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:45.255409: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:16:45.255412: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:16:45.255415: | natd_hash: rcookie is zero Sep 21 07:16:45.255429: | natd_hash: hasher=0x564ccf6a67a0(20) Sep 21 07:16:45.255432: | natd_hash: icookie= e6 a2 5a 27 64 e5 77 c8 Sep 21 07:16:45.255434: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:45.255436: | natd_hash: ip= c0 01 03 21 Sep 21 07:16:45.255439: | natd_hash: port= 01 f4 Sep 21 07:16:45.255441: | natd_hash: hash= 47 de 10 84 5d 6a f0 93 5d d3 67 89 64 e4 f6 13 Sep 21 07:16:45.255443: | natd_hash: hash= d2 d2 f6 f4 Sep 21 07:16:45.255445: | Adding a v2N Payload Sep 21 07:16:45.255449: | ***emit IKEv2 Notify Payload: Sep 21 07:16:45.255452: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.255454: | flags: none (0x0) Sep 21 07:16:45.255456: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:45.255458: | SPI size: 0 (0x0) Sep 21 07:16:45.255461: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:45.255464: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:45.255466: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:45.255469: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:45.255472: | Notify data 47 de 10 84 5d 6a f0 93 5d d3 67 89 64 e4 f6 13 Sep 21 07:16:45.255474: | Notify data d2 d2 f6 f4 Sep 21 07:16:45.255476: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:45.255479: | natd_hash: rcookie is zero Sep 21 07:16:45.255486: | natd_hash: hasher=0x564ccf6a67a0(20) Sep 21 07:16:45.255489: | natd_hash: icookie= e6 a2 5a 27 64 e5 77 c8 Sep 21 07:16:45.255491: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:45.255493: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:45.255496: | natd_hash: port= 01 f4 Sep 21 07:16:45.255498: | natd_hash: hash= 3f 41 2f 95 10 6b 07 bf 0d a4 7a e6 e7 6a 28 2b Sep 21 07:16:45.255500: | natd_hash: hash= 2c b2 83 2c Sep 21 07:16:45.255502: | Adding a v2N Payload Sep 21 07:16:45.255505: | ***emit IKEv2 Notify Payload: Sep 21 07:16:45.255507: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.255509: | flags: none (0x0) Sep 21 07:16:45.255512: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:45.255514: | SPI size: 0 (0x0) Sep 21 07:16:45.255516: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:45.255519: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:45.255522: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:45.255525: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:45.255527: | Notify data 3f 41 2f 95 10 6b 07 bf 0d a4 7a e6 e7 6a 28 2b Sep 21 07:16:45.255529: | Notify data 2c b2 83 2c Sep 21 07:16:45.255532: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:45.255534: | emitting length of ISAKMP Message: 828 Sep 21 07:16:45.255542: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:16:45.255554: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:45.255558: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:16:45.255561: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:16:45.255564: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:16:45.255567: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:16:45.255570: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:16:45.255575: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:45.255579: "northnet-eastnet/0x2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:45.255591: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:16:45.255601: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:45.255604: | e6 a2 5a 27 64 e5 77 c8 00 00 00 00 00 00 00 00 Sep 21 07:16:45.255606: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:16:45.255608: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:16:45.255610: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:16:45.255614: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:16:45.255617: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:16:45.255619: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:16:45.255621: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:16:45.255623: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:16:45.255625: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:16:45.255628: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:16:45.255630: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:16:45.255632: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:16:45.255634: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:16:45.255637: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:16:45.255639: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:16:45.255641: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:16:45.255643: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:16:45.255646: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:16:45.255648: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:16:45.255650: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:16:45.255652: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:16:45.255655: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:16:45.255657: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:16:45.255659: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:16:45.255661: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:16:45.255663: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:16:45.255666: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:16:45.255668: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:16:45.255670: | 28 00 01 08 00 0e 00 00 03 64 9e b1 18 87 68 ff Sep 21 07:16:45.255672: | dd aa f9 18 9d 43 8c 29 19 9d be 15 13 11 1b 38 Sep 21 07:16:45.255675: | 0f 79 0e f2 2d 5f 82 5a 7f 91 58 e2 bf c3 65 0e Sep 21 07:16:45.255677: | 80 4e 12 bb 54 93 9d a9 78 f5 14 33 48 94 f9 89 Sep 21 07:16:45.255679: | 1c 37 a6 2d 28 ef 66 10 6c b0 76 19 32 4d 90 63 Sep 21 07:16:45.255681: | 08 68 8f 0f c9 69 e6 94 78 9d 75 38 aa 6a 62 55 Sep 21 07:16:45.255684: | e3 73 ad d5 fa fc 99 c6 bf 7f 82 a9 b6 3a f6 21 Sep 21 07:16:45.255686: | 6d 2d d2 e3 bf e7 98 fe 6a f0 30 82 00 5e 93 f9 Sep 21 07:16:45.255688: | 11 b8 10 91 7b 07 6d 5a 96 60 43 96 f3 b6 32 6a Sep 21 07:16:45.255690: | 9e 1d db 5d 51 f5 e0 f2 90 b3 f8 db db 85 ca b8 Sep 21 07:16:45.255693: | b2 c0 46 20 81 ab 3c 2a 75 ea 32 f4 44 7f cf 53 Sep 21 07:16:45.255695: | 8b f5 d5 da 7b 16 35 69 36 b8 02 fe 80 70 89 d4 Sep 21 07:16:45.255697: | 9c b0 67 4a 54 d3 f3 34 28 76 51 28 5e 06 fb f2 Sep 21 07:16:45.255699: | 8e 03 a1 25 41 ea 8a ae b8 be 6f 2b e8 40 9e 94 Sep 21 07:16:45.255702: | 88 21 fd 04 d8 34 bb fb d6 ec 16 b9 83 70 11 92 Sep 21 07:16:45.255704: | ee 35 90 58 95 84 e2 b9 76 31 dd 25 e0 1c 98 6c Sep 21 07:16:45.255706: | ac 4f 23 dc f5 45 a4 6b 29 00 00 24 f9 33 1c 31 Sep 21 07:16:45.255708: | 37 be 1e b7 bf a5 27 48 a2 45 e8 41 c2 29 f8 70 Sep 21 07:16:45.255710: | 20 f6 f3 2d f2 ca 6f f3 d6 9e 40 a7 29 00 00 08 Sep 21 07:16:45.255713: | 00 00 40 2e 29 00 00 1c 00 00 40 04 47 de 10 84 Sep 21 07:16:45.255715: | 5d 6a f0 93 5d d3 67 89 64 e4 f6 13 d2 d2 f6 f4 Sep 21 07:16:45.255717: | 00 00 00 1c 00 00 40 05 3f 41 2f 95 10 6b 07 bf Sep 21 07:16:45.255719: | 0d a4 7a e6 e7 6a 28 2b 2c b2 83 2c Sep 21 07:16:45.255872: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:45.255881: | libevent_free: release ptr-libevent@0x564cd043a5d0 Sep 21 07:16:45.255884: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564cd043a590 Sep 21 07:16:45.255887: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:16:45.255893: "northnet-eastnet/0x2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:16:45.255902: | event_schedule: new EVENT_RETRANSMIT-pe@0x564cd043a590 Sep 21 07:16:45.255906: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Sep 21 07:16:45.255909: | libevent_malloc: new ptr-libevent@0x564cd043a5d0 size 128 Sep 21 07:16:45.255914: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48851.624165 Sep 21 07:16:45.255918: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:16:45.255923: | #1 spent 1.62 milliseconds in resume sending helper answer Sep 21 07:16:45.255928: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:45.255931: | libevent_free: release ptr-libevent@0x7fd73c006900 Sep 21 07:16:45.260203: | spent 0.00265 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:45.260229: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:45.260232: | e6 a2 5a 27 64 e5 77 c8 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:45.260235: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:16:45.260237: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:16:45.260239: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:16:45.260241: | 04 00 00 0e 28 00 01 08 00 0e 00 00 c6 69 7d 34 Sep 21 07:16:45.260244: | fd 05 3b 1c 7b b8 c5 47 31 c5 db b2 d8 96 04 a8 Sep 21 07:16:45.260246: | 1d 61 3d 25 2d 15 48 73 5e e5 08 61 3f d4 11 a9 Sep 21 07:16:45.260248: | 55 b6 09 d0 df 4a ac 52 16 48 10 ae 09 78 51 8b Sep 21 07:16:45.260250: | bb 07 74 74 ce 4d 93 c5 67 77 a9 98 80 f7 4f f4 Sep 21 07:16:45.260252: | 05 95 af f0 85 b7 73 5f 46 e9 1d fe f3 44 75 28 Sep 21 07:16:45.260255: | fb 66 c8 cb f7 3f d8 91 61 bf 50 ba 9a d2 50 60 Sep 21 07:16:45.260257: | c8 95 f7 f4 51 a7 42 28 4a f0 62 75 ab 3e 44 17 Sep 21 07:16:45.260259: | ce 39 72 ab d8 9d a2 b7 04 e8 c0 65 1c 25 a1 4d Sep 21 07:16:45.260261: | c7 63 f6 b6 f6 e2 87 89 92 c8 ab 0e 2c af 32 e3 Sep 21 07:16:45.260263: | ad 48 9d b9 87 1b 7f bd eb 3c 71 ad 08 dc fe a1 Sep 21 07:16:45.260266: | 0c 0b f5 fc 29 82 70 eb 38 b6 d3 4e 1b 20 b9 cd Sep 21 07:16:45.260268: | 0f 60 75 fa 2c 7c f1 26 75 60 95 3b d4 ae ff 40 Sep 21 07:16:45.260270: | 5d 0c 31 17 21 56 9c f4 fc 2e 29 0b 4b 14 a2 53 Sep 21 07:16:45.260272: | 96 37 c3 8f 75 9f 0d ec db df 4c 19 48 be ab 5b Sep 21 07:16:45.260274: | 44 08 15 af ee d9 6f 86 c8 a4 e4 26 0f 53 34 07 Sep 21 07:16:45.260277: | f7 d8 e9 d7 d4 c9 0c 46 82 62 30 7a 29 00 00 24 Sep 21 07:16:45.260279: | b6 04 e7 6d 75 fd a7 8c c5 ce 95 c1 f4 1f aa 7c Sep 21 07:16:45.260281: | f8 39 9b 68 5e 29 68 6c cc 14 47 2e 91 76 d6 20 Sep 21 07:16:45.260283: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:16:45.260285: | 9b a9 7c 4e e5 0a 2f ce eb 32 39 c3 62 24 3f 4a Sep 21 07:16:45.260288: | 34 e1 67 8a 00 00 00 1c 00 00 40 05 ee b7 c1 74 Sep 21 07:16:45.260290: | 54 17 ea a9 18 fd 24 a7 37 c8 11 b0 0d ce 6f 5b Sep 21 07:16:45.260294: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:45.260298: | **parse ISAKMP Message: Sep 21 07:16:45.260301: | initiator cookie: Sep 21 07:16:45.260303: | e6 a2 5a 27 64 e5 77 c8 Sep 21 07:16:45.260305: | responder cookie: Sep 21 07:16:45.260307: | 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:45.260310: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:45.260313: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:45.260315: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:45.260318: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:45.260320: | Message ID: 0 (0x0) Sep 21 07:16:45.260322: | length: 432 (0x1b0) Sep 21 07:16:45.260328: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:16:45.260331: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:16:45.260335: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:16:45.260341: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:45.260346: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:45.260349: | #1 is idle Sep 21 07:16:45.260351: | #1 idle Sep 21 07:16:45.260353: | unpacking clear payload Sep 21 07:16:45.260356: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:45.260359: | ***parse IKEv2 Security Association Payload: Sep 21 07:16:45.260362: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:16:45.260364: | flags: none (0x0) Sep 21 07:16:45.260366: | length: 40 (0x28) Sep 21 07:16:45.260369: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:16:45.260371: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:16:45.260374: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:16:45.260376: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:16:45.260378: | flags: none (0x0) Sep 21 07:16:45.260381: | length: 264 (0x108) Sep 21 07:16:45.260383: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:45.260386: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:16:45.260388: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:16:45.260390: | ***parse IKEv2 Nonce Payload: Sep 21 07:16:45.260393: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:45.260395: | flags: none (0x0) Sep 21 07:16:45.260397: | length: 36 (0x24) Sep 21 07:16:45.260399: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:16:45.260401: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:45.260404: | ***parse IKEv2 Notify Payload: Sep 21 07:16:45.260406: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:45.260408: | flags: none (0x0) Sep 21 07:16:45.260411: | length: 8 (0x8) Sep 21 07:16:45.260413: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:45.260415: | SPI size: 0 (0x0) Sep 21 07:16:45.260418: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:45.260420: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:16:45.260423: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:45.260425: | ***parse IKEv2 Notify Payload: Sep 21 07:16:45.260428: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:45.260430: | flags: none (0x0) Sep 21 07:16:45.260432: | length: 28 (0x1c) Sep 21 07:16:45.260434: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:45.260436: | SPI size: 0 (0x0) Sep 21 07:16:45.260439: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:45.260441: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:45.260444: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:16:45.260446: | ***parse IKEv2 Notify Payload: Sep 21 07:16:45.260448: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.260450: | flags: none (0x0) Sep 21 07:16:45.260453: | length: 28 (0x1c) Sep 21 07:16:45.260455: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:45.260457: | SPI size: 0 (0x0) Sep 21 07:16:45.260460: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:45.260462: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:16:45.260465: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:16:45.260471: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:45.260474: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:16:45.260476: | Now let's proceed with state specific processing Sep 21 07:16:45.260478: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:16:45.260483: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:16:45.260501: | using existing local IKE proposals for connection northnet-eastnet/0x2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:45.260505: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:16:45.260508: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:45.260510: | local proposal 1 type PRF has 2 transforms Sep 21 07:16:45.260513: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:45.260515: | local proposal 1 type DH has 8 transforms Sep 21 07:16:45.260518: | local proposal 1 type ESN has 0 transforms Sep 21 07:16:45.260521: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:16:45.260523: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:45.260526: | local proposal 2 type PRF has 2 transforms Sep 21 07:16:45.260528: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:45.260530: | local proposal 2 type DH has 8 transforms Sep 21 07:16:45.260533: | local proposal 2 type ESN has 0 transforms Sep 21 07:16:45.260536: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:16:45.260538: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:45.260540: | local proposal 3 type PRF has 2 transforms Sep 21 07:16:45.260543: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:45.260545: | local proposal 3 type DH has 8 transforms Sep 21 07:16:45.260547: | local proposal 3 type ESN has 0 transforms Sep 21 07:16:45.260550: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:16:45.260553: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:45.260555: | local proposal 4 type PRF has 2 transforms Sep 21 07:16:45.260557: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:45.260560: | local proposal 4 type DH has 8 transforms Sep 21 07:16:45.260562: | local proposal 4 type ESN has 0 transforms Sep 21 07:16:45.260565: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:16:45.260568: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:45.260570: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:45.260572: | length: 36 (0x24) Sep 21 07:16:45.260575: | prop #: 1 (0x1) Sep 21 07:16:45.260577: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:45.260579: | spi size: 0 (0x0) Sep 21 07:16:45.260581: | # transforms: 3 (0x3) Sep 21 07:16:45.260585: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:16:45.260588: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:45.260590: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.260592: | length: 12 (0xc) Sep 21 07:16:45.260595: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:45.260597: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:45.260599: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:45.260602: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:45.260604: | length/value: 256 (0x100) Sep 21 07:16:45.260609: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:45.260611: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:45.260613: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.260618: | length: 8 (0x8) Sep 21 07:16:45.260620: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:45.260623: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:45.260626: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:16:45.260629: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:45.260631: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:45.260633: | length: 8 (0x8) Sep 21 07:16:45.260636: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.260638: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:45.260641: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:16:45.260645: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:16:45.260649: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:16:45.260651: | remote proposal 1 matches local proposal 1 Sep 21 07:16:45.260654: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:16:45.260657: | converting proposal to internal trans attrs Sep 21 07:16:45.260676: | natd_hash: hasher=0x564ccf6a67a0(20) Sep 21 07:16:45.260679: | natd_hash: icookie= e6 a2 5a 27 64 e5 77 c8 Sep 21 07:16:45.260681: | natd_hash: rcookie= 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:45.260683: | natd_hash: ip= c0 01 03 21 Sep 21 07:16:45.260685: | natd_hash: port= 01 f4 Sep 21 07:16:45.260688: | natd_hash: hash= ee b7 c1 74 54 17 ea a9 18 fd 24 a7 37 c8 11 b0 Sep 21 07:16:45.260690: | natd_hash: hash= 0d ce 6f 5b Sep 21 07:16:45.260696: | natd_hash: hasher=0x564ccf6a67a0(20) Sep 21 07:16:45.260698: | natd_hash: icookie= e6 a2 5a 27 64 e5 77 c8 Sep 21 07:16:45.260700: | natd_hash: rcookie= 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:45.260702: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:45.260704: | natd_hash: port= 01 f4 Sep 21 07:16:45.260707: | natd_hash: hash= 9b a9 7c 4e e5 0a 2f ce eb 32 39 c3 62 24 3f 4a Sep 21 07:16:45.260709: | natd_hash: hash= 34 e1 67 8a Sep 21 07:16:45.260711: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:16:45.260714: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:16:45.260716: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:16:45.260719: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:16:45.260722: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:16:45.260726: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:16:45.260729: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:45.260732: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:16:45.260736: | libevent_free: release ptr-libevent@0x564cd043a5d0 Sep 21 07:16:45.260739: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564cd043a590 Sep 21 07:16:45.260741: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564cd043a590 Sep 21 07:16:45.260745: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:16:45.260748: | libevent_malloc: new ptr-libevent@0x564cd043a5d0 size 128 Sep 21 07:16:45.260759: | #1 spent 0.275 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:16:45.260764: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:45.260768: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:16:45.260770: | suspending state #1 and saving MD Sep 21 07:16:45.260773: | #1 is busy; has a suspended MD Sep 21 07:16:45.260777: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:45.260781: | "northnet-eastnet/0x2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:45.260791: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:45.260797: | #1 spent 0.577 milliseconds in ikev2_process_packet() Sep 21 07:16:45.260802: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:45.260804: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:45.260807: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:45.260811: | spent 0.591 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:45.260967: | crypto helper 2 resuming Sep 21 07:16:45.260979: | crypto helper 2 starting work-order 2 for state #1 Sep 21 07:16:45.260985: | crypto helper 2 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:16:45.261889: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:16:45.263077: | crypto helper 2 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.002091 seconds Sep 21 07:16:45.263093: | (#1) spent 1.38 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:16:45.263097: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Sep 21 07:16:45.263100: | scheduling resume sending helper answer for #1 Sep 21 07:16:45.263103: | libevent_malloc: new ptr-libevent@0x7fd734006b90 size 128 Sep 21 07:16:45.263113: | crypto helper 2 waiting (nothing to do) Sep 21 07:16:45.263267: | processing resume sending helper answer for #1 Sep 21 07:16:45.263278: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:45.263283: | crypto helper 2 replies to request ID 2 Sep 21 07:16:45.263286: | calling continuation function 0x564ccf5d0630 Sep 21 07:16:45.263289: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:16:45.263298: | creating state object #2 at 0x564cd043ced0 Sep 21 07:16:45.263301: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:16:45.263305: | pstats #2 ikev2.child started Sep 21 07:16:45.263308: | duplicating state object #1 "northnet-eastnet/0x2" as #2 for IPSEC SA Sep 21 07:16:45.263313: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:45.263319: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:45.263324: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:16:45.263329: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:45.263332: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:45.263336: | libevent_free: release ptr-libevent@0x564cd043a5d0 Sep 21 07:16:45.263338: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564cd043a590 Sep 21 07:16:45.263342: | event_schedule: new EVENT_SA_REPLACE-pe@0x564cd043a590 Sep 21 07:16:45.263345: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:16:45.263348: | libevent_malloc: new ptr-libevent@0x564cd043a5d0 size 128 Sep 21 07:16:45.263352: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:16:45.263358: | **emit ISAKMP Message: Sep 21 07:16:45.263361: | initiator cookie: Sep 21 07:16:45.263363: | e6 a2 5a 27 64 e5 77 c8 Sep 21 07:16:45.263365: | responder cookie: Sep 21 07:16:45.263367: | 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:45.263370: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:45.263373: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:45.263375: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:45.263378: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:45.263384: | Message ID: 1 (0x1) Sep 21 07:16:45.263387: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:45.263390: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:45.263393: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.263395: | flags: none (0x0) Sep 21 07:16:45.263398: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:45.263401: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:16:45.263405: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:45.263414: | IKEv2 CERT: send a certificate? Sep 21 07:16:45.263417: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Sep 21 07:16:45.263420: | IDr payload will be sent Sep 21 07:16:45.263438: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:16:45.263441: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.263443: | flags: none (0x0) Sep 21 07:16:45.263446: | ID type: ID_FQDN (0x2) Sep 21 07:16:45.263449: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:16:45.263452: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:45.263455: | emitting 5 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:16:45.263457: | my identity 6e 6f 72 74 68 Sep 21 07:16:45.263460: | emitting length of IKEv2 Identification - Initiator - Payload: 13 Sep 21 07:16:45.263469: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:16:45.263471: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:16:45.263474: | flags: none (0x0) Sep 21 07:16:45.263476: | ID type: ID_FQDN (0x2) Sep 21 07:16:45.263479: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:16:45.263482: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:16:45.263485: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:45.263488: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:16:45.263490: | IDr 65 61 73 74 Sep 21 07:16:45.263492: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:16:45.263495: | not sending INITIAL_CONTACT Sep 21 07:16:45.263498: | ****emit IKEv2 Authentication Payload: Sep 21 07:16:45.263500: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.263502: | flags: none (0x0) Sep 21 07:16:45.263505: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:16:45.263508: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:16:45.263511: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:16:45.263514: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Sep 21 07:16:45.263519: | started looking for secret for @north->@east of kind PKK_PSK Sep 21 07:16:45.263522: | actually looking for secret for @north->@east of kind PKK_PSK Sep 21 07:16:45.263525: | line 1: key type PKK_PSK(@north) to type PKK_PSK Sep 21 07:16:45.263529: | 1: compared key @north to @north / @east -> 010 Sep 21 07:16:45.263532: | 2: compared key @east to @north / @east -> 014 Sep 21 07:16:45.263534: | line 1: match=014 Sep 21 07:16:45.263537: | match 014 beats previous best_match 000 match=0x564cd042a660 (line=1) Sep 21 07:16:45.263540: | concluding with best_match=014 best=0x564cd042a660 (lineno=1) Sep 21 07:16:45.263605: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Sep 21 07:16:45.263609: | PSK auth d2 54 dd 59 ac 87 fe 1d e8 45 3f ff 37 40 42 e7 Sep 21 07:16:45.263611: | PSK auth 50 02 4e 5b f9 57 47 ed f4 93 54 3a e0 30 54 6c Sep 21 07:16:45.263614: | PSK auth f3 21 6d a7 0b 30 a0 de 15 9f 86 65 41 16 3f c7 Sep 21 07:16:45.263616: | PSK auth a8 8c ed 22 ca b6 7b bf 65 9c e3 4a 90 e1 19 32 Sep 21 07:16:45.263619: | emitting length of IKEv2 Authentication Payload: 72 Sep 21 07:16:45.263621: | getting first pending from state #1 Sep 21 07:16:45.263625: | Switching Child connection for #2 to "northnet-eastnet/0x1" from "northnet-eastnet/0x2" Sep 21 07:16:45.263629: | in connection_discard for connection northnet-eastnet/0x2 Sep 21 07:16:45.263646: | netlink_get_spi: allocated 0xedebe249 for esp.0@192.1.3.33 Sep 21 07:16:45.263650: | constructing ESP/AH proposals with all DH removed for northnet-eastnet/0x1 (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:16:45.263657: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:16:45.263662: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:16:45.263665: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:16:45.263669: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:16:45.263673: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:45.263677: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:45.263680: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:45.263684: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:45.263693: "northnet-eastnet/0x1": constructed local ESP/AH proposals for northnet-eastnet/0x1 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:45.263702: | Emitting ikev2_proposals ... Sep 21 07:16:45.263705: | ****emit IKEv2 Security Association Payload: Sep 21 07:16:45.263707: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.263710: | flags: none (0x0) Sep 21 07:16:45.263713: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:45.263716: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:45.263718: | discarding INTEG=NONE Sep 21 07:16:45.263720: | discarding DH=NONE Sep 21 07:16:45.263723: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:45.263725: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:45.263728: | prop #: 1 (0x1) Sep 21 07:16:45.263730: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:45.263732: | spi size: 4 (0x4) Sep 21 07:16:45.263735: | # transforms: 2 (0x2) Sep 21 07:16:45.263738: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:45.263741: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:45.263743: | our spi ed eb e2 49 Sep 21 07:16:45.263745: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.263748: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.263750: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:45.263753: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:45.263756: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.263758: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:45.263764: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:45.263766: | length/value: 256 (0x100) Sep 21 07:16:45.263769: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:45.263771: | discarding INTEG=NONE Sep 21 07:16:45.263773: | discarding DH=NONE Sep 21 07:16:45.263775: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.263778: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:45.263780: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:45.263787: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:45.263794: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.263797: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.263799: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.263801: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:16:45.263804: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:45.263807: | discarding INTEG=NONE Sep 21 07:16:45.263809: | discarding DH=NONE Sep 21 07:16:45.263811: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:45.263814: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:45.263816: | prop #: 2 (0x2) Sep 21 07:16:45.263818: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:45.263820: | spi size: 4 (0x4) Sep 21 07:16:45.263823: | # transforms: 2 (0x2) Sep 21 07:16:45.263826: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:45.263828: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:45.263831: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:45.263833: | our spi ed eb e2 49 Sep 21 07:16:45.263836: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.263838: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.263840: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:45.263843: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:45.263845: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.263848: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:45.263850: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:45.263853: | length/value: 128 (0x80) Sep 21 07:16:45.263855: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:45.263857: | discarding INTEG=NONE Sep 21 07:16:45.263859: | discarding DH=NONE Sep 21 07:16:45.263861: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.263864: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:45.263866: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:45.263868: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:45.263872: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.263874: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.263877: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.263879: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:16:45.263882: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:45.263884: | discarding DH=NONE Sep 21 07:16:45.263886: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:45.263889: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:45.263892: | prop #: 3 (0x3) Sep 21 07:16:45.263895: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:45.263897: | spi size: 4 (0x4) Sep 21 07:16:45.263899: | # transforms: 4 (0x4) Sep 21 07:16:45.263902: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:45.263905: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:45.263907: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:45.263910: | our spi ed eb e2 49 Sep 21 07:16:45.263912: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.263914: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.263917: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:45.263919: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:45.263922: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.263924: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:45.263926: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:45.263929: | length/value: 256 (0x100) Sep 21 07:16:45.263931: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:45.263934: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.263936: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.263939: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:45.263941: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:45.263944: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.263947: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.263949: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.263952: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.263954: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.263956: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:45.263959: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:45.263961: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.263964: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.263967: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.263969: | discarding DH=NONE Sep 21 07:16:45.263971: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.263973: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:45.263976: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:45.263978: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:45.263981: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.263984: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.263986: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.263988: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:16:45.263991: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:45.263993: | discarding DH=NONE Sep 21 07:16:45.263995: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:45.263998: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:45.264000: | prop #: 4 (0x4) Sep 21 07:16:45.264004: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:45.264006: | spi size: 4 (0x4) Sep 21 07:16:45.264008: | # transforms: 4 (0x4) Sep 21 07:16:45.264011: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:45.264014: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:45.264017: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:45.264019: | our spi ed eb e2 49 Sep 21 07:16:45.264021: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.264023: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.264026: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:45.264028: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:45.264031: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.264033: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:45.264036: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:45.264038: | length/value: 128 (0x80) Sep 21 07:16:45.264040: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:45.264043: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.264045: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.264047: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:45.264050: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:45.264053: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.264055: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.264058: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.264060: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.264063: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.264065: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:45.264067: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:45.264070: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.264073: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.264076: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.264078: | discarding DH=NONE Sep 21 07:16:45.264080: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.264082: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:45.264085: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:45.264087: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:45.264090: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.264093: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.264095: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.264097: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:16:45.264100: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:45.264102: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:16:45.264105: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:45.264108: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:45.264112: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.264114: | flags: none (0x0) Sep 21 07:16:45.264117: | number of TS: 1 (0x1) Sep 21 07:16:45.264120: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:16:45.264123: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:45.264125: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:45.264127: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:45.264130: | IP Protocol ID: 0 (0x0) Sep 21 07:16:45.264132: | start port: 0 (0x0) Sep 21 07:16:45.264135: | end port: 65535 (0xffff) Sep 21 07:16:45.264138: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:45.264140: | IP start c0 00 03 00 Sep 21 07:16:45.264142: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:45.264145: | IP end c0 00 03 ff Sep 21 07:16:45.264147: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:45.264149: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:16:45.264152: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:45.264154: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.264156: | flags: none (0x0) Sep 21 07:16:45.264159: | number of TS: 1 (0x1) Sep 21 07:16:45.264162: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:16:45.264164: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:45.264167: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:45.264169: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:45.264171: | IP Protocol ID: 0 (0x0) Sep 21 07:16:45.264174: | start port: 0 (0x0) Sep 21 07:16:45.264176: | end port: 65535 (0xffff) Sep 21 07:16:45.264179: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:45.264181: | IP start c0 00 02 00 Sep 21 07:16:45.264183: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:45.264185: | IP end c0 00 02 ff Sep 21 07:16:45.264188: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:45.264190: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:16:45.264193: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:16:45.264195: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:16:45.264198: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:45.264201: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:45.264204: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:45.264207: | emitting length of IKEv2 Encryption Payload: 338 Sep 21 07:16:45.264209: | emitting length of ISAKMP Message: 366 Sep 21 07:16:45.264226: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:45.264230: | start processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:45.264235: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:16:45.264238: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:16:45.264241: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:16:45.264244: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:16:45.264249: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:16:45.264255: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:16:45.264260: "northnet-eastnet/0x1" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:16:45.264267: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:16:45.264273: | sending 366 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:45.264276: | e6 a2 5a 27 64 e5 77 c8 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:45.264278: | 2e 20 23 08 00 00 00 01 00 00 01 6e 23 00 01 52 Sep 21 07:16:45.264280: | d4 6b 96 9f 6d 43 7c 76 db 91 59 f9 0a fd 92 d6 Sep 21 07:16:45.264283: | 3b 8d c7 91 39 eb b1 67 c1 02 54 70 ea 11 fb d1 Sep 21 07:16:45.264285: | 97 53 0e 4a a8 33 7f dd 80 2d 98 c4 6f 06 77 96 Sep 21 07:16:45.264287: | 56 47 ba 1a 21 6e 7d f0 2e 05 23 a9 d4 bf 2a 38 Sep 21 07:16:45.264289: | c3 8b b1 83 e3 39 28 1e 03 80 71 ad 66 94 cb 76 Sep 21 07:16:45.264291: | 63 ec 6c 29 1d 1e fc 04 df 55 18 3a ab cf 93 3c Sep 21 07:16:45.264294: | d6 80 0a 5c b8 f7 f2 07 2e 58 a0 88 ec 6a a6 3a Sep 21 07:16:45.264296: | 2e d9 34 6e 3a 1f 4c f5 a9 f3 bf aa 01 c3 07 71 Sep 21 07:16:45.264298: | 52 a9 1a 64 5c 06 e4 39 be cc dd f5 e4 93 ac 8a Sep 21 07:16:45.264300: | 0d de 62 ef a8 be 85 eb a6 93 73 fc 7c 79 90 2f Sep 21 07:16:45.264303: | b7 cb 49 8d dd 6d 56 81 a8 5f 1e c4 b3 11 21 1f Sep 21 07:16:45.264305: | 15 4c d2 f8 ea 91 74 b1 01 9a 67 b4 de 1a 58 cd Sep 21 07:16:45.264307: | b7 6a 3c 3d 35 7c a3 36 d0 3b 89 9e 36 0f 75 e4 Sep 21 07:16:45.264309: | bc 00 f7 86 50 47 59 d0 28 bb 62 2e 5b 54 6e 94 Sep 21 07:16:45.264311: | b9 82 f9 5c 29 2e 54 91 84 4a ba 1a 94 a1 bb 30 Sep 21 07:16:45.264314: | e2 be 19 15 5d 3f 35 b9 5a 85 28 73 83 62 5c c2 Sep 21 07:16:45.264316: | 2d 56 14 12 8d ac 50 06 cc c7 a9 cf 73 88 a6 41 Sep 21 07:16:45.264318: | d2 4f 34 6b 70 92 f5 81 a5 2e 64 a1 db 21 a8 5a Sep 21 07:16:45.264320: | 95 d1 24 8d 5d a5 4c 49 ea c4 31 9d d3 e7 b2 9f Sep 21 07:16:45.264323: | 05 20 9f d8 8f 84 b0 85 76 87 3c 12 38 5a c4 fc Sep 21 07:16:45.264325: | f0 57 8a 10 d7 b7 c9 dd 1e 22 d9 95 c7 9a Sep 21 07:16:45.264373: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:16:45.264377: "northnet-eastnet/0x1" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:16:45.264383: | event_schedule: new EVENT_RETRANSMIT-pe@0x564cd043a310 Sep 21 07:16:45.264386: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Sep 21 07:16:45.264389: | libevent_malloc: new ptr-libevent@0x564cd043a3f0 size 128 Sep 21 07:16:45.264394: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48851.632647 Sep 21 07:16:45.264397: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:16:45.264403: | #1 spent 1.09 milliseconds in resume sending helper answer Sep 21 07:16:45.264408: | stop processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:45.264411: | libevent_free: release ptr-libevent@0x7fd734006b90 Sep 21 07:16:45.311678: | spent 0.0028 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:45.311701: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:45.311705: | e6 a2 5a 27 64 e5 77 c8 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:45.311708: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Sep 21 07:16:45.311710: | ad 2d 3c 02 2c 9a 0c 6d 92 0f d8 72 15 2a b4 44 Sep 21 07:16:45.311712: | 31 48 2b e5 a0 87 0b 02 80 7a 31 21 d7 fa 0a b6 Sep 21 07:16:45.311714: | f6 a1 76 f6 bc 9a 6b 6c 79 43 a3 f2 3f 17 e5 ba Sep 21 07:16:45.311717: | 8b b3 dd 7d 9b 18 41 9e d9 ff fd 16 68 8e 28 cb Sep 21 07:16:45.311722: | 99 fb 9c 16 b6 fa 35 04 88 09 40 d9 f4 be e5 ed Sep 21 07:16:45.311724: | d5 ef f1 5a 7f c1 3b dd cc 81 b5 29 b5 b9 b0 4a Sep 21 07:16:45.311726: | c8 07 e8 b6 a9 31 aa 74 e3 c9 26 c9 c8 0b 44 d8 Sep 21 07:16:45.311728: | 3b 7b 4e 23 90 85 e3 40 ce 38 8c a6 d8 a4 ba 61 Sep 21 07:16:45.311730: | a6 3c fe 2b bb 7d 96 7b 58 3f ac 0f 43 23 ba 7f Sep 21 07:16:45.311733: | 79 4d 01 c8 df ab 5b a8 36 e3 ea fe 02 7e da d1 Sep 21 07:16:45.311735: | 6a ad 66 22 74 b5 a5 4d 53 a9 ab d3 e2 c7 73 b9 Sep 21 07:16:45.311737: | 47 e7 00 fc 12 d0 dd 37 91 4f c9 c1 19 33 76 80 Sep 21 07:16:45.311739: | aa Sep 21 07:16:45.311744: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:45.311748: | **parse ISAKMP Message: Sep 21 07:16:45.311750: | initiator cookie: Sep 21 07:16:45.311752: | e6 a2 5a 27 64 e5 77 c8 Sep 21 07:16:45.311754: | responder cookie: Sep 21 07:16:45.311757: | 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:45.311759: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:45.311762: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:45.311764: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:16:45.311767: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:45.311769: | Message ID: 1 (0x1) Sep 21 07:16:45.311771: | length: 225 (0xe1) Sep 21 07:16:45.311774: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:16:45.311778: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:16:45.311782: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:16:45.311795: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:45.311798: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:16:45.311803: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:45.311808: | start processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:45.311810: | #2 is idle Sep 21 07:16:45.311812: | #2 idle Sep 21 07:16:45.311815: | unpacking clear payload Sep 21 07:16:45.311817: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:45.311820: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:45.311823: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:16:45.311825: | flags: none (0x0) Sep 21 07:16:45.311827: | length: 197 (0xc5) Sep 21 07:16:45.311830: | processing payload: ISAKMP_NEXT_v2SK (len=193) Sep 21 07:16:45.311833: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:16:45.311849: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:16:45.311852: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:16:45.311855: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:16:45.311857: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:16:45.311859: | flags: none (0x0) Sep 21 07:16:45.311862: | length: 12 (0xc) Sep 21 07:16:45.311864: | ID type: ID_FQDN (0x2) Sep 21 07:16:45.311866: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:16:45.311869: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:16:45.311871: | **parse IKEv2 Authentication Payload: Sep 21 07:16:45.311874: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:45.311876: | flags: none (0x0) Sep 21 07:16:45.311878: | length: 72 (0x48) Sep 21 07:16:45.311880: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:16:45.311882: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Sep 21 07:16:45.311885: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:45.311887: | **parse IKEv2 Security Association Payload: Sep 21 07:16:45.311889: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:16:45.311892: | flags: none (0x0) Sep 21 07:16:45.311896: | length: 36 (0x24) Sep 21 07:16:45.311898: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:16:45.311901: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:16:45.311903: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:45.311905: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:16:45.311908: | flags: none (0x0) Sep 21 07:16:45.311910: | length: 24 (0x18) Sep 21 07:16:45.311912: | number of TS: 1 (0x1) Sep 21 07:16:45.311915: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:16:45.311917: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:16:45.311919: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:45.311922: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.311924: | flags: none (0x0) Sep 21 07:16:45.311926: | length: 24 (0x18) Sep 21 07:16:45.311928: | number of TS: 1 (0x1) Sep 21 07:16:45.311931: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:16:45.311933: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:16:45.311936: | Now let's proceed with state specific processing Sep 21 07:16:45.311938: | calling processor Initiator: process IKE_AUTH response Sep 21 07:16:45.311944: | offered CA: '%none' Sep 21 07:16:45.311948: "northnet-eastnet/0x1" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:16:45.311990: | verifying AUTH payload Sep 21 07:16:45.311995: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Sep 21 07:16:45.311999: | started looking for secret for @north->@east of kind PKK_PSK Sep 21 07:16:45.312002: | actually looking for secret for @north->@east of kind PKK_PSK Sep 21 07:16:45.312005: | line 1: key type PKK_PSK(@north) to type PKK_PSK Sep 21 07:16:45.312009: | 1: compared key @north to @north / @east -> 010 Sep 21 07:16:45.312012: | 2: compared key @east to @north / @east -> 014 Sep 21 07:16:45.312014: | line 1: match=014 Sep 21 07:16:45.312017: | match 014 beats previous best_match 000 match=0x564cd042a660 (line=1) Sep 21 07:16:45.312020: | concluding with best_match=014 best=0x564cd042a660 (lineno=1) Sep 21 07:16:45.312085: "northnet-eastnet/0x1" #2: Authenticated using authby=secret Sep 21 07:16:45.312094: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:16:45.312098: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:16:45.312101: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:16:45.312105: | libevent_free: release ptr-libevent@0x564cd043a5d0 Sep 21 07:16:45.312107: | free_event_entry: release EVENT_SA_REPLACE-pe@0x564cd043a590 Sep 21 07:16:45.312110: | event_schedule: new EVENT_SA_REKEY-pe@0x564cd043a590 Sep 21 07:16:45.312113: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:16:45.312116: | libevent_malloc: new ptr-libevent@0x564cd043a5d0 size 128 Sep 21 07:16:45.312208: | pstats #1 ikev2.ike established Sep 21 07:16:45.312214: | TSi: parsing 1 traffic selectors Sep 21 07:16:45.312217: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:45.312219: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:45.312222: | IP Protocol ID: 0 (0x0) Sep 21 07:16:45.312224: | length: 16 (0x10) Sep 21 07:16:45.312227: | start port: 0 (0x0) Sep 21 07:16:45.312229: | end port: 65535 (0xffff) Sep 21 07:16:45.312232: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:45.312234: | TS low c0 00 03 00 Sep 21 07:16:45.312237: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:45.312239: | TS high c0 00 03 ff Sep 21 07:16:45.312241: | TSi: parsed 1 traffic selectors Sep 21 07:16:45.312244: | TSr: parsing 1 traffic selectors Sep 21 07:16:45.312246: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:45.312248: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:45.312251: | IP Protocol ID: 0 (0x0) Sep 21 07:16:45.312253: | length: 16 (0x10) Sep 21 07:16:45.312255: | start port: 0 (0x0) Sep 21 07:16:45.312259: | end port: 65535 (0xffff) Sep 21 07:16:45.312262: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:45.312264: | TS low c0 00 02 00 Sep 21 07:16:45.312267: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:45.312269: | TS high c0 00 02 ff Sep 21 07:16:45.312271: | TSr: parsed 1 traffic selectors Sep 21 07:16:45.312277: | evaluating our conn="northnet-eastnet/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:16:45.312283: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:45.312290: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:16:45.312293: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:16:45.312295: | TSi[0] port match: YES fitness 65536 Sep 21 07:16:45.312298: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:16:45.312301: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:45.312306: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:45.312311: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:16:45.312314: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:16:45.312317: | TSr[0] port match: YES fitness 65536 Sep 21 07:16:45.312319: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:16:45.312322: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:45.312325: | best fit so far: TSi[0] TSr[0] Sep 21 07:16:45.312327: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:16:45.312329: | printing contents struct traffic_selector Sep 21 07:16:45.312331: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:45.312333: | ipprotoid: 0 Sep 21 07:16:45.312336: | port range: 0-65535 Sep 21 07:16:45.312340: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:16:45.312342: | printing contents struct traffic_selector Sep 21 07:16:45.312344: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:45.312346: | ipprotoid: 0 Sep 21 07:16:45.312348: | port range: 0-65535 Sep 21 07:16:45.312352: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:16:45.312366: | using existing local ESP/AH proposals for northnet-eastnet/0x1 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:16:45.312369: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:16:45.312373: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:45.312375: | local proposal 1 type PRF has 0 transforms Sep 21 07:16:45.312378: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:45.312380: | local proposal 1 type DH has 1 transforms Sep 21 07:16:45.312383: | local proposal 1 type ESN has 1 transforms Sep 21 07:16:45.312386: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:16:45.312388: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:45.312391: | local proposal 2 type PRF has 0 transforms Sep 21 07:16:45.312393: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:45.312395: | local proposal 2 type DH has 1 transforms Sep 21 07:16:45.312398: | local proposal 2 type ESN has 1 transforms Sep 21 07:16:45.312401: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:16:45.312403: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:45.312406: | local proposal 3 type PRF has 0 transforms Sep 21 07:16:45.312408: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:45.312411: | local proposal 3 type DH has 1 transforms Sep 21 07:16:45.312413: | local proposal 3 type ESN has 1 transforms Sep 21 07:16:45.312416: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:16:45.312419: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:45.312422: | local proposal 4 type PRF has 0 transforms Sep 21 07:16:45.312424: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:45.312427: | local proposal 4 type DH has 1 transforms Sep 21 07:16:45.312429: | local proposal 4 type ESN has 1 transforms Sep 21 07:16:45.312432: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:16:45.312434: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:45.312437: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:45.312439: | length: 32 (0x20) Sep 21 07:16:45.312442: | prop #: 1 (0x1) Sep 21 07:16:45.312444: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:45.312447: | spi size: 4 (0x4) Sep 21 07:16:45.312449: | # transforms: 2 (0x2) Sep 21 07:16:45.312452: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:16:45.312454: | remote SPI 8a f9 a1 10 Sep 21 07:16:45.312457: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:16:45.312460: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:45.312463: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.312465: | length: 12 (0xc) Sep 21 07:16:45.312467: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:45.312470: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:45.312472: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:45.312475: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:45.312478: | length/value: 256 (0x100) Sep 21 07:16:45.312482: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:45.312484: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:45.312487: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:45.312489: | length: 8 (0x8) Sep 21 07:16:45.312491: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:45.312494: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:45.312497: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:16:45.312501: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:16:45.312505: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:16:45.312508: | remote proposal 1 matches local proposal 1 Sep 21 07:16:45.312510: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:16:45.312515: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=8af9a110;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:16:45.312518: | converting proposal to internal trans attrs Sep 21 07:16:45.312523: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:16:45.312685: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:16:45.312689: | could_route called for northnet-eastnet/0x1 (kind=CK_PERMANENT) Sep 21 07:16:45.312692: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:45.312695: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:45.312698: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:45.312700: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:45.312703: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:45.312708: | route owner of "northnet-eastnet/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:16:45.312711: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:45.312714: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:45.312717: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:45.312720: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:45.312724: | setting IPsec SA replay-window to 32 Sep 21 07:16:45.312729: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x1' not available on interface eth1 Sep 21 07:16:45.312732: | netlink: enabling tunnel mode Sep 21 07:16:45.312735: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:45.312737: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:45.312825: | netlink response for Add SA esp.8af9a110@192.1.2.23 included non-error error Sep 21 07:16:45.312831: | set up outgoing SA, ref=0/0 Sep 21 07:16:45.312834: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:45.312837: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:45.312839: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:45.312842: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:45.312845: | setting IPsec SA replay-window to 32 Sep 21 07:16:45.312848: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x1' not available on interface eth1 Sep 21 07:16:45.312850: | netlink: enabling tunnel mode Sep 21 07:16:45.312853: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:45.312855: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:45.312902: | netlink response for Add SA esp.edebe249@192.1.3.33 included non-error error Sep 21 07:16:45.312906: | priority calculation of connection "northnet-eastnet/0x1" is 0xfe7e7 Sep 21 07:16:45.312913: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:45.312916: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:45.312960: | raw_eroute result=success Sep 21 07:16:45.312962: | set up incoming SA, ref=0/0 Sep 21 07:16:45.312965: | sr for #2: unrouted Sep 21 07:16:45.312967: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:16:45.312970: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:45.312972: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:45.312975: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:45.312977: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:45.312980: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:45.312983: | route owner of "northnet-eastnet/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:16:45.312987: | route_and_eroute with c: northnet-eastnet/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:16:45.312990: | priority calculation of connection "northnet-eastnet/0x1" is 0xfe7e7 Sep 21 07:16:45.312997: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:16:45.312999: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:45.313021: | raw_eroute result=success Sep 21 07:16:45.313024: | running updown command "ipsec _updown" for verb up Sep 21 07:16:45.313027: | command executing up-client Sep 21 07:16:45.313053: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' S Sep 21 07:16:45.313057: | popen cmd is 1050 chars long Sep 21 07:16:45.313062: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x: Sep 21 07:16:45.313065: | cmd( 80):1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUT: Sep 21 07:16:45.313067: | cmd( 160):O_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' : Sep 21 07:16:45.313070: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Sep 21 07:16:45.313072: | cmd( 320):TO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@: Sep 21 07:16:45.313075: | cmd( 400):east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_P: Sep 21 07:16:45.313077: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Sep 21 07:16:45.313080: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRY: Sep 21 07:16:45.313082: | cmd( 640):PT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_: Sep 21 07:16:45.313085: | cmd( 720):CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PE: Sep 21 07:16:45.313087: | cmd( 800):ER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=: Sep 21 07:16:45.313090: | cmd( 880):'' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=': Sep 21 07:16:45.313092: | cmd( 960):' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8af9a110 SPI_OUT=0xedebe249 ipsec _u: Sep 21 07:16:45.313094: | cmd(1040):pdown 2>&1: Sep 21 07:16:45.325453: | route_and_eroute: firewall_notified: true Sep 21 07:16:45.325474: | running updown command "ipsec _updown" for verb prepare Sep 21 07:16:45.325478: | command executing prepare-client Sep 21 07:16:45.325507: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA Sep 21 07:16:45.325511: | popen cmd is 1055 chars long Sep 21 07:16:45.325514: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:16:45.325516: | cmd( 80):et/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33': Sep 21 07:16:45.325519: | cmd( 160): PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Sep 21 07:16:45.325521: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Sep 21 07:16:45.325523: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Sep 21 07:16:45.325526: | cmd( 400):ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Sep 21 07:16:45.325528: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Sep 21 07:16:45.325530: | cmd( 560): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+: Sep 21 07:16:45.325533: | cmd( 640):ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' P: Sep 21 07:16:45.325535: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Sep 21 07:16:45.325537: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Sep 21 07:16:45.325544: | cmd( 880):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Sep 21 07:16:45.325546: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8af9a110 SPI_OUT=0xedebe249 ips: Sep 21 07:16:45.325548: | cmd(1040):ec _updown 2>&1: Sep 21 07:16:45.334344: | running updown command "ipsec _updown" for verb route Sep 21 07:16:45.334363: | command executing route-client Sep 21 07:16:45.334398: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED= Sep 21 07:16:45.334402: | popen cmd is 1053 chars long Sep 21 07:16:45.334405: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Sep 21 07:16:45.334408: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' P: Sep 21 07:16:45.334410: | cmd( 160):LUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Sep 21 07:16:45.334413: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Sep 21 07:16:45.334415: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Sep 21 07:16:45.334417: | cmd( 400):='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUT: Sep 21 07:16:45.334420: | cmd( 480):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Sep 21 07:16:45.334422: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+EN: Sep 21 07:16:45.334425: | cmd( 640):CRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLU: Sep 21 07:16:45.334427: | cmd( 720):TO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS: Sep 21 07:16:45.334430: | cmd( 800):_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANN: Sep 21 07:16:45.334432: | cmd( 880):ER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFAC: Sep 21 07:16:45.334435: | cmd( 960):E='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8af9a110 SPI_OUT=0xedebe249 ipsec: Sep 21 07:16:45.334437: | cmd(1040): _updown 2>&1: Sep 21 07:16:45.348749: | route_and_eroute: instance "northnet-eastnet/0x1", setting eroute_owner {spd=0x564cd0435ff0,sr=0x564cd0435ff0} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:16:45.348854: | #1 spent 0.875 milliseconds in install_ipsec_sa() Sep 21 07:16:45.348866: | inR2: instance northnet-eastnet/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:16:45.348870: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:45.348873: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:16:45.348879: | libevent_free: release ptr-libevent@0x564cd043a3f0 Sep 21 07:16:45.348882: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564cd043a310 Sep 21 07:16:45.348887: | #2 spent 1.65 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:16:45.348896: | [RE]START processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:45.348903: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:16:45.348906: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:16:45.348910: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:16:45.348913: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:16:45.348919: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:16:45.348924: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:45.348927: | pstats #2 ikev2.child established Sep 21 07:16:45.348935: "northnet-eastnet/0x1" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:16:45.348946: | NAT-T: encaps is 'auto' Sep 21 07:16:45.348951: "northnet-eastnet/0x1" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x8af9a110 <0xedebe249 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:16:45.348956: | releasing whack for #2 (sock=fd@26) Sep 21 07:16:45.348959: | close_any(fd@26) (in release_whack() at state.c:654) Sep 21 07:16:45.348962: | releasing whack and unpending for parent #1 Sep 21 07:16:45.348965: | unpending state #1 connection "northnet-eastnet/0x1" Sep 21 07:16:45.348969: | delete from pending Child SA with 192.1.2.23 "northnet-eastnet/0x1" Sep 21 07:16:45.348972: | removing pending policy for no connection {0x564cd0391150} Sep 21 07:16:45.348975: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:16:45.348979: | creating state object #3 at 0x564cd0441820 Sep 21 07:16:45.348982: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:16:45.348990: | pstats #3 ikev2.child started Sep 21 07:16:45.348993: | duplicating state object #1 "northnet-eastnet/0x2" as #3 for IPSEC SA Sep 21 07:16:45.348998: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:45.349004: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:45.349010: | suspend processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:45.349014: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:45.349018: | child state #3: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA) Sep 21 07:16:45.349021: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:16:45.349024: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnet/0x2 (ESP/AH initiator emitting proposals) Sep 21 07:16:45.349030: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:16:45.349036: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:16:45.349039: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:16:45.349043: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:16:45.349047: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:45.349051: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:45.349054: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:16:45.349058: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:45.349066: "northnet-eastnet/0x2": constructed local ESP/AH proposals for northnet-eastnet/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:45.349075: | #3 schedule initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=MODP2048 Sep 21 07:16:45.349079: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x564cd043a310 Sep 21 07:16:45.349082: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Sep 21 07:16:45.349086: | libevent_malloc: new ptr-libevent@0x564cd043a3f0 size 128 Sep 21 07:16:45.349091: | RESET processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:16:45.349095: | RESET processing: from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:16:45.349099: | delete from pending Child SA with 192.1.2.23 "northnet-eastnet/0x2" Sep 21 07:16:45.349102: | removing pending policy for no connection {0x564cd039b160} Sep 21 07:16:45.349105: | close_any(fd@24) (in release_whack() at state.c:654) Sep 21 07:16:45.349109: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:16:45.349112: | event_schedule: new EVENT_SA_REKEY-pe@0x7fd73c002b20 Sep 21 07:16:45.349115: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:16:45.349118: | libevent_malloc: new ptr-libevent@0x564cd043cbe0 size 128 Sep 21 07:16:45.349121: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:45.349126: | #1 spent 2.14 milliseconds in ikev2_process_packet() Sep 21 07:16:45.349130: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:45.349132: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:45.349136: | spent 2.15 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:45.349149: | timer_event_cb: processing event@0x564cd043a310 Sep 21 07:16:45.349152: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Sep 21 07:16:45.349157: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:45.349161: | adding Child Initiator KE and nonce ni work-order 3 for state #3 Sep 21 07:16:45.349164: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564cd043a830 Sep 21 07:16:45.349167: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:16:45.349170: | libevent_malloc: new ptr-libevent@0x564cd043c7e0 size 128 Sep 21 07:16:45.349176: | libevent_free: release ptr-libevent@0x564cd043a3f0 Sep 21 07:16:45.349179: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x564cd043a310 Sep 21 07:16:45.349183: | #3 spent 0.0337 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:16:45.349183: | crypto helper 3 resuming Sep 21 07:16:45.349192: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:16:45.349198: | crypto helper 3 starting work-order 3 for state #3 Sep 21 07:16:45.349209: | processing signal PLUTO_SIGCHLD Sep 21 07:16:45.349211: | crypto helper 3 doing build KE and nonce (Child Initiator KE and nonce ni); request ID 3 Sep 21 07:16:45.349217: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:45.349223: | spent 0.00559 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:45.349225: | processing signal PLUTO_SIGCHLD Sep 21 07:16:45.349228: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:45.349232: | spent 0.00338 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:45.349234: | processing signal PLUTO_SIGCHLD Sep 21 07:16:45.349238: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:45.349241: | spent 0.00344 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:45.349993: | crypto helper 3 finished build KE and nonce (Child Initiator KE and nonce ni); request ID 3 time elapsed 0.000781 seconds Sep 21 07:16:45.350006: | (#3) spent 0.783 milliseconds in crypto helper computing work-order 3: Child Initiator KE and nonce ni (pcr) Sep 21 07:16:45.350009: | crypto helper 3 sending results from work-order 3 for state #3 to event queue Sep 21 07:16:45.350011: | scheduling resume sending helper answer for #3 Sep 21 07:16:45.350013: | libevent_malloc: new ptr-libevent@0x7fd738006900 size 128 Sep 21 07:16:45.350015: | libevent_realloc: release ptr-libevent@0x564cd0418c80 Sep 21 07:16:45.350017: | libevent_realloc: new ptr-libevent@0x564cd043c870 size 128 Sep 21 07:16:45.350024: | crypto helper 3 waiting (nothing to do) Sep 21 07:16:45.350031: | processing resume sending helper answer for #3 Sep 21 07:16:45.350039: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:45.350043: | crypto helper 3 replies to request ID 3 Sep 21 07:16:45.350045: | calling continuation function 0x564ccf5d0630 Sep 21 07:16:45.350050: | ikev2_child_outI_continue for #3 STATE_V2_CREATE_I0 Sep 21 07:16:45.350053: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:45.350056: | libevent_free: release ptr-libevent@0x564cd043c7e0 Sep 21 07:16:45.350059: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564cd043a830 Sep 21 07:16:45.350062: | event_schedule: new EVENT_SA_REPLACE-pe@0x564cd043a310 Sep 21 07:16:45.350066: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Sep 21 07:16:45.350069: | libevent_malloc: new ptr-libevent@0x564cd043c7e0 size 128 Sep 21 07:16:45.350074: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:45.350077: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:16:45.350080: | libevent_malloc: new ptr-libevent@0x564cd043a3f0 size 128 Sep 21 07:16:45.350085: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:45.350089: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND Sep 21 07:16:45.350091: | suspending state #3 and saving MD Sep 21 07:16:45.350094: | #3 is busy; has a suspended MD Sep 21 07:16:45.350098: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:45.350101: | "northnet-eastnet/0x2" #3 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:45.350104: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Sep 21 07:16:45.350109: | #3 spent 0.0643 milliseconds in resume sending helper answer Sep 21 07:16:45.350112: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:45.350114: | libevent_free: release ptr-libevent@0x7fd738006900 Sep 21 07:16:45.350118: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:16:45.350121: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:16:45.350124: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:45.350127: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:16:45.350130: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:16:45.350134: | **emit ISAKMP Message: Sep 21 07:16:45.350136: | initiator cookie: Sep 21 07:16:45.350138: | e6 a2 5a 27 64 e5 77 c8 Sep 21 07:16:45.350139: | responder cookie: Sep 21 07:16:45.350141: | 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:45.350144: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:45.350146: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:45.350148: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:16:45.350150: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:45.350152: | Message ID: 2 (0x2) Sep 21 07:16:45.350153: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:45.350156: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:45.350157: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.350159: | flags: none (0x0) Sep 21 07:16:45.350161: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:45.350163: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:16:45.350165: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:45.350183: | netlink_get_spi: allocated 0x86c7d853 for esp.0@192.1.3.33 Sep 21 07:16:45.350185: | Emitting ikev2_proposals ... Sep 21 07:16:45.350187: | ****emit IKEv2 Security Association Payload: Sep 21 07:16:45.350189: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.350190: | flags: none (0x0) Sep 21 07:16:45.350192: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:45.350194: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:45.350195: | discarding INTEG=NONE Sep 21 07:16:45.350197: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:45.350199: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:45.350200: | prop #: 1 (0x1) Sep 21 07:16:45.350202: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:45.350203: | spi size: 4 (0x4) Sep 21 07:16:45.350205: | # transforms: 3 (0x3) Sep 21 07:16:45.350206: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:45.350208: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:45.350210: | our spi 86 c7 d8 53 Sep 21 07:16:45.350212: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.350213: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350215: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:45.350217: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:45.350219: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.350221: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:45.350222: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:45.350224: | length/value: 256 (0x100) Sep 21 07:16:45.350226: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:45.350227: | discarding INTEG=NONE Sep 21 07:16:45.350228: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.350230: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350231: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.350233: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:45.350235: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350237: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.350239: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.350240: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.350241: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:45.350243: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:45.350244: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:45.350249: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350251: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.350252: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.350254: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:16:45.350256: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:45.350257: | discarding INTEG=NONE Sep 21 07:16:45.350259: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:45.350260: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:45.350261: | prop #: 2 (0x2) Sep 21 07:16:45.350263: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:45.350264: | spi size: 4 (0x4) Sep 21 07:16:45.350266: | # transforms: 3 (0x3) Sep 21 07:16:45.350268: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:45.350269: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:45.350271: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:45.350272: | our spi 86 c7 d8 53 Sep 21 07:16:45.350274: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.350275: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350277: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:45.350278: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:45.350280: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.350281: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:45.350283: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:45.350284: | length/value: 128 (0x80) Sep 21 07:16:45.350286: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:45.350287: | discarding INTEG=NONE Sep 21 07:16:45.350289: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.350290: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350292: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.350293: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:45.350295: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350296: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.350298: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.350299: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.350301: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:45.350302: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:45.350304: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:45.350305: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350307: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.350309: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.350310: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:16:45.350312: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:45.350313: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:45.350315: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:45.350317: | prop #: 3 (0x3) Sep 21 07:16:45.350318: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:45.350320: | spi size: 4 (0x4) Sep 21 07:16:45.350321: | # transforms: 5 (0x5) Sep 21 07:16:45.350323: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:45.350325: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:45.350326: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:45.350328: | our spi 86 c7 d8 53 Sep 21 07:16:45.350329: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.350331: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350332: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:45.350334: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:45.350335: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.350337: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:45.350338: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:45.350340: | length/value: 256 (0x100) Sep 21 07:16:45.350341: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:45.350343: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.350344: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350346: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:45.350347: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:45.350349: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350351: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.350352: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.350353: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.350355: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350356: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:45.350358: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:45.350359: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350361: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.350363: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.350364: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.350366: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350367: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.350368: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:45.350370: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350372: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.350373: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.350375: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.350376: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:45.350378: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:45.350379: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:45.350381: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350382: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.350385: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.350386: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:16:45.350388: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:45.350390: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:45.350391: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:45.350392: | prop #: 4 (0x4) Sep 21 07:16:45.350394: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:45.350395: | spi size: 4 (0x4) Sep 21 07:16:45.350397: | # transforms: 5 (0x5) Sep 21 07:16:45.350398: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:45.350400: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:45.350402: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:16:45.350403: | our spi 86 c7 d8 53 Sep 21 07:16:45.350405: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.350406: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350407: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:45.350409: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:45.350410: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.350412: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:45.350413: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:45.350415: | length/value: 128 (0x80) Sep 21 07:16:45.350416: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:45.350418: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.350419: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350421: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:45.350422: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:45.350424: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350426: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.350427: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.350429: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.350430: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350431: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:45.350433: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:45.350435: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350436: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.350438: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.350439: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.350441: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350442: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.350443: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:45.350445: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350447: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.350448: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.350453: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:16:45.350455: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:45.350456: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:45.350457: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:45.350459: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.350461: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:45.350462: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:45.350464: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:16:45.350465: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:45.350467: | emitting length of IKEv2 Security Association Payload: 196 Sep 21 07:16:45.350469: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:45.350470: | ****emit IKEv2 Nonce Payload: Sep 21 07:16:45.350472: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.350473: | flags: none (0x0) Sep 21 07:16:45.350475: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:45.350477: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:45.350479: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:45.350480: | IKEv2 nonce 1c 31 60 7b 52 fb 69 3e 9c fe 98 6e d8 82 39 be Sep 21 07:16:45.350482: | IKEv2 nonce 0a 57 0c 5c 97 b5 ab 15 8a 7c 58 89 c6 a0 27 48 Sep 21 07:16:45.350483: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:45.350485: | ****emit IKEv2 Key Exchange Payload: Sep 21 07:16:45.350486: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.350488: | flags: none (0x0) Sep 21 07:16:45.350489: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:45.350491: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:45.350493: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:45.350494: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:45.350496: | ikev2 g^x d2 91 fa 18 5a 8a ea 85 89 91 cd 3f 89 eb 0c f0 Sep 21 07:16:45.350497: | ikev2 g^x a3 ed d8 f6 23 91 36 d3 c4 4c b9 2e c5 d2 67 4a Sep 21 07:16:45.350499: | ikev2 g^x 7c 11 fb ff 5b 25 58 79 28 74 5d fa de 94 47 59 Sep 21 07:16:45.350500: | ikev2 g^x 30 ab 56 30 86 de 98 9b bd 82 03 3a 1a c8 3b ff Sep 21 07:16:45.350502: | ikev2 g^x cf 97 98 78 92 9e 14 31 7f 98 87 80 cd c3 22 45 Sep 21 07:16:45.350503: | ikev2 g^x 2d 2b 4f a4 c8 04 62 90 4a 8f 40 9a a6 10 22 0c Sep 21 07:16:45.350504: | ikev2 g^x 72 36 81 48 ee a1 2f dd a8 2e bb 65 60 e0 3d 2a Sep 21 07:16:45.350506: | ikev2 g^x 8d 9d 53 6e c3 a8 fa 54 3c 79 dd d5 d2 50 f3 ab Sep 21 07:16:45.350507: | ikev2 g^x ab 6c 32 ab 37 34 c1 9c 3c 19 6b d8 e0 d1 e2 34 Sep 21 07:16:45.350508: | ikev2 g^x c9 0e f2 03 d9 af f7 fd 3c 92 52 c5 c2 fa ef b2 Sep 21 07:16:45.350510: | ikev2 g^x f2 ac 9a f6 1d be 75 12 0b d0 3a 76 3a f4 4f de Sep 21 07:16:45.350511: | ikev2 g^x 3c 40 b3 2b 1c c0 a3 16 a3 28 12 ce 15 96 28 d9 Sep 21 07:16:45.350513: | ikev2 g^x 11 64 3c d4 22 f9 49 f9 53 f7 67 7a 35 16 de 3b Sep 21 07:16:45.350514: | ikev2 g^x 06 a3 6c 46 2f 79 93 65 91 7e ea de d0 7c 72 5f Sep 21 07:16:45.350515: | ikev2 g^x bd c9 b9 7e cb 32 74 a0 21 4d 35 89 bb 16 e2 ed Sep 21 07:16:45.350517: | ikev2 g^x a9 f5 8e 62 12 a5 b0 62 e1 b5 fe 8d 77 c6 c2 c3 Sep 21 07:16:45.350519: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:16:45.350521: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:45.350523: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.350524: | flags: none (0x0) Sep 21 07:16:45.350525: | number of TS: 1 (0x1) Sep 21 07:16:45.350527: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:16:45.350529: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:45.350531: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:45.350532: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:45.350534: | IP Protocol ID: 0 (0x0) Sep 21 07:16:45.350535: | start port: 0 (0x0) Sep 21 07:16:45.350537: | end port: 65535 (0xffff) Sep 21 07:16:45.350539: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:45.350540: | IP start c0 00 03 00 Sep 21 07:16:45.350542: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:45.350543: | IP end c0 00 03 ff Sep 21 07:16:45.350545: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:45.350546: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:16:45.350548: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:45.350549: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.350550: | flags: none (0x0) Sep 21 07:16:45.350552: | number of TS: 1 (0x1) Sep 21 07:16:45.350554: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:16:45.350556: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:16:45.350557: | *****emit IKEv2 Traffic Selector: Sep 21 07:16:45.350559: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:45.350560: | IP Protocol ID: 0 (0x0) Sep 21 07:16:45.350561: | start port: 0 (0x0) Sep 21 07:16:45.350563: | end port: 65535 (0xffff) Sep 21 07:16:45.350564: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:16:45.350566: | IP start c0 00 02 00 Sep 21 07:16:45.350567: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:16:45.350569: | IP end c0 00 02 ff Sep 21 07:16:45.350570: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:16:45.350571: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:16:45.350573: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:16:45.350575: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:45.350577: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:45.350579: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:45.350581: | emitting length of IKEv2 Encryption Payload: 573 Sep 21 07:16:45.350582: | emitting length of ISAKMP Message: 601 Sep 21 07:16:45.350595: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:45.350598: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_OK Sep 21 07:16:45.350600: | IKEv2: transition from state STATE_V2_CREATE_I0 to state STATE_V2_CREATE_I Sep 21 07:16:45.350602: | child state #3: V2_CREATE_I0(established IKE SA) => V2_CREATE_I(established IKE SA) Sep 21 07:16:45.350604: | Message ID: updating counters for #3 to 4294967295 after switching state Sep 21 07:16:45.350606: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:16:45.350609: | Message ID: sent #1.#3 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1 Sep 21 07:16:45.350612: "northnet-eastnet/0x2" #3: STATE_V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:16:45.350621: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:16:45.350627: | sending 601 bytes for STATE_V2_CREATE_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:45.350630: | e6 a2 5a 27 64 e5 77 c8 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:45.350632: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Sep 21 07:16:45.350634: | 17 2f 55 6a 2f 1b 12 4b ef 8a 79 65 92 cb 0a 73 Sep 21 07:16:45.350635: | ea 7d 43 cf 27 a5 77 0a 0a 78 cc 28 b0 01 53 44 Sep 21 07:16:45.350637: | f5 71 43 25 67 84 b9 41 90 03 37 6c 48 f2 d7 84 Sep 21 07:16:45.350638: | d8 ea 86 e3 71 03 b7 96 91 7f 49 01 c0 31 fa 77 Sep 21 07:16:45.350639: | 65 c6 2b fc 7f 22 35 a9 f6 80 82 15 3e c8 e1 1c Sep 21 07:16:45.350641: | e9 93 f0 cb 15 d1 20 0f cd bd 42 d4 bd ae b0 1a Sep 21 07:16:45.350642: | 66 99 d9 1b cf 2b 1b a9 54 1e 28 e1 20 05 17 a1 Sep 21 07:16:45.350644: | 6b 4b 48 f4 98 23 a1 4a 27 fe a3 72 51 19 ca 90 Sep 21 07:16:45.350645: | dd a3 ad 4a 9e a0 47 07 09 9f 72 1a 28 34 ea d3 Sep 21 07:16:45.350646: | 70 fe fe df 14 f1 97 79 b8 ff 90 27 f7 0a 98 a8 Sep 21 07:16:45.350648: | 06 b7 03 14 80 42 c0 70 46 fe 20 2a 67 a5 e6 44 Sep 21 07:16:45.350649: | eb 3e 29 8d 40 91 d1 57 99 94 00 54 55 fc 6d 16 Sep 21 07:16:45.350650: | 76 9e 3b ab 16 42 3a 67 d7 77 67 75 6b 87 1d c8 Sep 21 07:16:45.350652: | 74 7e af 5f 7d cb bd 01 bb af 79 df a2 5f 2f f4 Sep 21 07:16:45.350653: | 6a b5 89 e5 40 c2 0a 62 52 c5 62 da d9 43 cf 77 Sep 21 07:16:45.350654: | 48 4e 7c 81 e6 a5 2e 9e 17 e2 9c a9 cc 41 17 df Sep 21 07:16:45.350656: | 81 df 1b d5 d9 ed b3 4d 57 9d 19 d5 60 dc 76 98 Sep 21 07:16:45.350657: | 35 99 f6 06 c5 d3 aa 00 63 b3 81 40 99 90 14 9f Sep 21 07:16:45.350658: | bf 9e 4e ac 11 85 73 5a 59 15 41 e5 c7 10 91 df Sep 21 07:16:45.350660: | cf 7e 8b b6 3c 3e 46 cd 98 9c cb f3 8c 5b cb ac Sep 21 07:16:45.350661: | b9 f9 2f 8d 9e 1e b2 f4 2c f9 6b 0d ed d7 ce d2 Sep 21 07:16:45.350662: | dc 3e 2f 74 3f 82 77 13 1b b5 bd d8 72 ae e8 c9 Sep 21 07:16:45.350664: | af e7 d9 87 3a 69 b8 9f 15 75 ae f2 80 24 78 c0 Sep 21 07:16:45.350665: | 0b 83 2a 1b 6c 16 d5 ee 22 89 38 ef c4 2d 1a 91 Sep 21 07:16:45.350666: | 48 2f 9f 1b ad 78 67 f9 9f d9 c6 13 32 37 a9 4e Sep 21 07:16:45.350668: | 6e 54 2e e7 99 41 99 03 01 18 56 ff 45 58 62 5c Sep 21 07:16:45.350669: | ac fa a0 c1 3b 42 ec d6 86 8f 42 03 e7 5a 86 d2 Sep 21 07:16:45.350670: | 1f 17 da 0f 4a 6b f6 91 81 98 1a 85 b3 c3 85 2f Sep 21 07:16:45.350672: | 9c f9 88 20 8b aa a9 31 4c 5b f6 9c bf 3c c0 2b Sep 21 07:16:45.350673: | a1 55 9c e4 86 e7 7a b7 55 2b 99 b8 43 64 95 70 Sep 21 07:16:45.350675: | 1d 51 05 f3 af ce 70 f4 f5 08 4a 42 88 cd a8 c2 Sep 21 07:16:45.350676: | ef fb 50 a3 49 19 80 cb 2c 79 1f c9 b6 9e 13 8a Sep 21 07:16:45.350677: | c1 d5 6d c1 32 10 ea e6 e8 e9 40 65 db c1 03 73 Sep 21 07:16:45.350679: | 7b 2e 93 db 77 0c 7a 8a 59 73 60 30 65 c3 a3 56 Sep 21 07:16:45.350680: | 81 35 45 6b 7f 8b f8 4f fe 9e 02 0c f5 a1 1c e5 Sep 21 07:16:45.350681: | 5b 2f bd 0d 6a cb 73 7c a1 Sep 21 07:16:45.350722: | state #3 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:16:45.350726: | libevent_free: release ptr-libevent@0x564cd043c7e0 Sep 21 07:16:45.350728: | free_event_entry: release EVENT_SA_REPLACE-pe@0x564cd043a310 Sep 21 07:16:45.350731: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:16:45.350734: "northnet-eastnet/0x2" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:16:45.350741: | event_schedule: new EVENT_RETRANSMIT-pe@0x564cd043a310 Sep 21 07:16:45.350744: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #3 Sep 21 07:16:45.350747: | libevent_malloc: new ptr-libevent@0x564cd043c7e0 size 128 Sep 21 07:16:45.350751: | #3 STATE_V2_CREATE_I: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48851.719005 Sep 21 07:16:45.350759: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:16:45.350763: | resume processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:16:45.350768: | #1 spent 0.621 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:16:45.350773: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:16:45.350776: | libevent_free: release ptr-libevent@0x564cd043a3f0 Sep 21 07:16:45.354594: | spent 0.00276 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:45.354616: | *received 449 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:45.354621: | e6 a2 5a 27 64 e5 77 c8 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:45.354623: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Sep 21 07:16:45.354626: | 8b 1d bb c0 ad 5e 68 b7 c2 77 76 c8 3f 99 d9 77 Sep 21 07:16:45.354628: | de d7 0b c1 9e 7d c6 ad af 7e 73 7d bd c6 93 4f Sep 21 07:16:45.354630: | 41 bc 88 99 fc 56 dc 7e e7 94 cb b7 c6 93 da 9c Sep 21 07:16:45.354633: | 26 d3 08 c2 e1 ac 26 c6 e3 40 f7 fe 0d 57 11 21 Sep 21 07:16:45.354635: | 80 c5 8b af fd a2 2c bc b5 e1 ab 65 1b e2 4c 1a Sep 21 07:16:45.354637: | 8d 88 38 33 0b cf 80 50 0b ff 12 ce 60 73 bd 6f Sep 21 07:16:45.354640: | 41 62 73 54 10 13 3b 0e e4 5b 4e dc b6 7f 6c c1 Sep 21 07:16:45.354642: | 90 57 c0 6c 7e 96 33 09 79 42 8e 7b cc 99 a5 6e Sep 21 07:16:45.354644: | 0b 73 fb a6 82 89 fd d0 a3 bc 42 92 7f 22 5e 9d Sep 21 07:16:45.354647: | 3a 40 a1 09 08 7a c9 c6 d0 9a 65 b3 7e 83 4a bd Sep 21 07:16:45.354649: | ac 93 88 c8 ac 07 a6 e7 11 c0 a6 d6 3c 33 ba 42 Sep 21 07:16:45.354651: | 2b 52 cb 9e 6d 77 c3 c5 69 71 54 41 63 98 6d 37 Sep 21 07:16:45.354654: | 69 b2 8c 86 6b 79 16 a7 25 fb 84 3f 06 78 86 bf Sep 21 07:16:45.354656: | 4f 3b b7 39 d8 88 2d 9d 9d 24 1e 81 f9 92 9f 87 Sep 21 07:16:45.354658: | 9c 54 82 dc 90 88 20 14 c9 ae 5a f2 d0 ef 30 d3 Sep 21 07:16:45.354660: | a6 01 4c 47 2d a5 58 26 93 04 b8 a9 c8 e8 a2 96 Sep 21 07:16:45.354663: | 5e 6e 40 5b a5 54 02 ae 94 42 f1 f7 34 91 5e 79 Sep 21 07:16:45.354665: | b6 84 54 1e 8f 7e ac 7e 80 c7 a0 6c a1 ac 46 f3 Sep 21 07:16:45.354667: | 01 67 ee 98 f2 f4 a3 4f 23 ee 31 9c be 22 65 b7 Sep 21 07:16:45.354670: | 3a 4a 32 6e fa 0d 6d 08 c8 2c 58 8c fe 5b 6c 21 Sep 21 07:16:45.354672: | 2c 18 9b 16 1a 54 d7 a9 16 7f 92 ba 1a 66 b0 a9 Sep 21 07:16:45.354674: | 61 54 c5 1b 9c bb 4a 94 f9 f7 99 cc f7 f1 4b ff Sep 21 07:16:45.354677: | 57 26 d0 f7 df ad 73 ed 41 bc 31 e4 86 1d f2 83 Sep 21 07:16:45.354679: | b9 b4 cd 3a b7 74 cc 84 26 cb 5a 05 ca e8 ce e1 Sep 21 07:16:45.354681: | 82 88 6e 2a ff d8 b9 f0 50 db 84 5f 3d 41 e7 57 Sep 21 07:16:45.354683: | 7c cf 5f 39 ef a2 53 ae 6a a6 c8 23 39 2d c8 2e Sep 21 07:16:45.354685: | 52 Sep 21 07:16:45.354690: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:45.354694: | **parse ISAKMP Message: Sep 21 07:16:45.354697: | initiator cookie: Sep 21 07:16:45.354699: | e6 a2 5a 27 64 e5 77 c8 Sep 21 07:16:45.354701: | responder cookie: Sep 21 07:16:45.354703: | 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:45.354705: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:45.354707: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:45.354709: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:16:45.354710: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:16:45.354712: | Message ID: 2 (0x2) Sep 21 07:16:45.354713: | length: 449 (0x1c1) Sep 21 07:16:45.354715: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Sep 21 07:16:45.354718: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Sep 21 07:16:45.354723: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:16:45.354728: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:45.354730: | State DB: found IKEv2 state #3 in V2_CREATE_I (find_v2_sa_by_initiator_wip) Sep 21 07:16:45.354733: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:45.354735: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:16:45.354737: | #3 is idle Sep 21 07:16:45.354738: | #3 idle Sep 21 07:16:45.354740: | unpacking clear payload Sep 21 07:16:45.354741: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:45.354743: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:45.354745: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:16:45.354746: | flags: none (0x0) Sep 21 07:16:45.354748: | length: 421 (0x1a5) Sep 21 07:16:45.354749: | processing payload: ISAKMP_NEXT_v2SK (len=417) Sep 21 07:16:45.354751: | #3 in state V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:16:45.354764: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Sep 21 07:16:45.354766: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:16:45.354768: | **parse IKEv2 Security Association Payload: Sep 21 07:16:45.354769: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:16:45.354771: | flags: none (0x0) Sep 21 07:16:45.354774: | length: 44 (0x2c) Sep 21 07:16:45.354779: | processing payload: ISAKMP_NEXT_v2SA (len=40) Sep 21 07:16:45.354782: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:16:45.354797: | **parse IKEv2 Nonce Payload: Sep 21 07:16:45.354800: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:16:45.354803: | flags: none (0x0) Sep 21 07:16:45.354805: | length: 36 (0x24) Sep 21 07:16:45.354808: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:16:45.354811: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:16:45.354814: | **parse IKEv2 Key Exchange Payload: Sep 21 07:16:45.354817: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:16:45.354819: | flags: none (0x0) Sep 21 07:16:45.354822: | length: 264 (0x108) Sep 21 07:16:45.354824: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:45.354827: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:16:45.354830: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:16:45.354833: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:16:45.354836: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:16:45.354838: | flags: none (0x0) Sep 21 07:16:45.354840: | length: 24 (0x18) Sep 21 07:16:45.354843: | number of TS: 1 (0x1) Sep 21 07:16:45.354846: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:16:45.354849: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:16:45.354851: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:16:45.354854: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:45.354857: | flags: none (0x0) Sep 21 07:16:45.354860: | length: 24 (0x18) Sep 21 07:16:45.354862: | number of TS: 1 (0x1) Sep 21 07:16:45.354866: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:16:45.354869: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:16:45.354876: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:16:45.354879: | forcing ST #3 to CHILD #1.#3 in FSM processor Sep 21 07:16:45.354882: | Now let's proceed with state specific processing Sep 21 07:16:45.354885: | calling processor Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:16:45.354904: | using existing local ESP/AH proposals for northnet-eastnet/0x2 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:45.354911: | Comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:16:45.354916: | local proposal 1 type ENCR has 1 transforms Sep 21 07:16:45.354918: | local proposal 1 type PRF has 0 transforms Sep 21 07:16:45.354921: | local proposal 1 type INTEG has 1 transforms Sep 21 07:16:45.354923: | local proposal 1 type DH has 1 transforms Sep 21 07:16:45.354925: | local proposal 1 type ESN has 1 transforms Sep 21 07:16:45.354928: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Sep 21 07:16:45.354930: | local proposal 2 type ENCR has 1 transforms Sep 21 07:16:45.354933: | local proposal 2 type PRF has 0 transforms Sep 21 07:16:45.354934: | local proposal 2 type INTEG has 1 transforms Sep 21 07:16:45.354936: | local proposal 2 type DH has 1 transforms Sep 21 07:16:45.354937: | local proposal 2 type ESN has 1 transforms Sep 21 07:16:45.354939: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Sep 21 07:16:45.354941: | local proposal 3 type ENCR has 1 transforms Sep 21 07:16:45.354942: | local proposal 3 type PRF has 0 transforms Sep 21 07:16:45.354944: | local proposal 3 type INTEG has 2 transforms Sep 21 07:16:45.354945: | local proposal 3 type DH has 1 transforms Sep 21 07:16:45.354947: | local proposal 3 type ESN has 1 transforms Sep 21 07:16:45.354948: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:16:45.354950: | local proposal 4 type ENCR has 1 transforms Sep 21 07:16:45.354951: | local proposal 4 type PRF has 0 transforms Sep 21 07:16:45.354953: | local proposal 4 type INTEG has 2 transforms Sep 21 07:16:45.354954: | local proposal 4 type DH has 1 transforms Sep 21 07:16:45.354956: | local proposal 4 type ESN has 1 transforms Sep 21 07:16:45.354957: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:16:45.354959: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:16:45.354961: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:45.354962: | length: 40 (0x28) Sep 21 07:16:45.354964: | prop #: 1 (0x1) Sep 21 07:16:45.354965: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:16:45.354967: | spi size: 4 (0x4) Sep 21 07:16:45.354968: | # transforms: 3 (0x3) Sep 21 07:16:45.354970: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:16:45.354972: | remote SPI dc ea d3 5a Sep 21 07:16:45.354974: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:16:45.354976: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:45.354977: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.354978: | length: 12 (0xc) Sep 21 07:16:45.354980: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:45.354982: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:45.354983: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:16:45.354985: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:45.354986: | length/value: 256 (0x100) Sep 21 07:16:45.354990: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:16:45.354991: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:45.354993: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:45.354994: | length: 8 (0x8) Sep 21 07:16:45.354996: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:45.354997: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:45.354999: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:16:45.355001: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:16:45.355002: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:45.355005: | length: 8 (0x8) Sep 21 07:16:45.355007: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:16:45.355008: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:16:45.355010: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:16:45.355012: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Sep 21 07:16:45.355015: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Sep 21 07:16:45.355017: | remote proposal 1 matches local proposal 1 Sep 21 07:16:45.355018: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Sep 21 07:16:45.355022: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=dcead35a;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Sep 21 07:16:45.355023: | converting proposal to internal trans attrs Sep 21 07:16:45.355027: | updating #3's .st_oakley with preserved PRF, but why update? Sep 21 07:16:45.355032: | adding ikev2 Child SA initiator pfs=yes work-order 4 for state #3 Sep 21 07:16:45.355034: | state #3 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:45.355036: | #3 STATE_V2_CREATE_I: retransmits: cleared Sep 21 07:16:45.355039: | libevent_free: release ptr-libevent@0x564cd043c7e0 Sep 21 07:16:45.355041: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564cd043a310 Sep 21 07:16:45.355042: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564cd043a310 Sep 21 07:16:45.355045: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:16:45.355046: | libevent_malloc: new ptr-libevent@0x564cd043c7e0 size 128 Sep 21 07:16:45.355054: | #3 spent 0.164 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Sep 21 07:16:45.355058: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:45.355060: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_SUSPEND Sep 21 07:16:45.355061: | crypto helper 4 resuming Sep 21 07:16:45.355062: | suspending state #3 and saving MD Sep 21 07:16:45.355072: | crypto helper 4 starting work-order 4 for state #3 Sep 21 07:16:45.355074: | #3 is busy; has a suspended MD Sep 21 07:16:45.355079: | crypto helper 4 doing crypto (ikev2 Child SA initiator pfs=yes); request ID 4 Sep 21 07:16:45.355081: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:45.355084: | "northnet-eastnet/0x2" #3 complete v2 state STATE_V2_CREATE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:45.355087: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:45.355090: | #1 spent 0.469 milliseconds in ikev2_process_packet() Sep 21 07:16:45.355093: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:45.355094: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:45.355096: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:45.355099: | spent 0.478 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:45.355839: | crypto helper 4 finished crypto (ikev2 Child SA initiator pfs=yes); request ID 4 time elapsed 0.000759 seconds Sep 21 07:16:45.355849: | (#3) spent 0.766 milliseconds in crypto helper computing work-order 4: ikev2 Child SA initiator pfs=yes (dh) Sep 21 07:16:45.355853: | crypto helper 4 sending results from work-order 4 for state #3 to event queue Sep 21 07:16:45.355856: | scheduling resume sending helper answer for #3 Sep 21 07:16:45.355859: | libevent_malloc: new ptr-libevent@0x7fd72c001ef0 size 128 Sep 21 07:16:45.355866: | crypto helper 4 waiting (nothing to do) Sep 21 07:16:45.355870: | processing resume sending helper answer for #3 Sep 21 07:16:45.355876: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:45.355879: | crypto helper 4 replies to request ID 4 Sep 21 07:16:45.355880: | calling continuation function 0x564ccf5d14f0 Sep 21 07:16:45.355882: | ikev2_child_inR_continue for #3 STATE_V2_CREATE_I Sep 21 07:16:45.355884: | TSi: parsing 1 traffic selectors Sep 21 07:16:45.355886: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:45.355887: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:45.355889: | IP Protocol ID: 0 (0x0) Sep 21 07:16:45.355890: | length: 16 (0x10) Sep 21 07:16:45.355892: | start port: 0 (0x0) Sep 21 07:16:45.355893: | end port: 65535 (0xffff) Sep 21 07:16:45.355895: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:45.355897: | TS low c0 00 03 00 Sep 21 07:16:45.355898: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:45.355900: | TS high c0 00 03 ff Sep 21 07:16:45.355901: | TSi: parsed 1 traffic selectors Sep 21 07:16:45.355903: | TSr: parsing 1 traffic selectors Sep 21 07:16:45.355904: | ***parse IKEv2 Traffic Selector: Sep 21 07:16:45.355906: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:16:45.355907: | IP Protocol ID: 0 (0x0) Sep 21 07:16:45.355909: | length: 16 (0x10) Sep 21 07:16:45.355910: | start port: 0 (0x0) Sep 21 07:16:45.355911: | end port: 65535 (0xffff) Sep 21 07:16:45.355913: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:16:45.355914: | TS low c0 00 02 00 Sep 21 07:16:45.355916: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:16:45.355917: | TS high c0 00 02 ff Sep 21 07:16:45.355918: | TSr: parsed 1 traffic selectors Sep 21 07:16:45.355922: | evaluating our conn="northnet-eastnet/0x2" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:16:45.355925: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:45.355929: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:16:45.355931: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:16:45.355933: | TSi[0] port match: YES fitness 65536 Sep 21 07:16:45.355935: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:16:45.355937: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:45.355939: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:16:45.355942: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:16:45.355944: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:16:45.355946: | TSr[0] port match: YES fitness 65536 Sep 21 07:16:45.355947: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:16:45.355949: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:16:45.355950: | best fit so far: TSi[0] TSr[0] Sep 21 07:16:45.355952: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:16:45.355953: | printing contents struct traffic_selector Sep 21 07:16:45.355954: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:45.355956: | ipprotoid: 0 Sep 21 07:16:45.355957: | port range: 0-65535 Sep 21 07:16:45.355959: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:16:45.355961: | printing contents struct traffic_selector Sep 21 07:16:45.355962: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:16:45.355963: | ipprotoid: 0 Sep 21 07:16:45.355965: | port range: 0-65535 Sep 21 07:16:45.355967: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:16:45.355970: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:16:45.356088: | install_ipsec_sa() for #3: inbound and outbound Sep 21 07:16:45.356092: | could_route called for northnet-eastnet/0x2 (kind=CK_PERMANENT) Sep 21 07:16:45.356094: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:45.356096: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:45.356099: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:45.356101: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:45.356103: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:45.356106: | route owner of "northnet-eastnet/0x2" unrouted: "northnet-eastnet/0x1" erouted; eroute owner: "northnet-eastnet/0x1" erouted Sep 21 07:16:45.356108: | overlapping permitted with "northnet-eastnet/0x1" #2 Sep 21 07:16:45.356110: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:45.356112: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:45.356114: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:45.356116: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:45.356118: | setting IPsec SA replay-window to 32 Sep 21 07:16:45.356120: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x2' not available on interface eth1 Sep 21 07:16:45.356122: | netlink: enabling tunnel mode Sep 21 07:16:45.356124: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:45.356126: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:45.356182: | netlink response for Add SA esp.dcead35a@192.1.2.23 included non-error error Sep 21 07:16:45.356186: | set up outgoing SA, ref=0/0 Sep 21 07:16:45.356192: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:16:45.356196: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:16:45.356199: | AES_GCM_16 requires 4 salt bytes Sep 21 07:16:45.356202: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:16:45.356206: | setting IPsec SA replay-window to 32 Sep 21 07:16:45.356210: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x2' not available on interface eth1 Sep 21 07:16:45.356213: | netlink: enabling tunnel mode Sep 21 07:16:45.356216: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:16:45.356219: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:16:45.356262: | netlink response for Add SA esp.86c7d853@192.1.3.33 included non-error error Sep 21 07:16:45.356267: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Sep 21 07:16:45.356278: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:45.356283: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:45.356330: | raw_eroute result=success Sep 21 07:16:45.356335: | set up incoming SA, ref=0/0 Sep 21 07:16:45.356338: | sr for #3: unrouted Sep 21 07:16:45.356343: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:16:45.356348: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:45.356351: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:45.356355: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:45.356358: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:45.356362: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:45.356368: | route owner of "northnet-eastnet/0x2" unrouted: "northnet-eastnet/0x1" erouted; eroute owner: "northnet-eastnet/0x1" erouted Sep 21 07:16:45.356373: | route_and_eroute with c: northnet-eastnet/0x2 (next: none) ero:northnet-eastnet/0x1 esr:{0x564cd0435ff0} ro:northnet-eastnet/0x1 rosr:{0x564cd0435ff0} and state: #3 Sep 21 07:16:45.356377: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Sep 21 07:16:45.356388: | eroute_connection replace eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Sep 21 07:16:45.356394: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:45.356422: | raw_eroute result=success Sep 21 07:16:45.356427: | running updown command "ipsec _updown" for verb up Sep 21 07:16:45.356430: | command executing up-client Sep 21 07:16:45.356465: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' S Sep 21 07:16:45.356472: | popen cmd is 1050 chars long Sep 21 07:16:45.356476: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x: Sep 21 07:16:45.356480: | cmd( 80):2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUT: Sep 21 07:16:45.356483: | cmd( 160):O_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' : Sep 21 07:16:45.356487: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Sep 21 07:16:45.356490: | cmd( 320):TO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@: Sep 21 07:16:45.356494: | cmd( 400):east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_P: Sep 21 07:16:45.356497: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Sep 21 07:16:45.356539: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRY: Sep 21 07:16:45.356543: | cmd( 640):PT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_: Sep 21 07:16:45.356545: | cmd( 720):CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PE: Sep 21 07:16:45.356546: | cmd( 800):ER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=: Sep 21 07:16:45.356548: | cmd( 880):'' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=': Sep 21 07:16:45.356549: | cmd( 960):' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdcead35a SPI_OUT=0x86c7d853 ipsec _u: Sep 21 07:16:45.356551: | cmd(1040):pdown 2>&1: Sep 21 07:16:45.372150: | route_and_eroute: firewall_notified: true Sep 21 07:16:45.372169: | route_and_eroute: instance "northnet-eastnet/0x2", setting eroute_owner {spd=0x564cd0436fc0,sr=0x564cd0436fc0} to #3 (was #0) (newest_ipsec_sa=#0) Sep 21 07:16:45.372255: | #1 spent 0.621 milliseconds in install_ipsec_sa() Sep 21 07:16:45.372263: | inR2: instance northnet-eastnet/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Sep 21 07:16:45.372266: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:45.372272: | libevent_free: release ptr-libevent@0x564cd043c7e0 Sep 21 07:16:45.372275: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564cd043a310 Sep 21 07:16:45.372284: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:45.372288: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_OK Sep 21 07:16:45.372292: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Sep 21 07:16:45.372295: | child state #3: V2_CREATE_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:16:45.372298: | Message ID: updating counters for #3 to 2 after switching state Sep 21 07:16:45.372303: | Message ID: recv #1.#3 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1; child: wip.initiator=2->-1 wip.responder=-1 Sep 21 07:16:45.372308: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:45.372315: | pstats #3 ikev2.child established Sep 21 07:16:45.372323: "northnet-eastnet/0x2" #3: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:16:45.372335: | NAT-T: encaps is 'auto' Sep 21 07:16:45.372341: "northnet-eastnet/0x2" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xdcead35a <0x86c7d853 xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Sep 21 07:16:45.372346: | releasing whack for #3 (sock=fd@25) Sep 21 07:16:45.372353: | close_any(fd@25) (in release_whack() at state.c:654) Sep 21 07:16:45.372355: | releasing whack and unpending for parent #1 Sep 21 07:16:45.372358: | unpending state #1 connection "northnet-eastnet/0x2" Sep 21 07:16:45.372363: | #3 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Sep 21 07:16:45.372366: | event_schedule: new EVENT_SA_REKEY-pe@0x564cd043a310 Sep 21 07:16:45.372369: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #3 Sep 21 07:16:45.372372: | libevent_malloc: new ptr-libevent@0x564cd043c7e0 size 128 Sep 21 07:16:45.372379: | #3 spent 0.959 milliseconds in resume sending helper answer Sep 21 07:16:45.372384: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:45.372387: | libevent_free: release ptr-libevent@0x7fd72c001ef0 Sep 21 07:16:45.372398: | processing signal PLUTO_SIGCHLD Sep 21 07:16:45.372403: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:45.372408: | spent 0.00508 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:47.712494: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:47.712542: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:16:47.712546: | FOR_EACH_STATE_... in sort_states Sep 21 07:16:47.712553: | get_sa_info esp.edebe249@192.1.3.33 Sep 21 07:16:47.712567: | get_sa_info esp.8af9a110@192.1.2.23 Sep 21 07:16:47.712583: | get_sa_info esp.86c7d853@192.1.3.33 Sep 21 07:16:47.712590: | get_sa_info esp.dcead35a@192.1.2.23 Sep 21 07:16:47.712605: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:47.712611: | spent 0.124 milliseconds in whack Sep 21 07:16:48.944376: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:48.944395: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:16:48.944413: | FOR_EACH_STATE_... in sort_states Sep 21 07:16:48.944419: | get_sa_info esp.edebe249@192.1.3.33 Sep 21 07:16:48.944431: | get_sa_info esp.8af9a110@192.1.2.23 Sep 21 07:16:48.944455: | get_sa_info esp.86c7d853@192.1.3.33 Sep 21 07:16:48.944473: | get_sa_info esp.dcead35a@192.1.2.23 Sep 21 07:16:48.944483: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:48.944489: | spent 0.132 milliseconds in whack Sep 21 07:16:49.213588: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:49.213771: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:49.213775: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:16:49.213861: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:16:49.213866: | FOR_EACH_STATE_... in sort_states Sep 21 07:16:49.213873: | get_sa_info esp.edebe249@192.1.3.33 Sep 21 07:16:49.213885: | get_sa_info esp.8af9a110@192.1.2.23 Sep 21 07:16:49.213897: | get_sa_info esp.86c7d853@192.1.3.33 Sep 21 07:16:49.213903: | get_sa_info esp.dcead35a@192.1.2.23 Sep 21 07:16:49.213917: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:16:49.213923: | spent 0.33 milliseconds in whack Sep 21 07:16:49.543700: | spent 0.00258 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:49.543718: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:49.543723: | e6 a2 5a 27 64 e5 77 c8 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:49.543724: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:16:49.543726: | 2d 76 25 cf cd d4 81 82 64 ed b2 c9 f8 08 e6 23 Sep 21 07:16:49.543727: | 92 78 8a e1 e1 bf 80 67 41 bf db 08 a7 ad 0d 51 Sep 21 07:16:49.543729: | bf bf b2 1d 33 Sep 21 07:16:49.543732: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:49.543734: | **parse ISAKMP Message: Sep 21 07:16:49.543736: | initiator cookie: Sep 21 07:16:49.543737: | e6 a2 5a 27 64 e5 77 c8 Sep 21 07:16:49.543739: | responder cookie: Sep 21 07:16:49.543740: | 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:49.543742: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:49.543744: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:49.543745: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:49.543747: | flags: none (0x0) Sep 21 07:16:49.543748: | Message ID: 0 (0x0) Sep 21 07:16:49.543750: | length: 69 (0x45) Sep 21 07:16:49.543751: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:16:49.543754: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:16:49.543757: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:16:49.543761: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:49.543763: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:16:49.543766: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:16:49.543768: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:16:49.543772: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Sep 21 07:16:49.543774: | unpacking clear payload Sep 21 07:16:49.543776: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:49.543779: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:49.543782: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:16:49.543793: | flags: none (0x0) Sep 21 07:16:49.543799: | length: 41 (0x29) Sep 21 07:16:49.543803: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:16:49.543809: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:16:49.543812: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:16:49.543829: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:16:49.543832: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:16:49.543835: | **parse IKEv2 Delete Payload: Sep 21 07:16:49.543838: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:49.543841: | flags: none (0x0) Sep 21 07:16:49.543844: | length: 12 (0xc) Sep 21 07:16:49.543847: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:49.543849: | SPI size: 4 (0x4) Sep 21 07:16:49.543852: | number of SPIs: 1 (0x1) Sep 21 07:16:49.543855: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:16:49.543858: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:16:49.543861: | Now let's proceed with state specific processing Sep 21 07:16:49.543863: | calling processor I3: INFORMATIONAL Request Sep 21 07:16:49.543867: | an informational request should send a response Sep 21 07:16:49.543872: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:16:49.543874: | **emit ISAKMP Message: Sep 21 07:16:49.543876: | initiator cookie: Sep 21 07:16:49.543877: | e6 a2 5a 27 64 e5 77 c8 Sep 21 07:16:49.543879: | responder cookie: Sep 21 07:16:49.543880: | 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:49.543882: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:49.543883: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:49.543887: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:49.543889: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:16:49.543890: | Message ID: 0 (0x0) Sep 21 07:16:49.543892: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:49.543894: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:49.543895: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:49.543897: | flags: none (0x0) Sep 21 07:16:49.543899: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:49.543900: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:49.543903: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:49.543908: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:16:49.543909: | SPI dc ea d3 5a Sep 21 07:16:49.543911: | delete PROTO_v2_ESP SA(0xdcead35a) Sep 21 07:16:49.543913: | v2 CHILD SA #3 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:16:49.543915: | State DB: found IKEv2 state #3 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:16:49.543916: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xdcead35a) Sep 21 07:16:49.543918: "northnet-eastnet/0x2" #1: received Delete SA payload: replace IPsec State #3 now Sep 21 07:16:49.543920: | state #3 requesting EVENT_SA_REKEY to be deleted Sep 21 07:16:49.543923: | libevent_free: release ptr-libevent@0x564cd043c7e0 Sep 21 07:16:49.543929: | free_event_entry: release EVENT_SA_REKEY-pe@0x564cd043a310 Sep 21 07:16:49.543933: | event_schedule: new EVENT_SA_REPLACE-pe@0x564cd043a310 Sep 21 07:16:49.543937: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3 Sep 21 07:16:49.543940: | libevent_malloc: new ptr-libevent@0x564cd043c7e0 size 128 Sep 21 07:16:49.543944: | ****emit IKEv2 Delete Payload: Sep 21 07:16:49.543947: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:49.543949: | flags: none (0x0) Sep 21 07:16:49.543952: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:49.543954: | SPI size: 4 (0x4) Sep 21 07:16:49.543956: | number of SPIs: 1 (0x1) Sep 21 07:16:49.543959: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:16:49.543962: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:49.543965: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:16:49.543968: | local SPIs 86 c7 d8 53 Sep 21 07:16:49.543970: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:16:49.543973: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:49.543976: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:49.543979: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:49.543981: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:16:49.543984: | emitting length of ISAKMP Message: 69 Sep 21 07:16:49.543998: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:49.544001: | e6 a2 5a 27 64 e5 77 c8 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:49.544003: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:16:49.544006: | e9 b8 e0 fd a8 9f 83 b5 15 68 00 3a 16 8d c3 4e Sep 21 07:16:49.544008: | e6 36 d9 b0 28 03 af 5f 0c 4c 1b 5b 20 ca 3e a0 Sep 21 07:16:49.544010: | 81 51 cf 0e 77 Sep 21 07:16:49.544041: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:16:49.544053: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:16:49.544059: | #1 spent 0.175 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:16:49.544065: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:49.544068: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:16:49.544071: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:16:49.544075: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:16:49.544079: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:49.544082: "northnet-eastnet/0x2" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:16:49.544087: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:49.544091: | #1 spent 0.358 milliseconds in ikev2_process_packet() Sep 21 07:16:49.544095: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:49.544098: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:49.544101: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:49.544105: | spent 0.372 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:49.544111: | timer_event_cb: processing event@0x564cd043a310 Sep 21 07:16:49.544114: | handling event EVENT_SA_REPLACE for child state #3 Sep 21 07:16:49.544119: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:49.544123: | picked newest_ipsec_sa #3 for #3 Sep 21 07:16:49.544125: | replacing stale CHILD SA Sep 21 07:16:49.544127: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:16:49.544129: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:49.544131: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:16:49.544134: | creating state object #4 at 0x564cd0443e50 Sep 21 07:16:49.544136: | State DB: adding IKEv2 state #4 in UNDEFINED Sep 21 07:16:49.544139: | pstats #4 ikev2.child started Sep 21 07:16:49.544141: | duplicating state object #1 "northnet-eastnet/0x2" as #4 for IPSEC SA Sep 21 07:16:49.544144: | #4 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:16:49.544148: | Message ID: init_child #1.#4; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:49.544151: | suspend processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:49.544153: | start processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:16:49.544156: | child state #4: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:16:49.544165: | using existing local ESP/AH proposals for northnet-eastnet/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:16:49.544171: | #4 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #3 using IKE# 1 pfs=MODP2048 Sep 21 07:16:49.544174: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7fd738002b20 Sep 21 07:16:49.544177: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Sep 21 07:16:49.544183: | libevent_malloc: new ptr-libevent@0x7fd72c001ef0 size 128 Sep 21 07:16:49.544186: | RESET processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:16:49.544188: | event_schedule: new EVENT_SA_EXPIRE-pe@0x564cd0447db0 Sep 21 07:16:49.544190: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3 Sep 21 07:16:49.544192: | libevent_malloc: new ptr-libevent@0x7fd738006900 size 128 Sep 21 07:16:49.544194: | libevent_free: release ptr-libevent@0x564cd043c7e0 Sep 21 07:16:49.544195: | free_event_entry: release EVENT_SA_REPLACE-pe@0x564cd043a310 Sep 21 07:16:49.544199: | #3 spent 0.087 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:16:49.544201: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:16:49.544204: | timer_event_cb: processing event@0x7fd738002b20 Sep 21 07:16:49.544206: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Sep 21 07:16:49.544208: | start processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:49.544211: | adding Child Rekey Initiator KE and nonce ni work-order 5 for state #4 Sep 21 07:16:49.544213: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564cd043a310 Sep 21 07:16:49.544215: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:16:49.544216: | libevent_malloc: new ptr-libevent@0x564cd043c7e0 size 128 Sep 21 07:16:49.544222: | libevent_free: release ptr-libevent@0x7fd72c001ef0 Sep 21 07:16:49.544225: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7fd738002b20 Sep 21 07:16:49.544229: | #4 spent 0.0239 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:16:49.544229: | crypto helper 5 resuming Sep 21 07:16:49.544234: | stop processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:16:49.544240: | crypto helper 5 starting work-order 5 for state #4 Sep 21 07:16:49.544244: | timer_event_cb: processing event@0x564cd0447db0 Sep 21 07:16:49.544249: | crypto helper 5 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 Sep 21 07:16:49.544250: | handling event EVENT_SA_EXPIRE for child state #3 Sep 21 07:16:49.544258: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:16:49.544261: | picked newest_ipsec_sa #3 for #3 Sep 21 07:16:49.544264: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:16:49.544266: | pstats #3 ikev2.child re-failed exchange-timeout Sep 21 07:16:49.544268: | pstats #3 ikev2.child deleted completed Sep 21 07:16:49.544271: | #3 spent 2.86 milliseconds in total Sep 21 07:16:49.544275: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:49.544278: "northnet-eastnet/0x2" #3: deleting state (STATE_V2_IPSEC_I) aged 4.195s and NOT sending notification Sep 21 07:16:49.544281: | child state #3: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:16:49.544285: | get_sa_info esp.dcead35a@192.1.2.23 Sep 21 07:16:49.544298: | get_sa_info esp.86c7d853@192.1.3.33 Sep 21 07:16:49.544306: "northnet-eastnet/0x2" #3: ESP traffic information: in=336B out=336B Sep 21 07:16:49.544309: | child state #3: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:16:49.544469: | running updown command "ipsec _updown" for verb down Sep 21 07:16:49.544475: | command executing down-client Sep 21 07:16:49.544501: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050205' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_ Sep 21 07:16:49.544507: | popen cmd is 1061 chars long Sep 21 07:16:49.544510: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/: Sep 21 07:16:49.544513: | cmd( 80):0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PL: Sep 21 07:16:49.544516: | cmd( 160):UTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0: Sep 21 07:16:49.544518: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Sep 21 07:16:49.544520: | cmd( 320):LUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Sep 21 07:16:49.544523: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Sep 21 07:16:49.544525: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:16:49.544528: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050205' PLUTO_CONN_POLICY: Sep 21 07:16:49.544530: | cmd( 640):='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN: Sep 21 07:16:49.544533: | cmd( 720):_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 : Sep 21 07:16:49.544535: | cmd( 800):PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_P: Sep 21 07:16:49.544538: | cmd( 880):EER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' : Sep 21 07:16:49.544540: | cmd( 960):VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdcead35a SPI_OUT=0x86c7d8: Sep 21 07:16:49.544542: | cmd(1040):53 ipsec _updown 2>&1: Sep 21 07:16:49.545002: | crypto helper 5 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 time elapsed 0.000753 seconds Sep 21 07:16:49.545012: | (#4) spent 0.701 milliseconds in crypto helper computing work-order 5: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:16:49.545014: | crypto helper 5 sending results from work-order 5 for state #4 to event queue Sep 21 07:16:49.545017: | scheduling resume sending helper answer for #4 Sep 21 07:16:49.545020: | libevent_malloc: new ptr-libevent@0x7fd730006900 size 128 Sep 21 07:16:49.545025: | crypto helper 5 waiting (nothing to do) Sep 21 07:16:49.556853: | shunt_eroute() called for connection 'northnet-eastnet/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:16:49.556869: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:16:49.556873: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Sep 21 07:16:49.556876: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:49.556917: | delete esp.dcead35a@192.1.2.23 Sep 21 07:16:49.556943: | netlink response for Del SA esp.dcead35a@192.1.2.23 included non-error error Sep 21 07:16:49.556947: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Sep 21 07:16:49.556954: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:49.556998: | raw_eroute result=success Sep 21 07:16:49.557003: | delete esp.86c7d853@192.1.3.33 Sep 21 07:16:49.557029: | netlink response for Del SA esp.86c7d853@192.1.3.33 included non-error error Sep 21 07:16:49.557034: | in connection_discard for connection northnet-eastnet/0x2 Sep 21 07:16:49.557038: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Sep 21 07:16:49.557044: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:16:49.557068: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:49.557079: | State DB: found IKEv2 state #4 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:16:49.557082: | can't expire unused IKE SA #1; it has the child #4 Sep 21 07:16:49.557087: | libevent_free: release ptr-libevent@0x7fd738006900 Sep 21 07:16:49.557090: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x564cd0447db0 Sep 21 07:16:49.557093: | in statetime_stop() and could not find #3 Sep 21 07:16:49.557096: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:16:49.557116: | spent 0.00286 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:49.557129: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:49.557132: | e6 a2 5a 27 64 e5 77 c8 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:49.557135: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Sep 21 07:16:49.557137: | 42 61 10 dd 9a e0 08 4a 4a ed 3e 0b ff 0e 8e 8c Sep 21 07:16:49.557139: | 8a bd 71 0f 5a 0f e6 9a 1b d1 c2 d6 9e 55 0a c0 Sep 21 07:16:49.557141: | 0e 98 b6 42 34 Sep 21 07:16:49.557146: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:49.557150: | **parse ISAKMP Message: Sep 21 07:16:49.557152: | initiator cookie: Sep 21 07:16:49.557154: | e6 a2 5a 27 64 e5 77 c8 Sep 21 07:16:49.557157: | responder cookie: Sep 21 07:16:49.557159: | 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:49.557162: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:49.557164: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:49.557167: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:49.557169: | flags: none (0x0) Sep 21 07:16:49.557172: | Message ID: 1 (0x1) Sep 21 07:16:49.557174: | length: 69 (0x45) Sep 21 07:16:49.557177: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:16:49.557181: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:16:49.557184: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:16:49.557190: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:49.557194: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:16:49.557198: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:16:49.557201: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:16:49.557206: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Sep 21 07:16:49.557208: | unpacking clear payload Sep 21 07:16:49.557211: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:49.557214: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:49.557216: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:16:49.557219: | flags: none (0x0) Sep 21 07:16:49.557234: | length: 41 (0x29) Sep 21 07:16:49.557237: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:16:49.557241: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:16:49.557244: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:16:49.557258: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:16:49.557261: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:16:49.557264: | **parse IKEv2 Delete Payload: Sep 21 07:16:49.557267: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:49.557269: | flags: none (0x0) Sep 21 07:16:49.557271: | length: 12 (0xc) Sep 21 07:16:49.557274: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:49.557276: | SPI size: 4 (0x4) Sep 21 07:16:49.557278: | number of SPIs: 1 (0x1) Sep 21 07:16:49.557283: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:16:49.557286: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:16:49.557288: | Now let's proceed with state specific processing Sep 21 07:16:49.557291: | calling processor I3: INFORMATIONAL Request Sep 21 07:16:49.557294: | an informational request should send a response Sep 21 07:16:49.557299: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:16:49.557302: | **emit ISAKMP Message: Sep 21 07:16:49.557305: | initiator cookie: Sep 21 07:16:49.557307: | e6 a2 5a 27 64 e5 77 c8 Sep 21 07:16:49.557309: | responder cookie: Sep 21 07:16:49.557311: | 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:49.557314: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:49.557317: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:49.557319: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:49.557322: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:16:49.557324: | Message ID: 1 (0x1) Sep 21 07:16:49.557327: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:49.557330: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:49.557332: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:49.557335: | flags: none (0x0) Sep 21 07:16:49.557338: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:49.557341: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:49.557344: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:49.557352: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:16:49.557355: | SPI 8a f9 a1 10 Sep 21 07:16:49.557357: | delete PROTO_v2_ESP SA(0x8af9a110) Sep 21 07:16:49.557360: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:16:49.557363: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:16:49.557366: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x8af9a110) Sep 21 07:16:49.557370: "northnet-eastnet/0x2" #1: received Delete SA payload: replace IPsec State #2 now Sep 21 07:16:49.557372: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:16:49.557376: | libevent_free: release ptr-libevent@0x564cd043cbe0 Sep 21 07:16:49.557378: | free_event_entry: release EVENT_SA_REKEY-pe@0x7fd73c002b20 Sep 21 07:16:49.557381: | event_schedule: new EVENT_SA_REPLACE-pe@0x7fd73c002b20 Sep 21 07:16:49.557385: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Sep 21 07:16:49.557388: | libevent_malloc: new ptr-libevent@0x564cd043cbe0 size 128 Sep 21 07:16:49.557392: | ****emit IKEv2 Delete Payload: Sep 21 07:16:49.557394: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:49.557397: | flags: none (0x0) Sep 21 07:16:49.557399: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:16:49.557401: | SPI size: 4 (0x4) Sep 21 07:16:49.557403: | number of SPIs: 1 (0x1) Sep 21 07:16:49.557406: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:16:49.557409: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:49.557412: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:16:49.557415: | local SPIs ed eb e2 49 Sep 21 07:16:49.557417: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:16:49.557420: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:49.557423: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:49.557426: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:49.557428: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:16:49.557433: | emitting length of ISAKMP Message: 69 Sep 21 07:16:49.557447: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:49.557450: | e6 a2 5a 27 64 e5 77 c8 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:49.557453: | 2e 20 25 28 00 00 00 01 00 00 00 45 2a 00 00 29 Sep 21 07:16:49.557455: | f9 4d ff 84 7d f6 84 e3 08 0e 77 93 ca d1 b0 6d Sep 21 07:16:49.557457: | dc b1 d3 05 55 88 1d e4 70 74 18 f0 b1 aa 44 58 Sep 21 07:16:49.557459: | ec c7 2b 0f 64 Sep 21 07:16:49.557503: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:16:49.557509: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:16:49.557515: | #1 spent 0.195 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:16:49.557520: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:49.557524: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:16:49.557526: | Message ID: updating counters for #1 to 1 after switching state Sep 21 07:16:49.557531: | Message ID: recv #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=0->1 wip.initiator=-1 wip.responder=1->-1 Sep 21 07:16:49.557536: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:49.557539: "northnet-eastnet/0x2" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:16:49.557544: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:49.557548: | #1 spent 0.392 milliseconds in ikev2_process_packet() Sep 21 07:16:49.557552: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:49.557555: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:49.557558: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:49.557562: | spent 0.406 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:49.557569: | processing resume sending helper answer for #4 Sep 21 07:16:49.557575: | start processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:49.557578: | crypto helper 5 replies to request ID 5 Sep 21 07:16:49.557581: | calling continuation function 0x564ccf5d0630 Sep 21 07:16:49.557584: | ikev2_child_outI_continue for #4 STATE_V2_REKEY_CHILD_I0 Sep 21 07:16:49.557587: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:49.557590: | libevent_free: release ptr-libevent@0x564cd043c7e0 Sep 21 07:16:49.557592: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564cd043a310 Sep 21 07:16:49.557595: | event_schedule: new EVENT_SA_REPLACE-pe@0x564cd043a310 Sep 21 07:16:49.557598: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #4 Sep 21 07:16:49.557601: | libevent_malloc: new ptr-libevent@0x564cd043c7e0 size 128 Sep 21 07:16:49.557606: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:16:49.557608: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:16:49.557611: | libevent_malloc: new ptr-libevent@0x7fd738006900 size 128 Sep 21 07:16:49.557616: | [RE]START processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:49.557619: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Sep 21 07:16:49.557624: | suspending state #4 and saving MD Sep 21 07:16:49.557626: | #4 is busy; has a suspended MD Sep 21 07:16:49.557630: | [RE]START processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:16:49.557634: | "northnet-eastnet/0x2" #4 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:16:49.557637: | resume sending helper answer for #4 suppresed complete_v2_state_transition() Sep 21 07:16:49.557641: | #4 spent 0.0621 milliseconds in resume sending helper answer Sep 21 07:16:49.557646: | stop processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:49.557649: | libevent_free: release ptr-libevent@0x7fd730006900 Sep 21 07:16:49.557652: | processing signal PLUTO_SIGCHLD Sep 21 07:16:49.557657: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:49.557660: | spent 0.00478 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:49.557668: | spent 0.0014 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:16:49.557679: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:16:49.557682: | e6 a2 5a 27 64 e5 77 c8 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:49.557684: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Sep 21 07:16:49.557686: | b8 9f 57 22 fb e1 60 82 8f 2e 09 04 0c 8e bd 9c Sep 21 07:16:49.557689: | d0 55 c9 84 b9 e2 cd 67 62 d7 09 64 99 42 f6 88 Sep 21 07:16:49.557691: | a6 Sep 21 07:16:49.557695: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:16:49.557698: | **parse ISAKMP Message: Sep 21 07:16:49.557700: | initiator cookie: Sep 21 07:16:49.557702: | e6 a2 5a 27 64 e5 77 c8 Sep 21 07:16:49.557705: | responder cookie: Sep 21 07:16:49.557707: | 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:49.557710: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:16:49.557713: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:49.557715: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:49.557718: | flags: none (0x0) Sep 21 07:16:49.557720: | Message ID: 2 (0x2) Sep 21 07:16:49.557722: | length: 65 (0x41) Sep 21 07:16:49.557725: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:16:49.557729: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:16:49.557732: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:16:49.557737: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:16:49.557740: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:16:49.557745: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:16:49.557748: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Sep 21 07:16:49.557752: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 Sep 21 07:16:49.557754: | unpacking clear payload Sep 21 07:16:49.557756: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:16:49.557759: | ***parse IKEv2 Encryption Payload: Sep 21 07:16:49.557762: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:16:49.557764: | flags: none (0x0) Sep 21 07:16:49.557767: | length: 37 (0x25) Sep 21 07:16:49.557769: | processing payload: ISAKMP_NEXT_v2SK (len=33) Sep 21 07:16:49.557774: | Message ID: start-responder #1 request 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Sep 21 07:16:49.557777: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:16:49.557794: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:16:49.557800: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:16:49.557806: | **parse IKEv2 Delete Payload: Sep 21 07:16:49.557809: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:49.557811: | flags: none (0x0) Sep 21 07:16:49.557813: | length: 8 (0x8) Sep 21 07:16:49.557816: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:16:49.557818: | SPI size: 0 (0x0) Sep 21 07:16:49.557821: | number of SPIs: 0 (0x0) Sep 21 07:16:49.557823: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:16:49.557825: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:16:49.557828: | Now let's proceed with state specific processing Sep 21 07:16:49.557830: | calling processor I3: INFORMATIONAL Request Sep 21 07:16:49.557834: | an informational request should send a response Sep 21 07:16:49.557838: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:16:49.557841: | **emit ISAKMP Message: Sep 21 07:16:49.557844: | initiator cookie: Sep 21 07:16:49.557846: | e6 a2 5a 27 64 e5 77 c8 Sep 21 07:16:49.557848: | responder cookie: Sep 21 07:16:49.557850: | 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:49.557853: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:49.557856: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:49.557858: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:16:49.557861: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:16:49.557863: | Message ID: 2 (0x2) Sep 21 07:16:49.557866: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:49.557869: | ***emit IKEv2 Encryption Payload: Sep 21 07:16:49.557872: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:49.557874: | flags: none (0x0) Sep 21 07:16:49.557877: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:16:49.557880: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:16:49.557883: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:16:49.557887: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:16:49.557890: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:16:49.557893: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:16:49.557896: | emitting length of IKEv2 Encryption Payload: 29 Sep 21 07:16:49.557898: | emitting length of ISAKMP Message: 57 Sep 21 07:16:49.557910: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:16:49.557913: | e6 a2 5a 27 64 e5 77 c8 03 a4 93 57 cb a7 9e 0f Sep 21 07:16:49.557916: | 2e 20 25 28 00 00 00 02 00 00 00 39 00 00 00 1d Sep 21 07:16:49.557918: | c2 09 da ea f0 44 ff e4 7a 6b 56 f9 16 96 0b ef Sep 21 07:16:49.557921: | e3 aa ab 68 20 34 bd c5 40 Sep 21 07:16:49.557944: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 Sep 21 07:16:49.557949: | Message ID: sent #1 response 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 Sep 21 07:16:49.557952: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:16:49.557955: | pstats #4 ikev2.child deleted other Sep 21 07:16:49.557958: | #4 spent 0.787 milliseconds in total Sep 21 07:16:49.557963: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:49.557967: | start processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:49.557971: "northnet-eastnet/0x2" #4: deleting other state #4 (STATE_CHILDSA_DEL) aged 0.013s and NOT sending notification Sep 21 07:16:49.557975: | child state #4: CHILDSA_DEL(informational) => delete Sep 21 07:16:49.557978: | disconnecting state #4 from md Sep 21 07:16:49.557981: | state #4 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:16:49.557984: | libevent_free: release ptr-libevent@0x564cd043c7e0 Sep 21 07:16:49.557987: | free_event_entry: release EVENT_SA_REPLACE-pe@0x564cd043a310 Sep 21 07:16:49.557991: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Sep 21 07:16:49.557998: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:49.558012: | raw_eroute result=success Sep 21 07:16:49.558016: | in connection_discard for connection northnet-eastnet/0x2 Sep 21 07:16:49.558019: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL Sep 21 07:16:49.558022: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:16:49.558035: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:49.558040: | resume processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:49.558044: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:16:49.558047: | pstats #2 ikev2.child deleted completed Sep 21 07:16:49.558050: | #2 spent 1.65 milliseconds in total Sep 21 07:16:49.558054: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:49.558059: | start processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:49.558062: "northnet-eastnet/0x1" #2: deleting other state #2 connection (STATE_CHILDSA_DEL) "northnet-eastnet/0x1" aged 4.294s and NOT sending notification Sep 21 07:16:49.558065: | child state #2: CHILDSA_DEL(informational) => delete Sep 21 07:16:49.558068: | state #2 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:16:49.558070: | libevent_free: release ptr-libevent@0x564cd043cbe0 Sep 21 07:16:49.558073: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7fd73c002b20 Sep 21 07:16:49.558134: | running updown command "ipsec _updown" for verb down Sep 21 07:16:49.558139: | command executing down-client Sep 21 07:16:49.558171: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050205' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_ Sep 21 07:16:49.558178: | popen cmd is 1061 chars long Sep 21 07:16:49.558182: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/: Sep 21 07:16:49.558185: | cmd( 80):0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PL: Sep 21 07:16:49.558189: | cmd( 160):UTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0: Sep 21 07:16:49.558192: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Sep 21 07:16:49.558195: | cmd( 320):LUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Sep 21 07:16:49.558198: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Sep 21 07:16:49.558204: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:16:49.558207: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050205' PLUTO_CONN_POLICY: Sep 21 07:16:49.558211: | cmd( 640):='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN: Sep 21 07:16:49.558214: | cmd( 720):_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 : Sep 21 07:16:49.558217: | cmd( 800):PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_P: Sep 21 07:16:49.558220: | cmd( 880):EER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' : Sep 21 07:16:49.558223: | cmd( 960):VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8af9a110 SPI_OUT=0xedebe2: Sep 21 07:16:49.558226: | cmd(1040):49 ipsec _updown 2>&1: Sep 21 07:16:49.576122: | shunt_eroute() called for connection 'northnet-eastnet/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:16:49.576134: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:16:49.576137: | priority calculation of connection "northnet-eastnet/0x1" is 0xfe7e7 Sep 21 07:16:49.576139: | IPsec Sa SPD priority set to 1042407 Sep 21 07:16:49.576182: | delete esp.8af9a110@192.1.2.23 Sep 21 07:16:49.576216: | netlink response for Del SA esp.8af9a110@192.1.2.23 included non-error error Sep 21 07:16:49.576221: | priority calculation of connection "northnet-eastnet/0x1" is 0xfe7e7 Sep 21 07:16:49.576229: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:16:49.576239: | raw_eroute result=success Sep 21 07:16:49.576243: | delete esp.edebe249@192.1.3.33 Sep 21 07:16:49.576268: | netlink response for Del SA esp.edebe249@192.1.3.33 included non-error error Sep 21 07:16:49.576274: | in connection_discard for connection northnet-eastnet/0x1 Sep 21 07:16:49.576278: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:16:49.576283: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:16:49.576291: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:49.576298: | resume processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:49.576304: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:16:49.576308: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:16:49.576311: | pstats #1 ikev2.ike deleted completed Sep 21 07:16:49.576317: | #1 spent 10.5 milliseconds in total Sep 21 07:16:49.576323: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:49.576328: "northnet-eastnet/0x2" #1: deleting state (STATE_IKESA_DEL) aged 4.323s and NOT sending notification Sep 21 07:16:49.576332: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:16:49.576391: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:16:49.576399: | libevent_free: release ptr-libevent@0x564cd043a5d0 Sep 21 07:16:49.576403: | free_event_entry: release EVENT_SA_REKEY-pe@0x564cd043a590 Sep 21 07:16:49.576406: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:16:49.576409: | picked newest_isakmp_sa #0 for #1 Sep 21 07:16:49.576413: "northnet-eastnet/0x2" #1: deleting IKE SA for connection 'northnet-eastnet/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:16:49.576417: | add revival: connection 'northnet-eastnet/0x2' added to the list and scheduled for 0 seconds Sep 21 07:16:49.576421: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:16:49.576426: | in connection_discard for connection northnet-eastnet/0x2 Sep 21 07:16:49.576429: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:16:49.576436: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:16:49.576453: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:49.576469: | in statetime_stop() and could not find #1 Sep 21 07:16:49.576472: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:49.576475: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Sep 21 07:16:49.576477: | STF_OK but no state object remains Sep 21 07:16:49.576479: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:16:49.576480: | in statetime_stop() and could not find #1 Sep 21 07:16:49.576483: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:16:49.576486: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:16:49.576487: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:16:49.576491: | spent 0.991 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:16:49.576494: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:16:49.576496: | IKE SA with pending initiates disappeared Sep 21 07:16:49.576499: | (#1) spent 0.00215 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:16:49.576501: | libevent_free: release ptr-libevent@0x7fd738006900 Sep 21 07:16:49.576510: | processing global timer EVENT_REVIVE_CONNS Sep 21 07:16:49.576512: Initiating connection northnet-eastnet/0x2 which received a Delete/Notify but must remain up per local policy Sep 21 07:16:49.576514: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:16:49.576517: | start processing: connection "northnet-eastnet/0x2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:16:49.576519: | connection 'northnet-eastnet/0x2' +POLICY_UP Sep 21 07:16:49.576521: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:16:49.576522: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:16:49.576530: | creating state object #5 at 0x564cd043ced0 Sep 21 07:16:49.576531: | State DB: adding IKEv2 state #5 in UNDEFINED Sep 21 07:16:49.576533: | pstats #5 ikev2.ike started Sep 21 07:16:49.576535: | Message ID: init #5: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:16:49.576538: | parent state #5: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:16:49.576545: | Message ID: init_ike #5; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:16:49.576553: | suspend processing: connection "northnet-eastnet/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:49.576558: | start processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:16:49.576562: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:16:49.576566: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet/0x2" IKE SA #5 "northnet-eastnet/0x2" Sep 21 07:16:49.576570: "northnet-eastnet/0x2" #5: initiating v2 parent SA Sep 21 07:16:49.576588: | using existing local IKE proposals for connection northnet-eastnet/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:49.576594: | adding ikev2_outI1 KE work-order 6 for state #5 Sep 21 07:16:49.576600: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fd73c002b20 Sep 21 07:16:49.576603: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Sep 21 07:16:49.576606: | libevent_malloc: new ptr-libevent@0x7fd738006900 size 128 Sep 21 07:16:49.576616: | #5 spent 0.0984 milliseconds in ikev2_parent_outI1() Sep 21 07:16:49.576622: | RESET processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:49.576623: | crypto helper 6 resuming Sep 21 07:16:49.576625: | RESET processing: connection "northnet-eastnet/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:16:49.576635: | crypto helper 6 starting work-order 6 for state #5 Sep 21 07:16:49.576641: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:16:49.576647: | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 6 Sep 21 07:16:49.576651: | spent 0.131 milliseconds in global timer EVENT_REVIVE_CONNS Sep 21 07:16:49.576654: | processing signal PLUTO_SIGCHLD Sep 21 07:16:49.576659: | waitpid returned ECHILD (no child processes left) Sep 21 07:16:49.576662: | spent 0.00489 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:16:49.577591: | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 6 time elapsed 0.000944 seconds Sep 21 07:16:49.577603: | (#5) spent 0.95 milliseconds in crypto helper computing work-order 6: ikev2_outI1 KE (pcr) Sep 21 07:16:49.577606: | crypto helper 6 sending results from work-order 6 for state #5 to event queue Sep 21 07:16:49.577609: | scheduling resume sending helper answer for #5 Sep 21 07:16:49.577612: | libevent_malloc: new ptr-libevent@0x7fd724006900 size 128 Sep 21 07:16:49.577619: | crypto helper 6 waiting (nothing to do) Sep 21 07:16:49.577648: | processing resume sending helper answer for #5 Sep 21 07:16:49.577657: | start processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:16:49.577660: | crypto helper 6 replies to request ID 6 Sep 21 07:16:49.577662: | calling continuation function 0x564ccf5d0630 Sep 21 07:16:49.577664: | ikev2_parent_outI1_continue for #5 Sep 21 07:16:49.577668: | **emit ISAKMP Message: Sep 21 07:16:49.577670: | initiator cookie: Sep 21 07:16:49.577672: | 48 b2 a2 17 0d 11 3d 85 Sep 21 07:16:49.577673: | responder cookie: Sep 21 07:16:49.577674: | 00 00 00 00 00 00 00 00 Sep 21 07:16:49.577676: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:16:49.577678: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:16:49.577680: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:16:49.577682: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:16:49.577683: | Message ID: 0 (0x0) Sep 21 07:16:49.577685: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:16:49.577696: | using existing local IKE proposals for connection northnet-eastnet/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:16:49.577698: | Emitting ikev2_proposals ... Sep 21 07:16:49.577700: | ***emit IKEv2 Security Association Payload: Sep 21 07:16:49.577701: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:49.577703: | flags: none (0x0) Sep 21 07:16:49.577705: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:16:49.577709: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:16:49.577711: | discarding INTEG=NONE Sep 21 07:16:49.577713: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:49.577714: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:49.577716: | prop #: 1 (0x1) Sep 21 07:16:49.577717: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:49.577719: | spi size: 0 (0x0) Sep 21 07:16:49.577720: | # transforms: 11 (0xb) Sep 21 07:16:49.577722: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:49.577724: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577725: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577727: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:49.577728: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:49.577730: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.577732: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:49.577734: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:49.577737: | length/value: 256 (0x100) Sep 21 07:16:49.577740: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:49.577742: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577744: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577747: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:49.577749: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:49.577752: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577755: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.577756: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.577758: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577759: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577761: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:49.577762: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:49.577764: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577766: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.577767: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.577769: | discarding INTEG=NONE Sep 21 07:16:49.577770: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577771: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577773: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.577774: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:49.577776: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577778: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.577779: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.577781: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577805: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577810: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.577811: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:49.577813: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577816: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.577818: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.577820: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577821: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577822: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.577824: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:49.577826: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577827: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.577829: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.577830: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577832: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577833: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.577834: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:49.577836: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577838: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.577839: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.577841: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577842: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577844: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.577845: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:49.577847: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577849: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.577850: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.577851: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577853: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577854: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.577856: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:49.577857: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577859: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.577861: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.577862: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577863: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577865: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.577866: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:49.577868: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577870: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.577871: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.577873: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577874: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:49.577876: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.577877: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:49.577880: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577881: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.577883: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.577884: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:49.577886: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:49.577888: | discarding INTEG=NONE Sep 21 07:16:49.577889: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:49.577890: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:49.577892: | prop #: 2 (0x2) Sep 21 07:16:49.577893: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:49.577895: | spi size: 0 (0x0) Sep 21 07:16:49.577896: | # transforms: 11 (0xb) Sep 21 07:16:49.577898: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:49.577900: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:49.577901: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577903: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577904: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:49.577906: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:16:49.577907: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.577909: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:49.577911: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:49.577912: | length/value: 128 (0x80) Sep 21 07:16:49.577914: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:49.577915: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577917: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577918: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:49.577920: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:49.577921: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577923: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.577924: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.577926: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577927: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577929: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:49.577930: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:49.577932: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577933: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.577935: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.577936: | discarding INTEG=NONE Sep 21 07:16:49.577938: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577939: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577941: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.577942: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:49.577944: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577946: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.577948: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.577949: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577951: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577952: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.577953: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:49.577955: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577957: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.577958: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.577960: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577961: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577963: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.577964: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:49.577966: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577967: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.577969: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.577970: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577972: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577973: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.577975: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:49.577976: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577978: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.577980: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.577981: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577982: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577984: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.577985: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:49.577987: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577989: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.577990: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.577992: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.577993: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577994: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.577996: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:49.577998: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.577999: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578001: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578002: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578004: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578005: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.578006: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:49.578009: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578011: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578013: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578014: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578015: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:49.578017: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.578018: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:49.578020: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578022: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578023: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578025: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:16:49.578026: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:49.578028: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:49.578029: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:49.578031: | prop #: 3 (0x3) Sep 21 07:16:49.578032: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:49.578034: | spi size: 0 (0x0) Sep 21 07:16:49.578035: | # transforms: 13 (0xd) Sep 21 07:16:49.578037: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:49.578038: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:49.578040: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578041: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578043: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:49.578044: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:49.578046: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578047: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:49.578049: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:49.578050: | length/value: 256 (0x100) Sep 21 07:16:49.578052: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:49.578053: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578055: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578056: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:49.578057: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:49.578059: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578061: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578062: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578064: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578065: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578067: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:49.578068: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:49.578070: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578071: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578074: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578075: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578077: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578078: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:49.578080: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:49.578082: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578083: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578085: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578086: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578088: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578089: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:49.578090: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:49.578092: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578094: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578095: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578097: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578098: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578100: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.578156: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:49.578164: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578169: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578172: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578174: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578176: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578177: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.578179: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:49.578181: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578182: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578184: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578185: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578187: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578188: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.578190: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:49.578191: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578193: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578195: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578196: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578198: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578199: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.578200: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:49.578202: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578206: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578207: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578209: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578210: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578212: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.578213: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:49.578215: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578217: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578218: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578219: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578221: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578222: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.578224: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:49.578226: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578227: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578229: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578230: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578232: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578233: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.578235: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:49.578236: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578238: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578240: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578241: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578242: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:49.578244: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.578245: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:49.578247: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578249: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578250: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578252: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:49.578254: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:49.578255: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:16:49.578257: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:16:49.578258: | prop #: 4 (0x4) Sep 21 07:16:49.578260: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:16:49.578261: | spi size: 0 (0x0) Sep 21 07:16:49.578262: | # transforms: 13 (0xd) Sep 21 07:16:49.578264: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:16:49.578266: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:16:49.578268: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578270: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578271: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:16:49.578273: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:16:49.578274: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578276: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:16:49.578278: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:16:49.578279: | length/value: 128 (0x80) Sep 21 07:16:49.578281: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:16:49.578282: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578284: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578285: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:49.578286: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:16:49.578288: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578290: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578291: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578293: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578294: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578296: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:16:49.578297: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:16:49.578299: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578301: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578302: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578304: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578305: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578307: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:49.578308: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:16:49.578310: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578311: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578313: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578314: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578316: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578317: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:16:49.578319: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:16:49.578320: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578322: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578324: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578325: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578327: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578328: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.578329: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:49.578331: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578333: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578335: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578337: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578338: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578340: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.578341: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:16:49.578343: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578344: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578346: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578347: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578349: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578350: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.578352: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:16:49.578353: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578355: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578357: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578358: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578360: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578361: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.578362: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:16:49.578364: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578366: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578367: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578369: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578370: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578372: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.578373: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:16:49.578375: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578377: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578378: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578380: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578381: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578382: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.578384: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:16:49.578386: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578387: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578389: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578390: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578392: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578393: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.578395: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:16:49.578396: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578399: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578400: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578402: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:16:49.578403: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:16:49.578405: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:16:49.578406: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:16:49.578408: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:16:49.578410: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:16:49.578411: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:16:49.578413: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:16:49.578414: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:16:49.578416: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:16:49.578418: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:16:49.578419: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:16:49.578421: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:49.578422: | flags: none (0x0) Sep 21 07:16:49.578424: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:16:49.578426: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:16:49.578428: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:16:49.578430: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:16:49.578432: | ikev2 g^x 76 6b cf 5b 07 dd 54 62 7f 56 8f 8e 55 fe 90 30 Sep 21 07:16:49.578433: | ikev2 g^x d9 46 e6 96 9f 7b 0a 1b e1 31 f5 7e a1 cd ea 56 Sep 21 07:16:49.578434: | ikev2 g^x f3 69 47 1c f5 d4 b1 45 2f a7 0b 06 9c 60 e1 c6 Sep 21 07:16:49.578436: | ikev2 g^x 18 6c 09 7d c2 ec e5 2f 55 74 36 0a e8 73 30 6c Sep 21 07:16:49.578437: | ikev2 g^x b2 e2 8a 11 de 57 8e be c7 5c 3d 3f d6 d5 c0 73 Sep 21 07:16:49.578439: | ikev2 g^x a8 55 7d 66 47 56 6f 0b f7 bc de 3b 1d c4 25 69 Sep 21 07:16:49.578440: | ikev2 g^x 39 89 a6 0b 7e c2 47 ad b4 b6 cd 71 09 53 bd 05 Sep 21 07:16:49.578441: | ikev2 g^x 97 7e 76 00 bc bb 8a 83 4e ed 49 74 b7 05 02 e8 Sep 21 07:16:49.578443: | ikev2 g^x 11 de 86 f9 9b df 98 34 3c a9 86 ed ff 33 87 89 Sep 21 07:16:49.578444: | ikev2 g^x ad 1e 64 8c cd c1 85 50 30 66 d4 f9 a3 77 13 02 Sep 21 07:16:49.578446: | ikev2 g^x f6 68 ce f9 5b 2c 8a 2a c1 81 ef e2 b4 a3 d3 00 Sep 21 07:16:49.578447: | ikev2 g^x c1 8d f3 2d 42 5c c1 6b 6f c9 1a cc 86 39 a1 3e Sep 21 07:16:49.578448: | ikev2 g^x 6a d0 4a d7 33 1c d1 fb ef c7 57 f4 8d 46 d8 a0 Sep 21 07:16:49.578450: | ikev2 g^x d9 f3 c7 fe ac fe 4e 56 9c e2 b2 8e 43 b1 44 ea Sep 21 07:16:49.578451: | ikev2 g^x a4 2b 02 7e 6e 3e 18 98 56 4b 49 3a 23 1e 18 4f Sep 21 07:16:49.578453: | ikev2 g^x bd 61 96 ac 91 59 c2 5a 04 a1 62 47 f9 66 57 d7 Sep 21 07:16:49.578454: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:16:49.578456: | ***emit IKEv2 Nonce Payload: Sep 21 07:16:49.578457: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:16:49.578459: | flags: none (0x0) Sep 21 07:16:49.578460: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:16:49.578462: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:16:49.578465: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:16:49.578467: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:16:49.578468: | IKEv2 nonce 43 a3 47 8f 87 2f 6b 89 41 6e 34 bb 23 8e ed d3 Sep 21 07:16:49.578470: | IKEv2 nonce d1 41 1c 5f 0c 05 e2 21 8d 86 91 a0 75 a9 8b a2 Sep 21 07:16:49.578471: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:16:49.578473: | Adding a v2N Payload Sep 21 07:16:49.578474: | ***emit IKEv2 Notify Payload: Sep 21 07:16:49.578476: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:49.578477: | flags: none (0x0) Sep 21 07:16:49.578479: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:49.578481: | SPI size: 0 (0x0) Sep 21 07:16:49.578482: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:16:49.578484: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:49.578486: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:49.578487: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:16:49.578490: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:16:49.578491: | natd_hash: rcookie is zero Sep 21 07:16:49.578501: | natd_hash: hasher=0x564ccf6a67a0(20) Sep 21 07:16:49.578503: | natd_hash: icookie= 48 b2 a2 17 0d 11 3d 85 Sep 21 07:16:49.578504: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:49.578506: | natd_hash: ip= c0 01 03 21 Sep 21 07:16:49.578507: | natd_hash: port= 01 f4 Sep 21 07:16:49.578509: | natd_hash: hash= a1 05 a2 94 8c e6 6d 66 e1 a2 64 3a 80 1c 93 44 Sep 21 07:16:49.578510: | natd_hash: hash= b3 a1 72 7d Sep 21 07:16:49.578511: | Adding a v2N Payload Sep 21 07:16:49.578513: | ***emit IKEv2 Notify Payload: Sep 21 07:16:49.578514: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:49.578516: | flags: none (0x0) Sep 21 07:16:49.578517: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:49.578519: | SPI size: 0 (0x0) Sep 21 07:16:49.578520: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:16:49.578522: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:49.578524: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:49.578525: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:49.578527: | Notify data a1 05 a2 94 8c e6 6d 66 e1 a2 64 3a 80 1c 93 44 Sep 21 07:16:49.578528: | Notify data b3 a1 72 7d Sep 21 07:16:49.578530: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:49.578531: | natd_hash: rcookie is zero Sep 21 07:16:49.578535: | natd_hash: hasher=0x564ccf6a67a0(20) Sep 21 07:16:49.578537: | natd_hash: icookie= 48 b2 a2 17 0d 11 3d 85 Sep 21 07:16:49.578538: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:16:49.578539: | natd_hash: ip= c0 01 02 17 Sep 21 07:16:49.578541: | natd_hash: port= 01 f4 Sep 21 07:16:49.578542: | natd_hash: hash= 46 26 ce 4f 4a 7f 29 70 68 89 ef 01 4d d6 4f 35 Sep 21 07:16:49.578544: | natd_hash: hash= 51 5c fc b2 Sep 21 07:16:49.578545: | Adding a v2N Payload Sep 21 07:16:49.578546: | ***emit IKEv2 Notify Payload: Sep 21 07:16:49.578548: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:16:49.578549: | flags: none (0x0) Sep 21 07:16:49.578551: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:16:49.578552: | SPI size: 0 (0x0) Sep 21 07:16:49.578554: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:16:49.578555: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:16:49.578557: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:16:49.578560: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:16:49.578561: | Notify data 46 26 ce 4f 4a 7f 29 70 68 89 ef 01 4d d6 4f 35 Sep 21 07:16:49.578562: | Notify data 51 5c fc b2 Sep 21 07:16:49.578564: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:16:49.578566: | emitting length of ISAKMP Message: 828 Sep 21 07:16:49.578570: | stop processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:16:49.578574: | start processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:16:49.578577: | #5 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:16:49.578579: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:16:49.578581: | parent state #5: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:16:49.578583: | Message ID: updating counters for #5 to 4294967295 after switching state Sep 21 07:16:49.578585: | Message ID: IKE #5 skipping update_recv as MD is fake Sep 21 07:16:49.578588: | Message ID: sent #5 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:16:49.578590: "northnet-eastnet/0x2" #5: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:16:49.578593: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:16:49.578596: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Sep 21 07:16:49.578598: | 48 b2 a2 17 0d 11 3d 85 00 00 00 00 00 00 00 00 Sep 21 07:16:49.578599: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:16:49.578601: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:16:49.578602: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:16:49.578604: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:16:49.578605: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:16:49.578606: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:16:49.578608: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:16:49.578609: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:16:49.578610: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:16:49.578612: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:16:49.578613: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:16:49.578614: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:16:49.578616: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:16:49.578617: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:16:49.578619: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:16:49.578620: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:16:49.578621: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:16:49.578623: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:16:49.578624: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:16:49.578625: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:16:49.578627: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:16:49.578628: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:16:49.578629: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:16:49.578631: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:16:49.578632: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:16:49.578634: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:16:49.578635: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:16:49.578636: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:16:49.578638: | 28 00 01 08 00 0e 00 00 76 6b cf 5b 07 dd 54 62 Sep 21 07:16:49.578639: | 7f 56 8f 8e 55 fe 90 30 d9 46 e6 96 9f 7b 0a 1b Sep 21 07:16:49.578643: | e1 31 f5 7e a1 cd ea 56 f3 69 47 1c f5 d4 b1 45 Sep 21 07:16:49.578644: | 2f a7 0b 06 9c 60 e1 c6 18 6c 09 7d c2 ec e5 2f Sep 21 07:16:49.578646: | 55 74 36 0a e8 73 30 6c b2 e2 8a 11 de 57 8e be Sep 21 07:16:49.578647: | c7 5c 3d 3f d6 d5 c0 73 a8 55 7d 66 47 56 6f 0b Sep 21 07:16:49.578648: | f7 bc de 3b 1d c4 25 69 39 89 a6 0b 7e c2 47 ad Sep 21 07:16:49.578650: | b4 b6 cd 71 09 53 bd 05 97 7e 76 00 bc bb 8a 83 Sep 21 07:16:49.578651: | 4e ed 49 74 b7 05 02 e8 11 de 86 f9 9b df 98 34 Sep 21 07:16:49.578652: | 3c a9 86 ed ff 33 87 89 ad 1e 64 8c cd c1 85 50 Sep 21 07:16:49.578654: | 30 66 d4 f9 a3 77 13 02 f6 68 ce f9 5b 2c 8a 2a Sep 21 07:16:49.578655: | c1 81 ef e2 b4 a3 d3 00 c1 8d f3 2d 42 5c c1 6b Sep 21 07:16:49.578656: | 6f c9 1a cc 86 39 a1 3e 6a d0 4a d7 33 1c d1 fb Sep 21 07:16:49.578658: | ef c7 57 f4 8d 46 d8 a0 d9 f3 c7 fe ac fe 4e 56 Sep 21 07:16:49.578659: | 9c e2 b2 8e 43 b1 44 ea a4 2b 02 7e 6e 3e 18 98 Sep 21 07:16:49.578661: | 56 4b 49 3a 23 1e 18 4f bd 61 96 ac 91 59 c2 5a Sep 21 07:16:49.578662: | 04 a1 62 47 f9 66 57 d7 29 00 00 24 43 a3 47 8f Sep 21 07:16:49.578663: | 87 2f 6b 89 41 6e 34 bb 23 8e ed d3 d1 41 1c 5f Sep 21 07:16:49.578665: | 0c 05 e2 21 8d 86 91 a0 75 a9 8b a2 29 00 00 08 Sep 21 07:16:49.578666: | 00 00 40 2e 29 00 00 1c 00 00 40 04 a1 05 a2 94 Sep 21 07:16:49.578667: | 8c e6 6d 66 e1 a2 64 3a 80 1c 93 44 b3 a1 72 7d Sep 21 07:16:49.578669: | 00 00 00 1c 00 00 40 05 46 26 ce 4f 4a 7f 29 70 Sep 21 07:16:49.578670: | 68 89 ef 01 4d d6 4f 35 51 5c fc b2 Sep 21 07:16:49.578709: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:16:49.578712: | libevent_free: release ptr-libevent@0x7fd738006900 Sep 21 07:16:49.578714: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fd73c002b20 Sep 21 07:16:49.578716: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:16:49.578718: "northnet-eastnet/0x2" #5: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:16:49.578720: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fd73c002b20 Sep 21 07:16:49.578722: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #5 Sep 21 07:16:49.578724: | libevent_malloc: new ptr-libevent@0x7fd738006900 size 128 Sep 21 07:16:49.578727: | #5 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 48855.946984 Sep 21 07:16:49.578730: | resume sending helper answer for #5 suppresed complete_v2_state_transition() and stole MD Sep 21 07:16:49.578734: | #5 spent 0.99 milliseconds in resume sending helper answer Sep 21 07:16:49.578737: | stop processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:16:49.578739: | libevent_free: release ptr-libevent@0x7fd724006900 Sep 21 07:16:49.996476: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:16:49.996497: shutting down Sep 21 07:16:49.996506: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:16:49.996510: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:16:49.996515: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:16:49.996532: forgetting secrets Sep 21 07:16:49.996536: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:16:49.996540: | start processing: connection "northnet-eastnet/0x2" (in delete_connection() at connections.c:189) Sep 21 07:16:49.996543: | removing pending policy for no connection {0x564cd039b160} Sep 21 07:16:49.996546: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:16:49.996548: | pass 0 Sep 21 07:16:49.996551: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:49.996553: | state #5 Sep 21 07:16:49.996557: | suspend processing: connection "northnet-eastnet/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:16:49.996566: | start processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:16:49.996569: | pstats #5 ikev2.ike deleted other Sep 21 07:16:49.996574: | #5 spent 2.04 milliseconds in total Sep 21 07:16:49.996578: | [RE]START processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:16:49.996582: "northnet-eastnet/0x2" #5: deleting state (STATE_PARENT_I1) aged 0.420s and NOT sending notification Sep 21 07:16:49.996585: | parent state #5: PARENT_I1(half-open IKE SA) => delete Sep 21 07:16:49.996589: | state #5 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:16:49.996591: | #5 STATE_PARENT_I1: retransmits: cleared Sep 21 07:16:49.996596: | libevent_free: release ptr-libevent@0x7fd738006900 Sep 21 07:16:49.996599: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fd73c002b20 Sep 21 07:16:49.996602: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:16:49.996605: | picked newest_isakmp_sa #0 for #5 Sep 21 07:16:49.996608: "northnet-eastnet/0x2" #5: deleting IKE SA for connection 'northnet-eastnet/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:16:49.996611: | add revival: connection 'northnet-eastnet/0x2' added to the list and scheduled for 5 seconds Sep 21 07:16:49.996614: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Sep 21 07:16:49.996621: | stop processing: connection "northnet-eastnet/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:16:49.996636: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:16:49.996639: | in connection_discard for connection northnet-eastnet/0x2 Sep 21 07:16:49.996641: | State DB: deleting IKEv2 state #5 in PARENT_I1 Sep 21 07:16:49.996645: | parent state #5: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:16:49.996661: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:16:49.996666: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:16:49.996668: | pass 1 Sep 21 07:16:49.996670: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:49.996677: | shunt_eroute() called for connection 'northnet-eastnet/0x2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:16:49.996682: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:16:49.996685: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Sep 21 07:16:49.996729: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Sep 21 07:16:49.996751: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:49.996754: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:49.996757: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Sep 21 07:16:49.996760: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:16:49.996762: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:49.996767: | route owner of "northnet-eastnet/0x2" unrouted: "northnet-eastnet/0x1" prospective erouted Sep 21 07:16:49.996771: | flush revival: connection 'northnet-eastnet/0x2' revival flushed Sep 21 07:16:49.996774: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:16:49.996780: | start processing: connection "northnet-eastnet/0x1" (in delete_connection() at connections.c:189) Sep 21 07:16:49.996788: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:16:49.996793: | pass 0 Sep 21 07:16:49.996795: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:49.996797: | pass 1 Sep 21 07:16:49.996800: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:16:49.996805: | shunt_eroute() called for connection 'northnet-eastnet/0x1' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:16:49.996812: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:16:49.996827: | priority calculation of connection "northnet-eastnet/0x1" is 0xfe7e7 Sep 21 07:16:49.996836: "northnet-eastnet/0x1": ERROR: netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete included errno 2: No such file or directory Sep 21 07:16:49.996839: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:16:49.996841: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:16:49.996844: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Sep 21 07:16:49.996847: | route owner of "northnet-eastnet/0x1" unrouted: NULL Sep 21 07:16:49.996850: | running updown command "ipsec _updown" for verb unroute Sep 21 07:16:49.996852: | command executing unroute-client Sep 21 07:16:49.996879: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH Sep 21 07:16:49.996882: | popen cmd is 1042 chars long Sep 21 07:16:49.996885: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:16:49.996887: | cmd( 80):et/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33': Sep 21 07:16:49.996890: | cmd( 160): PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Sep 21 07:16:49.996892: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Sep 21 07:16:49.996895: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER: Sep 21 07:16:49.996897: | cmd( 400):_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' P: Sep 21 07:16:49.996899: | cmd( 480):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0: Sep 21 07:16:49.996902: | cmd( 560):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK: Sep 21 07:16:49.996904: | cmd( 640):+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : Sep 21 07:16:49.996907: | cmd( 720):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO: Sep 21 07:16:49.996909: | cmd( 800):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B: Sep 21 07:16:49.996911: | cmd( 880):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I: Sep 21 07:16:49.996914: | cmd( 960):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>: Sep 21 07:16:49.996916: | cmd(1040):&1: Sep 21 07:16:50.004532: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004543: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004546: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004549: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004550: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004556: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004600: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004603: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004605: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004607: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004611: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004624: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004638: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004649: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004662: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004674: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004687: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004699: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004710: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004722: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004734: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004747: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004759: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004791: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004803: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004816: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.004830: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.005186: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.005196: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.005208: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:16:50.009453: | free hp@0x564cd0401980 Sep 21 07:16:50.009463: | flush revival: connection 'northnet-eastnet/0x1' wasn't on the list Sep 21 07:16:50.009467: | stop processing: connection "northnet-eastnet/0x1" (in discard_connection() at connections.c:249) Sep 21 07:16:50.009472: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:16:50.009474: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:16:50.009481: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:16:50.009484: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:16:50.009486: shutting down interface eth0/eth0 192.0.3.254:4500 Sep 21 07:16:50.009488: shutting down interface eth0/eth0 192.0.3.254:500 Sep 21 07:16:50.009490: shutting down interface eth1/eth1 192.1.3.33:4500 Sep 21 07:16:50.009492: shutting down interface eth1/eth1 192.1.3.33:500 Sep 21 07:16:50.009495: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:16:50.009501: | libevent_free: release ptr-libevent@0x564cd0435120 Sep 21 07:16:50.009503: | free_event_entry: release EVENT_NULL-pe@0x564cd041e3a0 Sep 21 07:16:50.009511: | libevent_free: release ptr-libevent@0x564cd0435210 Sep 21 07:16:50.009513: | free_event_entry: release EVENT_NULL-pe@0x564cd04351d0 Sep 21 07:16:50.009520: | libevent_free: release ptr-libevent@0x564cd0435300 Sep 21 07:16:50.009521: | free_event_entry: release EVENT_NULL-pe@0x564cd04352c0 Sep 21 07:16:50.009526: | libevent_free: release ptr-libevent@0x564cd04353f0 Sep 21 07:16:50.009527: | free_event_entry: release EVENT_NULL-pe@0x564cd04353b0 Sep 21 07:16:50.009532: | libevent_free: release ptr-libevent@0x564cd04354e0 Sep 21 07:16:50.009534: | free_event_entry: release EVENT_NULL-pe@0x564cd04354a0 Sep 21 07:16:50.009538: | libevent_free: release ptr-libevent@0x564cd04355d0 Sep 21 07:16:50.009540: | free_event_entry: release EVENT_NULL-pe@0x564cd0435590 Sep 21 07:16:50.009543: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:16:50.009916: | libevent_free: release ptr-libevent@0x564cd0434a80 Sep 21 07:16:50.009922: | free_event_entry: release EVENT_NULL-pe@0x564cd041d620 Sep 21 07:16:50.009924: | libevent_free: release ptr-libevent@0x564cd042a510 Sep 21 07:16:50.009926: | free_event_entry: release EVENT_NULL-pe@0x564cd041d8d0 Sep 21 07:16:50.009928: | libevent_free: release ptr-libevent@0x564cd042a480 Sep 21 07:16:50.009931: | free_event_entry: release EVENT_NULL-pe@0x564cd0423030 Sep 21 07:16:50.009933: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:16:50.009935: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:16:50.009936: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:16:50.009938: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:16:50.009939: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:16:50.009941: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:16:50.009942: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:16:50.009943: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:16:50.009945: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:16:50.009949: | libevent_free: release ptr-libevent@0x564cd0434b50 Sep 21 07:16:50.009950: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:16:50.009952: | libevent_free: release ptr-libevent@0x564cd0434c30 Sep 21 07:16:50.009954: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:16:50.009956: | libevent_free: release ptr-libevent@0x564cd0434cf0 Sep 21 07:16:50.009957: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:16:50.009959: | libevent_free: release ptr-libevent@0x564cd0429800 Sep 21 07:16:50.009960: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:16:50.009962: | releasing event base Sep 21 07:16:50.009970: | libevent_free: release ptr-libevent@0x564cd0434db0 Sep 21 07:16:50.009972: | libevent_free: release ptr-libevent@0x564cd040a240 Sep 21 07:16:50.009975: | libevent_free: release ptr-libevent@0x564cd0418bb0 Sep 21 07:16:50.009976: | libevent_free: release ptr-libevent@0x564cd043c870 Sep 21 07:16:50.009978: | libevent_free: release ptr-libevent@0x564cd0418bd0 Sep 21 07:16:50.009979: | libevent_free: release ptr-libevent@0x564cd0434b10 Sep 21 07:16:50.009981: | libevent_free: release ptr-libevent@0x564cd0434bf0 Sep 21 07:16:50.009982: | libevent_free: release ptr-libevent@0x564cd0418c60 Sep 21 07:16:50.009984: | libevent_free: release ptr-libevent@0x564cd041e2a0 Sep 21 07:16:50.009985: | libevent_free: release ptr-libevent@0x564cd0418cd0 Sep 21 07:16:50.009986: | libevent_free: release ptr-libevent@0x564cd0435660 Sep 21 07:16:50.009988: | libevent_free: release ptr-libevent@0x564cd0435570 Sep 21 07:16:50.009989: | libevent_free: release ptr-libevent@0x564cd0435480 Sep 21 07:16:50.009990: | libevent_free: release ptr-libevent@0x564cd0435390 Sep 21 07:16:50.009992: | libevent_free: release ptr-libevent@0x564cd04352a0 Sep 21 07:16:50.009993: | libevent_free: release ptr-libevent@0x564cd04351b0 Sep 21 07:16:50.009995: | libevent_free: release ptr-libevent@0x564cd039c370 Sep 21 07:16:50.009996: | libevent_free: release ptr-libevent@0x564cd0434cd0 Sep 21 07:16:50.009997: | libevent_free: release ptr-libevent@0x564cd0434c10 Sep 21 07:16:50.009999: | libevent_free: release ptr-libevent@0x564cd0434b30 Sep 21 07:16:50.010000: | libevent_free: release ptr-libevent@0x564cd0434d90 Sep 21 07:16:50.010004: | libevent_free: release ptr-libevent@0x564cd039a6c0 Sep 21 07:16:50.010005: | libevent_free: release ptr-libevent@0x564cd0418bf0 Sep 21 07:16:50.010007: | libevent_free: release ptr-libevent@0x564cd0418c20 Sep 21 07:16:50.010008: | libevent_free: release ptr-libevent@0x564cd0418910 Sep 21 07:16:50.010010: | releasing global libevent data Sep 21 07:16:50.010011: | libevent_free: release ptr-libevent@0x564cd0417600 Sep 21 07:16:50.010013: | libevent_free: release ptr-libevent@0x564cd04188b0 Sep 21 07:16:50.010015: | libevent_free: release ptr-libevent@0x564cd04188e0